# HG changeset patch # User Hans-G?nter Theisgen # Date 1659195770 -3600 # Node ID 6e377a452304f50747fa0c89dce930d498b34a60 # Parent 3484784079363c749a176b88f08bb628a35f8b32 updated unhide (20130526 -> 20210124) diff -r 348478407936 -r 6e377a452304 unhide/description.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/unhide/description.txt Sat Jul 30 16:42:50 2022 +0100 @@ -0,0 +1,17 @@ +Unhide is a forensic tool to find hidden processes and TCP/UDP ports +by rootkits, LKMs or by another hiding technique. + +Detecting hidden processes. Implements six main techniques + +1- Compare /proc vs /bin/ps output +2- Compare info gathered from /bin/ps with info gathered by walking + through the procfs. +3- Compare info gathered from /bin/ps with info gathered from + syscalls (syscall scanning). +4- Full PIDs space occupation (PIDs bruteforcing). +5- Compare /bin/ps output vs /proc, procfs walking and syscall. + Reverse search, verify that all threads seen by ps are also seen + in the kernel. +6- Quick compare /proc, procfs walking and syscall vs /bin/ps output. + It's about 20 times faster than tests 1, 2 and 3 but maybe give + more false positives. diff -r 348478407936 -r 6e377a452304 unhide/receipt --- a/unhide/receipt Sat Jul 30 15:37:46 2022 +0100 +++ b/unhide/receipt Sat Jul 30 16:42:50 2022 +0100 @@ -1,17 +1,18 @@ # SliTaz package receipt. PACKAGE="unhide" -VERSION="20130526" +VERSION="20210124" CATEGORY="security" SHORT_DESC="Forensic tool to find hidden processes and TCP/UDP ports." MAINTAINER="pascal.bellard@slitaz.org" LICENSE="GPL3" WEB_SITE="https://www.unhide-forensics.info/?Linux" -TARBALL="$PACKAGE-$VERSION.tgz" +SOURCE="Unhide" +TARBALL="$SOURCE-$VERSION.tar.gz" WGET_URL="$SF_MIRROR/$PACKAGE/$TARBALL" -DEPENDS="" +DEPENDS="iproute2 procps" BUILD_DEPENDS="" # What is the latest version available today? @@ -28,6 +29,9 @@ $CC -pthread unhide-linux*.c unhide-output.c -o unhide $CC unhide_rb.c -o unhide_rb $CC unhide-tcp.c unhide-tcp-fast.c unhide-output.c -o unhide-tcp + + mkdir -p $install/usr/share + cp -a man $install/usr/share } # Rules to gen a SliTaz package suitable for Tazpkg.