2024-01-05 18:48:52 +01:00
|
|
|
Name: unhide
|
2024-01-05 18:48:53 +01:00
|
|
|
Version: 20220611
|
2024-01-05 18:48:52 +01:00
|
|
|
Release: 1mamba
|
|
|
|
Summary: Forensic tool to find hidden processes and ports
|
|
|
|
Group: Applications/Security
|
|
|
|
Vendor: openmamba
|
|
|
|
Distribution: openmamba
|
2024-01-05 18:48:53 +01:00
|
|
|
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
|
|
|
URL: https://www.unhide-forensics.info/
|
|
|
|
Source: https://github.com/YJesus/Unhide.git/v%{version}/Unhide-%{version}.tar.bz2
|
2024-01-05 18:48:52 +01:00
|
|
|
License: GPL
|
|
|
|
## AUTOBUILDREQ-BEGIN
|
|
|
|
## AUTOBUILDREQ-END
|
|
|
|
|
|
|
|
%description
|
|
|
|
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
|
|
|
|
|
|
|
|
Unhide (ps) - Detecting hidden processes. Implements six main techniques
|
|
|
|
1. Compare /proc vs /bin/ps output
|
|
|
|
2. Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
|
|
|
|
3. Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
|
|
|
|
4. Full PIDs space ocupation (PIDs bruteforcing).
|
|
|
|
5. Compare /bin/ps output vs /proc, procfs walking and syscall.
|
|
|
|
Reverse search, verify that all thread seen by ps are also seen in the kernel.
|
|
|
|
6. Quick compare /proc, procfs walking and syscall vs /bin/ps output.
|
|
|
|
It's about 20 times faster than tests 1+2+3 but maybe give more false positives.
|
|
|
|
|
|
|
|
Unhide-TCP
|
|
|
|
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports availables.
|
|
|
|
|
|
|
|
%prep
|
2024-01-05 18:48:53 +01:00
|
|
|
%setup -q -n Unhide-%{version}
|
2024-01-05 18:48:52 +01:00
|
|
|
|
|
|
|
%build
|
|
|
|
CFLAGS="%optflags" ; export CFLAGS ;
|
|
|
|
# Since this is a forensics/security tool, we compile the binaries statically
|
|
|
|
# to help prevent a hacked glibc from tampering with the results.
|
|
|
|
%{__cc} -Wall -O2 --static -pthread unhide-linux*.c unhide-output.c -o unhide
|
|
|
|
%{__cc} -Wall -O2 --static unhide_rb.c -o unhide_rb
|
|
|
|
%{__cc} -Wall -O2 --static unhide-tcp.c unhide-tcp-fast.c unhide-output.c -o unhide-tcp
|
|
|
|
|
|
|
|
%install
|
|
|
|
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
|
|
|
|
install -d %{buildroot}%{_sbindir}
|
|
|
|
for f in unhide unhide_rb unhide-tcp; do
|
|
|
|
install -m 755 $f %{buildroot}%{_sbindir}/$f
|
|
|
|
done
|
|
|
|
|
|
|
|
install -d %{buildroot}%{_mandir}/man8
|
|
|
|
install -m 644 man/unhide.8 %{buildroot}%{_mandir}/man8/unhide.8
|
|
|
|
install -m 644 man/unhide-tcp.8 %{buildroot}%{_mandir}/man8/unhide-tcp.8
|
|
|
|
|
|
|
|
%clean
|
|
|
|
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
|
|
|
|
|
|
|
|
%files
|
|
|
|
%defattr(-,root,root)
|
|
|
|
%{_sbindir}/%{name}*
|
|
|
|
%{_mandir}/man8/unhide.*
|
|
|
|
%{_mandir}/man8/unhide-tcp.*
|
|
|
|
%doc COPYING
|
|
|
|
#README.txt TODO
|
|
|
|
|
|
|
|
%changelog
|
2024-01-05 18:48:53 +01:00
|
|
|
* Sat Nov 26 2022 Silvan Calarco <silvan.calarco@mambasoft.it> 20220611-1mamba
|
|
|
|
- update to 20220611
|
|
|
|
|
2024-01-05 18:48:52 +01:00
|
|
|
* Mon May 27 2013 Automatic Build System <autodist@mambasoft.it> 20130526-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
|
|
|
* Thu Jan 31 2013 Automatic Build System <autodist@mambasoft.it> 20121229-1mamba
|
|
|
|
- automatic version update by autodist
|
|
|
|
|
|
|
|
* Tue Dec 13 2011 Davide Madrisan <davide.madrisan@gmail.com> 20110113-1mamba
|
|
|
|
- package created by autospec
|