unhide/unhide.spec

76 lines
2.8 KiB
RPMSpec
Raw Permalink Normal View History

Name: unhide
Version: 20220611
Release: 1mamba
Summary: Forensic tool to find hidden processes and ports
Group: Applications/Security
Vendor: openmamba
Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: https://www.unhide-forensics.info/
Source: https://github.com/YJesus/Unhide.git/v%{version}/Unhide-%{version}.tar.bz2
License: GPL
## AUTOBUILDREQ-BEGIN
## AUTOBUILDREQ-END
%description
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
Unhide (ps) - Detecting hidden processes. Implements six main techniques
1. Compare /proc vs /bin/ps output
2. Compare info gathered from /bin/ps with info gathered by walking thru the procfs.
3. Compare info gathered from /bin/ps with info gathered from syscalls (syscall scanning).
4. Full PIDs space ocupation (PIDs bruteforcing).
5. Compare /bin/ps output vs /proc, procfs walking and syscall.
Reverse search, verify that all thread seen by ps are also seen in the kernel.
6. Quick compare /proc, procfs walking and syscall vs /bin/ps output.
It's about 20 times faster than tests 1+2+3 but maybe give more false positives.
Unhide-TCP
Identify TCP/UDP ports that are listening but not listed in /bin/netstat doing brute forcing of all TCP/UDP ports availables.
%prep
%setup -q -n Unhide-%{version}
%build
CFLAGS="%optflags" ; export CFLAGS ;
# Since this is a forensics/security tool, we compile the binaries statically
# to help prevent a hacked glibc from tampering with the results.
%{__cc} -Wall -O2 --static -pthread unhide-linux*.c unhide-output.c -o unhide
%{__cc} -Wall -O2 --static unhide_rb.c -o unhide_rb
%{__cc} -Wall -O2 --static unhide-tcp.c unhide-tcp-fast.c unhide-output.c -o unhide-tcp
%install
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
install -d %{buildroot}%{_sbindir}
for f in unhide unhide_rb unhide-tcp; do
install -m 755 $f %{buildroot}%{_sbindir}/$f
done
install -d %{buildroot}%{_mandir}/man8
install -m 644 man/unhide.8 %{buildroot}%{_mandir}/man8/unhide.8
install -m 644 man/unhide-tcp.8 %{buildroot}%{_mandir}/man8/unhide-tcp.8
%clean
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
%files
%defattr(-,root,root)
%{_sbindir}/%{name}*
%{_mandir}/man8/unhide.*
%{_mandir}/man8/unhide-tcp.*
%doc COPYING
#README.txt TODO
%changelog
* Sat Nov 26 2022 Silvan Calarco <silvan.calarco@mambasoft.it> 20220611-1mamba
- update to 20220611
* Mon May 27 2013 Automatic Build System <autodist@mambasoft.it> 20130526-1mamba
- automatic version update by autodist
* Thu Jan 31 2013 Automatic Build System <autodist@mambasoft.it> 20121229-1mamba
- automatic version update by autodist
* Tue Dec 13 2011 Davide Madrisan <davide.madrisan@gmail.com> 20110113-1mamba
- package created by autospec