aboutsummaryrefslogtreecommitdiff
path: root/system
diff options
context:
space:
mode:
authorBlack Rider <black_rider@esdebian.org>2011-08-30 22:05:18 -0300
committerNiels Horn <niels.horn@slackbuilds.org>2011-08-30 22:05:18 -0300
commit6e988a7d6c434b57c01a16711975b32d6e5b9755 (patch)
tree51277634060dc8f8667f0b24dda5b6ff99806374 /system
parent6c2c4eb6dba68a9f07fa74cd28e854ab8a1c7e60 (diff)
system/unhide: Added (utility for discovering hidden processes)
Signed-off-by: Niels Horn <niels.horn@slackbuilds.org>
Diffstat (limited to 'system')
-rw-r--r--system/unhide/README12
-rw-r--r--system/unhide/slack-desc12
-rw-r--r--system/unhide/unhide.SlackBuild96
-rw-r--r--system/unhide/unhide.info10
4 files changed, 130 insertions, 0 deletions
diff --git a/system/unhide/README b/system/unhide/README
new file mode 100644
index 0000000000000..a5c77eb447c89
--- /dev/null
+++ b/system/unhide/README
@@ -0,0 +1,12 @@
+Unhide is a forensic tool to find processes and TCP/UCP ports hidden by
+rootkits, Linux kernel modules or by other techniques. It includes unhide
+and unhide-tcp.
+
+NOTES: The SlackBuild script builds only unhide-tcp and unhide-linux26.
+The original unhide for 2.4 kernels is not built for obvious reasons.
+unhide-linux26 has been linked to "unhide", as many apps (rkhunter, for
+example) expect to find it here. This is also the solution chosen by many
+distributions.
+
+Remember to run unhide as root only. Failing to do so could result in
+a massive arrival of false positives.
diff --git a/system/unhide/slack-desc b/system/unhide/slack-desc
new file mode 100644
index 0000000000000..9f2e305265cf3
--- /dev/null
+++ b/system/unhide/slack-desc
@@ -0,0 +1,12 @@
+# |-----handy-ruler------------------------------------------------------|
+unhide: unhide (utility for discovering hidden processes)
+unhide:
+unhide: Unhide is a forensic tool to find porcesses and TCP/UCP ports hidden
+unhide: by rootkits, Linux kernel modules or by other techniques. It includes
+unhide: unhide-linux26 and unhide-tcp.
+unhide:
+unhide: http://www.unhide-forensics.info
+unhide:
+unhide:
+unhide:
+unhide:
diff --git a/system/unhide/unhide.SlackBuild b/system/unhide/unhide.SlackBuild
new file mode 100644
index 0000000000000..ca5080caad548
--- /dev/null
+++ b/system/unhide/unhide.SlackBuild
@@ -0,0 +1,96 @@
+#!/bin/sh
+
+# SlackBuild script for Unhide.
+
+# This script is of public domain. It can be distributed, modified and used as desired.
+# Based on the PorteusBuild written by the same author at www.porteus.org/forum
+
+# Black Rider [black_rider@esdebian.org]
+
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=unhide
+VERSION=20110113
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i486 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tgz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+chmod -R u+w,go+r-w,a-s .
+
+# gcc --static unhide.c -o unhide #### This is an obsolete version.
+gcc $SLKCFLAGS --static unhide-tcp.c -o unhide-tcp
+gcc $SLKCFLAGS -Wall --static -pthread unhide-linux26.c -o unhide-linux26
+
+# We put the binaries and documents in their right places
+mkdir -p $PKG/usr/sbin
+install -m0700 unhide-tcp unhide-linux26 $PKG/usr/sbin
+
+# We make a symlink so any call to "unhide" reaches "unhide-linux26". This is the
+# solution accepted by many distributions.
+cd $PKG/usr/sbin
+ ln -s unhide-linux26 unhide
+cd -
+
+# Copy man pages
+mkdir -p $PKG/usr/man/{,es/,fr/}man8
+cp man/unhide{,-tcp}.8 $PKG/usr/man/man8
+cp man/es/unhide.8 $PKG/usr/man/es/man8
+cp man/fr/unhide.8 $PKG/usr/man/fr/man8
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp \
+ COPYING LEEME.txt LISEZ-MOI.TXT README.txt TODO changelog \
+ $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/system/unhide/unhide.info b/system/unhide/unhide.info
new file mode 100644
index 0000000000000..60a409d5235b5
--- /dev/null
+++ b/system/unhide/unhide.info
@@ -0,0 +1,10 @@
+PRGNAM="unhide"
+VERSION="20110113"
+HOMEPAGE="http://www.unhide-forensics.info"
+DOWNLOAD="http://downloads.sourceforge.net/unhide/unhide-20110113.tgz"
+MD5SUM="0dff8ee5029615f1f81db96dcf6758f7"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+MAINTAINER="Black Rider"
+EMAIL="black_rider@esdebian.org"
+APPROVED="Niels Horn"