diff options
| author | Wesley Shields <wxs@FreeBSD.org> | 2009-03-13 00:31:07 +0000 |
|---|---|---|
| committer | Wesley Shields <wxs@FreeBSD.org> | 2009-03-13 00:31:07 +0000 |
| commit | ff0a927b5737b836aae571ae055df92d73dd89b2 (patch) | |
| tree | 45a0d04907028a689157eb45df7810a4d26b3ac6 /security/unhide | |
| parent | 4c20289e45f859b8faf3950302e623a1b07e8e73 (diff) | |
| download | ports-ff0a927b5737b836aae571ae055df92d73dd89b2.tar.gz ports-ff0a927b5737b836aae571ae055df92d73dd89b2.zip | |
Notes
Diffstat (limited to 'security/unhide')
| -rw-r--r-- | security/unhide/Makefile | 30 | ||||
| -rw-r--r-- | security/unhide/distinfo | 3 | ||||
| -rw-r--r-- | security/unhide/files/patch-Makefile | 22 | ||||
| -rw-r--r-- | security/unhide/pkg-descr | 15 |
4 files changed, 70 insertions, 0 deletions
diff --git a/security/unhide/Makefile b/security/unhide/Makefile new file mode 100644 index 000000000000..d3220959f800 --- /dev/null +++ b/security/unhide/Makefile @@ -0,0 +1,30 @@ +# New ports collection makefile for: unhide +# Date created: 26 February 2009 +# Whom: ntarmos@cs.uoi.gr +# +# $FreeBSD$ +# + +PORTNAME= unhide +PORTVERSION= 20080519 +CATEGORIES= security +MASTER_SITES= http://www.security-projects.com/ +DISTNAME= ${PORTNAME}${DISTVERSION} +EXTRACT_SUFX= .tgz + +MAINTAINER= ntarmos@cs.uoi.gr +COMMENT= A forensic tool to find hidden processes and TCP/UDP ports + +WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION} +PLIST_FILES= sbin/unhide sbin/unhide-tcp +MAN8= unhide.8 unhide-tcp.8 +MANCOMPRESSED= yes + +.include <bsd.port.pre.mk> + +pre-configure: + @${REINPLACE_CMD} -e 's/-eLf/-axH/g' -e 's/$$2/$$1/g' ${WRKSRC}/unhide.c + @${REINPLACE_CMD} -e 's/-t/-p tcp -/g' -e 's/-u/-p udp -/g' \ + ${WRKSRC}/unhide-tcp.c + +.include <bsd.port.post.mk> diff --git a/security/unhide/distinfo b/security/unhide/distinfo new file mode 100644 index 000000000000..ba3094d65f36 --- /dev/null +++ b/security/unhide/distinfo @@ -0,0 +1,3 @@ +MD5 (unhide20080519.tgz) = 1194ec0f89c6f28e8eb64fb66836f70f +SHA256 (unhide20080519.tgz) = 631bc2fb09fa05351273021fd32483e5bf4187dcdc15222335fe2ddc5d146ae3 +SIZE (unhide20080519.tgz) = 17104 diff --git a/security/unhide/files/patch-Makefile b/security/unhide/files/patch-Makefile new file mode 100644 index 000000000000..d68364bd7c3e --- /dev/null +++ b/security/unhide/files/patch-Makefile @@ -0,0 +1,22 @@ +--- /dev/null 2009-02-26 16:27:00.000000000 +0200 ++++ Makefile 2009-02-26 16:26:45.000000000 +0200 +@@ -0,0 +1,19 @@ ++DESTDIR := /usr/local ++MANDIR := ${DESTDIR}/man ++INSTALL_PROGRAM := /usr/bin/install -s -m 0700 ++INSTALL_MAN := /usr/bin/install -m 0444 ++GZIP_CMD := /usr/bin/gzip -9 ++MKDIR_CMD := /bin/mkdir -p ++ ++all: ++ gcc unhide.c -o unhide ++ gcc unhide-tcp.c -o unhide-tcp ++ ++install: all ++ ${MKDIR_CMD} ${DESTDIR}/sbin ${MANDIR}/man8 ++ ${INSTALL_PROGRAM} unhide ${DESTDIR}/sbin/unhide ++ ${INSTALL_PROGRAM} unhide-tcp ${DESTDIR}/sbin/unhide-tcp ++ ${INSTALL_MAN} man/unhide.8 ${MANDIR}/man8 && \ ++ ${GZIP_CMD} ${MANDIR}/man8/unhide.8 ++ ${INSTALL_MAN} man/unhide-tcp.8 ${MANDIR}/man8 && \ ++ ${GZIP_CMD} ${MANDIR}/man8/unhide-tcp.8 diff --git a/security/unhide/pkg-descr b/security/unhide/pkg-descr new file mode 100644 index 000000000000..30c5845dcce3 --- /dev/null +++ b/security/unhide/pkg-descr @@ -0,0 +1,15 @@ +Unhide is a forensic tool to find hidden processes and TCP/UDP ports by +rootkits / LKMs or by another hidden technique. It consists of two +programs: unhide and unhide-tcp. + +unhide detects hidden processes through: + * Comparison of /proc vs /bin/ps output. + * Comparison of info gathered from /bin/ps with info gathered from. + * Syscalls (syscall scanning). + * Full PIDs space ocupation (PIDs bruteforcing). + +unhide-tcp identifies TCP/UDP ports that are listening but not listed in +/bin/netstat by doing brute forcing of all TCP/UDP ports availables. + + +WWW: http://http://www.security-projects.com/?Unhide/ |