forked from Lainports/freebsd-ports
ff0a927b57
rootkits / LKMs or by another hidden technique. It consists of two programs: unhide and unhide-tcp. unhide detects hidden processes through: * Comparison of /proc vs /bin/ps output. * Comparison of info gathered from /bin/ps with info gathered from. * Syscalls (syscall scanning). * Full PIDs space ocupation (PIDs bruteforcing). unhide-tcp identifies TCP/UDP ports that are listening but not listed in /bin/netstat by doing brute forcing of all TCP/UDP ports availables. WWW: http://http://www.security-projects.com/?Unhide/ PR: ports/132131 Submitted by: Nikos Ntarmos <ntarmos@cs.uoi.gr>
22 lines
738 B
Text
22 lines
738 B
Text
--- /dev/null 2009-02-26 16:27:00.000000000 +0200
|
|
+++ Makefile 2009-02-26 16:26:45.000000000 +0200
|
|
@@ -0,0 +1,19 @@
|
|
+DESTDIR := /usr/local
|
|
+MANDIR := ${DESTDIR}/man
|
|
+INSTALL_PROGRAM := /usr/bin/install -s -m 0700
|
|
+INSTALL_MAN := /usr/bin/install -m 0444
|
|
+GZIP_CMD := /usr/bin/gzip -9
|
|
+MKDIR_CMD := /bin/mkdir -p
|
|
+
|
|
+all:
|
|
+ gcc unhide.c -o unhide
|
|
+ gcc unhide-tcp.c -o unhide-tcp
|
|
+
|
|
+install: all
|
|
+ ${MKDIR_CMD} ${DESTDIR}/sbin ${MANDIR}/man8
|
|
+ ${INSTALL_PROGRAM} unhide ${DESTDIR}/sbin/unhide
|
|
+ ${INSTALL_PROGRAM} unhide-tcp ${DESTDIR}/sbin/unhide-tcp
|
|
+ ${INSTALL_MAN} man/unhide.8 ${MANDIR}/man8 && \
|
|
+ ${GZIP_CMD} ${MANDIR}/man8/unhide.8
|
|
+ ${INSTALL_MAN} man/unhide-tcp.8 ${MANDIR}/man8 && \
|
|
+ ${GZIP_CMD} ${MANDIR}/man8/unhide-tcp.8
|