Unhide (x86 and x86_64)

This section is designed for your 'porteus build scripts' which create Porteus modules for your favorite applications. Scripts should work like the well-known 'SlackBuilds' with minimum user interaction.
User avatar
BlackRider
Black ninja
Black ninja
Posts: 70
Joined: 13 Jul 2011, 11:04
Location: Nowhere
Contact:

Unhide (x86 and x86_64)

Post#1 by BlackRider » 17 Jul 2011, 22:31

Unhide is a forensic tool to find porcesses and TCP/UCP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes
unhide and unhide-tcp.
I have packaged this PorteusBuild pack to emulate the packaging process
of SlackBuilds. To compile and create the package, just place the source
tarball in the same folder as the uncompressed script
(unhide.PorteusBuild). Then, execute the script with root privileges.

A package will be generated in /tmp

I have included the source for convenience, but I encourage the users to go
to the project's website and download the original source.

NOTES: The PorteusBuild script builds only unhide-tcp and unhide-linux26.
unhide-linux26 has been linked so any call to "unhide" reaches the same binary.
This is what many distributions seem to be doing

Remember to run unhide as root only. Failing to do so could result in
a massive arrival of false positives.

---------------------------------------
unhide website: http://www.unhide-forensics.info
unhide's source: http://porteus.olympe-network.com/black ... 110113.tgz
MD5 checksum for the source: 0dff8ee5029615f1f81db96dcf6758f7
SHA512 checksum for the source:d7b30ab3ac89777cd9390768c169b2
2aa0d0332efe258c21183b9ca2391f3ef18448876ce593be9ec5fc6619194
83f2807d1e6a6f54c6e137d601d02a5edf58a
---------------------------------------

This build pack has been tested on Porteus v1.0 x86_64, but there is no reason to think it won't work on old good x86.
Download link for the build pack:
http://porteus.olympe-network.com/black ... sBuild.tar