1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370
|
2013-05-26
unhide-posix.c
- Transform 'ret' in global variable to avoid warnings
(note: ret variable was added to avoid warnings with some over pedantic
version of glibc and is otherwise useless).
2013-05-24
unhide-tcp.8 (spanish version), LEEME.txt
- update according to english version.
2013-03-03
unhide-posix.c
- Bugfix : Correct app name in banner of unhide-posix.
unhide-tcp.c
- Continue to simplify packager job:
* on FreeBSD use sockstat instead of fuser, which doesn't show info on internet socket
on this system.
README.txt, LISEZ-MOI.txt
- Add list of build-requires and use-requires
unhide-tcp.8 (french and english version)
- Add notes upon FreeBSD.
2013-02-03
unhide-output.h
- Bugfix : include <stdarg.h>, some old glibc need it
unhide-posix.c, unhide-output.c, unhide-tcp.c
- Simplify packager job:
* put OS specific command between #ifdef (they were previously commented),
* don't use ss by default in unhide-tcp if OS is not linux,
* on FreeBSD use sockstat instead of fuser, which doesn't show info on internet socket
on this system.
make_tarball.sh
- Change '_' to '-' in the name of the tarball
- Make sure that unhide files are in a unhide-YYYYMMDD directory.
2012-12-29
Promote unhide-tcp-double_check.c as official version of unhide-tcp. Old version
is still available as unhide-tcp-simple-check.c
unhide-linux, unhide-posix, unhide-tcp, unhide-tcp-simple-check, unhide_rb :
- update date of the version for official release.
2012-12-18
unhide-linux, unhide-posix, unhide-tcp, unhide_rb :
- update date of the version
unhide-tcp :
- Suppress 1 warning with some over pedantic version of glibc.
2012-12-12
unhide-linux :
- In unhide-linux-syscall, transform ret in global variable to avoid warning
(note ret variable was added to avoid warning with some over pedantic version of glibc
ans is otherwise useless).
Correct sched_getaffinity test in checkallnoprocps (it tested ret instead of errno).
unhide-tcp :
- Avoid to display the banner twice.
unhide_rb :
- Suppress warning.
2012-12-07
unhide-linux :
- Remove sysinfo from quick and sys test as it may give false positive.
unhide-tcp :
- Nice ourself to -20 to limit race condition while probing ports.
2012-10-07
unhide-linux :
- Go back to multi-lines output in printbadpid in order to display more known
information about the process.
2012-10-03
unhide-linux :
- Fix the name displayed for kernel thread (we used /proc/PID/wchan instead of
/proc/PID/comm).
2012-09-05
unhide-linux, unhide-tcp :
- Add test to verify we're run by root.
2012-09-02
unhide-linux :
- Remove useless calls to feof().
- Split unhide-linux.c in 5 files :
* unhide-linux-bruteforce.c
* unhide-linux.c
* unhide-linux-compound.c
* unhide-linux-procfs.c
* unhide-linux-syscall.c
- Add option '-o' as synonym for '-f'
- Add a parse_arg() function which use getopt_long().
- For found hidden processes, display the user and the working directory
as extracted from the process environment.
2012-08-31
unhide-linux :
- Use unhide-output routines for display and log.
- Change logfile filename to 'unhide-linux_AAAA-MM-DD.log'
- Add header file for unhide-linux
2012-08-22
unhide-tcp :
- Change the default tools to be ss instead of netstat.
- Replace option '-s' (use ss) by option '-n' (use netstat).
- Change option '-q' in '-s' with the same effect
2012-06-03
unhide-tcp :
- Thanks to a patch of Leandro Lucarella and additional work from
the unhide team, a major rewriting was done :
* Factorization & clean-up of the code
* Split the code in 4 files : unhide-tcp.c, unhide-fast.c, unhide-output.c
& unhide.h
* Add a new method for scanning ports via option '-q'
- Add a option '-s' to use ss command instead of nestat.
- Use getopt_long() to parse options and then add long option strings.
- Change logfile filename to 'unhide-tcp_AAAA-MM-DD.log'
- Many minor bug fixes (mainly display ones)
2012-03-18
unhide-linux26.c, unhide-posix.c, unhide-tcp.c :
- Change copyright attribution.
unhide_rb.c :
- Add banner display at start.
unhide-linux26.c :
- Change reserved process reserved for kernel from 299 to 300 for brute test.
- Add "-d" option for doing a double check in brute test, this reduce false positive number.
Thanks to François Boisson for the idea.
- Change log file name to unhide-linux.log
Documentation changes :
- Add example section in manpages.
- Indicate in bug section of manpages, the potential problem with sysinfo test.
2012-03-17
Important changes :
- Rename unhide-linux26.c to unhide-linux.c and unhide.c to unhide-posix.c.
- Update readme files and manpages to reflect the renaming
- Add unhide_rb description to readme files.
2012-03-11
unhide-linux26.c :
- Correct the number of processes displayed for /proc counting in sysinfo test.
unhide.c :
- Correct banner (POSIX -> UNIX).
Documentation changes :
- Update README.txt, LISEZ-MOI.txt and LEEME.txt to clarify difference between
unhide and unhide-linux26.
2012-03-10
unhide-linux26.c :
- Fix pedantic compilation warnings reported when using recent version of glibc.
- Change report messages of checksysinfoX tests to make them clearer.
- Update banner to indicate this version is for system using Linux >= 2.6
unhide.c :
- Update banner to indicate this is legacy version of unhide for system using
Linux < 2.6 or other UNIX system.
- Fix compilation warnings
2011-10-31
unhide-linux26.c :
- Add copyright and license output.
unhide-tcp.c :
- Add copyright and license output.
- Add -v, -V, -h, -l, -f, -o command line options.
- Add the capability to output fuser (-f) and/or lsof (-l) output for hidden port.
- Add the capability to create a log file (-o). File name is unhide-tcp.log
Documentation changes :
- Add a french manpage for unhide-tcp.
- Complete english manpage of unhide-tcp to reflect changes.
- Minor corrections in french manpage of unhide.
- Change compile command of unhide-tcp in README.txt, LISEZ-MOI.txt and LEEME.txt.
- Add info on unhide_rb in README.txt, LISEZ-MOI.txt and LEEME.txt.
- Update NEWS file.
2011-02-08
Documentation changes :
- Add a NEWS file
2011-01-13
All files :
- Replace reference to SourceForge with reference to new unhide web site in version string
man pages :
- Add spanish man pages
2010-11-21
unhide-linux26.c :
Development changes :
- Minor readability when generating program info for display
2010-11-21
unhide-linux26.c :
User visible changes :
- Add additional check to checkopendir when -m is specified.
- Correct warning message in additional check of checkchdir.
- Add sourceForge project URL in header
unhide.c :
- Add GPL disclaimer.
unhide-tcp.c :
- Add GPL disclaimer.
Documentation changes :
changelog :
- Fix an omission in 2010-11-14 Internal changes
man pages : Development changes :
- update french and english man pages wrt '-m' option and checkopendir
Development changes :
- Correct message of test#1 of sanity.sh
- Use procall in test#2 of sanity.sh instead of proc
2010-11-14
unhide-linux26.c :
User visible changes :
- Add ending time to log file.
- Add execution header to log file.
- Change date format to ISO 8601 one's in log file.
- Add warning, when selected, to log file.
- Update english and french man page to reflect the add of '-f' option.
Internal changes
- Close log file only if it is open.
- Factorize (f)printf to stdout & log.
Documentation changes :
README.txt & LISEZ-MOI.TXT
- Minor clarifications.
- Add description of all the files included in unhide
Development changes :
- Add a preliminary testsuite for unhide (sanity.sh)
2010-11-09
unhide-linux26.c :
User visible changes :
- Add a option (-f) to create a log file.
2010-10-16
Documentation changes :
LEEME.txt :
Correct compilation instruction.
Add reference to sourceforge site.
README.txt
Add reference to sourceforge site.
Correct typo.
LISEZ-MOI.TXT
Ajout du fichier
2010-09-23
unhide-linux26.c :
User visible changes :
- Add reference to sourceforge path to version string
Documentation changes :
- Update man page to reflect all the change made so far.
2010-09-23
unhide-linux26.c :
User visible changes :
- Add checkopendir test (also called by procfs and procall compound test)
- Also do opendir() test in reverse and quick tests.
- Add alternate sysinfo test (via -r option or checksysinfo2 test name)
It's a reorganised checksysinfo() to put uncritical instructions out of the critical part
It might (or not) work better on kernel patched for RT, preemption or latency.
- Make the output of hidden process on one line to facilitate parsing
- Display wchan if there is no cmdline and no exe link (sleeping kernel threads)
- Add -V version to show version and exit.
- The -v option can now be given more than once on command line.
- Correct the value returned by unhide
- Add the misssing new lines in most of the warnings (thanks to gordy for the report).
- Completely redo args parsing : now several tests can be simultaneously
entered on the command line.
- Add all elementary tests to the command line test list
- Add procall compound test command line args.
Internal changes
- Use printbadpid() in checkallnoprocps() as in other tests.
- Check the return of fgets in checkallreverse(), check of feof seems not to be
very reliable for a pipe, we sometime got the last line 2 times (thanks to gordy for the report).
- Also check it in checksysinfo & checksysinfo2
- Simplify and clarify test checksysinfo()
- Check for our own spawn ps process in reverse test to avoid false positive.
- Enhanced fake process detection in reverse test.
- Add a tests table to allow new command line parsing.
- Add management of several verbosity level.
- Correct a copy/past "typo", in checkps
- Correct an initialized fd use, that gcc don't report when -O2 isn't given on command line
- Minor optimizations of printf & sprintf calls.
Documentation changes :
- Add a warning about the generic version of unhide in README.txt (thanks to gordy for the report)
- Modify man page to add the -V option, correct typos and clarify quick test.
- Add -O2 option to compiling command line in README.txt
- Add a TODO file
2010-08-19
unhide-linux26.c :
- Add GPL v3 Disclaimer
- Add new test 'procfs' (via readdir & chdir)
- Add new test 'reverse'
- Add new test 'quick'
- Add option verbose (-v) to allow warning display
- Add option morecheck (-m), only affect procfs test for now
- Add option help (-h)
- Displace usage in usage() function
- Add Changelog file (this file)
- Rewamp command line parsing in main()
- Change checkps() parameter to allow more scalability
- Minor optimization in brute(), we tried to create 300 more processes than available.
- Minor optimization : avoid to test our own PID
- Update the man page and README.txt to reflect changes.
2010-02-01
unhide-linux26.c :
- Threads Brute Force added
- Add needed stuff (includes, defines, ...) to eliminate compilation warning. (Thanks to J. Walles)
- Correct a typo in checkps() where fich_tmp is used in place of fich_pgid (Thanks to P. Gouin)
- Corrected several FD leaks where files or pipes are read and closed even if they have failed to open. (Thanks to W. Doekes & P. Gouin)
- Add warning messages if file or pipe fails to open (compatible with rkhunter use of unhide) (Thanks to W. Doekes & P. Gouin)
- Add warning messages if a test is skipped (compatible with rkhunter use of unhide). (Thanks to P. Gouin)
- Correct removing of leading spaces which tests one char too far for end of string in checkps(). (Thanks to P. Gouin)
- Close fd in get_max_pid(). (Thanks to P. Gouin)
- Close cmd_file in printbadpid(). (Thanks to P. Gouin)
- Add display of test name in checkallnoprocps(). (Thanks to P. Gouin)
- Close fich_processo in checksysinfo() (Thanks to W. Doekes)
- Avoid potential buffer overflow in checksysinfo() (Thanks to W. Doekes)
- Correct allpids[] initialization in brute() (Thanks to W. Doekes)
- Modify brute as modifying allpid from within the forked process may have undefined results (Linux vfork() man page) (Thanks to P. Gouin)
- Add return to main() (Thanks to W. Doekes)
- Optimizations (Thanks to P. Gouin)
2009-08-10 (BETA)
-Improved maxpid routine (Thanks to Jan Iven)
-Improved false positives detection (Thanks to Jan Iven)
-Kill() syscall added (Thanks to Jan Iven)
-Fixed sched_getaffinity() bug (Thanks to Jan Iven)
-Some minor bug fixes
2008-05-19
-Fixed a race condition bug that showed false positives (Thanks to Johan Walles)
-Added manpages (Thanks to Francois Marier)
02-11-2007
-Minor bugfixes
-License added
-sysinfo() syscall added
28-12-2005
-Initial Release
|