Name:           unhide
Version:        1.0
Release:        1%{?dist}.20080519
Summary:        Tool to find hidden processes and TCP/UDP ports from rootkits

Group:          Applications/System
License:        GPLv3+
URL:            http://www.security-projects.com/?Unhide
Source0:        http://www.security-projects.com/unhide20080519.tgz
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

%description
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.

Unhide detects hidden processes using three techniques:

 - comparing the output of /proc and /bin/ps
 - comparing the information gathered from /bin/ps with the one gathered
   from system calls (syscall scanning)
 - full scan of the process ID space (PIDs bruteforcing)

unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.


%prep
%setup -q -n %{name}-20080519

%build
%{__cc} %{optflags} unhide-linux26.c -o unhide
%{__cc} %{optflags} unhide-tcp.c -o unhide-tcp


%install
rm -rf %{buildroot}
%{__install} -Dp -m0755 unhide %{buildroot}%{_sbindir}/unhide
%{__install} -Dp -m0755 unhide-tcp %{buildroot}%{_sbindir}/unhide-tcp
%{__install} -Dp -m0644 man/unhide.8 %{buildroot}%{_mandir}/man8/unhide.8
%{__install} -Dp -m0644 man/unhide-tcp.8 %{buildroot}%{_mandir}/man8/unhide-tcp.8

%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root,-)
%doc COPYING LEEME.txt README.txt
%doc %{_mandir}/man8/unhide.8*
%doc %{_mandir}/man8/unhide-tcp.8*
%{_sbindir}/unhide
%{_sbindir}/unhide-tcp

%changelog
* Sat Dec 06 2008 Rakesh Pandit <rakesh@fedoraproject.org> 1.0-1
- Fixed %%Version and %%Release fields.

* Fri Nov 07 2008 Rakesh Pandit <rakesh@fedoraproject.org> 20080519-2
- Clear %%install, consistency of macro use

* Tue Nov 04 2008 Rakesh Pandit <rakesh@fedoraproject.org> 20080519-1
- Initial package