system/unhide: Added (utility for discovering hidden processes)

Signed-off-by: Niels Horn <niels.horn@slackbuilds.org>

system/unhide/README

@@ -0,0 +1,12 @@
+Unhide is a forensic tool to find processes and TCP/UCP ports hidden by 
+rootkits, Linux kernel modules or by other techniques. It includes unhide
+and unhide-tcp.
+
+NOTES: The SlackBuild script builds only unhide-tcp and unhide-linux26.
+The original unhide for 2.4 kernels is not built for obvious reasons.
+unhide-linux26 has been linked to "unhide", as many apps (rkhunter, for
+example) expect to find it here. This is also the solution chosen by many
+distributions.
+
+Remember to run unhide as root only. Failing to do so could result in
+a massive arrival of false positives.

system/unhide/slack-desc

@@ -0,0 +1,12 @@
+#     |-----handy-ruler------------------------------------------------------|
+unhide: unhide (utility for discovering hidden processes)
+unhide:
+unhide: Unhide is a forensic tool to find porcesses and TCP/UCP ports hidden
+unhide: by rootkits, Linux kernel modules or by other techniques. It includes
+unhide: unhide-linux26 and unhide-tcp.
+unhide:
+unhide: http://www.unhide-forensics.info
+unhide:
+unhide:
+unhide:
+unhide:

system/unhide/unhide.SlackBuild

@@ -0,0 +1,96 @@
+#!/bin/sh
+
+# SlackBuild script for Unhide.
+
+# This script is of public domain. It can be distributed, modified and used as desired.
+# Based on the PorteusBuild written by the same author at www.porteus.org/forum
+
+# Black Rider [black_rider@esdebian.org]
+
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=unhide
+VERSION=20110113
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) ARCH=i486 ;;
+    arm*) ARCH=arm ;;
+       *) ARCH=$( uname -m ) ;;
+  esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tgz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+chmod -R u+w,go+r-w,a-s .
+
+# gcc --static unhide.c -o unhide  #### This is an obsolete version.
+gcc $SLKCFLAGS --static unhide-tcp.c -o unhide-tcp
+gcc $SLKCFLAGS -Wall --static -pthread unhide-linux26.c -o unhide-linux26
+
+# We put the binaries and documents in their right places
+mkdir -p $PKG/usr/sbin
+install -m0700 unhide-tcp unhide-linux26 $PKG/usr/sbin
+
+# We make a symlink so any call to "unhide" reaches "unhide-linux26". This is the 
+# solution accepted by many distributions.
+cd $PKG/usr/sbin
+  ln -s unhide-linux26 unhide
+cd -
+
+# Copy man pages
+mkdir -p $PKG/usr/man/{,es/,fr/}man8
+cp man/unhide{,-tcp}.8 $PKG/usr/man/man8
+cp man/es/unhide.8 $PKG/usr/man/es/man8
+cp man/fr/unhide.8 $PKG/usr/man/fr/man8
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp \
+  COPYING LEEME.txt LISEZ-MOI.TXT README.txt TODO changelog \
+  $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+cat $CWD/README > $PKG/usr/doc/$PRGNAM-$VERSION/README
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}

system/unhide/unhide.info

@@ -0,0 +1,10 @@
+PRGNAM="unhide"
+VERSION="20110113"
+HOMEPAGE="http://www.unhide-forensics.info"
+DOWNLOAD="http://downloads.sourceforge.net/unhide/unhide-20110113.tgz"
+MD5SUM="0dff8ee5029615f1f81db96dcf6758f7"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+MAINTAINER="Black Rider"
+EMAIL="black_rider@esdebian.org"
+APPROVED="Niels Horn"