2013-05-26 unhide-posix.c - Transform 'ret' in global variable to avoid warnings (note: ret variable was added to avoid warnings with some over pedantic version of glibc and is otherwise useless). 2013-05-24 unhide-tcp.8 (spanish version), LEEME.txt - update according to english version. 2013-03-03 unhide-posix.c - Bugfix : Correct app name in banner of unhide-posix. unhide-tcp.c - Continue to simplify packager job: * on FreeBSD use sockstat instead of fuser, which doesn't show info on internet socket on this system. README.txt, LISEZ-MOI.txt - Add list of build-requires and use-requires unhide-tcp.8 (french and english version) - Add notes upon FreeBSD. 2013-02-03 unhide-output.h - Bugfix : include <stdarg.h>, some old glibc need it unhide-posix.c, unhide-output.c, unhide-tcp.c - Simplify packager job: * put OS specific command between #ifdef (they were previously commented), * don't use ss by default in unhide-tcp if OS is not linux, * on FreeBSD use sockstat instead of fuser, which doesn't show info on internet socket on this system. make_tarball.sh - Change '_' to '-' in the name of the tarball - Make sure that unhide files are in a unhide-YYYYMMDD directory. 2012-12-29 Promote unhide-tcp-double_check.c as official version of unhide-tcp. Old version is still available as unhide-tcp-simple-check.c unhide-linux, unhide-posix, unhide-tcp, unhide-tcp-simple-check, unhide_rb : - update date of the version for official release. 2012-12-18 unhide-linux, unhide-posix, unhide-tcp, unhide_rb : - update date of the version unhide-tcp : - Suppress 1 warning with some over pedantic version of glibc. 2012-12-12 unhide-linux : - In unhide-linux-syscall, transform ret in global variable to avoid warning (note ret variable was added to avoid warning with some over pedantic version of glibc ans is otherwise useless). Correct sched_getaffinity test in checkallnoprocps (it tested ret instead of errno). unhide-tcp : - Avoid to display the banner twice. unhide_rb : - Suppress warning. 2012-12-07 unhide-linux : - Remove sysinfo from quick and sys test as it may give false positive. unhide-tcp : - Nice ourself to -20 to limit race condition while probing ports. 2012-10-07 unhide-linux : - Go back to multi-lines output in printbadpid in order to display more known information about the process. 2012-10-03 unhide-linux : - Fix the name displayed for kernel thread (we used /proc/PID/wchan instead of /proc/PID/comm). 2012-09-05 unhide-linux, unhide-tcp : - Add test to verify we're run by root. 2012-09-02 unhide-linux : - Remove useless calls to feof(). - Split unhide-linux.c in 5 files : * unhide-linux-bruteforce.c * unhide-linux.c * unhide-linux-compound.c * unhide-linux-procfs.c * unhide-linux-syscall.c - Add option '-o' as synonym for '-f' - Add a parse_arg() function which use getopt_long(). - For found hidden processes, display the user and the working directory as extracted from the process environment. 2012-08-31 unhide-linux : - Use unhide-output routines for display and log. - Change logfile filename to 'unhide-linux_AAAA-MM-DD.log' - Add header file for unhide-linux 2012-08-22 unhide-tcp : - Change the default tools to be ss instead of netstat. - Replace option '-s' (use ss) by option '-n' (use netstat). - Change option '-q' in '-s' with the same effect 2012-06-03 unhide-tcp : - Thanks to a patch of Leandro Lucarella and additional work from the unhide team, a major rewriting was done : * Factorization & clean-up of the code * Split the code in 4 files : unhide-tcp.c, unhide-fast.c, unhide-output.c & unhide.h * Add a new method for scanning ports via option '-q' - Add a option '-s' to use ss command instead of nestat. - Use getopt_long() to parse options and then add long option strings. - Change logfile filename to 'unhide-tcp_AAAA-MM-DD.log' - Many minor bug fixes (mainly display ones) 2012-03-18 unhide-linux26.c, unhide-posix.c, unhide-tcp.c : - Change copyright attribution. unhide_rb.c : - Add banner display at start. unhide-linux26.c : - Change reserved process reserved for kernel from 299 to 300 for brute test. - Add "-d" option for doing a double check in brute test, this reduce false positive number. Thanks to François Boisson for the idea. - Change log file name to unhide-linux.log Documentation changes : - Add example section in manpages. - Indicate in bug section of manpages, the potential problem with sysinfo test. 2012-03-17 Important changes : - Rename unhide-linux26.c to unhide-linux.c and unhide.c to unhide-posix.c. - Update readme files and manpages to reflect the renaming - Add unhide_rb description to readme files. 2012-03-11 unhide-linux26.c : - Correct the number of processes displayed for /proc counting in sysinfo test. unhide.c : - Correct banner (POSIX -> UNIX). Documentation changes : - Update README.txt, LISEZ-MOI.txt and LEEME.txt to clarify difference between unhide and unhide-linux26. 2012-03-10 unhide-linux26.c : - Fix pedantic compilation warnings reported when using recent version of glibc. - Change report messages of checksysinfoX tests to make them clearer. - Update banner to indicate this version is for system using Linux >= 2.6 unhide.c : - Update banner to indicate this is legacy version of unhide for system using Linux < 2.6 or other UNIX system. - Fix compilation warnings 2011-10-31 unhide-linux26.c : - Add copyright and license output. unhide-tcp.c : - Add copyright and license output. - Add -v, -V, -h, -l, -f, -o command line options. - Add the capability to output fuser (-f) and/or lsof (-l) output for hidden port. - Add the capability to create a log file (-o). File name is unhide-tcp.log Documentation changes : - Add a french manpage for unhide-tcp. - Complete english manpage of unhide-tcp to reflect changes. - Minor corrections in french manpage of unhide. - Change compile command of unhide-tcp in README.txt, LISEZ-MOI.txt and LEEME.txt. - Add info on unhide_rb in README.txt, LISEZ-MOI.txt and LEEME.txt. - Update NEWS file. 2011-02-08 Documentation changes : - Add a NEWS file 2011-01-13 All files : - Replace reference to SourceForge with reference to new unhide web site in version string man pages : - Add spanish man pages 2010-11-21 unhide-linux26.c : Development changes : - Minor readability when generating program info for display 2010-11-21 unhide-linux26.c : User visible changes : - Add additional check to checkopendir when -m is specified. - Correct warning message in additional check of checkchdir. - Add sourceForge project URL in header unhide.c : - Add GPL disclaimer. unhide-tcp.c : - Add GPL disclaimer. Documentation changes : changelog : - Fix an omission in 2010-11-14 Internal changes man pages : Development changes : - update french and english man pages wrt '-m' option and checkopendir Development changes : - Correct message of test#1 of sanity.sh - Use procall in test#2 of sanity.sh instead of proc 2010-11-14 unhide-linux26.c : User visible changes : - Add ending time to log file. - Add execution header to log file. - Change date format to ISO 8601 one's in log file. - Add warning, when selected, to log file. - Update english and french man page to reflect the add of '-f' option. Internal changes - Close log file only if it is open. - Factorize (f)printf to stdout & log. Documentation changes : README.txt & LISEZ-MOI.TXT - Minor clarifications. - Add description of all the files included in unhide Development changes : - Add a preliminary testsuite for unhide (sanity.sh) 2010-11-09 unhide-linux26.c : User visible changes : - Add a option (-f) to create a log file. 2010-10-16 Documentation changes : LEEME.txt : Correct compilation instruction. Add reference to sourceforge site. README.txt Add reference to sourceforge site. Correct typo. LISEZ-MOI.TXT Ajout du fichier 2010-09-23 unhide-linux26.c : User visible changes : - Add reference to sourceforge path to version string Documentation changes : - Update man page to reflect all the change made so far. 2010-09-23 unhide-linux26.c : User visible changes : - Add checkopendir test (also called by procfs and procall compound test) - Also do opendir() test in reverse and quick tests. - Add alternate sysinfo test (via -r option or checksysinfo2 test name) It's a reorganised checksysinfo() to put uncritical instructions out of the critical part It might (or not) work better on kernel patched for RT, preemption or latency. - Make the output of hidden process on one line to facilitate parsing - Display wchan if there is no cmdline and no exe link (sleeping kernel threads) - Add -V version to show version and exit. - The -v option can now be given more than once on command line. - Correct the value returned by unhide - Add the misssing new lines in most of the warnings (thanks to gordy for the report). - Completely redo args parsing : now several tests can be simultaneously entered on the command line. - Add all elementary tests to the command line test list - Add procall compound test command line args. Internal changes - Use printbadpid() in checkallnoprocps() as in other tests. - Check the return of fgets in checkallreverse(), check of feof seems not to be very reliable for a pipe, we sometime got the last line 2 times (thanks to gordy for the report). - Also check it in checksysinfo & checksysinfo2 - Simplify and clarify test checksysinfo() - Check for our own spawn ps process in reverse test to avoid false positive. - Enhanced fake process detection in reverse test. - Add a tests table to allow new command line parsing. - Add management of several verbosity level. - Correct a copy/past "typo", in checkps - Correct an initialized fd use, that gcc don't report when -O2 isn't given on command line - Minor optimizations of printf & sprintf calls. Documentation changes : - Add a warning about the generic version of unhide in README.txt (thanks to gordy for the report) - Modify man page to add the -V option, correct typos and clarify quick test. - Add -O2 option to compiling command line in README.txt - Add a TODO file 2010-08-19 unhide-linux26.c : - Add GPL v3 Disclaimer - Add new test 'procfs' (via readdir & chdir) - Add new test 'reverse' - Add new test 'quick' - Add option verbose (-v) to allow warning display - Add option morecheck (-m), only affect procfs test for now - Add option help (-h) - Displace usage in usage() function - Add Changelog file (this file) - Rewamp command line parsing in main() - Change checkps() parameter to allow more scalability - Minor optimization in brute(), we tried to create 300 more processes than available. - Minor optimization : avoid to test our own PID - Update the man page and README.txt to reflect changes. 2010-02-01 unhide-linux26.c : - Threads Brute Force added - Add needed stuff (includes, defines, ...) to eliminate compilation warning. (Thanks to J. Walles) - Correct a typo in checkps() where fich_tmp is used in place of fich_pgid (Thanks to P. Gouin) - Corrected several FD leaks where files or pipes are read and closed even if they have failed to open. (Thanks to W. Doekes & P. Gouin) - Add warning messages if file or pipe fails to open (compatible with rkhunter use of unhide) (Thanks to W. Doekes & P. Gouin) - Add warning messages if a test is skipped (compatible with rkhunter use of unhide). (Thanks to P. Gouin) - Correct removing of leading spaces which tests one char too far for end of string in checkps(). (Thanks to P. Gouin) - Close fd in get_max_pid(). (Thanks to P. Gouin) - Close cmd_file in printbadpid(). (Thanks to P. Gouin) - Add display of test name in checkallnoprocps(). (Thanks to P. Gouin) - Close fich_processo in checksysinfo() (Thanks to W. Doekes) - Avoid potential buffer overflow in checksysinfo() (Thanks to W. Doekes) - Correct allpids[] initialization in brute() (Thanks to W. Doekes) - Modify brute as modifying allpid from within the forked process may have undefined results (Linux vfork() man page) (Thanks to P. Gouin) - Add return to main() (Thanks to W. Doekes) - Optimizations (Thanks to P. Gouin) 2009-08-10 (BETA) -Improved maxpid routine (Thanks to Jan Iven) -Improved false positives detection (Thanks to Jan Iven) -Kill() syscall added (Thanks to Jan Iven) -Fixed sched_getaffinity() bug (Thanks to Jan Iven) -Some minor bug fixes 2008-05-19 -Fixed a race condition bug that showed false positives (Thanks to Johan Walles) -Added manpages (Thanks to Francois Marier) 02-11-2007 -Minor bugfixes -License added -sysinfo() syscall added 28-12-2005 -Initial Release