Current Stable Version:
[ Changelog ]
- unhide-linux26.c was renamed to unhide-linux.c
- unhide.c was renamed to unhide-posix.c
- The log file of unhide-linux is renamed 'unhide-linux_AAAA-MM-DD.log'
- The log file of unhide-tcp is named 'unhide-tcp_AAAA-MM-DD.log'
- By default, unhide-tcp now use /sbin/ss from iproute2 package, to use netstat as before '-n' option must be given on command line.
- Display is more verbose and multi-lines for hidden processes (unhide-linux).
- If asked to (-l and/or -f), display is more verbose and multi-lines for hidden ports (unhide-tcp).
- sysinfo test is no more called as part of compound quick and sys tests as it may give false positives.
It could still be run using the checksysinfo, checksysinfo2 or checksysinfo3 command line parameter.
- Major enhancement of unhide-tcp :
* Add capability to output a log file (unhide-tcp_AAA-MM-DD.log)
* Add capability to output more information (via lsof and/or fuser) on hidden port if available
* Add verbose mode (disabled by default) to display warning
* Add a new method (via option '-s') very fast on system with huge number of opened ports
* Make a double check of port access to avoid false positive (previous single check version is available as unhide-tcp-simple-check.c if needed).
- Add a quick port in C language of unhide.rb (unhide_rb.c) and guess what ... it's 40 times faster than original ruby unhide.rb
Note: unhide_rb doesn't take any option.
- Add "-d" option for doing a double check in brute test, this reduce false positives.
- Add "-o" option as synonym of "-f".
- For found hidden processes, display the user and the working directoryas extracted from the process environment.
Note that it doesn't work well for kernel processes/threads nor for deamons.
- For found hidden processes, display cmdline, exe link and internal command name.
- Add french and spanish man page for unhide-tcp
- Update english manpage of unhide-tcp to reflect changes
- Minor corrections in french manpage of unhide
- Display copyright and license information in start banners.
- Make message from sysinfo tests more clear.
- Add a NEWS file :)
- Update README.txt, LISEZ-MOI.txt and LEEME.txt to clarify difference between
unhide-posix and unhide-linux.
- Remove sysinfo test from quick and sys compound tests as it may give false positive.
sysinfo test still can be used via the checksysinfo[2|3] command line parameters.
- Suppress pedantic compilation warnings (glibc >=2.3, gcc >=4.6).
- Correct the number of processes displayed for /proc counting in sysinfo test.