debian/0000755000000000000000000000000012107507575007177 5ustar debian/copyright0000644000000000000000000000167412107507575011142 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: Unhide.rb Source: http://code.launchpad.net/unhide.rb Files: * Copyright: 2009, Johan Walles License: GPL-3+ Files: debian/* Copyright: 2011, Julien Valroff License: GPL-3+ License: GPL-3+ This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . On Debian systems, the full text of the GNU General Public License version 3 can be found in the file `/usr/share/common-licenses/GPL-3'. debian/lintian-overrides0000644000000000000000000000016312107507575012560 0ustar # The extension is part of the name of the application unhide.rb: script-with-language-extension usr/bin/unhide.rb debian/dirs0000644000000000000000000000003312107507575010057 0ustar usr/bin usr/share/man/man8 debian/changelog0000644000000000000000000000343112107507575011052 0ustar unhide.rb (22-1) unstable; urgency=low * New upstream snapshot (Closes: #698046): + Fix issues running with Ruby 1.9 + Identify processes hidden by the Jynx rootkit + Add kill(pid,0) PID scanner + Fix false positive on kernel threads when run as root * Acknowledge boutil's NMU * Update DEP-5 URI to the final location * Update package description to be more precise on how unhide.rb compares to the original unhide * Update to new policy 3.9.4 (no changes needed) * Bump dh compat to 9 -- Julien Valroff Fri, 15 Feb 2013 20:39:20 +0100 unhide.rb (13-1.1) unstable; urgency=high * Non-maintainer upload. * Set urgency to high, as a RC bug is fixed. * Use Ruby 1.8 instead of default Ruby 1.9 version. (Closes: #677650) + add debian/patches/use_ruby18.patch, changing the shebang of unhide.rb to /usr/bin/ruby1.8 as it contains code not compatible with Ruby 1.9, + Depends on ruby1.8 instead of ruby. -- Cédric Boutillier Tue, 04 Dec 2012 12:58:03 +0100 unhide.rb (13-1) unstable; urgency=low * New upstream snapshot: + Report suspicious things on stderr + Add a second run to filter out some false positives -- Julien Valroff Fri, 08 Jul 2011 07:41:10 +0200 unhide.rb (12-3) unstable; urgency=low * Fix maintainer address -- Julien Valroff Sun, 08 May 2011 13:52:18 +0200 unhide.rb (12-2) unstable; urgency=low * Update to new policy 3.9.2 (no changes needed) * Add rkhunter-propupd trigger call * Fix VCS-* fields -- Julien Valroff Sun, 01 May 2011 08:52:41 +0200 unhide.rb (12-1) unstable; urgency=low * Initial release. (Closes: #617956) -- Julien Valroff Sun, 20 Mar 2011 18:40:20 +0100 debian/control0000644000000000000000000000207712107507575010610 0ustar Source: unhide.rb Section: admin Priority: extra Maintainer: Debian Forensics Uploaders: Julien Valroff Build-Depends: debhelper (>= 9) Standards-Version: 3.9.4 Homepage: http://launchpad.net/unhide.rb Vcs-Browser: http://git.debian.org/?p=forensics/unhide.rb.git;a=summary Vcs-Git: git://git.debian.org/forensics/unhide.rb.git Package: unhide.rb Architecture: all Depends: ruby, ${misc:Depends} Suggests: rkhunter Description: Forensic tool to find processes hidden by rootkits Unhide.rb is a forensic tool to find processes hidden by rootkits. . It looks for active processes in many different ways. Processes found by some means but not others are considered to be "hidden", and are reported to the user. . Unhide.rb is a tentative of rewrite in Ruby of the original Unhide, which is written in C. While being much faster, it does not implement all the diagnostics of the original version. It is also less secure as it cannot be statically compiled. . This package can be used by rkhunter in its daily scans. debian/triggers0000644000000000000000000000003212107507575010743 0ustar activate rkhunter-propupd debian/source.lintian-overrides0000644000000000000000000000015412107507575014057 0ustar # No tarball is released, hence we cannot use any watch file unhide.rb source: debian-watch-file-is-missing debian/compat0000644000000000000000000000000212107507575010375 0ustar 9 debian/rules0000755000000000000000000000014512107507575010257 0ustar #!/usr/bin/make -f %: dh $@ override_dh_auto_install: $(MAKE) install PREFIX=debian/unhide.rb/usr debian/source/0000755000000000000000000000000012107507575010477 5ustar debian/source/format0000644000000000000000000000001412107507575011705 0ustar 3.0 (quilt)