[Forensics-changes] [SCM] debian-forensics/unhide.rb branch, master, updated. debian/13-1-2-gfaf646b

Julien Valroff julien at kirya.net
Tue Oct 25 18:30:25 UTC 2011


The following commit has been merged in the master branch:
commit faf646bc2b9f00dec18340d2e2a6e909450ab8e2
Author: Julien Valroff <julien at kirya.net>
Date:   Tue Oct 25 20:30:21 2011 +0200

    Update package description to be more precise on how unhide.rb compares to the original unhide

diff --git a/debian/changelog b/debian/changelog
index fb08827..4c323c5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,10 @@
 unhide.rb (13-2) unstable; urgency=low
 
   * Update DEP-5 uri
+  * Update package description to be more precise on how unhide.rb compares to
+    the original unhide 
 
- -- Julien Valroff <julien at debian.org>  Sun, 18 Sep 2011 14:54:24 +0200
+ -- Julien Valroff <julien at debian.org>  Tue, 25 Oct 2011 20:29:40 +0200
 
 unhide.rb (13-1) unstable; urgency=low
 
diff --git a/debian/control b/debian/control
index ee23910..d15d884 100644
--- a/debian/control
+++ b/debian/control
@@ -14,11 +14,15 @@ Architecture: all
 Depends: ruby, ${misc:Depends}
 Suggests: rkhunter
 Description: Forensic tool to find processes hidden by rootkits
- Unhide.rb is a reimplementation of unhide in Ruby.
+ Unhide.rb is a forensic tool to find processes hidden by rootkits.
  .
- It currently does the does the same checks as "unhide proc" and "unhide sys",
- while being about 10x faster than the original C code.
+ It looks for active processes in many different ways. Processes found by
+ some means but not others are considered to be "hidden", and are reported
+ to the user.
  .
- It also has better diagnostics when hidden processes are found.
+ Unhide.rb is a tentative of rewrite in Ruby of the original Unhide, which
+ is written in C. While being much faster, it does not implement all the
+ diagnostics of the original version. It is also less secure as it cannot
+ be statically compiled.
  .
  This package can be used by rkhunter in its daily scans.

-- 
debian-forensics/unhide.rb



More information about the forensics-changes mailing list