├── .coveralls.yml ├── .gitignore ├── .gitmodules ├── .travis.yml ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── Makefile.dep ├── README.md ├── TODO.md ├── beurk.conf ├── client.py ├── includes ├── beurk.h ├── debug.h └── hooks.h ├── reconfigure ├── src ├── cleanup_login_records.c ├── debug.c ├── drop_shell_backdoor.c ├── hide_tcp_ports.c ├── hooks │ ├── __lxstat.c │ ├── __lxstat64.c │ ├── __xstat.c │ ├── __xstat64.c │ ├── accept.c │ ├── access.c │ ├── fopen.c │ ├── fopen64.c │ ├── link.c │ ├── lstat.c │ ├── lstat64.c │ ├── open.c │ ├── readdir.c │ ├── readdir64.c │ ├── rmdir.c │ ├── stat.c │ ├── stat64.c │ ├── unlink.c │ └── unlinkat.c ├── init.c ├── is_attacker.c ├── is_hidden_file.c └── is_procnet.c ├── tests ├── functional │ ├── README.md │ ├── anti-anti-rootkit │ │ ├── .gitkeep │ │ ├── chkrootkit.sh │ │ ├── lynis.sh │ │ ├── ossec.sh │ │ ├── rkhunter.sh │ │ └── tiger.sh │ ├── is_hidden │ │ ├── files.test │ │ ├── ldd.sh │ │ ├── lsof.sh │ │ ├── ps.sh │ │ └── utmp.test │ ├── run.sh │ └── victim-side-stability │ │ └── .gitkeep └── quick │ ├── builder │ └── makefile.sh │ ├── ci │ ├── check_commits_history.sh │ └── check_gplv3_headers.py │ ├── client │ ├── client.sh │ ├── connectivity │ │ └── .gitkeep │ └── unittest │ │ └── .gitkeep │ └── core │ ├── binary-leaks │ └── .gitkeep │ ├── dso_functions_visibility │ ├── run.sh │ └── test.c │ ├── hooks │ ├── README.txt │ ├── accept.c │ ├── access.c │ ├── fopen.c │ ├── link.c │ ├── lstat.c │ ├── open.c │ ├── readdir.c │ ├── rmdir.c │ ├── run.py │ ├── stat.c │ ├── unlink.c │ └── unlinkat.c │ ├── internal-api │ ├── Makefile │ ├── beurk.h │ ├── cleanup_login_records.c │ ├── config.h │ ├── drop_shell_backdoor.c │ ├── hide_tcp_ports.c │ ├── hide_tcp_ports │ │ ├── proc-net-tcp-with-hidden_port.txt │ │ └── proc-net-tcp-without-hidden_port.txt │ ├── hooks.h │ ├── is_attacker.c │ ├── is_hidden_file.c │ ├── is_procnet.c │ ├── main.c │ ├── open.c │ ├── run.sh │ └── tests.h │ └── internal_hooks_calls.py └── utils ├── README.md ├── commit-msg ├── commit-msg.py ├── coverage.py ├── deploy_git_hooks.sh ├── jenkins-tests.sh ├── run-tests.sh └── socat-client.sh /.coveralls.yml: -------------------------------------------------------------------------------- 1 | repo_token: FPeZTCz31TZ3dX57h0QLVPm4sMn3C9JQz 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/.gitignore -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/.gitmodules -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/.travis.yml -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/LICENSE -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/Makefile -------------------------------------------------------------------------------- /Makefile.dep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/Makefile.dep -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/README.md -------------------------------------------------------------------------------- /TODO.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/TODO.md -------------------------------------------------------------------------------- /beurk.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/beurk.conf -------------------------------------------------------------------------------- /client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/client.py -------------------------------------------------------------------------------- /includes/beurk.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/includes/beurk.h -------------------------------------------------------------------------------- /includes/debug.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/includes/debug.h -------------------------------------------------------------------------------- /includes/hooks.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/includes/hooks.h -------------------------------------------------------------------------------- /reconfigure: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/reconfigure -------------------------------------------------------------------------------- /src/cleanup_login_records.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/cleanup_login_records.c -------------------------------------------------------------------------------- /src/debug.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/debug.c -------------------------------------------------------------------------------- /src/drop_shell_backdoor.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/drop_shell_backdoor.c -------------------------------------------------------------------------------- /src/hide_tcp_ports.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hide_tcp_ports.c -------------------------------------------------------------------------------- /src/hooks/__lxstat.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/__lxstat.c -------------------------------------------------------------------------------- /src/hooks/__lxstat64.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/__lxstat64.c -------------------------------------------------------------------------------- /src/hooks/__xstat.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/__xstat.c -------------------------------------------------------------------------------- /src/hooks/__xstat64.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/__xstat64.c -------------------------------------------------------------------------------- /src/hooks/accept.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/accept.c -------------------------------------------------------------------------------- /src/hooks/access.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/access.c -------------------------------------------------------------------------------- /src/hooks/fopen.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/fopen.c -------------------------------------------------------------------------------- /src/hooks/fopen64.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/fopen64.c -------------------------------------------------------------------------------- /src/hooks/link.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/link.c -------------------------------------------------------------------------------- /src/hooks/lstat.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/lstat.c -------------------------------------------------------------------------------- /src/hooks/lstat64.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/lstat64.c -------------------------------------------------------------------------------- /src/hooks/open.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/open.c -------------------------------------------------------------------------------- /src/hooks/readdir.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/readdir.c -------------------------------------------------------------------------------- /src/hooks/readdir64.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/readdir64.c -------------------------------------------------------------------------------- /src/hooks/rmdir.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/rmdir.c -------------------------------------------------------------------------------- /src/hooks/stat.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/stat.c -------------------------------------------------------------------------------- /src/hooks/stat64.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/stat64.c -------------------------------------------------------------------------------- /src/hooks/unlink.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/unlink.c -------------------------------------------------------------------------------- /src/hooks/unlinkat.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/hooks/unlinkat.c -------------------------------------------------------------------------------- /src/init.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/init.c -------------------------------------------------------------------------------- /src/is_attacker.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/is_attacker.c -------------------------------------------------------------------------------- /src/is_hidden_file.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/is_hidden_file.c -------------------------------------------------------------------------------- /src/is_procnet.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/src/is_procnet.c -------------------------------------------------------------------------------- /tests/functional/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/functional/README.md -------------------------------------------------------------------------------- /tests/functional/anti-anti-rootkit/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/functional/anti-anti-rootkit/chkrootkit.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/functional/anti-anti-rootkit/lynis.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/functional/anti-anti-rootkit/ossec.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/functional/anti-anti-rootkit/rkhunter.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/functional/anti-anti-rootkit/tiger.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/functional/is_hidden/files.test: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/functional/is_hidden/files.test -------------------------------------------------------------------------------- /tests/functional/is_hidden/ldd.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/functional/is_hidden/lsof.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/functional/is_hidden/ps.sh: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/functional/is_hidden/utmp.test: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/functional/is_hidden/utmp.test -------------------------------------------------------------------------------- /tests/functional/run.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/functional/run.sh -------------------------------------------------------------------------------- /tests/functional/victim-side-stability/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/quick/builder/makefile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/builder/makefile.sh -------------------------------------------------------------------------------- /tests/quick/ci/check_commits_history.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/ci/check_commits_history.sh -------------------------------------------------------------------------------- /tests/quick/ci/check_gplv3_headers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/ci/check_gplv3_headers.py -------------------------------------------------------------------------------- /tests/quick/client/client.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/client/client.sh -------------------------------------------------------------------------------- /tests/quick/client/connectivity/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/quick/client/unittest/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/quick/core/binary-leaks/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tests/quick/core/dso_functions_visibility/run.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/dso_functions_visibility/run.sh -------------------------------------------------------------------------------- /tests/quick/core/dso_functions_visibility/test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/dso_functions_visibility/test.c -------------------------------------------------------------------------------- /tests/quick/core/hooks/README.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/hooks/README.txt -------------------------------------------------------------------------------- /tests/quick/core/hooks/accept.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/hooks/accept.c -------------------------------------------------------------------------------- /tests/quick/core/hooks/access.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(void) { 4 | access("tata", 0); 5 | } 6 | -------------------------------------------------------------------------------- /tests/quick/core/hooks/fopen.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/hooks/fopen.c -------------------------------------------------------------------------------- /tests/quick/core/hooks/link.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(void) { 4 | link("foo", "bar"); 5 | } 6 | -------------------------------------------------------------------------------- /tests/quick/core/hooks/lstat.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/hooks/lstat.c -------------------------------------------------------------------------------- /tests/quick/core/hooks/open.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/hooks/open.c -------------------------------------------------------------------------------- /tests/quick/core/hooks/readdir.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/hooks/readdir.c -------------------------------------------------------------------------------- /tests/quick/core/hooks/rmdir.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(void) { 4 | rmdir("tata"); 5 | } 6 | -------------------------------------------------------------------------------- /tests/quick/core/hooks/run.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/hooks/run.py -------------------------------------------------------------------------------- /tests/quick/core/hooks/stat.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/hooks/stat.c -------------------------------------------------------------------------------- /tests/quick/core/hooks/unlink.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(void) { 4 | unlink("foo"); 5 | } 6 | -------------------------------------------------------------------------------- /tests/quick/core/hooks/unlinkat.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(void) { 4 | unlinkat(42, "foo", 0); 5 | } 6 | -------------------------------------------------------------------------------- /tests/quick/core/internal-api/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/Makefile -------------------------------------------------------------------------------- /tests/quick/core/internal-api/beurk.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/beurk.h -------------------------------------------------------------------------------- /tests/quick/core/internal-api/cleanup_login_records.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/cleanup_login_records.c -------------------------------------------------------------------------------- /tests/quick/core/internal-api/config.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/config.h -------------------------------------------------------------------------------- /tests/quick/core/internal-api/drop_shell_backdoor.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/drop_shell_backdoor.c -------------------------------------------------------------------------------- /tests/quick/core/internal-api/hide_tcp_ports.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/hide_tcp_ports.c -------------------------------------------------------------------------------- /tests/quick/core/internal-api/hide_tcp_ports/proc-net-tcp-with-hidden_port.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/hide_tcp_ports/proc-net-tcp-with-hidden_port.txt -------------------------------------------------------------------------------- /tests/quick/core/internal-api/hide_tcp_ports/proc-net-tcp-without-hidden_port.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/hide_tcp_ports/proc-net-tcp-without-hidden_port.txt -------------------------------------------------------------------------------- /tests/quick/core/internal-api/hooks.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/hooks.h -------------------------------------------------------------------------------- /tests/quick/core/internal-api/is_attacker.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/is_attacker.c -------------------------------------------------------------------------------- /tests/quick/core/internal-api/is_hidden_file.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/is_hidden_file.c -------------------------------------------------------------------------------- /tests/quick/core/internal-api/is_procnet.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/is_procnet.c -------------------------------------------------------------------------------- /tests/quick/core/internal-api/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/main.c -------------------------------------------------------------------------------- /tests/quick/core/internal-api/open.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/open.c -------------------------------------------------------------------------------- /tests/quick/core/internal-api/run.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/run.sh -------------------------------------------------------------------------------- /tests/quick/core/internal-api/tests.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal-api/tests.h -------------------------------------------------------------------------------- /tests/quick/core/internal_hooks_calls.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/tests/quick/core/internal_hooks_calls.py -------------------------------------------------------------------------------- /utils/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/utils/README.md -------------------------------------------------------------------------------- /utils/commit-msg: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | exec < /dev/tty 3 | python2 utils/commit-msg.py $1 4 | -------------------------------------------------------------------------------- /utils/commit-msg.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/utils/commit-msg.py -------------------------------------------------------------------------------- /utils/coverage.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/utils/coverage.py -------------------------------------------------------------------------------- /utils/deploy_git_hooks.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/utils/deploy_git_hooks.sh -------------------------------------------------------------------------------- /utils/jenkins-tests.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/utils/jenkins-tests.sh -------------------------------------------------------------------------------- /utils/run-tests.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/utils/run-tests.sh -------------------------------------------------------------------------------- /utils/socat-client.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/unix-thrust/beurk/HEAD/utils/socat-client.sh --------------------------------------------------------------------------------