# Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**> # # Nemo vir est qui mundum non reddat meliorem. # # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from os.path import dirname, basename from maybe import T, register_filter, full_path def filter_move(path_old, path_new): if dirname(path_old) == dirname(path_new): label = "rename" path_new = basename(path_new) else: label = "move" return "%s %s to %s" % (T.green(label), T.underline(path_old), T.underline(path_new)), 0 filter_scope = "move" register_filter(filter_scope, "rename", lambda pid, args: filter_move(full_path(pid, args[0]), full_path(pid, args[1]))) register_filter(filter_scope, "renameat", lambda pid, args: filter_move(full_path(pid, args[1], args[0]), full_path(pid, args[3], args[2]))) register_filter(filter_scope, "renameat2", lambda pid, args: filter_move(full_path(pid, args[1], args[0]), full_path(pid, args[3], args[2])))
# maybe - see what a program does before deciding whether you really want it to happen # # Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**> # # Nemo vir est qui mundum non reddat meliorem. # # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from maybe import T, register_filter, full_path def filter_delete(path): return "%s %s" % (T.red("delete"), T.underline(path)), 0 filter_scope = "delete" register_filter(filter_scope, "unlink", lambda pid, args: filter_delete(full_path(pid, args[0]))) register_filter(filter_scope, "unlinkat", lambda pid, args: filter_delete(full_path(pid, args[1], args[0]))) register_filter(filter_scope, "rmdir", lambda pid, args: filter_delete(full_path(pid, args[0])))
# # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from maybe import T, register_filter, descriptor_path, full_path def format_permissions(permissions): result = "" for i in range(2, -1, -1): result += "r" if permissions & (4 * 8**i) else "-" result += "w" if permissions & (2 * 8**i) else "-" result += "x" if permissions & (1 * 8**i) else "-" return result def filter_change_permissions(path, permissions): return "%s of %s to %s" % (T.yellow("change permissions"), T.underline(path), T.bold(format_permissions(permissions))), 0 filter_scope = "change_permissions" register_filter(filter_scope, "chmod", lambda pid, args: filter_change_permissions(full_path(pid, args[0]), args[1])) register_filter(filter_scope, "fchmod", lambda pid, args: filter_change_permissions(descriptor_path(pid, args[0]), args[1])) register_filter(filter_scope, "fchmodat", lambda pid, args: filter_change_permissions(full_path(pid, args[1], args[0]), args[2]))
# maybe - see what a program does before deciding whether you really want it to happen # # Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**> # # Nemo vir est qui mundum non reddat meliorem. # # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from maybe import T, register_filter, full_path def filter_create_link(path_source, path_target, symbolic): label = "create symbolic link" if symbolic else "create hard link" return "%s from %s to %s" % (T.cyan(label), T.underline(path_source), T.underline(path_target)), 0 filter_scope = "create_link" register_filter(filter_scope, "link", lambda pid, args: filter_create_link(full_path(pid, args[1]), full_path(pid, args[0]), False)) register_filter(filter_scope, "linkat", lambda pid, args: filter_create_link(full_path(pid, args[3], args[2]), full_path(pid, args[1], args[0]), False)) register_filter(filter_scope, "symlink", lambda pid, args: filter_create_link(full_path(pid, args[1]), full_path(pid, args[0]), True)) register_filter(filter_scope, "symlinkat", lambda pid, args: filter_create_link(full_path(pid, args[2], args[1]), full_path(pid, args[0]), True))
def filter_change_owner(path, owner, group): if owner == -1: label = "change group" owner = getgrgid(group)[0] elif group == -1: label = "change owner" owner = getpwuid(owner)[0] else: label = "change owner" owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0] return "%s of %s to %s" % (T.yellow(label), T.underline(path), T.bold(owner)), 0 filter_scope = "change_owner" register_filter( filter_scope, "chown", lambda pid, args: filter_change_owner( full_path(pid, args[0]), args[1], args[2])) register_filter( filter_scope, "fchown", lambda pid, args: filter_change_owner( descriptor_path(pid, args[0]), args[1], args[2])) register_filter( filter_scope, "lchown", lambda pid, args: filter_change_owner( full_path(pid, args[0]), args[1], args[2])) register_filter( filter_scope, "fchownat", lambda pid, args: filter_change_owner( full_path(pid, args[1], args[0]), args[2], args[3]))
# maybe - see what a program does before deciding whether you really want it to happen # # Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**> # # Nemo vir est qui mundum non reddat meliorem. # # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from maybe import T, register_filter, full_path def filter_create_directory(path): return "%s %s" % (T.cyan("create directory"), T.underline(path)), 0 filter_scope = "create_directory" register_filter(filter_scope, "mkdir", lambda pid, args: filter_create_directory(full_path(pid, args[0]))) register_filter(filter_scope, "mkdirat", lambda pid, args: filter_create_directory(full_path(pid, args[1], args[0])))
# # Nemo vir est qui mundum non reddat meliorem. # # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from maybe import T, register_filter, full_path def filter_create_link(path_source, path_target, symbolic): label = "create symbolic link" if symbolic else "create hard link" return "%s from %s to %s" % (T.cyan(label), T.underline(path_source), T.underline(path_target)), 0 filter_scope = "create_link" register_filter( filter_scope, "link", lambda pid, args: filter_create_link( full_path(pid, args[1]), full_path(pid, args[0]), False)) register_filter( filter_scope, "linkat", lambda pid, args: filter_create_link(full_path(pid, args[3], args[ 2]), full_path(pid, args[1], args[0]), False)) register_filter( filter_scope, "symlink", lambda pid, args: filter_create_link( full_path(pid, args[1]), full_path(pid, args[0]), True)) register_filter( filter_scope, "symlinkat", lambda pid, args: filter_create_link( full_path(pid, args[2], args[1]), full_path(pid, args[0]), True))
# maybe - see what a program does before deciding whether you really want it to happen # # Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**> # # Nemo vir est qui mundum non reddat meliorem. # # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from maybe import T, register_filter, full_path def filter_create_directory(path): return "%s %s" % (T.cyan("create directory"), T.underline(path)), 0 filter_scope = "create_directory" register_filter( filter_scope, "mkdir", lambda pid, args: filter_create_directory(full_path(pid, args[0]))) register_filter( filter_scope, "mkdirat", lambda pid, args: filter_create_directory( full_path(pid, args[1], args[0])))
from pwd import getpwuid from grp import getgrgid from maybe import T, register_filter, descriptor_path, full_path def filter_change_owner(path, owner, group): if owner == -1: label = "change group" owner = getgrgid(group)[0] elif group == -1: label = "change owner" owner = getpwuid(owner)[0] else: label = "change owner" owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0] return "%s of %s to %s" % (T.yellow(label), T.underline(path), T.bold(owner)), 0 filter_scope = "change_owner" register_filter(filter_scope, "chown", lambda pid, args: filter_change_owner(full_path(pid, args[0]), args[1], args[2])) register_filter(filter_scope, "fchown", lambda pid, args: filter_change_owner(descriptor_path(pid, args[0]), args[1], args[2])) register_filter(filter_scope, "lchown", lambda pid, args: filter_change_owner(full_path(pid, args[0]), args[1], args[2])) register_filter(filter_scope, "fchownat", lambda pid, args: filter_change_owner(full_path(pid, args[1], args[0]), args[2], args[3]))
path = descriptor_path(pid, file_descriptor) return "%s %s to %s" % (T.red("write"), T.bold("%d bytes" % byte_count), T.underline(path)), byte_count else: return None, None def filter_dup(pid, file_descriptor_old, file_descriptor_new=None): if is_tracked_descriptor(pid, file_descriptor_old): # Copy tracked file descriptor return None, register_path(pid, descriptor_path(pid, file_descriptor_old), file_descriptor_new) else: return None, None filter_scope = "create_write_file" register_filter(filter_scope, "open", lambda pid, args: filter_open(pid, full_path(pid, args[0]), args[1])) register_filter(filter_scope, "creat", lambda pid, args: filter_open(pid, full_path(pid, args[0]), O_CREAT | O_WRONLY | O_TRUNC)) register_filter(filter_scope, "openat", lambda pid, args: filter_open(pid, full_path(pid, args[1], args[0]), args[2])) register_filter(filter_scope, "mknod", lambda pid, args: filter_mknod(full_path(pid, args[0]), args[1])) register_filter(filter_scope, "mknodat", lambda pid, args: filter_mknod(full_path(pid, args[1], args[0]), args[2])) register_filter(filter_scope, "write", lambda pid, args: filter_write(pid, args[0], args[2])) register_filter(filter_scope, "pwrite", lambda pid, args: filter_write(pid, args[0], args[2])) # TODO: Actual byte count is iovcnt * iov.iov_len register_filter(filter_scope, "writev", lambda pid, args: filter_write(pid, args[0], args[2])) register_filter(filter_scope, "pwritev", lambda pid, args: filter_write(pid, args[0], args[2])) register_filter(filter_scope, "dup", lambda pid, args: filter_dup(pid, args[0])) register_filter(filter_scope, "dup2", lambda pid, args: filter_dup(pid, args[0], args[1])) register_filter(filter_scope, "dup3", lambda pid, args: filter_dup(pid, args[0], args[1]))