def filter_write(process, file_descriptor, byte_count):
if process.is_tracked_descriptor(file_descriptor):
path = process.descriptor_path(file_descriptor)
return "%s %s to %s" % (T.red("write"), T.bold(
"%d bytes" % byte_count), T.underline(path)), byte_count
else:
return None, None
def filter_move(path_old, path_new):
if dirname(path_old) == dirname(path_new):
label = "rename"
path_new = basename(path_new)
else:
label = "move"
return "%s %s to %s" % (T.green(label), T.underline(path_old), T.underline(path_new)), 0
def format_write(file_descriptor, byte_count):
if file_descriptor in file_descriptors:
path = file_descriptors[file_descriptor]
return "%s %s to %s" % (T.red("write"), T.bold(
"%d bytes" % byte_count), T.underline(path))
else:
return None
def filter_move(path_old, path_new):
if dirname(path_old) == dirname(path_new):
label = "rename"
path_new = basename(path_new)
else:
label = "move"
return "%s %s to %s" % (T.green(label), T.underline(path_old),
T.underline(path_new)), 0
def format_move(path_old, path_new):
path_old = abspath(path_old)
path_new = abspath(path_new)
if dirname(path_old) == dirname(path_new):
label = "rename"
path_new = basename(path_new)
else:
label = "move"
return "%s %s to %s" % (T.green(label), T.underline(path_old), T.underline(path_new))
def format_open(path, flags):
path = abspath(path)
if path in allowed_files:
return None
elif (flags & O_CREAT) and not exists(path):
return "%s %s" % (T.cyan("create file"), T.underline(path))
elif (flags & O_TRUNC) and exists(path):
return "%s %s" % (T.red("truncate file"), T.underline(path))
else:
return None
def format_move(path_old, path_new):
path_old = abspath(path_old)
path_new = abspath(path_new)
if dirname(path_old) == dirname(path_new):
label = "rename"
path_new = basename(path_new)
else:
label = "move"
return "%s %s to %s" % (T.green(label), T.underline(path_old),
T.underline(path_new))
def format_open(path, flags):
path = abspath(path)
if path in allowed_files:
return None
elif (flags & O_CREAT) and not exists(path):
return "%s %s" % (T.cyan("create file"), T.underline(path))
elif (flags & O_TRUNC) and exists(path):
return "%s %s" % (T.red("truncate file"), T.underline(path))
else:
return None
def filter_change_owner(path, owner, group):
if owner == -1:
label = "change group"
owner = getgrgid(group)[0]
elif group == -1:
label = "change owner"
owner = getpwuid(owner)[0]
else:
label = "change owner"
owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0]
return "%s of %s to %s" % (T.yellow(label), T.underline(path), T.bold(owner)), 0
def format_change_owner(path, owner, group):
if owner == -1:
label = "change group"
owner = getgrgid(group)[0]
elif group == -1:
label = "change owner"
owner = getpwuid(owner)[0]
else:
label = "change owner"
owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0]
return "%s of %s to %s" % (T.yellow(label), T.underline(
abspath(path)), T.bold(owner))
def filter_open(process, path, flags):
if path in allowed_files:
return None, None
if (flags & O_CREAT) and not exists(path):
operation = "%s %s" % (T.cyan("create file"), T.underline(path))
elif (flags & O_TRUNC) and exists(path):
operation = "%s %s" % (T.red("truncate file"), T.underline(path))
else:
operation = None
if (flags & O_WRONLY) or (flags & O_RDWR) or (flags & O_APPEND) or (operation is not None):
# File might be written to later, so we need to track the file descriptor
return_value = process.register_path(path)
else:
return_value = None
return operation, return_value
def filter_mknod(path, type):
if exists(path):
return None, None
elif (type & S_IFCHR):
label = "create character special file"
elif (type & S_IFBLK):
label = "create block special file"
elif (type & S_IFIFO):
label = "create named pipe"
elif (type & S_IFSOCK):
label = "create socket"
else:
# mknod(2): "Zero file type is equivalent to type S_IFREG"
label = "create file"
return "%s %s" % (T.cyan(label), T.underline(path)), 0
def filter_create_directory(path):
return "%s %s" % (T.cyan("create directory"), T.underline(path)), 0
def filter_create_link(path_source, path_target, symbolic):
label = "create symbolic link" if symbolic else "create hard link"
return "%s from %s to %s" % (T.cyan(label), T.underline(path_source),
T.underline(path_target)), 0
def filter_write(process, file_descriptor, byte_count):
if process.is_tracked_descriptor(file_descriptor):
path = process.descriptor_path(file_descriptor)
return "%s %s to %s" % (T.red("write"), T.bold("%d bytes" % byte_count), T.underline(path)), byte_count
else:
return None, None
def format_create_directory(path):
return "%s %s" % (T.cyan("create directory"), T.underline(abspath(path)))
def format_write(file_descriptor, byte_count):
if file_descriptor in file_descriptors:
path = file_descriptors[file_descriptor]
return "%s %s to %s" % (T.red("write"), T.bold("%d bytes" % byte_count), T.underline(path))
else:
return None
def format_create_link(path_source, path_target, symbolic):
label = "create symbolic link" if symbolic else "create hard link"
return "%s from %s to %s" % (T.cyan(label), T.underline(abspath(path_source)), T.underline(abspath(path_target)))
def format_delete(path):
return "%s %s" % (T.red("delete"), T.underline(path))
def filter_delete(path):
return "%s %s" % (T.red("delete"), T.underline(path)), 0
def filter_create_directory(path):
return "%s %s" % (T.cyan("create directory"), T.underline(path)), 0
def format_create_directory(path):
return "%s %s" % (T.cyan("create directory"), T.underline(abspath(path)))
def filter_delete(path):
return "%s %s" % (T.red("delete"), T.underline(path)), 0
def filter_change_permissions(path, permissions):
return "%s of %s to %s" % (T.yellow("change permissions"), T.underline(path),
T.bold(format_permissions(permissions))), 0
def format_delete(path):
return "%s %s" % (T.red("delete"), T.underline(abspath(path)))
