Ejemplo n.º 1
0
# maybe - see what a program does before deciding whether you really want it to happen
#
# Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)


from maybe import T, register_filter, full_path


def filter_create_link(path_source, path_target, symbolic):
    label = "create symbolic link" if symbolic else "create hard link"
    return "%s from %s to %s" % (T.cyan(label), T.underline(path_source), T.underline(path_target)), 0


filter_scope = "create_link"

register_filter(filter_scope, "link", lambda pid, args:
                filter_create_link(full_path(pid, args[1]), full_path(pid, args[0]), False))
register_filter(filter_scope, "linkat", lambda pid, args:
                filter_create_link(full_path(pid, args[3], args[2]), full_path(pid, args[1], args[0]), False))
register_filter(filter_scope, "symlink", lambda pid, args:
                filter_create_link(full_path(pid, args[1]), full_path(pid, args[0]), True))
register_filter(filter_scope, "symlinkat", lambda pid, args:
                filter_create_link(full_path(pid, args[2], args[1]), full_path(pid, args[0]), True))
Ejemplo n.º 2
0

def filter_change_owner(path, owner, group):
    if owner == -1:
        label = "change group"
        owner = getgrgid(group)[0]
    elif group == -1:
        label = "change owner"
        owner = getpwuid(owner)[0]
    else:
        label = "change owner"
        owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0]
    return "%s of %s to %s" % (T.yellow(label), T.underline(path),
                               T.bold(owner)), 0


filter_scope = "change_owner"

register_filter(
    filter_scope, "chown", lambda pid, args: filter_change_owner(
        full_path(pid, args[0]), args[1], args[2]))
register_filter(
    filter_scope, "fchown", lambda pid, args: filter_change_owner(
        descriptor_path(pid, args[0]), args[1], args[2]))
register_filter(
    filter_scope, "lchown", lambda pid, args: filter_change_owner(
        full_path(pid, args[0]), args[1], args[2]))
register_filter(
    filter_scope, "fchownat", lambda pid, args: filter_change_owner(
        full_path(pid, args[1], args[0]), args[2], args[3]))
Ejemplo n.º 3
0
# maybe - see what a program does before deciding whether you really want it to happen
#
# Copyright (c) 2016-2017 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)


from maybe import T, register_filter


def filter_create_link(path_source, path_target, symbolic):
    label = "create symbolic link" if symbolic else "create hard link"
    return "%s from %s to %s" % (T.cyan(label), T.underline(path_source), T.underline(path_target)), 0


register_filter("link", lambda process, args:
                filter_create_link(process.full_path(args[1]), process.full_path(args[0]), False))
register_filter("linkat", lambda process, args:
                filter_create_link(process.full_path(args[3], args[2]), process.full_path(args[1], args[0]), False))
register_filter("symlink", lambda process, args:
                filter_create_link(process.full_path(args[1]), process.full_path(args[0]), True))
register_filter("symlinkat", lambda process, args:
                filter_create_link(process.full_path(args[2], args[1]), process.full_path(args[0]), True))
Ejemplo n.º 4
0
# maybe - see what a program does before deciding whether you really want it to happen
#
# Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)


from maybe import T, register_filter, full_path


def filter_create_directory(path):
    return "%s %s" % (T.cyan("create directory"), T.underline(path)), 0


filter_scope = "create_directory"

register_filter(filter_scope, "mkdir", lambda pid, args: filter_create_directory(full_path(pid, args[0])))
register_filter(filter_scope, "mkdirat", lambda pid, args: filter_create_directory(full_path(pid, args[1], args[0])))
Ejemplo n.º 5
0
# maybe - see what a program does before deciding whether you really want it to happen
#
# Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)

from maybe import T, register_filter


def filter_delete(path):
    return "%s %s" % (T.red("delete"), T.underline(path)), 0


filter_scope = "delete"

register_filter(
    filter_scope, "unlink",
    lambda process, args: filter_delete(process.full_path(args[0])))
register_filter(
    filter_scope, "unlinkat",
    lambda process, args: filter_delete(process.full_path(args[1], args[0])))
register_filter(
    filter_scope, "rmdir",
    lambda process, args: filter_delete(process.full_path(args[0])))
Ejemplo n.º 6
0
# Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)


from os.path import dirname, basename

from maybe import T, register_filter, full_path


def filter_move(path_old, path_new):
    if dirname(path_old) == dirname(path_new):
        label = "rename"
        path_new = basename(path_new)
    else:
        label = "move"
    return "%s %s to %s" % (T.green(label), T.underline(path_old), T.underline(path_new)), 0


filter_scope = "move"

register_filter(filter_scope, "rename", lambda pid, args:
                filter_move(full_path(pid, args[0]), full_path(pid, args[1])))
register_filter(filter_scope, "renameat", lambda pid, args:
                filter_move(full_path(pid, args[1], args[0]), full_path(pid, args[3], args[2])))
register_filter(filter_scope, "renameat2", lambda pid, args:
                filter_move(full_path(pid, args[1], args[0]), full_path(pid, args[3], args[2])))
Ejemplo n.º 7
0
# maybe - see what a program does before deciding whether you really want it to happen
#
# Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)


from maybe import T, register_filter


def filter_create_link(path_source, path_target, symbolic):
    label = "create symbolic link" if symbolic else "create hard link"
    return "%s from %s to %s" % (T.cyan(label), T.underline(path_source), T.underline(path_target)), 0


register_filter("link", lambda process, args:
                filter_create_link(process.full_path(args[1]), process.full_path(args[0]), False))
register_filter("linkat", lambda process, args:
                filter_create_link(process.full_path(args[3], args[2]), process.full_path(args[1], args[0]), False))
register_filter("symlink", lambda process, args:
                filter_create_link(process.full_path(args[1]), process.full_path(args[0]), True))
register_filter("symlinkat", lambda process, args:
                filter_create_link(process.full_path(args[2], args[1]), process.full_path(args[0]), True))
Ejemplo n.º 8
0
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)


from maybe import T, register_filter, descriptor_path, full_path


def format_permissions(permissions):
    result = ""
    for i in range(2, -1, -1):
        result += "r" if permissions & (4 * 8**i) else "-"
        result += "w" if permissions & (2 * 8**i) else "-"
        result += "x" if permissions & (1 * 8**i) else "-"
    return result


def filter_change_permissions(path, permissions):
    return "%s of %s to %s" % (T.yellow("change permissions"), T.underline(path),
                               T.bold(format_permissions(permissions))), 0


filter_scope = "change_permissions"

register_filter(filter_scope, "chmod", lambda pid, args:
                filter_change_permissions(full_path(pid, args[0]), args[1]))
register_filter(filter_scope, "fchmod", lambda pid, args:
                filter_change_permissions(descriptor_path(pid, args[0]), args[1]))
register_filter(filter_scope, "fchmodat", lambda pid, args:
                filter_change_permissions(full_path(pid, args[1], args[0]), args[2]))
Ejemplo n.º 9
0
# maybe - see what a program does before deciding whether you really want it to happen
#
# Copyright (c) 2016-2017 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)


from maybe import T, register_filter


def filter_delete(path):
    return "%s %s" % (T.red("delete"), T.underline(path)), 0


register_filter("unlink", lambda process, args: filter_delete(process.full_path(args[0])))
register_filter("unlinkat", lambda process, args: filter_delete(process.full_path(args[1], args[0])))
register_filter("rmdir", lambda process, args: filter_delete(process.full_path(args[0])))
Ejemplo n.º 10
0
from maybe import T, register_filter


def filter_change_owner(path, owner, group):
    if owner == -1:
        label = "change group"
        owner = getgrgid(group)[0]
    elif group == -1:
        label = "change owner"
        owner = getpwuid(owner)[0]
    else:
        label = "change owner"
        owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0]
    return "%s of %s to %s" % (T.yellow(label), T.underline(path),
                               T.bold(owner)), 0


register_filter(
    "chown", lambda process, args: filter_change_owner(
        process.full_path(args[0]), args[1], args[2]))
register_filter(
    "fchown", lambda process, args: filter_change_owner(
        process.descriptor_path(args[0]), args[1], args[2]))
register_filter(
    "lchown", lambda process, args: filter_change_owner(
        process.full_path(args[0]), args[1], args[2]))
register_filter(
    "fchownat", lambda process, args: filter_change_owner(
        process.full_path(args[1], args[0]), args[2], args[3]))
Ejemplo n.º 11
0
# maybe - see what a program does before deciding whether you really want it to happen
#
# Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)

from maybe import T, register_filter, full_path


def filter_create_directory(path):
    return "%s %s" % (T.cyan("create directory"), T.underline(path)), 0


filter_scope = "create_directory"

register_filter(
    filter_scope, "mkdir",
    lambda pid, args: filter_create_directory(full_path(pid, args[0])))
register_filter(
    filter_scope, "mkdirat", lambda pid, args: filter_create_directory(
        full_path(pid, args[1], args[0])))
Ejemplo n.º 12
0
from pwd import getpwuid
from grp import getgrgid

from maybe import T, register_filter, descriptor_path, full_path


def filter_change_owner(path, owner, group):
    if owner == -1:
        label = "change group"
        owner = getgrgid(group)[0]
    elif group == -1:
        label = "change owner"
        owner = getpwuid(owner)[0]
    else:
        label = "change owner"
        owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0]
    return "%s of %s to %s" % (T.yellow(label), T.underline(path), T.bold(owner)), 0


filter_scope = "change_owner"

register_filter(filter_scope, "chown", lambda pid, args:
                filter_change_owner(full_path(pid, args[0]), args[1], args[2]))
register_filter(filter_scope, "fchown", lambda pid, args:
                filter_change_owner(descriptor_path(pid, args[0]), args[1], args[2]))
register_filter(filter_scope, "lchown", lambda pid, args:
                filter_change_owner(full_path(pid, args[0]), args[1], args[2]))
register_filter(filter_scope, "fchownat", lambda pid, args:
                filter_change_owner(full_path(pid, args[1], args[0]), args[2], args[3]))
Ejemplo n.º 13
0
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)

from os.path import dirname, basename

from maybe import T, register_filter, full_path


def filter_move(path_old, path_new):
    if dirname(path_old) == dirname(path_new):
        label = "rename"
        path_new = basename(path_new)
    else:
        label = "move"
    return "%s %s to %s" % (T.green(label), T.underline(path_old),
                            T.underline(path_new)), 0


filter_scope = "move"

register_filter(
    filter_scope, "rename", lambda pid, args: filter_move(
        full_path(pid, args[0]), full_path(pid, args[1])))
register_filter(
    filter_scope, "renameat", lambda pid, args: filter_move(
        full_path(pid, args[1], args[0]), full_path(pid, args[3], args[2])))
register_filter(
    filter_scope, "renameat2", lambda pid, args: filter_move(
        full_path(pid, args[1], args[0]), full_path(pid, args[3], args[2])))
Ejemplo n.º 14
0
# maybe - see what a program does before deciding whether you really want it to happen
#
# Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)


from maybe import T, register_filter, full_path


def filter_delete(path):
    return "%s %s" % (T.red("delete"), T.underline(path)), 0


filter_scope = "delete"

register_filter(filter_scope, "unlink", lambda pid, args: filter_delete(full_path(pid, args[0])))
register_filter(filter_scope, "unlinkat", lambda pid, args: filter_delete(full_path(pid, args[1], args[0])))
register_filter(filter_scope, "rmdir", lambda pid, args: filter_delete(full_path(pid, args[0])))
Ejemplo n.º 15
0
# (https://gnu.org/licenses/gpl.html)

from os.path import dirname, basename

from maybe import T, register_filter


def filter_move(path_old, path_new):
    if dirname(path_old) == dirname(path_new):
        label = "rename"
        path_new = basename(path_new)
    else:
        label = "move"
    return "%s %s to %s" % (T.green(label), T.underline(path_old),
                            T.underline(path_new)), 0


filter_scope = "move"

register_filter(
    filter_scope, "rename", lambda process, args: filter_move(
        process.full_path(args[0]), process.full_path(args[1])))
register_filter(
    filter_scope, "renameat",
    lambda process, args: filter_move(process.full_path(args[1], args[0]),
                                      process.full_path(args[3], args[2])))
register_filter(
    filter_scope, "renameat2",
    lambda process, args: filter_move(process.full_path(args[1], args[0]),
                                      process.full_path(args[3], args[2])))
Ejemplo n.º 16
0
    if process.is_tracked_descriptor(file_descriptor):
        path = process.descriptor_path(file_descriptor)
        return "%s %s to %s" % (T.red("write"), T.bold("%d bytes" % byte_count), T.underline(path)), byte_count
    else:
        return None, None


def filter_dup(process, file_descriptor_old, file_descriptor_new=None):
    if process.is_tracked_descriptor(file_descriptor_old):
        # Copy tracked file descriptor
        return None, process.register_path(process.descriptor_path(file_descriptor_old), file_descriptor_new)
    else:
        return None, None


register_filter("open", lambda process, args:
                filter_open(process, process.full_path(args[0]), args[1]))
register_filter("creat", lambda process, args:
                filter_open(process, process.full_path(args[0]), O_CREAT | O_WRONLY | O_TRUNC))
register_filter("openat", lambda process, args:
                filter_open(process, process.full_path(args[1], args[0]), args[2]))
register_filter("mknod", lambda process, args:
                filter_mknod(process.full_path(args[0]), args[1]))
register_filter("mknodat", lambda process, args:
                filter_mknod(process.full_path(args[1], args[0]), args[2]))
register_filter("write", lambda process, args: filter_write(process, args[0], args[2]))
register_filter("pwrite", lambda process, args: filter_write(process, args[0], args[2]))
# TODO: Actual byte count is iovcnt * iov.iov_len
register_filter("writev", lambda process, args: filter_write(process, args[0], args[2]))
register_filter("pwritev", lambda process, args: filter_write(process, args[0], args[2]))
register_filter("dup", lambda process, args: filter_dup(process, args[0]))
register_filter("dup2", lambda process, args: filter_dup(process, args[0], args[1]))
Ejemplo n.º 17
0
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)

from maybe import T, register_filter, full_path


def filter_create_link(path_source, path_target, symbolic):
    label = "create symbolic link" if symbolic else "create hard link"
    return "%s from %s to %s" % (T.cyan(label), T.underline(path_source),
                                 T.underline(path_target)), 0


filter_scope = "create_link"

register_filter(
    filter_scope, "link", lambda pid, args: filter_create_link(
        full_path(pid, args[1]), full_path(pid, args[0]), False))
register_filter(
    filter_scope, "linkat",
    lambda pid, args: filter_create_link(full_path(pid, args[3], args[
        2]), full_path(pid, args[1], args[0]), False))
register_filter(
    filter_scope, "symlink", lambda pid, args: filter_create_link(
        full_path(pid, args[1]), full_path(pid, args[0]), True))
register_filter(
    filter_scope, "symlinkat", lambda pid, args: filter_create_link(
        full_path(pid, args[2], args[1]), full_path(pid, args[0]), True))
Ejemplo n.º 18
0
# (https://gnu.org/licenses/gpl.html)


from pwd import getpwuid
from grp import getgrgid

from maybe import T, register_filter


def filter_change_owner(path, owner, group):
    if owner == -1:
        label = "change group"
        owner = getgrgid(group)[0]
    elif group == -1:
        label = "change owner"
        owner = getpwuid(owner)[0]
    else:
        label = "change owner"
        owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0]
    return "%s of %s to %s" % (T.yellow(label), T.underline(path), T.bold(owner)), 0


register_filter("chown", lambda process, args:
                filter_change_owner(process.full_path(args[0]), args[1], args[2]))
register_filter("fchown", lambda process, args:
                filter_change_owner(process.descriptor_path(args[0]), args[1], args[2]))
register_filter("lchown", lambda process, args:
                filter_change_owner(process.full_path(args[0]), args[1], args[2]))
register_filter("fchownat", lambda process, args:
                filter_change_owner(process.full_path(args[1], args[0]), args[2], args[3]))
Ejemplo n.º 19
0
# maybe - see what a program does before deciding whether you really want it to happen
#
# Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)


from maybe import T, register_filter


def filter_create_directory(path):
    return "%s %s" % (T.cyan("create directory"), T.underline(path)), 0


filter_scope = "create_directory"

register_filter(filter_scope, "mkdir", lambda process, args:
                filter_create_directory(process.full_path(args[0])))
register_filter(filter_scope, "mkdirat", lambda process, args:
                filter_create_directory(process.full_path(args[1], args[0])))
Ejemplo n.º 20
0
# maybe - see what a program does before deciding whether you really want it to happen
#
# Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)


from os.path import dirname, basename

from maybe import T, register_filter


def filter_move(path_old, path_new):
    if dirname(path_old) == dirname(path_new):
        label = "rename"
        path_new = basename(path_new)
    else:
        label = "move"
    return "%s %s to %s" % (T.green(label), T.underline(path_old), T.underline(path_new)), 0


register_filter("rename", lambda process, args:
                filter_move(process.full_path(args[0]), process.full_path(args[1])))
register_filter("renameat", lambda process, args:
                filter_move(process.full_path(args[1], args[0]), process.full_path(args[3], args[2])))
register_filter("renameat2", lambda process, args:
                filter_move(process.full_path(args[1], args[0]), process.full_path(args[3], args[2])))
Ejemplo n.º 21
0
# maybe - see what a program does before deciding whether you really want it to happen
#
# Copyright (c) 2016 Philipp Emanuel Weidmann <*****@*****.**>
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)

from maybe import T, register_filter


def filter_create_directory(path):
    return "%s %s" % (T.cyan("create directory"), T.underline(path)), 0


filter_scope = "create_directory"

register_filter(
    filter_scope, "mkdir",
    lambda process, args: filter_create_directory(process.full_path(args[0])))
register_filter(
    filter_scope, "mkdirat", lambda process, args: filter_create_directory(
        process.full_path(args[1], args[0])))
Ejemplo n.º 22
0
#
# Nemo vir est qui mundum non reddat meliorem.
#
# Released under the terms of the GNU General Public License, version 3
# (https://gnu.org/licenses/gpl.html)


from maybe import T, register_filter


def format_permissions(permissions):
    result = ""
    for i in range(2, -1, -1):
        result += "r" if permissions & (4 * 8**i) else "-"
        result += "w" if permissions & (2 * 8**i) else "-"
        result += "x" if permissions & (1 * 8**i) else "-"
    return result


def filter_change_permissions(path, permissions):
    return "%s of %s to %s" % (T.yellow("change permissions"), T.underline(path),
                               T.bold(format_permissions(permissions))), 0


register_filter("chmod", lambda process, args:
                filter_change_permissions(process.full_path(args[0]), args[1]))
register_filter("fchmod", lambda process, args:
                filter_change_permissions(process.descriptor_path(args[0]), args[1]))
register_filter("fchmodat", lambda process, args:
                filter_change_permissions(process.full_path(args[1], args[0]), args[2]))
Ejemplo n.º 23
0
        path = descriptor_path(pid, file_descriptor)
        return "%s %s to %s" % (T.red("write"), T.bold("%d bytes" % byte_count), T.underline(path)), byte_count
    else:
        return None, None


def filter_dup(pid, file_descriptor_old, file_descriptor_new=None):
    if is_tracked_descriptor(pid, file_descriptor_old):
        # Copy tracked file descriptor
        return None, register_path(pid, descriptor_path(pid, file_descriptor_old), file_descriptor_new)
    else:
        return None, None


filter_scope = "create_write_file"

register_filter(filter_scope, "open", lambda pid, args: filter_open(pid, full_path(pid, args[0]), args[1]))
register_filter(filter_scope, "creat", lambda pid, args:
                filter_open(pid, full_path(pid, args[0]), O_CREAT | O_WRONLY | O_TRUNC))
register_filter(filter_scope, "openat", lambda pid, args: filter_open(pid, full_path(pid, args[1], args[0]), args[2]))
register_filter(filter_scope, "mknod", lambda pid, args: filter_mknod(full_path(pid, args[0]), args[1]))
register_filter(filter_scope, "mknodat", lambda pid, args: filter_mknod(full_path(pid, args[1], args[0]), args[2]))
register_filter(filter_scope, "write", lambda pid, args: filter_write(pid, args[0], args[2]))
register_filter(filter_scope, "pwrite", lambda pid, args: filter_write(pid, args[0], args[2]))
# TODO: Actual byte count is iovcnt * iov.iov_len
register_filter(filter_scope, "writev", lambda pid, args: filter_write(pid, args[0], args[2]))
register_filter(filter_scope, "pwritev", lambda pid, args: filter_write(pid, args[0], args[2]))
register_filter(filter_scope, "dup", lambda pid, args: filter_dup(pid, args[0]))
register_filter(filter_scope, "dup2", lambda pid, args: filter_dup(pid, args[0], args[1]))
register_filter(filter_scope, "dup3", lambda pid, args: filter_dup(pid, args[0], args[1]))