# maybe - see what a program does before deciding whether you really want it to happen # # Copyright (c) 2016-2017 Philipp Emanuel Weidmann <*****@*****.**> # # Nemo vir est qui mundum non reddat meliorem. # # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from acidsh import register_filter def filter_delete(path): return "delete", [path], 0 register_filter( "unlink", lambda process, args: filter_delete(process.full_path(args[0]))) register_filter( "unlinkat", lambda process, args: filter_delete(process.full_path(args[1], args[0]))) register_filter( "rmdir", lambda process, args: filter_delete(process.full_path(args[0])))
# maybe - see what a program does before deciding whether you really want it to happen # # Copyright (c) 2016-2017 Philipp Emanuel Weidmann <*****@*****.**> # # Nemo vir est qui mundum non reddat meliorem. # # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from acidsh import register_filter def filter_create_directory(path): return "create directory", [path], 0 register_filter( "mkdir", lambda process, args: filter_create_directory(process.full_path(args[0]))) register_filter( "mkdirat", lambda process, args: filter_create_directory( process.full_path(args[1], args[0])))
# maybe - see what a program does before deciding whether you really want it to happen # # Copyright (c) 2016-2017 Philipp Emanuel Weidmann <*****@*****.**> # # Nemo vir est qui mundum non reddat meliorem. # # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from os.path import dirname, basename from acidsh import register_filter def filter_move(path_old, path_new): if dirname(path_old) == dirname(path_new): label = "rename" path_new = basename(path_new) else: label = "move" return label, [path_old, path_new], 0 register_filter("rename", lambda process, args: filter_move(process.full_path(args[0]), process.full_path(args[1]))) register_filter("renameat", lambda process, args: filter_move(process.full_path(args[1], args[0]), process.full_path(args[3], args[2]))) register_filter("renameat2", lambda process, args: filter_move(process.full_path(args[1], args[0]), process.full_path(args[3], args[2])))
if process.is_tracked_descriptor(file_descriptor): path = process.descriptor_path(file_descriptor) return "write %d bytes" % byte_count, [path], byte_count else: return None, [], None def filter_dup(process, file_descriptor_old, file_descriptor_new=None): if process.is_tracked_descriptor(file_descriptor_old): # Copy tracked file descriptor return None, [], process.register_path(process.descriptor_path(file_descriptor_old), file_descriptor_new) else: return None, [], None register_filter("open", lambda process, args: filter_open(process, process.full_path(args[0]), args[1])) register_filter("creat", lambda process, args: filter_open(process, process.full_path(args[0]), O_CREAT | O_WRONLY | O_TRUNC)) register_filter("openat", lambda process, args: filter_open(process, process.full_path(args[1], args[0]), args[2])) register_filter("mknod", lambda process, args: filter_mknod(process.full_path(args[0]), args[1])) register_filter("mknodat", lambda process, args: filter_mknod(process.full_path(args[1], args[0]), args[2])) register_filter("write", lambda process, args: filter_write(process, args[0], args[2])) register_filter("pwrite", lambda process, args: filter_write(process, args[0], args[2])) # TODO: Actual byte count is iovcnt * iov.iov_len register_filter("writev", lambda process, args: filter_write(process, args[0], args[2])) register_filter("pwritev", lambda process, args: filter_write(process, args[0], args[2])) register_filter("dup", lambda process, args: filter_dup(process, args[0])) register_filter("dup2", lambda process, args: filter_dup(process, args[0], args[1]))
# Nemo vir est qui mundum non reddat meliorem. # # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from acidsh import register_filter def format_permissions(permissions): result = "" for i in range(2, -1, -1): result += "r" if permissions & (4 * 8**i) else "-" result += "w" if permissions & (2 * 8**i) else "-" result += "x" if permissions & (1 * 8**i) else "-" return result def filter_change_permissions(path, permissions): return "change permissions", [path], 0 register_filter( "chmod", lambda process, args: filter_change_permissions( process.full_path(args[0]), args[1])) register_filter( "fchmod", lambda process, args: filter_change_permissions( process.descriptor_path(args[0]), args[1])) register_filter( "fchmodat", lambda process, args: filter_change_permissions( process.full_path(args[1], args[0]), args[2]))
# maybe - see what a program does before deciding whether you really want it to happen # # Copyright (c) 2016-2017 Philipp Emanuel Weidmann <*****@*****.**> # # Nemo vir est qui mundum non reddat meliorem. # # Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from acidsh import register_filter def filter_create_link(path_source, path_target, symbolic): label = "create symbolic link" if symbolic else "create hard link" return label, [path_source, path_target], 0 register_filter( "link", lambda process, args: filter_create_link( process.full_path(args[1]), process.full_path(args[0]), False)) register_filter( "linkat", lambda process, args: filter_create_link( process.full_path(args[3], args[2]), process.full_path( args[1], args[0]), False)) register_filter( "symlink", lambda process, args: filter_create_link( process.full_path(args[1]), process.full_path(args[0]), True)) register_filter( "symlinkat", lambda process, args: filter_create_link( process.full_path(args[2], args[1]), process.full_path(args[0]), True))
# Released under the terms of the GNU General Public License, version 3 # (https://gnu.org/licenses/gpl.html) from pwd import getpwuid from grp import getgrgid from acidsh import register_filter def filter_change_owner(path, owner, group): if owner == -1: label = "change group" owner = getgrgid(group)[0] elif group == -1: label = "change owner" owner = getpwuid(owner)[0] else: label = "change owner" owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0] return label, [path], 0 register_filter("chown", lambda process, args: filter_change_owner(process.full_path(args[0]), args[1], args[2])) register_filter("fchown", lambda process, args: filter_change_owner(process.descriptor_path(args[0]), args[1], args[2])) register_filter("lchown", lambda process, args: filter_change_owner(process.full_path(args[0]), args[1], args[2])) register_filter("fchownat", lambda process, args: filter_change_owner(process.full_path(args[1], args[0]), args[2], args[3]))