Esempio n. 1
0
    def calculate(self):
        linux_common.set_plugin_members(self)

        fs_types = self._get_filesystem_types()

        # newer kernels
        if self.profile.has_type("mount"):
            mnttype = "mount"

            cache = linux_slabinfo(self._config).get_kmem_cache(
                mnttype, self._config.UNALLOCATED)

            for task in linux_pslist.linux_pslist(self._config).calculate():
                if task.pid == 1:
                    ns = task.nsproxy.mnt_ns
                    break
        else:
            cache = linux_slabinfo(self._config).get_kmem_cache(
                "mnt_cache", self._config.UNALLOCATED, struct_name="vfsmount")
            ns = None

        for mnt in cache:
            ret = self._parse_mnt(mnt, ns, fs_types)

            if ret:
                (mnt_sb, dev_name, path, fstype, rr, mnt_string) = ret

                if not (dev_name == "devtmpfs" and path == "/"):
                    yield (mnt_sb, dev_name, path, fstype, rr, mnt_string)
Esempio n. 2
0
    def calculate(self):
        linux_common.set_plugin_members(self)

        fs_types = self._get_filesystem_types()

        # newer kernels
        if self.profile.has_type("mount"):
            mnttype = "mount"

            cache = linux_slabinfo(self._config).get_kmem_cache(mnttype, self._config.UNALLOCATED)

            for task in linux_pslist.linux_pslist(self._config).calculate():
                if task.pid == 1:
                    ns = task.nsproxy.mnt_ns
                    break
        else:
            cache = linux_slabinfo(self._config).get_kmem_cache(
                "mnt_cache", self._config.UNALLOCATED, struct_name="vfsmount"
            )
            ns = None

        for mnt in cache:
            ret = self._parse_mnt(mnt, ns, fs_types)

            if ret:
                (mnt_sb, dev_name, path, fstype, rr, mnt_string) = ret

                if not (dev_name == "devtmpfs" and path == "/"):
                    yield (mnt_sb, dev_name, path, fstype, rr, mnt_string)
Esempio n. 3
0
    def calculate(self):
        linux_common.set_plugin_members(self)

        cache = linux_slabinfo(self._config).get_kmem_cache("dentry", self._config.UNALLOCATED)

        # support for old kernels 
        if cache == []:
            cache = linux_slabinfo(self._config).get_kmem_cache("dentry_cache", self._config.UNALLOCATED, struct_name = "dentry")

        for dentry in cache:
            yield self.make_body(dentry)
Esempio n. 4
0
    def calculate(self):
        linux_common.set_plugin_members(self)

        cache = linux_slabinfo(self._config).get_kmem_cache(
            "dentry", self._config.UNALLOCATED)

        # support for old kernels
        if cache == []:
            cache = linux_slabinfo(self._config).get_kmem_cache(
                "dentry_cache", self._config.UNALLOCATED, struct_name="dentry")

        for dentry in cache:
            yield self.make_body(dentry)
    def walk_cache(self, cache_name):
        cache = linux_slabinfo(self._config).get_kmem_cache(cache_name, self._config.UNALLOCATED, struct_name = "sk_buff")

        if not cache:
            return
            
        for s in cache:
            for msg in self.write_sk_buff(s):
                yield msg
Esempio n. 6
0
    def walk_cache(self, cache_name):
        cache = linux_slabinfo(self._config).get_kmem_cache(cache_name, self._config.UNALLOCATED, struct_name = "sk_buff")

        if not cache:
            return

        for s in cache:
            for msg in self.write_sk_buff(s):
                yield msg
Esempio n. 7
0
    def calculate(self):
        linux_common.set_plugin_members(self)
    
        # newer kernels
        if self.profile.has_type("mount"):
            mnttype = "mount"
        
            cache = linux_slabinfo(self._config).get_kmem_cache(mnttype, self._config.UNALLOCATED)

            for task in linux_pslist.linux_pslist(self._config).calculate():
                if task.pid == 1:
                    ns = task.nsproxy.mnt_ns
                    break
        else:
            cache = linux_slabinfo(self._config).get_kmem_cache("mnt_cache", self._config.UNALLOCATED, struct_name = "vfsmount")
            ns = None

        for mnt in cache:
            yield (mnt, ns)
Esempio n. 8
0
    def calculate(self):
        linux_common.set_plugin_members(self)
    
        # newer kernels
        if self.profile.has_type("mount"):
            mnttype = "mount"
        
            cache = linux_slabinfo(self._config).get_kmem_cache(mnttype, self._config.UNALLOCATED)

            for task in linux_pslist.linux_pslist(self._config).calculate():
                if task.pid == 1:
                    ns = task.nsproxy.mnt_ns
                    break
        else:
            cache = linux_slabinfo(self._config).get_kmem_cache("mnt_cache", self._config.UNALLOCATED, struct_name = "vfsmount")
            ns = None

        for mnt in cache:
            yield (mnt, ns)
Esempio n. 9
0
    def calculate(self):
        linux_common.set_plugin_members(self)
        pidlist = self._config.PID
        if pidlist:
            pidlist = [int(p) for p in self._config.PID.split(',')]

        cache = linux_slabinfo(self._config).get_kmem_cache("task_struct", self._config.UNALLOCATED)

        for task in cache:
            if not pidlist or task.pid in pidlist:
                yield task
Esempio n. 10
0
    def calculate(self):
        linux_common.set_plugin_members(self)
        pidlist = self._config.PID
        if pidlist:
            pidlist = [int(p) for p in self._config.PID.split(',')]

        cache = linux_slabinfo(self._config).get_kmem_cache("task_struct", self._config.UNALLOCATED)

        for task in cache:
            if not pidlist or task.pid in pidlist:
                yield task
    def calculate(self):
        linux_common.set_plugin_members(self)        
        
        has_owner = self.profile.obj_has_member("mm_struct", "owner")

        cache = linux_slabinfo(self._config).get_kmem_cache("vm_area_struct", self._config.UNALLOCATED)
        
        for vm in cache:
            start = vm.vm_start
            end   = vm.vm_end
            
            if has_owner and vm.vm_mm and vm.vm_mm.is_valid():
                task = vm.vm_mm.owner
                (task_name, pid) = (task.comm, task.pid)
            else:
                (task_name, pid) = ("", "")
            
            if vm.vm_file and vm.vm_file.is_valid():
                path = linux_common.get_partial_path(vm.vm_file.dentry)
            else:
                path = ""

            yield task_name, pid, start, end, path
Esempio n. 12
0
    def calculate(self):
        linux_common.set_plugin_members(self)        
        
        has_owner = self.profile.obj_has_member("mm_struct", "owner")

        cache = linux_slabinfo(self._config).get_kmem_cache("vm_area_struct", self._config.UNALLOCATED)
        
        for vm in cache:
            start = vm.vm_start
            end   = vm.vm_end
            
            if has_owner and vm.vm_mm and vm.vm_mm.is_valid():
                task = vm.vm_mm.owner
                (task_name, pid) = (task.comm, task.pid)
            else:
                (task_name, pid) = ("", "")
            
            if vm.vm_file and vm.vm_file.is_valid():
                path = vm.vm_file.dentry.get_partial_path()
            else:
                path = ""

            yield task_name, pid, start, end, path