def main(): logging.getLogger().setLevel(logging.DEBUG) fan_fd = fanotify.Init(fanotify.FAN_CLASS_CONTENT, os.O_RDONLY) fanotify.Mark(fan_fd, fanotify.FAN_MARK_ADD | fanotify.FAN_MARK_MOUNT, fanotify.FAN_OPEN | fanotify.FAN_EVENT_ON_CHILD, -1, glob.glob('/lib/ld-linux*')[0]) loop = asyncio.get_event_loop() pool = redis.ConnectionPool(host='localhost', port=6379, db=0) redis_connection = redis.Redis(connection_pool=pool) loop.add_reader(fan_fd, sync_handle_buf, fan_fd, redis_connection) loop.run_forever()
def main(): if len(sys.argv) != 2: print('Usage: {} <path>'.format(sys.argv[0])) sys.exit(1) fan_fd = fanotify.Init(fanotify.FAN_CLASS_CONTENT, os.O_RDONLY) fanotify.Mark(fan_fd, fanotify.FAN_MARK_ADD | fanotify.FAN_MARK_MOUNT, fanotify.FAN_OPEN | fanotify.FAN_EVENT_ON_CHILD, -1, sys.argv[1]) while True: buf = os.read(fan_fd, 4096) assert buf while fanotify.EventOk(buf): buf, event = fanotify.EventNext(buf) if event.mask & fanotify.FAN_Q_OVERFLOW: print('Queue overflow !') continue fdpath = '/proc/self/fd/{:d}'.format(event.fd) full_path = os.readlink(fdpath) print(full_path) os.close(event.fd) assert not buf
def main(): if len(sys.argv) != 2: print('Usage: {} <path>'.format(sys.argv[0])) sys.exit(1) fan_fd = fanotify.Init(fanotify.FAN_CLASS_CONTENT, os.O_RDONLY) fanotify.Mark(fan_fd, fanotify.FAN_MARK_ADD, fanotify.FAN_OPEN_PERM, -1, sys.argv[1]) # Loop continuously rejecting events that don't match root's uid. while True: buf = os.read(fan_fd, 4096) assert buf while fanotify.EventOk(buf): buf, event = fanotify.EventNext(buf) if IsRootProcess(event.pid): print('Allowing open from root pid {}'.format(event.pid)) response = fanotify.FAN_ALLOW else: print('Denying open from pid {}'.format(event.pid)) response = fanotify.FAN_DENY os.write(fan_fd, fanotify.Response(event.fd, response)) os.close(event.fd) assert not buf
def TestMark(self): with self.assertRaises(OSError): fanotify.Mark(-1, 0, 0, 0, 'fakepath')
def rmv_watch_file(self, token, socket_data): del self.watch_dict[token][socket_data] if len(self.watch_dict[token]) == 0: fanotify.Mark(self.fan_fd, fanotify.FAN_MARK_REMOVE, fanotify.FAN_OPEN_PERM, -1, self._get_path(token)) del self.watch_dict[token]
def add_watch_file(self, token, socket_data): if token not in self.watch_dict: self.watch_dict[token] = {} fanotify.Mark(self.fan_fd, fanotify.FAN_MARK_ADD, fanotify.FAN_OPEN_PERM, -1, self._get_path(token)) self.watch_dict[token][socket_data] = False