def filter_write(process, file_descriptor, byte_count): if process.is_tracked_descriptor(file_descriptor): path = process.descriptor_path(file_descriptor) return "%s %s to %s" % (T.red("write"), T.bold( "%d bytes" % byte_count), T.underline(path)), byte_count else: return None, None
def filter_move(path_old, path_new): if dirname(path_old) == dirname(path_new): label = "rename" path_new = basename(path_new) else: label = "move" return "%s %s to %s" % (T.green(label), T.underline(path_old), T.underline(path_new)), 0
def format_write(file_descriptor, byte_count): if file_descriptor in file_descriptors: path = file_descriptors[file_descriptor] return "%s %s to %s" % (T.red("write"), T.bold( "%d bytes" % byte_count), T.underline(path)) else: return None
def format_move(path_old, path_new): path_old = abspath(path_old) path_new = abspath(path_new) if dirname(path_old) == dirname(path_new): label = "rename" path_new = basename(path_new) else: label = "move" return "%s %s to %s" % (T.green(label), T.underline(path_old), T.underline(path_new))
def format_open(path, flags): path = abspath(path) if path in allowed_files: return None elif (flags & O_CREAT) and not exists(path): return "%s %s" % (T.cyan("create file"), T.underline(path)) elif (flags & O_TRUNC) and exists(path): return "%s %s" % (T.red("truncate file"), T.underline(path)) else: return None
def filter_change_owner(path, owner, group): if owner == -1: label = "change group" owner = getgrgid(group)[0] elif group == -1: label = "change owner" owner = getpwuid(owner)[0] else: label = "change owner" owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0] return "%s of %s to %s" % (T.yellow(label), T.underline(path), T.bold(owner)), 0
def format_change_owner(path, owner, group): if owner == -1: label = "change group" owner = getgrgid(group)[0] elif group == -1: label = "change owner" owner = getpwuid(owner)[0] else: label = "change owner" owner = getpwuid(owner)[0] + ":" + getgrgid(group)[0] return "%s of %s to %s" % (T.yellow(label), T.underline( abspath(path)), T.bold(owner))
def filter_open(process, path, flags): if path in allowed_files: return None, None if (flags & O_CREAT) and not exists(path): operation = "%s %s" % (T.cyan("create file"), T.underline(path)) elif (flags & O_TRUNC) and exists(path): operation = "%s %s" % (T.red("truncate file"), T.underline(path)) else: operation = None if (flags & O_WRONLY) or (flags & O_RDWR) or (flags & O_APPEND) or (operation is not None): # File might be written to later, so we need to track the file descriptor return_value = process.register_path(path) else: return_value = None return operation, return_value
def filter_mknod(path, type): if exists(path): return None, None elif (type & S_IFCHR): label = "create character special file" elif (type & S_IFBLK): label = "create block special file" elif (type & S_IFIFO): label = "create named pipe" elif (type & S_IFSOCK): label = "create socket" else: # mknod(2): "Zero file type is equivalent to type S_IFREG" label = "create file" return "%s %s" % (T.cyan(label), T.underline(path)), 0
def filter_create_directory(path): return "%s %s" % (T.cyan("create directory"), T.underline(path)), 0
def filter_create_link(path_source, path_target, symbolic): label = "create symbolic link" if symbolic else "create hard link" return "%s from %s to %s" % (T.cyan(label), T.underline(path_source), T.underline(path_target)), 0
def filter_write(process, file_descriptor, byte_count): if process.is_tracked_descriptor(file_descriptor): path = process.descriptor_path(file_descriptor) return "%s %s to %s" % (T.red("write"), T.bold("%d bytes" % byte_count), T.underline(path)), byte_count else: return None, None
def format_create_directory(path): return "%s %s" % (T.cyan("create directory"), T.underline(abspath(path)))
def format_write(file_descriptor, byte_count): if file_descriptor in file_descriptors: path = file_descriptors[file_descriptor] return "%s %s to %s" % (T.red("write"), T.bold("%d bytes" % byte_count), T.underline(path)) else: return None
def format_create_link(path_source, path_target, symbolic): label = "create symbolic link" if symbolic else "create hard link" return "%s from %s to %s" % (T.cyan(label), T.underline(abspath(path_source)), T.underline(abspath(path_target)))
def format_delete(path): return "%s %s" % (T.red("delete"), T.underline(path))
def filter_delete(path): return "%s %s" % (T.red("delete"), T.underline(path)), 0
def filter_change_permissions(path, permissions): return "%s of %s to %s" % (T.yellow("change permissions"), T.underline(path), T.bold(format_permissions(permissions))), 0
def format_delete(path): return "%s %s" % (T.red("delete"), T.underline(abspath(path)))