mulix
Tue, 18 Sep 2001 11:13:10 -0700
Haifux, the Haifa Linux Club (http://linuxclub.il.eu.org) is proud to present 'syscalltrack-0.60', the first _alpha_ release of the system-call-tracking linux kernel module and user space utilities. 'syscalltrack' supports both versions 2.2.x and 2.4.x of the linux kernel. * What is syscalltrack? Imagine you have a file being deleted every day at midnight. How will you know which process does it? Imagine you wish to know when any non root process tries to open a file for writing, but you dont care if it tries to open it for reading. How will you do that? Imagine you wish to know when _any_ process tries to temper with /var/log/messages. How will you do it? 'syscalltrack' is a linux kernel module which allows you to hijack and track any system call invocation on your linux box. Using a configuration utility you can specify 'filters' based on both system call parameters and process state parameters. You also specify 'actions' to take if the the filter matches - for example, you can log the invocation to a log file. More actions are planned but not yet implemented. For example, you might say "log all processes which try to 'unlink' '/etc/passwd" or "log all processes which try to 'open' '/dev/dsp' with a mode of O_CREAT, where the UID is less than 100 and the GID is more than 1000". * Where can i get it? Information on 'syscalltrack' is available on the project's homepage: http://syscalltrack.sf.net, and in the project's file release. Files and development information are available from http://www.sf.net/projects/syscalltrack/. You can download the source directly from: http://prdownloads.sourceforge.net/syscalltrack/syscalltrack-0.60.tar.gz * Call for developers: The syscalltrack project is looking for developers, both for kernel space and user space. If you want to join in on the fun, get in touch with us on the 'syscalltrack-hackers' mailing list (http://lists.sourceforge.net/lists/listinfo/syscalltrack-hackers). * License and NO Warrany 'syscalltrack' is Free Software, licensed under the GNU General Public License (GPL) version 2. The 'sct_ctrl_lib' library is licensed under the GNU Lesser General Public License (LGPL). 'syscalltrack' is in early _alpha_ stages and comes with NO warranty. If it breaks something, you get to keep all of the pieces. You have been warned (TM). Happy hacking and tracking! -- mulix http://www.advogato.com/person/mulix http://www.sf.net/projects/syscalltrack -------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://linuxclub.il.eu.org) To unsub send an empty message to [EMAIL PROTECTED]