ANN: syscalltrack version 0.63 released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Haifux, the Haifa Linux Club (http://linuxclub.il.eu.org) is proud to
present 'syscalltrack-0.63', the second _alpha_ release of the
system-call-tracking linux kernel module and user space
utilities. syscalltrack supports both versions 2.2.x and 2.4.x of
the linux kernel.

* What is syscalltrack?

syscalltrack is a linux kernel module and supporting user space
environment which allow interception, logging and possibly taking
action upon system calls that match user defined criteria
(syscalltrack can be thought of as a sophisticated, system wide
strace).

* Where can i get it?

Information on syscalltrack is available on the project's homepage:
http://syscalltrack.sourceforge.net, and in the project's file
release.

You can download the source directly from:
http://prdownloads.sourceforge.net/syscalltrack/syscalltrack-0.63.tar.gz

* Call for developers:

The syscalltrack project is looking for developers, both for kernel
space and user space. If you want to join in on the fun, get in touch
with us on the 'syscalltrack-hackers' mailing list
(http://lists.sourceforge.net/lists/listinfo/syscalltrack-hackers).

* License and NO Warrany

'syscalltrack' is Free Software, licensed under the GNU General Public
License (GPL) version 2. The 'sct_ctrl_lib' library is licensed under
the GNU Lesser General Public License (LGPL).

'syscalltrack' is in early _alpha_ stages and comes with NO
warranty. If it breaks something, you get to keep all of the
pieces. You have been warned (TM).

Happy hacking and tracking!


Major new features for 0.63
---------------------------

* User defined logging format: it is now possible to define the format
  the log message will take. The default log format is

    syscall: %pid[%comm]: %sid_%sname(%params) (rule %ruleid)

  For example, let us consider an invocation of the 'mkdir' system call:

    syscall: 876[mkdir]: 39_mkdir("foo", 509) (rule 1)

* Validity checks on system call parameters: sct_config now makes it
  easier to catch rule file erros by making sure that the parameter,
  operand and operator are of matching types. Validity checks are
  implemented for 'param_condition' and 'process_condition' directives
  only.

* Experimental filter expression: sct_config now allows writing clear,
  concise filter expressions. Here's a filter expression to match a
  system call invocation where the user is root (uid 0) and the first
  parameter contains "passwd":

  filter_expression: (UID == 0) && (PARAMS[1] ~= "passwd")

  (This feature is experimental and does minimal input validation at
  the moment).

* Support for structure parameters: you can now match system calls
  which get a structure as one of their parameters - for example,
  settimeofday(), which gets a 'struct timeval' and 'struct timezone'
  parameters.

* Support for (more) process parameters: we now support the following
  process parameters: UID, EUID, SUID, GID, EGID, SGID, PID,
  COMM. Special attention should be given to COMM, which allows matching
  on the name of the program the process is executing.

* Improved sct_config error diagnostics: sct_config now gives clear,
  concise message on configuration file errors, with line numbers for
  easier rule file debugging.

* syscalltrack should compile with the latest 2.2 kernel and every 2.4
  kernel, and has been tested with at least 2.2.19, 2.4.5, 2.4.9,
  2.4.10, 2.4.10-ac11 2.4.12, 2.4.12-ac3 and 2.4.12-um3.

* Additional compilation and run time test programs.

major bug fixes for version 0.63:

* memory leaks in the kernel plugged and eradicated.

-- 
mulix

http://www.advogato.com/person/mulix
http://syscalltrack.sf.net/


-
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
IRC Channel:   irc.openprojects.net / #kernelnewbies
Web Page:      http://www.kernelnewbies.org/


[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux