Commit graph

178559 commits

Author SHA1 Message Date
Gerard Wagener
0741943282 AHA captures now insults typed by a user
The ihook.sh must be set in the global bash.rc
The hook is needed to pass invalid commands already fetched by bash to kernel space which are then transfered to the daemon
2010-10-26 14:24:22 +02:00
Gerard Wagener
e2714b2ef9 Disabled AHA printks 2010-10-12 09:39:10 +02:00
Gerard Wagener
c3a37be48c GUI database filename is now read from the configuration file 2010-10-12 09:25:28 +02:00
Gerard Wagener
b863cb2717 Added GUI for demonstrating AHA 2010-10-11 18:40:31 +02:00
Gerard Wagener
4ec88462fc Added temporary tracing messages in aha.c 2010-10-11 18:12:10 +02:00
Gerard Wagener
d54122dd6c AHA with the GUI was too slow 2010-10-11 18:11:11 +02:00
Gerard Wagener
cdb9e2970b More debug messages in ahalib 2010-10-11 16:42:13 +02:00
Gerard Wagener
e5442b7ccb Updated config file 2010-10-11 16:41:58 +02:00
Gerard Wagener
8fbbbd8611 Updated startuml 2010-10-11 16:41:40 +02:00
Gerard Wagener
b77e688b55 Integrated GUI 2010-10-11 16:41:10 +02:00
Gerard Wagener
750e4c71f1 Try #0 fix IOError from aha - worker 2010-01-21 13:58:49 +01:00
Gerard Wagener
3008f3ba7c Fixed some bugs in exception handling 2010-01-21 13:46:00 +01:00
Gerard Wagener
58e19929ba aha-eye uses getopt 2010-01-21 12:35:28 +01:00
Gerard Wagener
91e3e177a7 Add TODO note to improve the handling for PID recycling 2010-01-21 12:11:32 +01:00
Gerard Wagener
10ebb80fa9 AHA is now playing the game 2010-01-21 12:04:23 +01:00
Gerard Wagener
0171dd64d5 Discard empty subtrees induced by sshd 2010-01-21 10:46:58 +01:00
Gerard Wagener
85d792e0fb Fixed bug where process vectors are mixed 2010-01-20 22:46:45 +01:00
Gerard Wagener
b48be3e0e0 annotated list causes the confusions but need ppid in anotated list too 2010-01-20 22:00:20 +01:00
Gerard Wagener
c68124b88d A process do sys_execve multiple times 2010-01-20 21:48:51 +01:00
Gerard Wagener
b58b2ecea2 First version of exporting information like ssh addresses and timestamps
besides process vectors
2010-01-20 19:09:13 +01:00
Gerard Wagener
181a5ca1bf Initial version of recovering process vectors 2010-01-20 18:24:36 +01:00
Gerard Wagener
26f4e7096c Exporter also recovers the process tree 2010-01-20 18:23:57 +01:00
Gerard Wagener
9f5b296497 Rollback to primitive aha-worker: Task only record files 2010-01-20 18:22:58 +01:00
Gerard Wagener
51da827445 Fixed a wrong assumption: A clone of sshd is not necessarly a related to a user 2010-01-20 17:05:06 +01:00
Gerard Wagener
54d3a0d153 Removed some debug messages from the library 2010-01-20 17:02:11 +01:00
Gerard Wagener
047dc87859 Traceback exceptions 2010-01-20 10:00:16 +01:00
Gerard Wagener
4f7ed8bdc5 Sometimes SSH related information is lost .... 2010-01-19 17:36:55 +01:00
Gerard Wagener
e226c7303a Preliminar running version of tracking IP addresses with process ids 2010-01-19 17:19:37 +01:00
Gerard Wagener
628f6f6236 Add function to query all the children of sshd 2010-01-19 15:40:20 +01:00
Gerard Wagener
46cb4e483f Fixed regression tests for type error 2010-01-19 14:44:09 +01:00
Gerard Wagener
52d235b957 Removed print messages 2010-01-19 14:12:50 +01:00
Gerard Wagener
8a57773fcc Broken worker: First clone of ssh does not include information
2nd maybe too
2010-01-19 13:57:26 +01:00
Gerard Wagener
a515f03904 Include timestamp into the message generated by the kernel 2010-01-18 21:52:20 +01:00
Gerard Wagener
48764f8eb8 Add text exporter function for user annotated user list 2010-01-18 21:46:29 +01:00
Gerard Wagener
593b8e2d8c Annotate process trees 2010-01-18 20:57:03 +01:00
Gerard Wagener
aa8cf2d75c Remove debug print 2010-01-18 17:43:59 +01:00
Gerard Wagener
6f75d2f7d0 Worker should is also maintaining a process list 2010-01-18 17:41:21 +01:00
Gerard Wagener
0c51cfd662 Clean up process trees in aha 2010-01-18 17:00:47 +01:00
Gerard Wagener
bd4b19f8a7 Kernel logs when thread ends 2010-01-18 16:13:21 +01:00
Gerard Wagener
ddf2ede927 Fixed message parser library 2010-01-18 14:26:06 +01:00
Gerard Wagener
1144fdee80 Dump environment variables as well for the sys_execve system calls 2010-01-18 14:21:30 +01:00
Gerard Wagener
36228e179a Cleaned aha.h 2010-01-18 12:02:11 +01:00
Gerard Wagener
d8d6d4450a UML kernel reads polling interval from a config file 2010-01-18 11:57:07 +01:00
Gerard Wagener
f8290a30db Avoid maximal recursion error 2010-01-18 09:39:24 +01:00
Gerard Wagener
ddc4d50b77 Remove processes from the system from the processtree
Purpose: Avoid that process tree grows too much
2010-01-18 09:35:38 +01:00
Gerard Wagener
912fb42b02 Add todo default action 2010-01-15 11:55:58 +01:00
Gerard Wagener
a4c919c452 Try #3 seems to run 2010-01-15 11:40:18 +01:00
Gerard Wagener
f3d7347537 Try 2: If booted works, but does not boot 2010-01-15 11:13:19 +01:00
Gerard Wagener
3fd629f6f3 Try #1: Integrate process tree analysis in aha
Problem: Exceptions are thrown: Need to distinguish between message types
2010-01-15 10:20:47 +01:00
Gerard Wagener
5117feb142 Reassemble process trees
Check if a process belongs to the system or a user
2010-01-15 09:55:26 +01:00