Gerard Wagener
|
181a5ca1bf
|
Initial version of recovering process vectors
|
2010-01-20 18:24:36 +01:00 |
|
Gerard Wagener
|
26f4e7096c
|
Exporter also recovers the process tree
|
2010-01-20 18:23:57 +01:00 |
|
Gerard Wagener
|
9f5b296497
|
Rollback to primitive aha-worker: Task only record files
|
2010-01-20 18:22:58 +01:00 |
|
Gerard Wagener
|
51da827445
|
Fixed a wrong assumption: A clone of sshd is not necessarly a related to a user
|
2010-01-20 17:05:06 +01:00 |
|
Gerard Wagener
|
54d3a0d153
|
Removed some debug messages from the library
|
2010-01-20 17:02:11 +01:00 |
|
Gerard Wagener
|
047dc87859
|
Traceback exceptions
|
2010-01-20 10:00:16 +01:00 |
|
Gerard Wagener
|
4f7ed8bdc5
|
Sometimes SSH related information is lost ....
|
2010-01-19 17:36:55 +01:00 |
|
Gerard Wagener
|
e226c7303a
|
Preliminar running version of tracking IP addresses with process ids
|
2010-01-19 17:19:37 +01:00 |
|
Gerard Wagener
|
628f6f6236
|
Add function to query all the children of sshd
|
2010-01-19 15:40:20 +01:00 |
|
Gerard Wagener
|
46cb4e483f
|
Fixed regression tests for type error
|
2010-01-19 14:44:09 +01:00 |
|
Gerard Wagener
|
52d235b957
|
Removed print messages
|
2010-01-19 14:12:50 +01:00 |
|
Gerard Wagener
|
8a57773fcc
|
Broken worker: First clone of ssh does not include information
2nd maybe too
|
2010-01-19 13:57:26 +01:00 |
|
Gerard Wagener
|
a515f03904
|
Include timestamp into the message generated by the kernel
|
2010-01-18 21:52:20 +01:00 |
|
Gerard Wagener
|
48764f8eb8
|
Add text exporter function for user annotated user list
|
2010-01-18 21:46:29 +01:00 |
|
Gerard Wagener
|
593b8e2d8c
|
Annotate process trees
|
2010-01-18 20:57:03 +01:00 |
|
Gerard Wagener
|
aa8cf2d75c
|
Remove debug print
|
2010-01-18 17:43:59 +01:00 |
|
Gerard Wagener
|
6f75d2f7d0
|
Worker should is also maintaining a process list
|
2010-01-18 17:41:21 +01:00 |
|
Gerard Wagener
|
0c51cfd662
|
Clean up process trees in aha
|
2010-01-18 17:00:47 +01:00 |
|
Gerard Wagener
|
bd4b19f8a7
|
Kernel logs when thread ends
|
2010-01-18 16:13:21 +01:00 |
|
Gerard Wagener
|
ddf2ede927
|
Fixed message parser library
|
2010-01-18 14:26:06 +01:00 |
|
Gerard Wagener
|
1144fdee80
|
Dump environment variables as well for the sys_execve system calls
|
2010-01-18 14:21:30 +01:00 |
|
Gerard Wagener
|
36228e179a
|
Cleaned aha.h
|
2010-01-18 12:02:11 +01:00 |
|
Gerard Wagener
|
d8d6d4450a
|
UML kernel reads polling interval from a config file
|
2010-01-18 11:57:07 +01:00 |
|
Gerard Wagener
|
f8290a30db
|
Avoid maximal recursion error
|
2010-01-18 09:39:24 +01:00 |
|
Gerard Wagener
|
ddc4d50b77
|
Remove processes from the system from the processtree
Purpose: Avoid that process tree grows too much
|
2010-01-18 09:35:38 +01:00 |
|
Gerard Wagener
|
912fb42b02
|
Add todo default action
|
2010-01-15 11:55:58 +01:00 |
|
Gerard Wagener
|
a4c919c452
|
Try #3 seems to run
|
2010-01-15 11:40:18 +01:00 |
|
Gerard Wagener
|
f3d7347537
|
Try 2: If booted works, but does not boot
|
2010-01-15 11:13:19 +01:00 |
|
Gerard Wagener
|
3fd629f6f3
|
Try #1: Integrate process tree analysis in aha
Problem: Exceptions are thrown: Need to distinguish between message types
|
2010-01-15 10:20:47 +01:00 |
|
Gerard Wagener
|
5117feb142
|
Reassemble process trees
Check if a process belongs to the system or a user
|
2010-01-15 09:55:26 +01:00 |
|
Gerard Wagener
|
defd699bd8
|
Add idea to implement signal handler to flush the file
|
2010-01-14 15:49:51 +01:00 |
|
Gerard Wagener
|
9a996274ef
|
Put unique filename / message name in logs for replay
|
2010-01-14 15:39:58 +01:00 |
|
Gerard Wagener
|
ca75ba0ac5
|
Removed temp printk
|
2010-01-14 15:09:42 +01:00 |
|
Gerard Wagener
|
6c86c14a9b
|
Set message types for differentiating between clone and execve messages
|
2010-01-14 15:04:16 +01:00 |
|
Gerard Wagener
|
a644bbe929
|
Try #1: Bug fix for the buffers
|
2010-01-14 14:38:46 +01:00 |
|
Gerard Wagener
|
1e178854a5
|
This version has a major bugs with buffer sizes due to failed
inline optimizations my fault :-(
|
2010-01-14 11:50:14 +01:00 |
|
Gerard Wagener
|
41edea30d9
|
Found another place where forks should be investigated
|
2010-01-12 19:21:35 +01:00 |
|
Gerard Wagener
|
71d68f1386
|
Found the place where clones can be traced
|
2010-01-12 18:14:01 +01:00 |
|
Gerard Wagener
|
165804ff13
|
Updated config file for the current development version
|
2010-01-12 17:50:10 +01:00 |
|
Gerard Wagener
|
ad8a82b369
|
aha.py gets parameters from config file
|
2010-01-12 17:07:41 +01:00 |
|
Gerard Wagener
|
b07b91ce18
|
Do not used printk but PRINTK macro that can be enabled / disabled
|
2010-01-12 16:49:22 +01:00 |
|
Gerard Wagener
|
d0fa66220d
|
Add description for internal function
|
2010-01-12 16:40:05 +01:00 |
|
Gerard Wagener
|
3ec5e63ca7
|
Add some logging information if file write failed
|
2010-01-12 16:38:44 +01:00 |
|
Gerard Wagener
|
f8929ed150
|
Tried to split up the code
|
2010-01-12 16:35:11 +01:00 |
|
Gerard Wagener
|
2f50e920ff
|
Add new shared header file
|
2010-01-12 14:17:27 +01:00 |
|
Gerard Wagener
|
c429e39943
|
Version that compiles where aha code was moved to aha.c
|
2010-01-12 14:10:47 +01:00 |
|
Gerard Wagener
|
0c1d3789ba
|
Removed aha.h out of the main include directory
|
2010-01-12 13:46:44 +01:00 |
|
Gerard Wagener
|
1a4985b872
|
Moved header file to arch/um/include/shared
|
2010-01-12 13:45:38 +01:00 |
|
Gerard Wagener
|
e10bc5fe3d
|
Commented out my code from arch/um/kernel/exec aiming migration to aha.c
|
2010-01-12 13:43:45 +01:00 |
|
Gerard Wagener
|
9fe3d93db2
|
Add aha.c stub
|
2010-01-12 13:42:43 +01:00 |
|