Gerard Wagener
|
58e19929ba
|
aha-eye uses getopt
|
2010-01-21 12:35:28 +01:00 |
|
Gerard Wagener
|
91e3e177a7
|
Add TODO note to improve the handling for PID recycling
|
2010-01-21 12:11:32 +01:00 |
|
Gerard Wagener
|
10ebb80fa9
|
AHA is now playing the game
|
2010-01-21 12:04:23 +01:00 |
|
Gerard Wagener
|
0171dd64d5
|
Discard empty subtrees induced by sshd
|
2010-01-21 10:46:58 +01:00 |
|
Gerard Wagener
|
85d792e0fb
|
Fixed bug where process vectors are mixed
|
2010-01-20 22:46:45 +01:00 |
|
Gerard Wagener
|
b48be3e0e0
|
annotated list causes the confusions but need ppid in anotated list too
|
2010-01-20 22:00:20 +01:00 |
|
Gerard Wagener
|
c68124b88d
|
A process do sys_execve multiple times
|
2010-01-20 21:48:51 +01:00 |
|
Gerard Wagener
|
b58b2ecea2
|
First version of exporting information like ssh addresses and timestamps
besides process vectors
|
2010-01-20 19:09:13 +01:00 |
|
Gerard Wagener
|
181a5ca1bf
|
Initial version of recovering process vectors
|
2010-01-20 18:24:36 +01:00 |
|
Gerard Wagener
|
26f4e7096c
|
Exporter also recovers the process tree
|
2010-01-20 18:23:57 +01:00 |
|
Gerard Wagener
|
9f5b296497
|
Rollback to primitive aha-worker: Task only record files
|
2010-01-20 18:22:58 +01:00 |
|
Gerard Wagener
|
51da827445
|
Fixed a wrong assumption: A clone of sshd is not necessarly a related to a user
|
2010-01-20 17:05:06 +01:00 |
|
Gerard Wagener
|
54d3a0d153
|
Removed some debug messages from the library
|
2010-01-20 17:02:11 +01:00 |
|
Gerard Wagener
|
047dc87859
|
Traceback exceptions
|
2010-01-20 10:00:16 +01:00 |
|
Gerard Wagener
|
4f7ed8bdc5
|
Sometimes SSH related information is lost ....
|
2010-01-19 17:36:55 +01:00 |
|
Gerard Wagener
|
e226c7303a
|
Preliminar running version of tracking IP addresses with process ids
|
2010-01-19 17:19:37 +01:00 |
|
Gerard Wagener
|
628f6f6236
|
Add function to query all the children of sshd
|
2010-01-19 15:40:20 +01:00 |
|
Gerard Wagener
|
46cb4e483f
|
Fixed regression tests for type error
|
2010-01-19 14:44:09 +01:00 |
|
Gerard Wagener
|
52d235b957
|
Removed print messages
|
2010-01-19 14:12:50 +01:00 |
|
Gerard Wagener
|
8a57773fcc
|
Broken worker: First clone of ssh does not include information
2nd maybe too
|
2010-01-19 13:57:26 +01:00 |
|
Gerard Wagener
|
a515f03904
|
Include timestamp into the message generated by the kernel
|
2010-01-18 21:52:20 +01:00 |
|
Gerard Wagener
|
48764f8eb8
|
Add text exporter function for user annotated user list
|
2010-01-18 21:46:29 +01:00 |
|
Gerard Wagener
|
593b8e2d8c
|
Annotate process trees
|
2010-01-18 20:57:03 +01:00 |
|
Gerard Wagener
|
aa8cf2d75c
|
Remove debug print
|
2010-01-18 17:43:59 +01:00 |
|
Gerard Wagener
|
6f75d2f7d0
|
Worker should is also maintaining a process list
|
2010-01-18 17:41:21 +01:00 |
|
Gerard Wagener
|
0c51cfd662
|
Clean up process trees in aha
|
2010-01-18 17:00:47 +01:00 |
|
Gerard Wagener
|
bd4b19f8a7
|
Kernel logs when thread ends
|
2010-01-18 16:13:21 +01:00 |
|
Gerard Wagener
|
ddf2ede927
|
Fixed message parser library
|
2010-01-18 14:26:06 +01:00 |
|
Gerard Wagener
|
1144fdee80
|
Dump environment variables as well for the sys_execve system calls
|
2010-01-18 14:21:30 +01:00 |
|
Gerard Wagener
|
36228e179a
|
Cleaned aha.h
|
2010-01-18 12:02:11 +01:00 |
|
Gerard Wagener
|
d8d6d4450a
|
UML kernel reads polling interval from a config file
|
2010-01-18 11:57:07 +01:00 |
|
Gerard Wagener
|
f8290a30db
|
Avoid maximal recursion error
|
2010-01-18 09:39:24 +01:00 |
|
Gerard Wagener
|
ddc4d50b77
|
Remove processes from the system from the processtree
Purpose: Avoid that process tree grows too much
|
2010-01-18 09:35:38 +01:00 |
|
Gerard Wagener
|
912fb42b02
|
Add todo default action
|
2010-01-15 11:55:58 +01:00 |
|
Gerard Wagener
|
a4c919c452
|
Try #3 seems to run
|
2010-01-15 11:40:18 +01:00 |
|
Gerard Wagener
|
f3d7347537
|
Try 2: If booted works, but does not boot
|
2010-01-15 11:13:19 +01:00 |
|
Gerard Wagener
|
3fd629f6f3
|
Try #1: Integrate process tree analysis in aha
Problem: Exceptions are thrown: Need to distinguish between message types
|
2010-01-15 10:20:47 +01:00 |
|
Gerard Wagener
|
5117feb142
|
Reassemble process trees
Check if a process belongs to the system or a user
|
2010-01-15 09:55:26 +01:00 |
|
Gerard Wagener
|
defd699bd8
|
Add idea to implement signal handler to flush the file
|
2010-01-14 15:49:51 +01:00 |
|
Gerard Wagener
|
9a996274ef
|
Put unique filename / message name in logs for replay
|
2010-01-14 15:39:58 +01:00 |
|
Gerard Wagener
|
ca75ba0ac5
|
Removed temp printk
|
2010-01-14 15:09:42 +01:00 |
|
Gerard Wagener
|
6c86c14a9b
|
Set message types for differentiating between clone and execve messages
|
2010-01-14 15:04:16 +01:00 |
|
Gerard Wagener
|
a644bbe929
|
Try #1: Bug fix for the buffers
|
2010-01-14 14:38:46 +01:00 |
|
Gerard Wagener
|
1e178854a5
|
This version has a major bugs with buffer sizes due to failed
inline optimizations my fault :-(
|
2010-01-14 11:50:14 +01:00 |
|
Gerard Wagener
|
41edea30d9
|
Found another place where forks should be investigated
|
2010-01-12 19:21:35 +01:00 |
|
Gerard Wagener
|
71d68f1386
|
Found the place where clones can be traced
|
2010-01-12 18:14:01 +01:00 |
|
Gerard Wagener
|
165804ff13
|
Updated config file for the current development version
|
2010-01-12 17:50:10 +01:00 |
|
Gerard Wagener
|
ad8a82b369
|
aha.py gets parameters from config file
|
2010-01-12 17:07:41 +01:00 |
|
Gerard Wagener
|
b07b91ce18
|
Do not used printk but PRINTK macro that can be enabled / disabled
|
2010-01-12 16:49:22 +01:00 |
|
Gerard Wagener
|
d0fa66220d
|
Add description for internal function
|
2010-01-12 16:40:05 +01:00 |
|