Commit graph

178542 commits

Author SHA1 Message Date
Gerard Wagener
b48be3e0e0 annotated list causes the confusions but need ppid in anotated list too 2010-01-20 22:00:20 +01:00
Gerard Wagener
c68124b88d A process do sys_execve multiple times 2010-01-20 21:48:51 +01:00
Gerard Wagener
b58b2ecea2 First version of exporting information like ssh addresses and timestamps
besides process vectors
2010-01-20 19:09:13 +01:00
Gerard Wagener
181a5ca1bf Initial version of recovering process vectors 2010-01-20 18:24:36 +01:00
Gerard Wagener
26f4e7096c Exporter also recovers the process tree 2010-01-20 18:23:57 +01:00
Gerard Wagener
9f5b296497 Rollback to primitive aha-worker: Task only record files 2010-01-20 18:22:58 +01:00
Gerard Wagener
51da827445 Fixed a wrong assumption: A clone of sshd is not necessarly a related to a user 2010-01-20 17:05:06 +01:00
Gerard Wagener
54d3a0d153 Removed some debug messages from the library 2010-01-20 17:02:11 +01:00
Gerard Wagener
047dc87859 Traceback exceptions 2010-01-20 10:00:16 +01:00
Gerard Wagener
4f7ed8bdc5 Sometimes SSH related information is lost .... 2010-01-19 17:36:55 +01:00
Gerard Wagener
e226c7303a Preliminar running version of tracking IP addresses with process ids 2010-01-19 17:19:37 +01:00
Gerard Wagener
628f6f6236 Add function to query all the children of sshd 2010-01-19 15:40:20 +01:00
Gerard Wagener
46cb4e483f Fixed regression tests for type error 2010-01-19 14:44:09 +01:00
Gerard Wagener
52d235b957 Removed print messages 2010-01-19 14:12:50 +01:00
Gerard Wagener
8a57773fcc Broken worker: First clone of ssh does not include information
2nd maybe too
2010-01-19 13:57:26 +01:00
Gerard Wagener
a515f03904 Include timestamp into the message generated by the kernel 2010-01-18 21:52:20 +01:00
Gerard Wagener
48764f8eb8 Add text exporter function for user annotated user list 2010-01-18 21:46:29 +01:00
Gerard Wagener
593b8e2d8c Annotate process trees 2010-01-18 20:57:03 +01:00
Gerard Wagener
aa8cf2d75c Remove debug print 2010-01-18 17:43:59 +01:00
Gerard Wagener
6f75d2f7d0 Worker should is also maintaining a process list 2010-01-18 17:41:21 +01:00
Gerard Wagener
0c51cfd662 Clean up process trees in aha 2010-01-18 17:00:47 +01:00
Gerard Wagener
bd4b19f8a7 Kernel logs when thread ends 2010-01-18 16:13:21 +01:00
Gerard Wagener
ddf2ede927 Fixed message parser library 2010-01-18 14:26:06 +01:00
Gerard Wagener
1144fdee80 Dump environment variables as well for the sys_execve system calls 2010-01-18 14:21:30 +01:00
Gerard Wagener
36228e179a Cleaned aha.h 2010-01-18 12:02:11 +01:00
Gerard Wagener
d8d6d4450a UML kernel reads polling interval from a config file 2010-01-18 11:57:07 +01:00
Gerard Wagener
f8290a30db Avoid maximal recursion error 2010-01-18 09:39:24 +01:00
Gerard Wagener
ddc4d50b77 Remove processes from the system from the processtree
Purpose: Avoid that process tree grows too much
2010-01-18 09:35:38 +01:00
Gerard Wagener
912fb42b02 Add todo default action 2010-01-15 11:55:58 +01:00
Gerard Wagener
a4c919c452 Try #3 seems to run 2010-01-15 11:40:18 +01:00
Gerard Wagener
f3d7347537 Try 2: If booted works, but does not boot 2010-01-15 11:13:19 +01:00
Gerard Wagener
3fd629f6f3 Try #1: Integrate process tree analysis in aha
Problem: Exceptions are thrown: Need to distinguish between message types
2010-01-15 10:20:47 +01:00
Gerard Wagener
5117feb142 Reassemble process trees
Check if a process belongs to the system or a user
2010-01-15 09:55:26 +01:00
Gerard Wagener
defd699bd8 Add idea to implement signal handler to flush the file 2010-01-14 15:49:51 +01:00
Gerard Wagener
9a996274ef Put unique filename / message name in logs for replay 2010-01-14 15:39:58 +01:00
Gerard Wagener
ca75ba0ac5 Removed temp printk 2010-01-14 15:09:42 +01:00
Gerard Wagener
6c86c14a9b Set message types for differentiating between clone and execve messages 2010-01-14 15:04:16 +01:00
Gerard Wagener
a644bbe929 Try #1: Bug fix for the buffers 2010-01-14 14:38:46 +01:00
Gerard Wagener
1e178854a5 This version has a major bugs with buffer sizes due to failed
inline optimizations my fault :-(
2010-01-14 11:50:14 +01:00
Gerard Wagener
41edea30d9 Found another place where forks should be investigated 2010-01-12 19:21:35 +01:00
Gerard Wagener
71d68f1386 Found the place where clones can be traced 2010-01-12 18:14:01 +01:00
Gerard Wagener
165804ff13 Updated config file for the current development version 2010-01-12 17:50:10 +01:00
Gerard Wagener
ad8a82b369 aha.py gets parameters from config file 2010-01-12 17:07:41 +01:00
Gerard Wagener
b07b91ce18 Do not used printk but PRINTK macro that can be enabled / disabled 2010-01-12 16:49:22 +01:00
Gerard Wagener
d0fa66220d Add description for internal function 2010-01-12 16:40:05 +01:00
Gerard Wagener
3ec5e63ca7 Add some logging information if file write failed 2010-01-12 16:38:44 +01:00
Gerard Wagener
f8929ed150 Tried to split up the code 2010-01-12 16:35:11 +01:00
Gerard Wagener
2f50e920ff Add new shared header file 2010-01-12 14:17:27 +01:00
Gerard Wagener
c429e39943 Version that compiles where aha code was moved to aha.c 2010-01-12 14:10:47 +01:00
Gerard Wagener
0c1d3789ba Removed aha.h out of the main include directory 2010-01-12 13:46:44 +01:00