Gerard Wagener
f1039eec4d
Found back the substitute program
2010-11-30 13:26:29 +01:00
Gerard Wagener
0741943282
AHA captures now insults typed by a user
...
The ihook.sh must be set in the global bash.rc
The hook is needed to pass invalid commands already fetched by bash to kernel space which are then transfered to the daemon
2010-10-26 14:24:22 +02:00
Gerard Wagener
e2714b2ef9
Disabled AHA printks
2010-10-12 09:39:10 +02:00
Gerard Wagener
c3a37be48c
GUI database filename is now read from the configuration file
2010-10-12 09:25:28 +02:00
Gerard Wagener
b863cb2717
Added GUI for demonstrating AHA
2010-10-11 18:40:31 +02:00
Gerard Wagener
4ec88462fc
Added temporary tracing messages in aha.c
2010-10-11 18:12:10 +02:00
Gerard Wagener
d54122dd6c
AHA with the GUI was too slow
2010-10-11 18:11:11 +02:00
Gerard Wagener
cdb9e2970b
More debug messages in ahalib
2010-10-11 16:42:13 +02:00
Gerard Wagener
e5442b7ccb
Updated config file
2010-10-11 16:41:58 +02:00
Gerard Wagener
8fbbbd8611
Updated startuml
2010-10-11 16:41:40 +02:00
Gerard Wagener
b77e688b55
Integrated GUI
2010-10-11 16:41:10 +02:00
Gerard Wagener
750e4c71f1
Try #0 fix IOError from aha - worker
2010-01-21 13:58:49 +01:00
Gerard Wagener
3008f3ba7c
Fixed some bugs in exception handling
2010-01-21 13:46:00 +01:00
Gerard Wagener
58e19929ba
aha-eye uses getopt
2010-01-21 12:35:28 +01:00
Gerard Wagener
91e3e177a7
Add TODO note to improve the handling for PID recycling
2010-01-21 12:11:32 +01:00
Gerard Wagener
10ebb80fa9
AHA is now playing the game
2010-01-21 12:04:23 +01:00
Gerard Wagener
0171dd64d5
Discard empty subtrees induced by sshd
2010-01-21 10:46:58 +01:00
Gerard Wagener
85d792e0fb
Fixed bug where process vectors are mixed
2010-01-20 22:46:45 +01:00
Gerard Wagener
b48be3e0e0
annotated list causes the confusions but need ppid in anotated list too
2010-01-20 22:00:20 +01:00
Gerard Wagener
c68124b88d
A process do sys_execve multiple times
2010-01-20 21:48:51 +01:00
Gerard Wagener
b58b2ecea2
First version of exporting information like ssh addresses and timestamps
...
besides process vectors
2010-01-20 19:09:13 +01:00
Gerard Wagener
181a5ca1bf
Initial version of recovering process vectors
2010-01-20 18:24:36 +01:00
Gerard Wagener
26f4e7096c
Exporter also recovers the process tree
2010-01-20 18:23:57 +01:00
Gerard Wagener
9f5b296497
Rollback to primitive aha-worker: Task only record files
2010-01-20 18:22:58 +01:00
Gerard Wagener
51da827445
Fixed a wrong assumption: A clone of sshd is not necessarly a related to a user
2010-01-20 17:05:06 +01:00
Gerard Wagener
54d3a0d153
Removed some debug messages from the library
2010-01-20 17:02:11 +01:00
Gerard Wagener
047dc87859
Traceback exceptions
2010-01-20 10:00:16 +01:00
Gerard Wagener
4f7ed8bdc5
Sometimes SSH related information is lost ....
2010-01-19 17:36:55 +01:00
Gerard Wagener
e226c7303a
Preliminar running version of tracking IP addresses with process ids
2010-01-19 17:19:37 +01:00
Gerard Wagener
628f6f6236
Add function to query all the children of sshd
2010-01-19 15:40:20 +01:00
Gerard Wagener
46cb4e483f
Fixed regression tests for type error
2010-01-19 14:44:09 +01:00
Gerard Wagener
52d235b957
Removed print messages
2010-01-19 14:12:50 +01:00
Gerard Wagener
8a57773fcc
Broken worker: First clone of ssh does not include information
...
2nd maybe too
2010-01-19 13:57:26 +01:00
Gerard Wagener
a515f03904
Include timestamp into the message generated by the kernel
2010-01-18 21:52:20 +01:00
Gerard Wagener
48764f8eb8
Add text exporter function for user annotated user list
2010-01-18 21:46:29 +01:00
Gerard Wagener
593b8e2d8c
Annotate process trees
2010-01-18 20:57:03 +01:00
Gerard Wagener
aa8cf2d75c
Remove debug print
2010-01-18 17:43:59 +01:00
Gerard Wagener
6f75d2f7d0
Worker should is also maintaining a process list
2010-01-18 17:41:21 +01:00
Gerard Wagener
0c51cfd662
Clean up process trees in aha
2010-01-18 17:00:47 +01:00
Gerard Wagener
bd4b19f8a7
Kernel logs when thread ends
2010-01-18 16:13:21 +01:00
Gerard Wagener
ddf2ede927
Fixed message parser library
2010-01-18 14:26:06 +01:00
Gerard Wagener
1144fdee80
Dump environment variables as well for the sys_execve system calls
2010-01-18 14:21:30 +01:00
Gerard Wagener
36228e179a
Cleaned aha.h
2010-01-18 12:02:11 +01:00
Gerard Wagener
d8d6d4450a
UML kernel reads polling interval from a config file
2010-01-18 11:57:07 +01:00
Gerard Wagener
f8290a30db
Avoid maximal recursion error
2010-01-18 09:39:24 +01:00
Gerard Wagener
ddc4d50b77
Remove processes from the system from the processtree
...
Purpose: Avoid that process tree grows too much
2010-01-18 09:35:38 +01:00
Gerard Wagener
912fb42b02
Add todo default action
2010-01-15 11:55:58 +01:00
Gerard Wagener
a4c919c452
Try #3 seems to run
2010-01-15 11:40:18 +01:00
Gerard Wagener
f3d7347537
Try 2: If booted works, but does not boot
2010-01-15 11:13:19 +01:00
Gerard Wagener
3fd629f6f3
Try #1 : Integrate process tree analysis in aha
...
Problem: Exceptions are thrown: Need to distinguish between message types
2010-01-15 10:20:47 +01:00