syscalltrack 0.74 released
syscalltrack-0.74, the 10th _alpha_ release of the Linux kernel system call tracker, is now available. syscalltrack supports version 2.4.x of the Linux kernel on the i386 and UML architectures. 2.5.x kernel versions should work as well, but did not receive the same extensive testing. Kernel 2.2.x is NOT supported in this release, due to technical difficulties. This release contains support for almost all system calls - more than 100 have been added since the last release. * What is syscalltrack? syscalltrack is made of a pair of Linux kernel modules and supporting user space environment which allow interception, logging and possibly taking action upon system calls that match user defined criteria. syscalltrack can operate either in "tweezers mode", where only very specific operations are tracked, such as "only track and log attempts to delete /etc/passwd", or in strace(1) compatible mode, where all of the supported system calls are traced. syscalltrack can do things that are impossible to do with the ptrace mechanism, because its core operates in kernel space. * Where can I get it? Information on syscalltrack is available on the project´s homepage: http://syscalltrack.sourceforge.net, and in the project´s file release. The source for the latest version can be downloaded directly from: http://osdn.dl.sourceforge.net/sourceforge/syscalltrack/syscalltrack-0.74.tar.gz or any of the other sourceforge mirrors. * Call for developers: The syscalltrack project is looking for developers, both for kernel space and user space. If you want to join in on the fun, get in touch with us on the syscalltrack-hackers mailing list (http://lists.sourceforge.net/lists/listinfo/syscalltrack-hackers). * License and NO Warrany syscalltrack is Free Software, licensed under the GNU General Public License (GPL) version 2. The ´sct_ctrl_lib´ library is licensed under the GNU Lesser General Public License (LGPL). syscalltrack is in _alpha_ stages and comes with NO warranty. We put it through extensive testing and routinely run it on our systems, but if it breaks something, you get to keep all of the pieces. * PGP Signature All syscalltrack releases from now on will be signed. This release is signed with my pgp public key, which you can get from http://vipe.technion.ac.il/~mulix/pubkey.asc or via ´gpg --keyserver wwwkeys.pgp.net --recv-keys 0xBFD537CB´ Happy hacking and tracking! ======================================================================= New in version 0.74, "Hyperactive Iguana" ----------------------------------------------------------------------- * Added a whole lot of new system calls. syscalltrack now supports almost all of the system calls available on 2.4.x: vhangup, wait4, swapoff, sysinfo, fsync, readv, writev, fdatasync, msync, getpgid, fchdir, personality, bdflush, flock, setdomainname, newuname, modify_ldt, mprotect, sigprocmask, create_module, init_module, delete_module, get_kernel_syms, setfsuid16, setfsgid16, llseek, quotactl, sysfs, getdents, select, sysctl, mlock, mlockall, munlockall, munlockall, sched_setparam, sched_getapram, sched_setscheduler, sched_getscheduler, sched_yield, sched_get_priority_max, sched_get_priority_min, sched_rr_get_interval, nanosleep, mremap, setresuid16, getresuid16, query_module, poll, nfsservctl, setresgid16, getresgid16, prctl, rt_sigpending, rt_sigtimedwait, rt_sigqueueinfo, chown16, getcwd, sendfile,getrlimit, mmap2, stat64, lstat64, fstat64, lchown, getuid, getgid, geteuid, getegid, setreuid, setregid, getgroups, setgroups, fchown, setresuid, getresuid, setresgid, getresgid, chown, setgid, setfsuid, setfsgid, pivot_root, mincore, madvise, getdents64, fnctl64, gettid, tkill, sched_setaffinity, sched_getaffinity, sys_olduname sys_ustat, old_select, getitimer, setitimer, uname. pread, pwrite, truncate64, ftruncate64, readahead. * Fix a bug where we wouldn´t correctly print NULL system call parameters. Now we print <NULL>. * Add support for system calls with loff_t and long long parameters. * Fix several bugs in sctrace. * Fix several important bugs in the system call data file parser (used in sctrace(1) and sct_config(1)) which prevented valid configuration files from being accepted. Added much better error reporting. * Numerous other bug fixes and internal cleanups.