GithubHelp home page GithubHelp logo

marektamaskovic / strace2seccomp Goto Github PK

View Code? Open in Web Editor NEW
10.0 7.0 0.0 50.01 MB

strace2seccomp - generates libseccomp policies from strace logs

License: GNU General Public License v3.0

Makefile 1.74% Shell 0.66% C++ 97.61%
strace seccomp libseccomp cpp cpp17 thesis fit vutbr redhat bachelor-thesis

strace2seccomp's Introduction

strace2seccomp - Bachelor's thesis

About

This bachelor's thesis is focused on an automatic generation of seccomp rules from strace logs. The output is generated in C/C++ syntax. Input can be optimized with three optimization algorithms. One is called strict, and it will produce 1:1 output compared to input. Another one is called minimax or weak. This algorithm will provide on the output only extremes as border values for allowance interval. The last one is called advanced which implements DBSCAN algorithm for clustering. The thesis can be found in another branch.

Usage

Usage:
	st2se [OPTION] filename ...

Generic options:
    -h [--help]			: print this message
    -v [--verbose]			: turn on verbose mode
    -d [--debug]			: turn on debug mode
    -t [--tracing]			: turn on debug mode
    -A [--analyze-grammar]		: analyze grammar
    -o FILE [--output=FILE]		: set output file

Configuration options:
    -w [--weak]			: use weak algotirthm
    -s [--strict]			: use strict algotirthm
    -a [--advanced]			: use advanced algotirthm
    --prolog				: generate function prolog
    --thread				: add filter synchronization among threads/processes
    --scOnly				: generate only syscall allowance

Examples

$ ./st2se -v -w --output=source.cpp filename1 filename2

In this case, we can see that verbose mode is turned on and minimax algorithm was chosen for the optimizer. The output of the program will be stored in source.cpp. Files filename1 and filename2 will be used as input.

$ ./st2se -w --output=source.cpp filename --thread --prolog

This command diverges only in the output format. The --thread will generate support for multithread or multiprocess applications and --prolog switch ensures that the filter will be located in function. This behavior is helpful for copy&paste output into an existing program.

$ ./st2se -A

When we want to check if the grammar in the parser is correct, we can use a built-in tool in parser library. This tool of the parser can be turned on with switch -A. On standard output will be printed number of found issues.

Compilation

Here will be shown how to compile the project

Dependencies

  1. pegtl
  • C++ parser library
  • This library is already bundled in project.
  1. MPark.Variant
  • C++14 variant implementation
  • This library is already bundled in project.
  1. fmtlib
  • C++ formating library
  • This library is already bundled in project.

Compilation

To compile the project you must build the project in root directory of the project with make:

$ make release

If you want to make the project with the debug symbols you will run only make without any recipe:

$ make

If you want to make testsuite you will run

$ make check

Testing

Information about testsuite and how to run tests is located here.

Possible extensions

  • Go language support,
  • implement other algorithms,
  • interactive allowance of rules combined with testsuite,
  • switch between usage of local or system libraries.

Troubleshoot

  • Problems with includes typicaly <mpark/variant> means that you haven't initialized submodules.

    Solution = $ git submodule update --init --recursive

strace2seccomp's People

Contributors

davidbolvansky avatar marektamaskovic avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

strace2seccomp's Issues

Add doxygen

Add doxygen config and makefile recipe. Output should be in doc/doxygen

Remove boost

Please, consider removing boost dependency from this project. It is really overhead to use boost just due to one function (split).

 template<typename SequenceSequenceT, typename RangeT, typename PredicateT> 
      SequenceSequenceT & 
      split(SequenceSequenceT &, RangeT &, PredicateT, 
            token_compress_mode_type = token_compress_off);

Interactive allowance of syscall

There should be an automated script which will generate the filter from strace afterward it will be applied into source code, compiled, run. The run should be monitored with strace or other system call monitoring tool which will provide the input for the automated script. That automated script should parse the last syscall that emitted the termination and interactively edit the previously generated filter. When the edit is finished it should generate a new filter that would be applied, etc. This will work in iterations until there will be a functional filter.

Segfault

There is a segfault in source_dev branch.
Reproducer:

> ./st2se -s filename

where filename contains:
recvfrom(3, ""..., 10, MSG_PEEK|MSG_TRUNC, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("147.229.254.98")}, [16]) = 56 recvfrom(3, ""..., 10, MSG_PEEK|MSG_TRUNC, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("217.67.19.197")}, [16]) = 84 recvfrom(3, ""..., 2048, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, [28->16]) = 82 recvfrom(3, ""..., 56, MSG_TRUNC, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("147.229.254.98")}, [16]) = 56 recvfrom(3, ""..., 65536, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.1")}, [28->16]) = 79 recvfrom(3, ""..., 84, MSG_TRUNC, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("217.67.19.197")}, [16]) = 84

cpp11_support.hpp missing

I think you forgot to include (git add ...?) the cpp11_support.hpp in PR#41...

~/P/strace2seccomp> make
make[1]: Entering directory '/home/user/Projects/strace2seccomp/src'
make[1]: *** No rule to make target 'cpp11_support.hpp', needed by 'main.o'.  Stop.
make[1]: Leaving directory '/home/user/Projects/strace2seccomp/src'
make: *** [Makefile:7: all] Error 2

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.