pqc
/
execve_hook
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

加入enable的支持

This commit is contained in:
Pan Qiancheng 2025-04-07 09:16:50 +08:00
parent 02ba95861f
commit 5178f93e7e
7 changed files with 212 additions and 511 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,12 @@
{
"files.associations": {
"*.vue": "vue",
"*.css": "css",
"*.jsx": "javascriptreact",
"*.cjson": "jsonc",
"*.wxss": "css",
"*.wxs": "javascript",
"*.json": "jsonc",
"string.h": "c"
}
}

87
README.md
View File

@ -1,4 +1,89 @@
# 拦截execve系统调用以达到对用户命令执行检查的功能
# execve 拦截器
## 简介
本项目是一个通过动态链接库预加载 (LD\_PRELOAD) 方式实现的 `execve` 系统调用拦截器。它可以根据预定义的规则,在程序执行指定的命令时进行警告、阻止或记录操作。
**主要功能:**
* **命令拦截与告警:** 当执行配置中指定的命令时,可以显示警告信息并询问用户是否继续执行。
* **命令阻止:** 可以完全阻止执行配置中指定的命令。
* **参数匹配:** 支持基于命令参数进行更细粒度的规则匹配。
* **配置热加载:** 能够检测到配置文件修改并自动重新加载规则。
* **日志记录:** 记录所有通过 `execve` 执行的命令及其参数。
* **输出重定向与错误检测:** 将执行命令的标准输出和错误输出记录到日志文件,并能在检测到错误时发出提示。
* **仅拦截终端 Shell:** 默认只在终端 Shell (如 bash, zsh, fish, sh) 中拦截 `execve` 调用,避免影响其他程序。
* **功能开关:** 可以通过配置文件中的 `enabled` 字段全局启用或禁用拦截功能。
## 安装
1. **前提条件:**
* 安装 `gcc` 等编译工具。
* 安装 `json-c` 库 (开发版本)。在 Debian/Ubuntu 上可以使用 `sudo apt-get install libjson-c-dev` 安装,在 CentOS/RHEL 上可以使用 `sudo yum install json-c-devel` 安装。
2. **编译:**
```bash
gcc -shared -fPIC execve_interceptor.c -o execve_interceptor.so -ldl -ljson-c
```
* 确保你的代码文件名为 `execve_interceptor.c`
3. **创建配置和日志目录 (如果不存在):**
```bash
mkdir -p config logs
```
4. **创建配置文件:**
* 在 `config` 目录下创建 `execve_rules.json` 文件,并按照以下格式配置规则:
```json
{
"enabled": true,
"rules": [
{
"cmd": "nvidia-smi",
"type": "warn",
"msg": "在沐曦环境下请执行mx-smi"
},
{
"cmd": "rm",
"type": "error",
"msg": "Error: rm command is forbidden"
},
{
"cmd": "pip",
"type": "warn",
"msg": "使用pip安装torch时请注意使用厂家支持版本",
"args": ["install", "torch"]
}
]
}
```
* `enabled`: 布尔值,用于启用或禁用整个拦截器功能。
* `rules`: 一个 JSON 数组,包含多个规则对象。
* `cmd`: 要拦截的命令名称。
* `type`: 拦截类型,可以是 `"warn"` (警告) 或 `"error"` (阻止)。
* `msg`: 当规则匹配时显示的消息。
* `args` (可选): 一个字符串数组,指定需要匹配的命令参数。只有当所有指定的参数都存在时,规则才匹配。
## 配置
* **`config/execve_rules.json`:** 这是主要的配置文件,用于定义拦截规则。你可以根据需要添加、修改或删除规则。
* **`logs/execve.log`:** 记录所有通过 `execve` 执行的命令及其参数。
* **`logs/execve_out.log`:** 记录被拦截命令的标准输出和错误输出。
## 使用
要使用该拦截器,你需要通过 `LD_PRELOAD` 环境变量在执行命令前加载编译好的动态链接库。
**示例:**
```bash
export LD_PRELOAD=$(pwd)/execve_interceptor.so
nvidia-smi
rm test.txt
pip install torch
```
## 前置依赖:

39
config/execve_rules.json
View File

@ -1,18 +1,21 @@
[
{
"cmd": "nvidia-smi",
"type": "warn",
"msg": "在沐曦环境下请执行mx-smi"
},
{
"cmd": "rm",
"type": "error",
"msg": "Error: rm command is forbidden"
},
{
"cmd": "pip",
"type": "warn",
"msg": "使用pip安装torch时请注意使用厂家支持版本",
"args": ["install", "torch"]
}
]
{
"enabled": true,
"rules": [
{
"cmd": "nvidia-smi",
"type": "warn",
"msg": "在沐曦环境下请执行mx-smi"
},
{
"cmd": "rm",
"type": "error",
"msg": "Error: rm command is forbidden"
},
{
"cmd": "pip",
"type": "warn",
"msg": "使用pip安装torch时请注意使用厂家支持版本",
"args": ["install", "torch"]
}
]
}

191
execve_intercept.c
View File

@ -2,6 +2,7 @@
#include <dlfcn.h>
#include <fcntl.h>
#include <json-c/json.h>
#include <stdbool.h> // 引入 bool 类型
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -27,53 +28,80 @@ typedef struct {
int arg_count;
} Rule;
// 加载配置规则
Rule *load_rules(int *rule_count) {
typedef struct {
bool enabled;
Rule *rules;
int rule_count;
} Config;
// 加载配置
Config load_config() {
Config config = {false, NULL, 0};
json_object *root = json_object_from_file(CONFIG_FILE);
if (!root) {
fprintf(stderr, "Failed to parse JSON from %s\n", CONFIG_FILE);
*rule_count = 0;
return NULL;
return config;
}
*rule_count = json_object_array_length(root);
Rule *rules = malloc(sizeof(Rule) * (*rule_count));
if (!rules) {
json_object *enabled_obj;
if (json_object_object_get_ex(root, "enabled", &enabled_obj)) {
config.enabled = json_object_get_boolean(enabled_obj);
}
if (!config.enabled) {
json_object_put(root);
*rule_count = 0;
return NULL;
return config;
}
for (int i = 0; i < *rule_count; i++) {
json_object *rule = json_object_array_get_idx(root, i);
json_object *cmd, *type, *msg, *args;
json_object *rules_array_obj;
if (json_object_object_get_ex(root, "rules", &rules_array_obj) &&
json_object_get_type(rules_array_obj) == json_type_array) {
config.rule_count = json_object_array_length(rules_array_obj);
config.rules = malloc(sizeof(Rule) * config.rule_count);
if (!config.rules) {
fprintf(stderr, "Failed to allocate memory for rules\n");
json_object_put(root);
config.rule_count = 0;
return config;
}
json_object_object_get_ex(rule, "cmd", &cmd);
json_object_object_get_ex(rule, "type", &type);
json_object_object_get_ex(rule, "msg", &msg);
for (int i = 0; i < config.rule_count; i++) {
json_object *rule_obj =
json_object_array_get_idx(rules_array_obj, i);
json_object *cmd, *type, *msg, *args;
strncpy(rules[i].cmd, json_object_get_string(cmd), 255);
strncpy(rules[i].type, json_object_get_string(type), 31);
strncpy(rules[i].msg, json_object_get_string(msg), 1023);
json_object_object_get_ex(rule_obj, "cmd", &cmd);
json_object_object_get_ex(rule_obj, "type", &type);
json_object_object_get_ex(rule_obj, "msg", &msg);
// 解析 args 参数
rules[i].arg_count = 0;
if (json_object_object_get_ex(rule, "args", &args) &&
json_object_get_type(args) == json_type_array) {
int args_len = json_object_array_length(args);
rules[i].arg_count =
args_len < 10 ? args_len : 10; // 限制最多 10 个参数
if (cmd)
strncpy(config.rules[i].cmd, json_object_get_string(cmd), 255);
if (type)
strncpy(config.rules[i].type, json_object_get_string(type), 31);
if (msg)
strncpy(config.rules[i].msg, json_object_get_string(msg), 1023);
for (int j = 0; j < rules[i].arg_count; j++) {
json_object *arg_item = json_object_array_get_idx(args, j);
strncpy(rules[i].args[j], json_object_get_string(arg_item),
255);
// 解析 args 参数
config.rules[i].arg_count = 0;
if (json_object_object_get_ex(rule_obj, "args", &args) &&
json_object_get_type(args) == json_type_array) {
int args_len = json_object_array_length(args);
config.rules[i].arg_count =
args_len < 10 ? args_len : 10; // 限制最多 10 个参数
for (int j = 0; j < config.rules[i].arg_count; j++) {
json_object *arg_item = json_object_array_get_idx(args, j);
if (arg_item) {
strncpy(config.rules[i].args[j],
json_object_get_string(arg_item), 255);
}
}
}
}
}
json_object_put(root);
return rules;
return config;
}
// 检查 args 是否匹配
@ -142,7 +170,7 @@ void duplicate_output_to_log() {
return;
}
if (pid == 0) { // 子进程:读取 pipe并写入日志
if (pid == 0) { // 子进程:读取 pipe并写入日志
close(pipe_fds[1]); // 关闭写端
char buffer[1024];
ssize_t n;
@ -150,7 +178,8 @@ void duplicate_output_to_log() {
while ((n = read(pipe_fds[0], buffer, sizeof(buffer))) > 0) {
// 检查buffer中是否包含错误信息
if (strstr(buffer, "error") || strstr(buffer, "Error") || strstr(buffer, "ERROR")) {
if (strstr(buffer, "error") || strstr(buffer, "Error") ||
strstr(buffer, "ERROR")) {
has_error = 1;
}
@ -166,24 +195,14 @@ void duplicate_output_to_log() {
}
if (has_error) {
// char response[10];
printf("\n检测到命令执行出错,已经上报北冥论坛~ \n");
fflush(stdout); // 确保提示文字被输出
// if (fgets(response, sizeof(response), stdin) != NULL) {
// response[strcspn(response, "\n")] = '\0'; // 去掉换行符
// if (response[0] == 'Y' || response[0] == 'y') {
// printf("上报成功\n");
// } else {
// printf("取消上报\n");
// }
// }
}
close(pipe_fds[0]);
close(log_fd);
_exit(0);
} else { // 父进程:写入 pipe
} else { // 父进程:写入 pipe
close(pipe_fds[0]); // 关闭读端
dup2(pipe_fds[1], STDOUT_FILENO);
dup2(pipe_fds[1], STDERR_FILENO);
@ -195,8 +214,7 @@ void duplicate_output_to_log() {
typedef int (*orig_execve_type)(const char *filename, char *const argv[],
char *const envp[]);
static Rule *rules = NULL;
static int rule_count = 0;
static Config config;
static time_t last_modified_time = 0;
// 判断父进程是否为终端 shell (bash, zsh, fish 等)
@ -230,55 +248,16 @@ int config_file_modified() {
return file_stat.st_mtime != last_modified_time;
}
// 加载或重新加载规则
void load_rules_if_needed() {
if (!rules || config_file_modified()) {
json_object *root = json_object_from_file(CONFIG_FILE);
if (!root) {
fprintf(stderr, "Failed to parse JSON from %s\n", CONFIG_FILE);
return;
// 加载或重新加载配置
void load_config_if_needed() {
if (config.rules == NULL || config_file_modified()) {
// 释放旧的规则
if (config.rules) {
free(config.rules);
config.rules = NULL;
config.rule_count = 0;
}
if (rules) {
free(rules);
}
rule_count = json_object_array_length(root);
rules = malloc(sizeof(Rule) * rule_count);
if (!rules) {
json_object_put(root);
rule_count = 0;
return;
}
for (int i = 0; i < rule_count; i++) {
json_object *rule = json_object_array_get_idx(root, i);
json_object *cmd, *type, *msg, *args;
json_object_object_get_ex(rule, "cmd", &cmd);
json_object_object_get_ex(rule, "type", &type);
json_object_object_get_ex(rule, "msg", &msg);
strncpy(rules[i].cmd, json_object_get_string(cmd), 255);
strncpy(rules[i].type, json_object_get_string(type), 31);
strncpy(rules[i].msg, json_object_get_string(msg), 1023);
// 解析 args 参数
rules[i].arg_count = 0;
if (json_object_object_get_ex(rule, "args", &args) &&
json_object_get_type(args) == json_type_array) {
int args_len = json_object_array_length(args);
rules[i].arg_count = args_len < 10 ? args_len : 10;
for (int j = 0; j < rules[i].arg_count; j++) {
json_object *arg_item = json_object_array_get_idx(args, j);
strncpy(rules[i].args[j], json_object_get_string(arg_item),
255);
}
}
}
json_object_put(root);
config = load_config();
struct stat file_stat;
if (stat(CONFIG_FILE, &file_stat) == 0) {
last_modified_time = file_stat.st_mtime;
@ -294,8 +273,16 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
return orig_execve(filename, argv, envp);
}
// 加载规则(仅在需要时)
load_rules_if_needed();
// 加载配置(仅在需要时)
load_config_if_needed();
// 如果功能被禁用,则直接执行
if (!config.enabled) {
orig_execve_type orig_execve =
(orig_execve_type)dlsym(RTLD_NEXT, "execve");
return orig_execve(filename, argv, envp);
}
write_log(filename, argv);
const char *basename = argv[0];
@ -303,12 +290,12 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
basename = argv[2];
}
for (int i = 0; i < rule_count; i++) {
if (strcmp(basename, rules[i].cmd) == 0 &&
args_match(argv, &rules[i])) {
if (strcmp(rules[i].type, "warn") == 0) {
for (int i = 0; i < config.rule_count; i++) {
if (strcmp(basename, config.rules[i].cmd) == 0 &&
args_match(argv, &config.rules[i])) {
if (strcmp(config.rules[i].type, "warn") == 0) {
printf(ANSI_COLOR_YELLOW "[Warning] %s\n" ANSI_COLOR_RESET,
rules[i].msg);
config.rules[i].msg);
printf("按下 'Y' 继续执行, 或按任意键取消: ");
char input = getchar();
if (input != 'Y' && input != 'y') {
@ -316,9 +303,9 @@ int execve(const char *filename, char *const argv[], char *const envp[]) {
return -1;
}
printf("\nContinuing execution...\n");
} else if (strcmp(rules[i].type, "error") == 0) {
} else if (strcmp(config.rules[i].type, "error") == 0) {
printf(ANSI_COLOR_RED "[Error] %s" ANSI_COLOR_RESET "\n",
rules[i].msg);
config.rules[i].msg);
return -1;
}
break;

BIN
intercept.so
View File

Binary file not shown.

295
logs/execve.log
View File

@ -1,300 +1,11 @@
[Wed Mar 26 09:05:39 2025
[Thu Apr 3 16:51:04 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 09:05:39 2025
] Command: /usr/bin/basename
arg[0]: basename
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:05:39 2025
] Command: /usr/bin/dirname
arg[0]: dirname
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:05:39 2025
[Thu Apr 3 16:51:04 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 09:05:59 2025
] Command: /usr/lib/command-not-found
arg[0]: /usr/lib/command-not-found
arg[1]: --
arg[2]: nvidia-smi
[Wed Mar 26 09:08:18 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 09:08:18 2025
] Command: /usr/bin/basename
arg[0]: basename
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:08:18 2025
] Command: /usr/bin/dirname
arg[0]: dirname
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:08:18 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 09:08:20 2025
] Command: /usr/lib/command-not-found
arg[0]: /usr/lib/command-not-found
arg[1]: --
arg[2]: nvidia-smi
[Wed Mar 26 09:09:49 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 09:09:49 2025
] Command: /usr/bin/basename
arg[0]: basename
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:09:49 2025
] Command: /usr/bin/dirname
arg[0]: dirname
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:09:49 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 09:10:17 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 09:10:17 2025
] Command: /usr/bin/basename
arg[0]: basename
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:10:17 2025
] Command: /usr/bin/dirname
arg[0]: dirname
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:10:17 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 09:10:25 2025
] Command: /usr/lib/command-not-found
arg[0]: /usr/lib/command-not-found
arg[1]: --
arg[2]: nvidia-smi
[Wed Mar 26 09:10:57 2025
] Command: /usr/lib/command-not-found
arg[0]: /usr/lib/command-not-found
arg[1]: --
arg[2]: pip
[Wed Mar 26 09:13:06 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 09:13:06 2025
] Command: /usr/bin/basename
arg[0]: basename
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:13:06 2025
] Command: /usr/bin/dirname
arg[0]: dirname
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:13:06 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 09:14:20 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 09:14:20 2025
] Command: /usr/bin/basename
arg[0]: basename
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:14:20 2025
] Command: /usr/bin/dirname
arg[0]: dirname
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:14:20 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 09:20:02 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 09:20:02 2025
] Command: /usr/bin/basename
arg[0]: basename
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:20:02 2025
] Command: /usr/bin/dirname
arg[0]: dirname
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 09:20:02 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 09:20:04 2025
] Command: /usr/lib/command-not-found
arg[0]: /usr/lib/command-not-found
arg[1]: --
arg[2]: pip
[Wed Mar 26 10:09:14 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 10:09:14 2025
] Command: /usr/bin/basename
arg[0]: basename
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 10:09:14 2025
] Command: /usr/bin/dirname
arg[0]: dirname
arg[1]: /usr/bin/lesspipe
[Wed Mar 26 10:09:14 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 10:09:15 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Wed Mar 26 10:09:17 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
arg[2]: -alF
[Wed Mar 26 10:09:22 2025
] Command: /usr/lib/command-not-found
arg[0]: /usr/lib/command-not-found
arg[1]: --
arg[2]: pip
[Wed Mar 26 10:09:27 2025
] Command: /usr/lib/command-not-found
arg[0]: /usr/lib/command-not-found
arg[1]: --
arg[2]: pip
[Wed Mar 26 10:16:58 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 10:16:58 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 10:16:59 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Wed Mar 26 10:17:04 2025
] Command: /usr/lib/command-not-found
arg[0]: /usr/lib/command-not-found
arg[1]: --
arg[2]: python
[Wed Mar 26 10:17:10 2025
] Command: /usr/lib/command-not-found
arg[0]: /usr/lib/command-not-found
arg[1]: --
arg[2]: pip
[Wed Mar 26 16:09:32 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 16:09:32 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 16:09:34 2025
] Command: /usr/bin/make
arg[0]: make
[Wed Mar 26 16:09:40 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 16:09:40 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 16:09:41 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Wed Mar 26 16:11:44 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 16:11:44 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 16:11:44 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Wed Mar 26 16:11:47 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Wed Mar 26 16:11:47 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
arg[2]: -alF
[Wed Mar 26 16:11:53 2025
] Command: /usr/lib/command-not-found
arg[0]: /usr/lib/command-not-found
arg[1]: --
arg[2]: pip
[Wed Mar 26 16:11:56 2025
] Command: /usr/bin/rm
arg[0]: rm
[Wed Mar 26 16:14:18 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 16:14:18 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 16:14:19 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Wed Mar 26 16:14:20 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
arg[2]: -alF
[Wed Mar 26 16:14:31 2025
] Command: /usr/bin/lesspipe
arg[0]: lesspipe
[Wed Mar 26 16:14:31 2025
] Command: /usr/bin/dircolors
arg[0]: dircolors
arg[1]: -b
[Wed Mar 26 16:14:34 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
[Wed Mar 26 16:14:36 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto
arg[2]: -alF
[Wed Mar 26 16:14:59 2025
] Command: /usr/bin/git
arg[0]: git
arg[1]: add
arg[2]: .
[Wed Mar 26 16:15:14 2025
] Command: /usr/bin/git
arg[0]: git
arg[1]: commit
arg[2]: -m
arg[3]: hand write tee
[Wed Mar 26 16:15:16 2025
] Command: /usr/bin/git
arg[0]: git
arg[1]: push
[Wed Mar 26 16:15:16 2025
] Command: /usr/lib/git-core/git
arg[0]: git
arg[1]: credential-store
arg[2]: get
[Wed Mar 26 16:15:16 2025
] Command: /usr/lib/git-core/git
arg[0]: git
arg[1]: credential-store
arg[2]: store
[Wed Mar 26 16:16:11 2025
[Thu Apr 3 16:51:05 2025
] Command: /usr/bin/ls
arg[0]: ls
arg[1]: --color=auto

97
logs/execve_out.log
View File

@ -2,103 +2,6 @@ export LESSOPEN="| /usr/bin/lesspipe %s";
export LESSCLOSE="/usr/bin/lesspipe %s %s";
LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:';
export LS_COLORS
make: 对“all”无需做任何事。
export LESSOPEN="| /usr/bin/lesspipe %s";
export LESSCLOSE="/usr/bin/lesspipe %s %s";
LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:';
export LS_COLORS
config
execve_intercept.c
intercept.so
logs
Makefile
README.md
test_bash.sh
export LESSOPEN="| /usr/bin/lesspipe %s";
export LESSCLOSE="/usr/bin/lesspipe %s %s";
LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:';
export LS_COLORS
config
execve_intercept.c
intercept.so
logs
Makefile
README.md
test_bash.sh
config
execve_intercept.c
intercept.so
logs
Makefile
README.md
test_bash.sh
总计 62
drwxrwxr-x 5 qcqcqc qcqcqc 10 3月 26 16:11 ./
drwxrwxr-x 12 qcqcqc qcqcqc 12 3月 20 21:08 ../
drwxrwxr-x 2 qcqcqc qcqcqc 3 3月 26 09:04 config/
-rw-rw-r-- 1 qcqcqc qcqcqc 9139 3月 26 16:11 execve_intercept.c
drwxrwxr-x 8 qcqcqc qcqcqc 14 3月 26 16:09 .git/
-rwxrwxr-x 1 qcqcqc qcqcqc 21912 3月 26 16:11 intercept.so*
drwxrwxr-x 2 qcqcqc qcqcqc 4 3月 26 16:09 logs/
-rw-rw-r-- 1 qcqcqc qcqcqc 222 3月 26 09:02 Makefile
-rw-rw-r-- 1 qcqcqc qcqcqc 973 3月 26 10:08 README.md
-rwxrwxr-x 1 qcqcqc qcqcqc 31 3月 26 09:02 test_bash.sh*
找不到命令 “pip”但可以通过以下软件包安装它
sudo apt install python3-pip
export LESSOPEN="| /usr/bin/lesspipe %s";
export LESSCLOSE="/usr/bin/lesspipe %s %s";
LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:';
export LS_COLORS
config
execve_intercept.c
intercept.so
logs
Makefile
README.md
test_bash.sh
总计 62
drwxrwxr-x 5 qcqcqc qcqcqc 10 3月 26 16:14 ./
drwxrwxr-x 12 qcqcqc qcqcqc 12 3月 20 21:08 ../
drwxrwxr-x 2 qcqcqc qcqcqc 3 3月 26 09:04 config/
-rw-rw-r-- 1 qcqcqc qcqcqc 9595 3月 26 16:14 execve_intercept.c
drwxrwxr-x 8 qcqcqc qcqcqc 14 3月 26 16:09 .git/
-rwxrwxr-x 1 qcqcqc qcqcqc 26104 3月 26 16:14 intercept.so*
drwxrwxr-x 2 qcqcqc qcqcqc 4 3月 26 16:09 logs/
-rw-rw-r-- 1 qcqcqc qcqcqc 222 3月 26 09:02 Makefile
-rw-rw-r-- 1 qcqcqc qcqcqc 973 3月 26 10:08 README.md
-rwxrwxr-x 1 qcqcqc qcqcqc 31 3月 26 09:02 test_bash.sh*
export LESSOPEN="| /usr/bin/lesspipe %s";
export LESSCLOSE="/usr/bin/lesspipe %s %s";
LS_COLORS='rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.webp=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:';
export LS_COLORS
config
execve_intercept.c
intercept.so
logs
Makefile
README.md
test_bash.sh
总计 62
drwxrwxr-x 5 qcqcqc qcqcqc 10 3月 26 16:14 ./
drwxrwxr-x 12 qcqcqc qcqcqc 12 3月 20 21:08 ../
drwxrwxr-x 2 qcqcqc qcqcqc 3 3月 26 09:04 config/
-rw-rw-r-- 1 qcqcqc qcqcqc 9595 3月 26 16:14 execve_intercept.c
drwxrwxr-x 8 qcqcqc qcqcqc 14 3月 26 16:09 .git/
-rwxrwxr-x 1 qcqcqc qcqcqc 26104 3月 26 16:14 intercept.so*
drwxrwxr-x 2 qcqcqc qcqcqc 4 3月 26 16:09 logs/
-rw-rw-r-- 1 qcqcqc qcqcqc 222 3月 26 09:02 Makefile
-rw-rw-r-- 1 qcqcqc qcqcqc 973 3月 26 10:08 README.md
-rwxrwxr-x 1 qcqcqc qcqcqc 31 3月 26 09:02 test_bash.sh*
[master 08c240e] hand write tee
4 files changed, 222 insertions(+), 10 deletions(-)
rewrite intercept.so (67%)
create mode 100644 logs/execve_out.log
username=pqc
password=pqc2421
remote: . Processing 1 references
remote: Processed 1 references in total
To https://gitea.51mars.com/pqc/execve_hook.git
4f81d28..08c240e master -> master
config
execve_intercept.c
intercept.so