pqc
/
execve_hook
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
execve_hook/output.txt

231 lines
16 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This is the parent process.
Enter something: This is the child process.
Enter something: 123
You entered: 123
This is a test output.
This is a test error output.
[DEBUG][PID 3285394] src/execve_interceptor.c:29:execve(): Intercepted execve for: /usr/bin/bash
[DEBUG][PID 3285394] src/execve_interceptor.c:30:execve(): argv[0] = bash
[DEBUG][PID 3285394] src/config.c:114:load_config_if_needed(): Creating shared memory for config data
[DEBUG][PID 3285394] src/config.c:127:load_config_if_needed(): Loading config file for the first time
[DEBUG][PID 3285394] src/config.c:17:load_config_to_shm(): Loading configuration from /tmp/exec_hook/config/execve_rules.json to shared memory
[DEBUG][PID 3285394] src/config.c:89:load_config_to_shm(): Loaded 3 rules to shared memory
[DEBUG][PID 3285394] src/execve_interceptor.c:43:execve(): Not a terminal shell, bypassing interception.
[DEBUG][PID 3285513] src/execve_interceptor.c:29:execve(): Intercepted execve for: /usr/bin/lesspipe
[DEBUG][PID 3285513] src/execve_interceptor.c:30:execve(): argv[0] = lesspipe
[DEBUG][PID 3285513] src/config.c:114:load_config_if_needed(): Creating shared memory for config data
[DEBUG][PID 3285513] src/config.c:127:load_config_if_needed(): Loading config file for the first time
[DEBUG][PID 3285513] src/config.c:17:load_config_to_shm(): Loading configuration from /tmp/exec_hook/config/execve_rules.json to shared memory
[DEBUG][PID 3285513] src/config.c:89:load_config_to_shm(): Loaded 3 rules to shared memory
[DEBUG][PID 3285513] src/execve_interceptor.c:48:execve(): Current Config rule count : 3
[DEBUG][PID 3285513] src/logging.c:21:write_log(): Writing exec log for command: /usr/bin/lesspipe
[DEBUG][PID 3285513] src/logging.c:154:duplicate_output_to_log(): Signal handler for SIGINT installed.
[DEBUG][PID 3285513] src/logging.c:236:duplicate_output_to_log(): Child process exited normally
[DEBUG][PID 3285513] src/init_cleanup.c:23:cleanup_shared_memory(): execve_intercept library unloaded.
[DEBUG][PID 3285513] src/init_cleanup.c:25:cleanup_shared_memory(): Log file: ./logs/execve.log
[DEBUG][PID 3285513] src/init_cleanup.c:26:cleanup_shared_memory(): Log out file: ./logs/execve_out.log
[DEBUG][PID 3285513] src/init_cleanup.c:27:cleanup_shared_memory(): Config file: /tmp/exec_hook/config/execve_rules.json
[DEBUG][PID 3285513] src/init_cleanup.c:28:cleanup_shared_memory(): Shared memory ID: 2
[DEBUG][PID 3285513] src/init_cleanup.c:30:cleanup_shared_memory(): Cleaning up shared memory.
/tmp/exec_hook/intercept.so(print_stacktrace+0x23)[0x7f78a48e21a5]
/tmp/exec_hook/intercept.so(cleanup_shared_memory+0x210)[0x7f78a48e29e0]
/lib64/ld-linux-x86-64.so.2(+0x624e)[0x7f78a48f024e]
/lib/x86_64-linux-gnu/libc.so.6(+0x45495)[0x7f78a46b8495]
/lib/x86_64-linux-gnu/libc.so.6(on_exit+0x0)[0x7f78a46b8610]
/tmp/exec_hook/intercept.so(duplicate_output_to_log+0x623)[0x7f78a48e334c]
/tmp/exec_hook/intercept.so(execve+0x5e4)[0x7f78a48e27a8]
bash(shell_execve+0x36)[0x60ac0270ba46]
bash(+0x5b8e7)[0x60ac027128e7]
bash(+0x4b993)[0x60ac02702993]
bash(execute_command_internal+0xf1d)[0x60ac02704b5d]
bash(parse_and_execute+0x6c8)[0x60ac027654e8]
bash(command_substitute+0xa98)[0x60ac0272d938]
bash(+0x780a2)[0x60ac0272f0a2]
bash(+0x81d58)[0x60ac02738d58]
bash(+0x83277)[0x60ac0273a277]
bash(+0x87df9)[0x60ac0273edf9]
bash(+0x4bf8f)[0x60ac02702f8f]
bash(execute_command_internal+0xf1d)[0x60ac02704b5d]
bash(execute_command+0xc8)[0x60ac027071b8]
bash(execute_command_internal+0x343b)[0x60ac0270707b]
bash(parse_and_execute+0x6c8)[0x60ac027654e8]
bash(+0xaf1c6)[0x60ac027661c6]
bash(maybe_execute_file+0x2e)[0x60ac0276659e]
bash(main+0x1a30)[0x60ac026e9db0]
/lib/x86_64-linux-gnu/libc.so.6(+0x29d90)[0x7f78a469cd90]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80)[0x7f78a469ce40]
bash(_start+0x25)[0x60ac026e9f15]
bash: eval: 行 31: 未预期的记号 "(" 附近有语法错误
bash: eval: 行 31: `[DEBUG][PID 3285514] src/logging.c:125:duplicate_output_to_log(): Child process 3285514: stdout is /dev/pts/6
'
[DEBUG][PID 3285518] src/execve_interceptor.c:29:execve(): Intercepted execve for: /usr/bin/dircolors
[DEBUG][PID 3285518] src/execve_interceptor.c:30:execve(): argv[0] = dircolors
[DEBUG][PID 3285518] src/config.c:114:load_config_if_needed(): Creating shared memory for config data
[DEBUG][PID 3285518] src/config.c:127:load_config_if_needed(): Loading config file for the first time
[DEBUG][PID 3285518] src/config.c:17:load_config_to_shm(): Loading configuration from /tmp/exec_hook/config/execve_rules.json to shared memory
[DEBUG][PID 3285518] src/config.c:89:load_config_to_shm(): Loaded 3 rules to shared memory
[DEBUG][PID 3285518] src/execve_interceptor.c:48:execve(): Current Config rule count : 3
[DEBUG][PID 3285518] src/logging.c:21:write_log(): Writing exec log for command: /usr/bin/dircolors
[DEBUG][PID 3285518] src/logging.c:154:duplicate_output_to_log(): Signal handler for SIGINT installed.
[DEBUG][PID 3285518] src/logging.c:236:duplicate_output_to_log(): Child process exited normally
[DEBUG][PID 3285518] src/init_cleanup.c:23:cleanup_shared_memory(): execve_intercept library unloaded.
[DEBUG][PID 3285518] src/init_cleanup.c:25:cleanup_shared_memory(): Log file: ./logs/execve.log
[DEBUG][PID 3285518] src/init_cleanup.c:26:cleanup_shared_memory(): Log out file: ./logs/execve_out.log
[DEBUG][PID 3285518] src/init_cleanup.c:27:cleanup_shared_memory(): Config file: /tmp/exec_hook/config/execve_rules.json
[DEBUG][PID 3285518] src/init_cleanup.c:28:cleanup_shared_memory(): Shared memory ID: 2
[DEBUG][PID 3285518] src/init_cleanup.c:30:cleanup_shared_memory(): Cleaning up shared memory.
/tmp/exec_hook/intercept.so(print_stacktrace+0x23)[0x7f78a48e21a5]
/tmp/exec_hook/intercept.so(cleanup_shared_memory+0x210)[0x7f78a48e29e0]
/lib64/ld-linux-x86-64.so.2(+0x624e)[0x7f78a48f024e]
/lib/x86_64-linux-gnu/libc.so.6(+0x45495)[0x7f78a46b8495]
/lib/x86_64-linux-gnu/libc.so.6(on_exit+0x0)[0x7f78a46b8610]
/tmp/exec_hook/intercept.so(duplicate_output_to_log+0x623)[0x7f78a48e334c]
/tmp/exec_hook/intercept.so(execve+0x5e4)[0x7f78a48e27a8]
bash(shell_execve+0x36)[0x60ac0270ba46]
bash(+0x5b8e7)[0x60ac027128e7]
bash(+0x4b993)[0x60ac02702993]
bash(execute_command_internal+0xf1d)[0x60ac02704b5d]
bash(parse_and_execute+0x6c8)[0x60ac027654e8]
bash(command_substitute+0xa98)[0x60ac0272d938]
bash(+0x780a2)[0x60ac0272f0a2]
bash(+0x81d58)[0x60ac02738d58]
bash(+0x83277)[0x60ac0273a277]
bash(+0x87df9)[0x60ac0273edf9]
bash(+0x4bf8f)[0x60ac02702f8f]
bash(execute_command_internal+0xf1d)[0x60ac02704b5d]
bash(execute_command+0xc8)[0x60ac027071b8]
bash(execute_command_internal+0x343b)[0x60ac0270707b]
bash(execute_command+0xc8)[0x60ac027071b8]
bash(execute_command_internal+0x1d8e)[0x60ac027059ce]
bash(execute_command+0xc8)[0x60ac027071b8]
bash(execute_command_internal+0x1d8e)[0x60ac027059ce]
bash(execute_command+0xc8)[0x60ac027071b8]
bash(execute_command_internal+0x1d8e)[0x60ac027059ce]
bash(execute_command+0xc8)[0x60ac027071b8]
bash(execute_command_internal+0x1d8e)[0x60ac027059ce]
bash(execute_command+0xc8)[0x60ac027071b8]
bash(execute_command_internal+0x108a)[0x60ac02704cca]
bash(parse_and_execute+0x6c8)[0x60ac027654e8]
bash(+0xaf1c6)[0x60ac027661c6]
bash(maybe_execute_file+0x2e)[0x60ac0276659e]
bash(main+0x1a30)[0x60ac026e9db0]
/lib/x86_64-linux-gnu/libc.so.6(+0x29d90)[0x7f78a469cd90]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80)[0x7f78a469ce40]
bash(_start+0x25)[0x60ac026e9f15]
bash: eval: 行 77: 未预期的记号 "(" 附近有语法错误
bash: eval: 行 77: `[DEBUG][PID 3285519] src/logging.c:125:duplicate_output_to_log(): Child process 3285519: stdout is /dev/pts/6
'
[?2004h]0;qcqcqc@qcqcqc-ThinkCentre-M710q-N000: ~/workspace/test_execveqcqcqc@qcqcqc-ThinkCentre-M710q-N000:~/workspace/test_execve$ You entered: exit
This is a test output.
This is a test error output.
[DEBUG][PID 3285395] src/execve_interceptor.c:29:execve(): Intercepted execve for: /usr/bin/bash
[DEBUG][PID 3285395] src/execve_interceptor.c:30:execve(): argv[0] = bash
[DEBUG][PID 3285395] src/config.c:114:load_config_if_needed(): Creating shared memory for config data
[DEBUG][PID 3285395] src/config.c:127:load_config_if_needed(): Loading config file for the first time
[DEBUG][PID 3285395] src/config.c:17:load_config_to_shm(): Loading configuration from /tmp/exec_hook/config/execve_rules.json to shared memory
[DEBUG][PID 3285395] src/config.c:89:load_config_to_shm(): Loaded 3 rules to shared memory
[DEBUG][PID 3285395] src/execve_interceptor.c:48:execve(): Current Config rule count : 3
[DEBUG][PID 3285395] src/logging.c:21:write_log(): Writing exec log for command: /usr/bin/bash
[DEBUG][PID 3285395] src/logging.c:154:duplicate_output_to_log(): Signal handler for SIGINT installed.
[DEBUG][PID 3286125] src/logging.c:125:duplicate_output_to_log(): Child process 3286125: stdout is /dev/pts/6
[DEBUG][PID 3286126] src/execve_interceptor.c:29:execve(): Intercepted execve for: /usr/bin/lesspipe
[DEBUG][PID 3286126] src/execve_interceptor.c:30:execve(): argv[0] = lesspipe
[DEBUG][PID 3286126] src/config.c:114:load_config_if_needed(): Creating shared memory for config data
[DEBUG][PID 3286126] src/config.c:127:load_config_if_needed(): Loading config file for the first time
[DEBUG][PID 3286126] src/config.c:17:load_config_to_shm(): Loading configuration from /tmp/exec_hook/config/execve_rules.json to shared memory
[DEBUG][PID 3286126] src/config.c:89:load_config_to_shm(): Loaded 3 rules to shared memory
[DEBUG][PID 3286126] src/execve_interceptor.c:48:execve(): Current Config rule count : 3
[DEBUG][PID 3286126] src/logging.c:21:write_log(): Writing exec log for command: /usr/bin/lesspipe
[DEBUG][PID 3286126] src/logging.c:154:duplicate_output_to_log(): Signal handler for SIGINT installed.
[DEBUG][PID 3286126] src/logging.c:236:duplicate_output_to_log(): Child process exited normally
[DEBUG][PID 3286126] src/init_cleanup.c:23:cleanup_shared_memory(): execve_intercept library unloaded.
[DEBUG][PID 3286126] src/init_cleanup.c:25:cleanup_shared_memory(): Log file: ./logs/execve.log
[DEBUG][PID 3286126] src/init_cleanup.c:26:cleanup_shared_memory(): Log out file: ./logs/execve_out.log
[DEBUG][PID 3286126] src/init_cleanup.c:27:cleanup_shared_memory(): Config file: /tmp/exec_hook/config/execve_rules.json
[DEBUG][PID 3286126] src/init_cleanup.c:28:cleanup_shared_memory(): Shared memory ID: 2
[DEBUG][PID 3286126] src/init_cleanup.c:30:cleanup_shared_memory(): Cleaning up shared memory.
/tmp/exec_hook/intercept.so(print_stacktrace+0x23)[0x73d8544b91a5]
/tmp/exec_hook/intercept.so(cleanup_shared_memory+0x210)[0x73d8544b99e0]
/lib64/ld-linux-x86-64.so.2(+0x624e)[0x73d8544c724e]
/lib/x86_64-linux-gnu/libc.so.6(+0x45495)[0x73d85428f495]
/lib/x86_64-linux-gnu/libc.so.6(on_exit+0x0)[0x73d85428f610]
/tmp/exec_hook/intercept.so(duplicate_output_to_log+0x623)[0x73d8544ba34c]
/tmp/exec_hook/intercept.so(execve+0x5e4)[0x73d8544b97a8]
bash(shell_execve+0x36)[0x5e60732eca46]
bash(+0x5b8e7)[0x5e60732f38e7]
bash(+0x4b993)[0x5e60732e3993]
bash(execute_command_internal+0xf1d)[0x5e60732e5b5d]
bash(parse_and_execute+0x6c8)[0x5e60733464e8]
bash(command_substitute+0xa98)[0x5e607330e938]
bash(+0x780a2)[0x5e60733100a2]
bash(+0x81d58)[0x5e6073319d58]
bash(+0x83277)[0x5e607331b277]
bash(+0x87df9)[0x5e607331fdf9]
bash(+0x4bf8f)[0x5e60732e3f8f]
bash(execute_command_internal+0xf1d)[0x5e60732e5b5d]
bash(execute_command+0xc8)[0x5e60732e81b8]
bash(execute_command_internal+0x343b)[0x5e60732e807b]
bash(parse_and_execute+0x6c8)[0x5e60733464e8]
bash(+0xaf1c6)[0x5e60733471c6]
bash(maybe_execute_file+0x2e)[0x5e607334759e]
bash(main+0x1a30)[0x5e60732cadb0]
/lib/x86_64-linux-gnu/libc.so.6(+0x29d90)[0x73d854273d90]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80)[0x73d854273e40]
bash(_start+0x25)[0x5e60732caf15]
bash: eval: 行 31: 未预期的记号 "(" 附近有语法错误
bash: eval: 行 31: `[DEBUG][PID 3286127] src/logging.c:125:duplicate_output_to_log(): Child process 3286127: stdout is /dev/pts/7
'
[DEBUG][PID 3286131] src/execve_interceptor.c:29:execve(): Intercepted execve for: /usr/bin/dircolors
[DEBUG][PID 3286131] src/execve_interceptor.c:30:execve(): argv[0] = dircolors
[DEBUG][PID 3286131] src/config.c:114:load_config_if_needed(): Creating shared memory for config data
[DEBUG][PID 3286131] src/config.c:127:load_config_if_needed(): Loading config file for the first time
[DEBUG][PID 3286131] src/config.c:17:load_config_to_shm(): Loading configuration from /tmp/exec_hook/config/execve_rules.json to shared memory
[DEBUG][PID 3286131] src/config.c:89:load_config_to_shm(): Loaded 3 rules to shared memory
[DEBUG][PID 3286131] src/execve_interceptor.c:48:execve(): Current Config rule count : 3
[DEBUG][PID 3286131] src/logging.c:21:write_log(): Writing exec log for command: /usr/bin/dircolors
[DEBUG][PID 3286131] src/logging.c:154:duplicate_output_to_log(): Signal handler for SIGINT installed.
[DEBUG][PID 3286131] src/logging.c:236:duplicate_output_to_log(): Child process exited normally
[DEBUG][PID 3286131] src/init_cleanup.c:23:cleanup_shared_memory(): execve_intercept library unloaded.
[DEBUG][PID 3286131] src/init_cleanup.c:25:cleanup_shared_memory(): Log file: ./logs/execve.log
[DEBUG][PID 3286131] src/init_cleanup.c:26:cleanup_shared_memory(): Log out file: ./logs/execve_out.log
[DEBUG][PID 3286131] src/init_cleanup.c:27:cleanup_shared_memory(): Config file: /tmp/exec_hook/config/execve_rules.json
[DEBUG][PID 3286131] src/init_cleanup.c:28:cleanup_shared_memory(): Shared memory ID: 2
[DEBUG][PID 3286131] src/init_cleanup.c:30:cleanup_shared_memory(): Cleaning up shared memory.
/tmp/exec_hook/intercept.so(print_stacktrace+0x23)[0x73d8544b91a5]
/tmp/exec_hook/intercept.so(cleanup_shared_memory+0x210)[0x73d8544b99e0]
/lib64/ld-linux-x86-64.so.2(+0x624e)[0x73d8544c724e]
/lib/x86_64-linux-gnu/libc.so.6(+0x45495)[0x73d85428f495]
/lib/x86_64-linux-gnu/libc.so.6(on_exit+0x0)[0x73d85428f610]
/tmp/exec_hook/intercept.so(duplicate_output_to_log+0x623)[0x73d8544ba34c]
/tmp/exec_hook/intercept.so(execve+0x5e4)[0x73d8544b97a8]
bash(shell_execve+0x36)[0x5e60732eca46]
bash(+0x5b8e7)[0x5e60732f38e7]
bash(+0x4b993)[0x5e60732e3993]
bash(execute_command_internal+0xf1d)[0x5e60732e5b5d]
bash(parse_and_execute+0x6c8)[0x5e60733464e8]
bash(command_substitute+0xa98)[0x5e607330e938]
bash(+0x780a2)[0x5e60733100a2]
bash(+0x81d58)[0x5e6073319d58]
bash(+0x83277)[0x5e607331b277]
bash(+0x87df9)[0x5e607331fdf9]
bash(+0x4bf8f)[0x5e60732e3f8f]
bash(execute_command_internal+0xf1d)[0x5e60732e5b5d]
bash(execute_command+0xc8)[0x5e60732e81b8]
bash(execute_command_internal+0x343b)[0x5e60732e807b]
bash(execute_command+0xc8)[0x5e60732e81b8]
bash(execute_command_internal+0x1d8e)[0x5e60732e69ce]
bash(execute_command+0xc8)[0x5e60732e81b8]
bash(execute_command_internal+0x1d8e)[0x5e60732e69ce]
bash(execute_command+0xc8)[0x5e60732e81b8]
bash(execute_command_internal+0x1d8e)[0x5e60732e69ce]
bash(execute_command+0xc8)[0x5e60732e81b8]
bash(execute_command_internal+0x1d8e)[0x5e60732e69ce]
bash(execute_command+0xc8)[0x5e60732e81b8]
bash(execute_command_internal+0x108a)[0x5e60732e5cca]
bash(parse_and_execute+0x6c8)[0x5e60733464e8]
bash(+0xaf1c6)[0x5e60733471c6]
bash(maybe_execute_file+0x2e)[0x5e607334759e]
bash(main+0x1a30)[0x5e60732cadb0]
/lib/x86_64-linux-gnu/libc.so.6(+0x29d90)[0x73d854273d90]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80)[0x73d854273e40]
bash(_start+0x25)[0x5e60732caf15]
bash: eval: 行 77: 未预期的记号 "(" 附近有语法错误
bash: eval: 行 77: `[DEBUG][PID 3286132] src/logging.c:125:duplicate_output_to_log(): Child process 3286132: stdout is /dev/pts/7
'
[?2004h]0;qcqcqc@qcqcqc-ThinkCentre-M710q-N000: ~/workspace/test_execveqcqcqc@qcqcqc-ThinkCentre-M710q-N000:~/workspace/test_execve$
Reference in New Issue View Git Blame Copy Permalink