[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ac4e929e-bcf1-4c78-971f-20cf9e683d4d@gmx.net>
Date: Wed, 21 Aug 2024 09:20:48 +0200
From: "peter.boettcher1.gmx.net" <peter.boettcher1@....net>
To: linux-kernel@...r.kernel.org
Subject: Control-Path Procedure
---------------------------------
Presentation and suggestion of a simple control path procedure for
the Linux kernel.
---------------------------------
TESTED:
Linux Kernel 6.1.0 - 6.10.1
Compile without Errors or Warnings
No loss of speed noted.
---------------------------------
Basics in advance:
A control path procedure requires maintenance and must be updated regularly.
But this is not a job of the Linux kernel.
---------------------------------
Supported are users, groups, directories, path, file size, file hash.
All programs are checked before starting. Such as binaries, scripts,
Java, Python files etc..
Programs and directories that are not in the list in the kernel are
not found and therefore are not started.
The control data is loaded into the kernel line by line as text and sorted.
This results in short search times.
Tested 40000 plus lines.
Two lists are evaluated in the kernel.
Files and directories.
---------------------------------
Rules:
a = user allowd
ga = group allowed
d = user deny
gd = group deny
ai = user allowed script in this form. Interpreter script
gai = group allow script ...
ai and gai are important so that interpreters cannot be executed
interactively.
If "insmod" is used to start modules, modules can also be checked.
Structure of the control text/line
FILES:
<RIGHTS>:<USER ID/GROUP ID>;<FILE SIZE>:<FILE HASH>;<FILE PATH>
Example:
a:0;1234;abc123;/sbin/cp
ga:20000;1234;abc123;/sbin/cp
DIRECTORIES:
<RIGHTS>:<USER ID/ GROUP ID>;<PATH + "/">
Example:
a:0;/proc/
INTERPRETER etc.:
Example:
ai:1000;12345;abc123;/usr/bin/python
a:1000;1234;a12;/PATH/file.py
In this case, "python" cannot be started interactively, but the script
is started.
If the script is in the PATH, have "Shebang", its start immedetly.
Otherwise full path required.
Or in this form:
python /PATH/file.py
If python not in path:
/PATH/python /PATH/file.py
---------------------------------
It's not a problem if a line of text doesn't follow the rules,
it just won't get a hit.
The control data is loaded by ROOT with a "USER-LAND TOOL".
This tool must evaluate the control file and sort the list.
The "USER-LAND TOOL" recognizes a directory path by the final SLASH.
--------------------------------------
Information regarding status and information about started programs is
displayed
with
/proc/safer.learning
/proc/safer.info
Only root can see this information.
------------------------------
A good idea to get a control file is to work with the system
for a while without "Safer Mode" active.
After that, "/proc/safer.learning" can be used as a control file.
You need Section FILE learning LIST.
Example is at the end.
Programs that are needed later can then be recorded via "dmesg" or from
"safer.learning".
Developers have to unlock directories in order to work productively.
However, users and servers would benefit from increased security.
Downloaded malware, exploits, etc. would not be started.
CONTAINERS are also supported.
---------------------------------
Activate:
At what point can the control data be loaded into the kernel and activated?
initramfs
system start, like rc.local etc.
manually at any time
compiled in the kernel?
You can lock.
No changes are possible.
Until the restart.
---------------------------------
There are two program variants for loading the control data into the kernel:
Additional parameter for execve:
Therefore, "execve" has 5 parameters.
Thus, all CPU architectures are supported.
I hope.
This is unconventional but works and saves
a syscall.
But I would be happy to hear about an alternative.
With a new SYSCALL:
AMD64 tested.
------------------------------
--- exec.c 2024-07-24 15:54:07.000000000 +0200
+++ exec.new.c 2024-08-11 19:58:03.774355327 +0200
@@ -78,6 +78,18 @@
#include <trace/events/sched.h>
+
+
+
+#define add_safer
+
+#ifdef add_safer
+#include <crypto/internal/hash.h>
+static int exec_second_step(const char *filename);
+#endif
+
+
+
static int bprm_creds_from_file(struct linux_binprm *bprm);
int suid_dumpable = 0;
@@ -931,6 +943,16 @@
.lookup_flags = LOOKUP_FOLLOW,
};
+
+
+
+#ifdef add_safer
+ if (exec_second_step(name->name) == -2) return(ERR_PTR(-2));
+#endif
+
+
+
+
if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
return ERR_PTR(-EINVAL);
if (flags & AT_SYMLINK_NOFOLLOW)
@@ -2140,6 +2162,18 @@
set_mask_bits(&mm->flags, MMF_DUMPABLE_MASK, value);
}
+
+
+
+
+/* change safer */
+#ifdef add_safer
+#include "safer.c"
+#endif
+
+
+
+#ifndef add_safer
SYSCALL_DEFINE3(execve,
const char __user *, filename,
const char __user *const __user *, argv,
@@ -2147,6 +2181,10 @@
{
return do_execve(getname(filename), argv, envp);
}
+#endif
+
+
+
SYSCALL_DEFINE5(execveat,
int, fd, const char __user *, filename,
------------------------------
--- Makefile 2024-07-24 15:54:07.000000000 +0200
+++ Makefile.new 2024-07-26 23:14:56.605043898 +0200
@@ -17,6 +17,8 @@
fs_types.o fs_context.o fs_parser.o fsopen.o init.o \
kernel_read_file.o mnt_idmapping.o remap_range.o pidfs.o
+obj-y += safer_info.o
+obj-y += safer_learning.o
obj-$(CONFIG_BUFFER_HEAD) += buffer.o mpage.o
obj-$(CONFIG_PROC_FS) += proc_namespace.o
obj-$(CONFIG_LEGACY_DIRECT_IO) += direct-io.o
------------------------------
safer.c
No Syscall.
------------------------------
/* Copyright (c) 2022/03/28, 2022.09.17, Peter Boettcher, Germany/NRW,
Muelheim Ruhr, mail:peter.boettcher@....net
* Urheber: 2022.03.28, 2022.09.17, Peter Boettcher, Germany/NRW,
Muelheim Ruhr, mail:peter.boettcher@....net
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2, or (at your option)
* any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>
*/
/*
Program : safer.c
Path : fs/
TEST : Kernel 6.0 - 6.10.1
Lenovo X230, T460, T470, Fujitsu Futro S xxx, AMD Ryzen
Proxmox, Docker
*/
/*
Look -> "exec_first_step"
Limit argv[0] = 1000
Reason glibc
A GOOD IDEA? I don't know?
But it's works
when in doubt remove it
*/
/* HASH ?*/
/* Your choice */
/*
#define HASH_ALG "md5"
#define DIGIT 16
*/
#define HASH_ALG "sha256"
#define DIGIT 32
/*
#define HASH_ALG "sha512"
#define DIGIT 64
*/
/*your choice */
#define MAX_DYN 100000
#define MAX_DYN_BYTES MAX_DYN * 200
#define ARGV_MAX 16
#define LEARNING_ARGV_MAX 5000
#define KERNEL_READ_SIZE 2000000
#define RET_SHELL -2
#define ALLOWED 0
#define NOT_ALLOWED -1
#define CONTROL_ERROR -1
#define CONRTOL_OK 0
#define ERROR -1
#define NOT_IN_LIST -1
#define IN_LIST 0
static DEFINE_MUTEX(learning_lock);
static DEFINE_MUTEX(control);
static bool safer_show_mode = false;
static bool safer_mode = false;
static bool printk_allowed = false;
static bool printk_deny = false;
static bool learning_mode = true;
static bool change_mode = true; /*true = change_mode allowed */
static bool verbose_param_mode = false;
static char **global_list_prog = NULL;
static long global_list_prog_size = 0;
static char **global_list_learning = NULL;
static long global_list_learning_size = 0;
static char **global_list_learning_argv = NULL;
static long global_list_learning_argv_size = 0;
static bool global_list_learning_argv_init = false;
static char **global_list_folder = NULL;
static long global_list_folder_size = 0;
static long global_list_progs_bytes = 0;
static long global_list_folders_bytes = 0;
/* proto. */
struct sum_hash_struct {
int retval;
char hash_string[DIGIT * 2 + 1];
ssize_t file_size;
};
/* proto. */
struct safer_info_struct {
bool safer_show_mode;
bool safer_mode;
bool printk_allowed;
bool printk_deny;
bool learning_mode;
bool change_mode;
long global_list_prog_size;
long global_list_folder_size;
char **global_list_prog;
char **global_list_folder;
long global_hash_size;
long global_list_progs_bytes;
long global_list_folders_bytes;
};
/* proto. */
struct safer_learning_struct {
long global_list_learning_size;
char **global_list_learning;
long global_list_learning_argv_max;
long global_list_learning_argv_size;
char **global_list_learning_argv;
};
/* Makes compiler happy */
void safer_info(struct safer_info_struct *info);
void safer_learning(struct safer_learning_struct *learning);
/* DATA: Only over function */
void safer_info(struct safer_info_struct *info)
{
info->safer_show_mode =safer_show_mode;
info->safer_mode = safer_mode;
info->printk_allowed = printk_allowed;
info->printk_deny = printk_deny;
info->learning_mode = learning_mode;
info->change_mode = change_mode;
info->global_list_prog_size = global_list_prog_size;
info->global_list_folder_size = global_list_folder_size;
info->global_list_prog = global_list_prog;
info->global_list_folder = global_list_folder;
info->global_hash_size = KERNEL_READ_SIZE;
info->global_list_progs_bytes = global_list_progs_bytes;
info->global_list_folders_bytes = global_list_folders_bytes;
return;
}
/* DATA: Only over function */
void safer_learning(struct safer_learning_struct *learning)
{
learning->global_list_learning_size = global_list_learning_size;
learning->global_list_learning = global_list_learning;
learning->global_list_learning_argv_max = LEARNING_ARGV_MAX;
learning->global_list_learning_argv_size =
global_list_learning_argv_size;
learning->global_list_learning_argv = global_list_learning_argv;
return;
}
static int besearch_file(char *str_search,
char **list,
long elements)
{
long left, right;
long middle;
long int_ret;
left = 0;
right = elements - 1;
while(left <= right) {
middle = (left + right) / 2;
int_ret = strcmp(list[middle], str_search);
if (int_ret == 0) return 0;
else if (int_ret < 0) left = middle + 1;
else if (int_ret > 0) right = middle - 1;
}
return NOT_IN_LIST;
}
static int besearch_folder( char *str_search,
char **list,
long elements)
{
long left, right;
long middle;
long int_ret;
if (str_search[strlen(str_search) -1] == '/' ) return NOT_IN_LIST;
left = 0;
right = elements - 1;
while(left <= right) {
middle = (left + right) / 2;
int_ret = strncmp(list[middle], str_search, strlen(list[middle]));
if (int_ret == 0) return 0;
else if (int_ret < 0) left = middle + 1;
else if (int_ret > 0) right = middle - 1;
}
return NOT_IN_LIST;
}
static long search(char *str_search,
char **list,
long elements)
{
long n;
for (n = 0; n < elements; n++) {
if (strncmp(list[n], str_search, strlen(list[n])) == 0) return 0;
}
return NOT_IN_LIST;
}
static struct sum_hash_struct get_hash_sum_buffer(char buffer[], int
max, const char *hash_alg, int digit)
{
char hash_out[64];
struct crypto_shash *hash;
struct shash_desc *shash;
struct sum_hash_struct hash_sum;
char hash_[2];
hash = crypto_alloc_shash(hash_alg, 0, 0);
if (IS_ERR(hash)) {
hash_sum.retval = ERROR;
return hash_sum;
}
shash = kmalloc(sizeof(struct shash_desc) +
crypto_shash_descsize(hash), GFP_KERNEL);
if (!shash) {
hash_sum.retval = ERROR;
return hash_sum;
}
shash->tfm = hash;
if (crypto_shash_init(shash)) {
hash_sum.retval = ERROR;
return hash_sum;
}
if (crypto_shash_update(shash, buffer, max)) {
hash_sum.retval = ERROR;
return hash_sum;
}
if (crypto_shash_final(shash, hash_out)) {
hash_sum.retval = ERROR;
return hash_sum;
}
kfree(shash);
crypto_free_shash(hash);
for (int n = 0; n < digit; n++) {
sprintf(hash_, "%02x", (unsigned char) hash_out[n]);
hash_sum.hash_string[n * 2] = hash_[0];
hash_sum.hash_string[(n * 2) + 1] = hash_[1];
}
hash_sum.hash_string[digit * 2] = '\0';
hash_sum.retval = 0;
return hash_sum;
}
static struct sum_hash_struct get_file_size_hash_read(const char
*filename, const char *hash_alg, int digit)
{
ssize_t retval;
ssize_t file_size;
void *data = NULL;
struct sum_hash_struct size_hash_sum;
int max = KERNEL_READ_SIZE;
retval = kernel_read_file_from_path( filename,
0,
&data,
KERNEL_READ_SIZE,
&file_size,
READING_POLICY);
if (retval < 1) {
size_hash_sum.file_size = 0;
size_hash_sum.hash_string[0] = '\0';
size_hash_sum.retval = ERROR;
return size_hash_sum;
}
if (file_size < 1) {
vfree(data);
size_hash_sum.file_size = 0;
size_hash_sum.hash_string[0] = '\0';
size_hash_sum.retval = ERROR;
return size_hash_sum;
}
if (file_size < max) max = file_size;
char *buffer = data;
size_hash_sum = get_hash_sum_buffer(buffer, max, hash_alg, digit);
if (size_hash_sum.retval == 0) {
vfree(data);
size_hash_sum.file_size = file_size;
return size_hash_sum;
}
vfree(data);
size_hash_sum.retval = -1;
size_hash_sum.file_size = 0;
size_hash_sum.hash_string[0] = '\0';
return size_hash_sum;
}
static ssize_t get_file_size(const char *filename)
{
loff_t i_size;
struct file *file;
file = filp_open(filename, O_RDONLY, 0);
if (IS_ERR(file))
return ERROR;
if (!S_ISREG(file_inode(file)->i_mode)) {
fput(file);
return ERROR;
}
if (deny_write_access(file)) {
fput(file);
return ERROR;
}
i_size = i_size_read(file_inode(file));
if (i_size < 1) {
allow_write_access(file);
fput(file);
return ERROR;
}
/* The file is too big for sane activities. */
if (i_size > INT_MAX) {
allow_write_access(file);
fput(file);
return ERROR;
}
allow_write_access(file);
fput(file);
return (ssize_t) i_size;
}
static void learning_argv(uid_t user_id,
const char *filename,
char **argv,
long argv_len,
char ***list,
long *list_len,
bool *list_init)
{
char str_user_id[19];
char str_file_size[19];
ssize_t file_size;
char *str_learning = NULL;
int string_length = 0;
if (argv_len == 1)
return;
file_size = get_file_size(filename);
/* file not exist or empty */
if (file_size < 1)
return;
/* init list */
if (*list_init == false) {
*list = kzalloc(sizeof(char *) * LEARNING_ARGV_MAX, GFP_KERNEL);
if (*list == NULL) {
return;
}
else *list_init = true;
}
sprintf(str_user_id, "%u", user_id);
sprintf(str_file_size, "%ld", file_size);
string_length = strlen(str_user_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen("a:;;;") + 1;
//if (argv_len > 10) argv_len = 10;
for (int n = 1; n < argv_len; n++) {
string_length += strlen(argv[n]);
string_length += 1;
}
str_learning = kzalloc(string_length * sizeof(char), GFP_KERNEL);
strcpy(str_learning, "a:");
strcat(str_learning, str_user_id);
strcat(str_learning, ";");
strcat(str_learning, str_file_size);
strcat(str_learning, ";");
strcat(str_learning, filename);
strcat(str_learning, ";");
for (int n = 1; n < argv_len; n++) {
strcat(str_learning, argv[n]);
strcat(str_learning, ";");
}
if (search(str_learning, *list, *list_len) != 0) {
if ((*list)[*list_len] != NULL)
kfree((*list)[*list_len]);
(*list)[*list_len] = kzalloc(string_length * sizeof(char),
GFP_KERNEL);
if ((*list)[*list_len] == NULL) {
kfree(str_learning);
return;
}
strcpy((*list)[*list_len], str_learning);
*list_len += 1;
/* check argv_len > lerning_argv_max */
if (*list_len > LEARNING_ARGV_MAX - 1)
*list_len = 0;
}
kfree(str_learning);
return;
}
static void learning( uid_t user_id,
const char *filename,
char ***list,
long *list_len,
char const *hash_alg,
int digit)
{
char str_user_id[19];
char str_file_size[19];
char *str_learning = NULL;
int string_length = 0;
struct sum_hash_struct size_hash_sum;
if (filename[0] != '/')
return;
//size_hash_sum = get_file_size_hash_read(filename);
size_hash_sum = get_file_size_hash_read(filename, hash_alg, digit);
if (size_hash_sum.retval == -1)
return;
sprintf(str_user_id, "%u", user_id);
sprintf(str_file_size, "%ld", size_hash_sum.file_size);
string_length = strlen(str_user_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen(size_hash_sum.hash_string);
string_length += strlen("a:;;;") + 1;
str_learning = kzalloc(string_length * sizeof(char), GFP_KERNEL);
strcpy(str_learning, "a:");
strcat(str_learning, str_user_id);
strcat(str_learning, ";");
strcat(str_learning, str_file_size);
strcat(str_learning, ";");
strcat(str_learning, size_hash_sum.hash_string);
strcat(str_learning, ";");
strcat(str_learning, filename);
if (search(str_learning, *list, *list_len) != 0) {
if (*list_len == 0) {
*list = kzalloc(sizeof(char *), GFP_KERNEL);
if (*list == NULL) {
kfree(str_learning);
return;
}
(*list)[0] = kzalloc(string_length * sizeof(char), GFP_KERNEL);
if ((*list)[0] == NULL) {
kfree(str_learning);
return;
}
strcpy((*list)[0], str_learning);
*list_len = 1;
}
else {
*list = krealloc(*list, (*list_len + 1) * sizeof(char *),
GFP_KERNEL);
if (*list == NULL) {
kfree(str_learning);
return;
}
(*list)[*list_len] = kzalloc(string_length * sizeof(char),
GFP_KERNEL);
if ((*list)[*list_len] == NULL) {
kfree(str_learning);
return;
}
strcpy((*list)[*list_len], str_learning);
*list_len += 1;
}
}
kfree(str_learning);
return;
}
static void print_prog_arguments(uid_t user_id,
const char *filename,
char **argv,
long argv_len,
const char *hash_alg,
int digit)
{
struct sum_hash_struct size_hash_sum;
size_hash_sum = get_file_size_hash_read(filename, hash_alg, digit);
if (size_hash_sum.retval == -1)
return;
printk("USER ID:%u;%ld;%s;%s\n",user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
filename);
for (int n = 0; n < argv_len; n++) {
printk("argv[%d]:%s\n", n, argv[n]);
}
return;
}
static int
user_allowed( uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char *str_user_file = NULL;
sprintf(str_user_id, "%u", user_id);
sprintf(str_file_size, "%ld", file_size);
/* user allowed */
int string_length = strlen(str_user_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen(hash);
/* i hope the compiler makes a constant ? */
string_length += strlen("a:;;;") + 1;
str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_user_file)
return NOT_ALLOWED;
strcpy(str_user_file, "a:");
strcat(str_user_file, str_user_id);
strcat(str_user_file, ";");
strcat(str_user_file, str_file_size);
strcat(str_user_file, ";");
strcat(str_user_file, hash);
strcat(str_user_file, ";");
strcat(str_user_file, filename);
if (besearch_file(str_user_file, list, list_len) == IN_LIST) {
if (printk_allowed == true)
printk("%s USER/PROG. ALLOWED: a:%s;%s;%s;%s\n", step,
str_user_id, str_file_size, hash, filename);
kfree(str_user_file);
str_user_file = NULL;
return ALLOWED;
}
kfree(str_user_file);
str_user_file = NULL;
return NOT_ALLOWED;
}
static int
user_deny(uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char *str_user_file = NULL;
sprintf(str_user_id, "%d", user_id);
sprintf(str_file_size, "%ld", file_size);
/* user allowed */
int string_length = strlen(str_user_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen(hash);
string_length += strlen("d:;;;") + 1;
str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_user_file)
return NOT_ALLOWED;
strcpy(str_user_file, "d:");
strcat(str_user_file, str_user_id);
strcat(str_user_file, ";");
strcat(str_user_file, str_file_size);
strcat(str_user_file, ";");
strcat(str_user_file, hash);
strcat(str_user_file, ";");
strcat(str_user_file, filename);
if (besearch_file(str_user_file, list, list_len) == IN_LIST) {
if (printk_deny == true)
printk("%s USER/PROG. DENY : a:%s;%s;%s;%s\n", step,
str_user_id, str_file_size, hash, filename);
kfree(str_user_file);
return NOT_ALLOWED;
}
kfree(str_user_file);
return ALLOWED;
}
static int
group_allowed(uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char str_group_id[19];
char *str_group_file = NULL;
struct group_info *group_info;
int string_length;
group_info = get_current_groups();
sprintf(str_user_id, "%d", user_id);
for (int n = 0; n < group_info->ngroups; n++) {
sprintf(str_group_id, "%u", group_info->gid[n].val);
sprintf(str_file_size, "%ld", file_size);
string_length = strlen(str_group_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen(hash);
string_length += strlen("ga:;;;") +1;
//if (str_group_file != NULL) kfree(str_group_file);
str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_group_file)
return NOT_ALLOWED;
strcpy(str_group_file, "ga:");
strcat(str_group_file, str_group_id);
strcat(str_group_file, ";");
strcat(str_group_file, str_file_size);
strcat(str_group_file, ";");
strcat(str_group_file, hash);
strcat(str_group_file, ";");
strcat(str_group_file, filename);
if (besearch_file(str_group_file, list, list_len) == IN_LIST) {
if (printk_allowed == true)
printk("%s GROUP/PROG. ALLOWED: ga:%s;%s;%s;%s\n",
step, str_group_id, str_file_size, hash, filename);
kfree(str_group_file);
str_group_file = NULL;
return ALLOWED;
}
kfree(str_group_file);
str_group_file = NULL;
}
return NOT_ALLOWED;
}
static int
group_deny( uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char str_group_id[19];
char *str_group_file = NULL;
struct group_info *group_info;
int string_length;
group_info = get_current_groups();
sprintf(str_user_id, "%d", user_id);
for (int n = 0; n < group_info->ngroups; n++) {
sprintf(str_group_id, "%u", group_info->gid[n].val);
sprintf(str_file_size, "%ld", file_size);
string_length = strlen(str_group_id);
string_length += strlen(str_file_size);
string_length += strlen(hash);
string_length += strlen(filename);
string_length += strlen("gd:;;;") +1;
str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_group_file)
return NOT_ALLOWED;
strcpy(str_group_file, "gd:");
strcat(str_group_file, str_group_id);
strcat(str_group_file, ";");
strcat(str_group_file, str_file_size);
strcat(str_group_file, ";");
strcat(str_group_file, hash);
strcat(str_group_file, ";");
strcat(str_group_file, filename);
if (besearch_file(str_group_file, list, list_len) == IN_LIST) {
if (printk_deny == true)
printk("%s GROUP/PROG. DENY : gd:%s;%s;%s;%s\n",
step, str_group_id, str_file_size, hash, filename);
kfree(str_group_file);
return NOT_ALLOWED;
}
else kfree(str_group_file);
}
return ALLOWED;
}
static int
user_folder_allowed( uid_t user_id,
const char *filename,
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char *str_folder = NULL;
int string_length;
sprintf(str_user_id, "%d", user_id);
string_length = strlen(str_user_id);
string_length += strlen(filename);
string_length += strlen("a:;") + 1;
str_folder = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_folder)
return NOT_ALLOWED;
strcpy(str_folder, "a:");
strcat(str_folder, str_user_id);
strcat(str_folder, ";");
strcat(str_folder, filename);
/* Importend! Need qsorted list */
if (besearch_folder(str_folder, list, list_len) == IN_LIST) {
if (printk_allowed == true)
printk("%s USER/PROG. ALLOWED: a:%s;%s\n", step,
str_user_id, filename);
kfree(str_folder);
return ALLOWED;
}
kfree(str_folder);
return NOT_ALLOWED;
}
static int
user_folder_deny(uid_t user_id,
const char *filename,
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char *str_folder = NULL;
int string_length;
sprintf(str_user_id, "%d", user_id);
string_length = strlen(str_user_id);
string_length += strlen(filename);
string_length += strlen("d:;") + 1;
str_folder = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_folder)
return NOT_ALLOWED;
strcpy(str_folder, "d:");
strcat(str_folder, str_user_id);
strcat(str_folder, ";");
strcat(str_folder, filename);
/* Importend! Need qsorted list */
if (besearch_folder(str_folder, list, list_len) == IN_LIST) {
if (printk_deny == true)
printk("%s USER/PROG. DENY : a:%s;%s\n", step,
str_user_id, filename);
kfree(str_folder);
return NOT_ALLOWED;
}
kfree(str_folder);
return ALLOWED;
}
static int
group_folder_allowed( uid_t user_id,
const char *filename,
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_group_id[19];
char *str_group_folder = NULL;
struct group_info *group_info;
int string_length;
group_info = get_current_groups();
sprintf(str_user_id, "%d", user_id);
for (int n = 0; n < group_info->ngroups; n++) {
sprintf(str_group_id, "%u", group_info->gid[n].val);
string_length = strlen(str_group_id);
string_length += strlen(filename);
string_length += strlen("ga:;") + 1;
//if (str_group_folder != NULL) kfree(str_group_folder);
str_group_folder = kmalloc(string_length * sizeof(char),
GFP_KERNEL);
if (!str_group_folder)
return NOT_ALLOWED;
strcpy(str_group_folder, "ga:");
strcat(str_group_folder, str_group_id);
strcat(str_group_folder, ";");
strcat(str_group_folder, filename);
/* Importend! Need qsorted list */
if (besearch_folder(str_group_folder, list, list_len) == IN_LIST) {
if (printk_allowed == true)
printk("%s USER/PROG. ALLOWED: ga:%s;%s\n", step,
str_group_id, filename);
kfree(str_group_folder);
return ALLOWED;
}
else kfree(str_group_folder);
}
return NOT_ALLOWED;
}
static int
group_folder_deny(uid_t user_id,
const char *filename,
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_group_id[19];
char *str_group_folder = NULL;
struct group_info *group_info;
int string_length;
group_info = get_current_groups();
sprintf(str_user_id, "%d", user_id);
for (int n = 0; n < group_info->ngroups; n++) {
sprintf(str_group_id, "%u", group_info->gid[n].val);
string_length = strlen(str_group_id);
string_length += strlen(filename);
string_length += strlen("gd:;") + 1;
//if (str_group_folder != NULL) kfree(str_group_folder);
str_group_folder = kmalloc(string_length * sizeof(char),
GFP_KERNEL);
if (!str_group_folder)
return NOT_ALLOWED;
strcpy(str_group_folder, "gd:");
strcat(str_group_folder, str_group_id);
strcat(str_group_folder, ";");
strcat(str_group_folder, filename);
/* Importend! Need qsorted list */
if (besearch_folder(str_group_folder, list, list_len) == IN_LIST) {
if (printk_deny == true)
printk("%s USER/PROG. DENY : gd:%s;%s\n", step,
str_group_id, filename);
kfree(str_group_folder);
return NOT_ALLOWED;
}
else kfree(str_group_folder);
}
return ALLOWED;
}
static int
user_interpreter_allowed(uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char *str_user_file = NULL;
int string_length;
sprintf(str_user_id, "%d", user_id);
sprintf(str_file_size, "%ld", file_size);
/* user allowed interpreter */
string_length = strlen(str_user_id);
string_length += strlen(str_file_size);
string_length += strlen(hash);
string_length += strlen(filename);
string_length += strlen("ai:;;;") + 1;
str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (str_user_file == NULL)
return NOT_ALLOWED;
strcpy(str_user_file, "ai:");
strcat(str_user_file, str_user_id);
strcat(str_user_file, ";");
strcat(str_user_file, str_file_size);
strcat(str_user_file, ";");
strcat(str_user_file, hash);
strcat(str_user_file, ";");
strcat(str_user_file, filename);
if (besearch_file(str_user_file, list, list_len) == IN_LIST) {
if (printk_allowed == true)
printk("%s USER/PROG. ALLOWED: ai:%s;%s;%s;%s\n", step,
str_user_id, str_file_size, hash, filename);
kfree(str_user_file);
str_user_file = NULL;
return ALLOWED;
}
kfree(str_user_file);
str_user_file = NULL;
return NOT_ALLOWED;
}
static int
group_interpreter_allowed(uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char str_group_id[19];
char *str_group_file = NULL;
struct group_info *group_info;
int string_length;
group_info = get_current_groups();
sprintf(str_user_id, "%d", user_id);
for (int n = 0; n < group_info->ngroups; n++) {
sprintf(str_group_id, "%u", group_info->gid[n].val);
sprintf(str_file_size, "%ld", file_size);
string_length = strlen(str_group_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen(hash);
string_length += strlen("gai:;;;") +1;
//if (str_group_file != NULL) kfree(str_group_file);
str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_group_file)
return NOT_ALLOWED;
strcpy(str_group_file, "gai:");
strcat(str_group_file, str_group_id);
strcat(str_group_file, ";");
strcat(str_group_file, str_file_size);
strcat(str_group_file, ";");
strcat(str_group_file, hash);
strcat(str_group_file, ";");
strcat(str_group_file, filename);
if (besearch_file(str_group_file, list, list_len) == IN_LIST) {
if (printk_allowed == true)
printk("%s GROUP/PROG. ALLOWED: gai:%s;%s;%s;%s\n",
step, str_group_id, str_file_size, hash, filename);
kfree(str_group_file);
str_group_file = NULL;
return ALLOWED;
}
kfree(str_group_file);
str_group_file = NULL;
}
return NOT_ALLOWED;
}
/* allowed/deny user/group script file*/
/* 0 allowed */
/* -1 deny */
static int
param_file(uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **argv,
long argv_len,
char **list,
long list_len,
const char *step)
{
struct sum_hash_struct size_hash_sum;
if (argv_len == 1) return NOT_ALLOWED;
/* check interpreter and files */
/* user allowed interpreter */
/* check "ai: gai:" */
if (user_interpreter_allowed(user_id,
filename,
file_size,
hash,
list,
list_len,
step) == NOT_ALLOWED)
if (group_interpreter_allowed(user_id,
filename,
file_size,
hash,
list,
list_len,
step) == NOT_ALLOWED)
return NOT_ALLOWED;
/* java */
if (strcmp(argv[1], "-jar") == 0) {
if (argv_len != 3) return NOT_ALLOWED;
size_hash_sum = get_file_size_hash_read(argv[2], HASH_ALG, DIGIT);
if (size_hash_sum.retval == NOT_ALLOWED) {
if (printk_deny == true)
printk("STAT STEP FIRST: USER/PROG. UNKOWN :
a:%d;;;%s\n",user_id,
argv[2]);
return NOT_ALLOWED;
}
/* check file/prog is in the list: allowed or deny */
/* deny user not required. not in the list is the same */
if (user_deny(user_id,
argv[2],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) return NOT_ALLOWED;
if (group_deny(user_id,
argv[2],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) return NOT_ALLOWED;
if (user_allowed(user_id,
argv[2],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) return ALLOWED;
if (group_allowed(user_id,
argv[2],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) return ALLOWED;
if (printk_deny == true)
printk("%s USER/SCRIPT DENY : a:%d;%ld;%s;%s\n", step,
user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
argv[2]);
return(NOT_ALLOWED);
}
/* java */
if (strcmp(argv[1], "-classpath") == 0) {
if (argv_len != 4) return NOT_ALLOWED;
long str_length;
str_length = strlen(argv[2]);
str_length += strlen(argv[3]);
str_length += strlen("/.class") + 1;
char *str_class_name = kmalloc(str_length * sizeof(char),
GFP_KERNEL);
if (str_class_name == NULL) return(NOT_ALLOWED);
strcpy(str_class_name, argv[2]);
strcat(str_class_name, "/");
strcat(str_class_name, argv[3]);
strcat(str_class_name, ".class");
size_hash_sum = get_file_size_hash_read(str_class_name,
HASH_ALG, DIGIT);
if (size_hash_sum.retval == NOT_ALLOWED) {
if (printk_deny == true)
printk("STAT STEP FIRST: USER/PROG. UNKOWN :
a:%d;;;%s\n",user_id,
str_class_name);
kfree(str_class_name);
return NOT_ALLOWED;
}
/* check file/prog is in the list: allowed or deny */
/* deny user not required. not in the list is the same */
if (user_deny(user_id,
str_class_name,
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) {
kfree(str_class_name);
return NOT_ALLOWED;
}
if (group_deny(user_id,
str_class_name,
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) {
kfree(str_class_name);
return NOT_ALLOWED;
}
if (user_allowed(user_id,
str_class_name,
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) {
kfree(str_class_name);
return ALLOWED;
}
if (group_allowed(user_id,
str_class_name,
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) {
kfree(str_class_name);
return ALLOWED;
}
if (printk_deny == true)
printk("%s USER/SCRIPT DENY : d:%d;%ld;%s;%s\n", step,
user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
str_class_name);
kfree(str_class_name);
return(NOT_ALLOWED);
}
/* other */
size_hash_sum = get_file_size_hash_read(argv[1], HASH_ALG, DIGIT);
if (size_hash_sum.retval == NOT_ALLOWED)
return NOT_ALLOWED;
/* check file/prog is in the list: allowed or deny */
/* deny user not required. not in the list is the same */
if (user_deny(user_id,
argv[1],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) return NOT_ALLOWED;
if (group_deny(user_id,
argv[1],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) return NOT_ALLOWED;
if (user_allowed(user_id,
argv[1],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) return ALLOWED;
if (group_allowed(user_id,
argv[1],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) return ALLOWED;
if (printk_deny == true)
printk("%s USER/SCRIPT DENY : d:%d;%ld;%s;%s\n", step,
user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
argv[1]);
/* not found */
return NOT_ALLOWED;
}
static int exec_first_step(uid_t user_id, const char *filename, char
**argv, long argv_len)
{
struct sum_hash_struct size_hash_sum;
/* Limit argv[0] = 1000 */
/* Reason glibc */
/* A GOOD IDEA? I don't know? */
/* But it's works */
/* when in doubt remove it */
/*
if (strlen(argv[0]) > 1000) {
if (printk_deny == true || printk_allowed == true)
printk("STAT STEP FIRST: USER/PROG. DENY. ARGV[0] ERROR:
a:%d;;;%s\n",user_id,
filename);
return RET_SHELL;
}
*/
/* if Size = 0 not check */
size_hash_sum = get_file_size_hash_read(filename, HASH_ALG, DIGIT);
if (size_hash_sum.retval == NOT_ALLOWED) {
if (printk_deny == true)
printk("STAT STEP FIRST: USER/PROG. UNKOWN :
a:%d;;;%s\n",user_id,
filename);
return ALLOWED;
}
/* group deny folder */
if (global_list_folder_size > 0) {
if (group_folder_deny(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP FIRST:") == NOT_ALLOWED)
return RET_SHELL;
}
/* deny folder */
if (global_list_folder_size > 0) {
if (user_folder_deny(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP FIRST:") == NOT_ALLOWED)
return RET_SHELL;
}
/* deny group */
/* if global_list_prog_size = 0, safer_mode not true */
if (group_deny( user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP FIRST:") == NOT_ALLOWED)
return RET_SHELL;
/* deny user */
if (user_deny(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP FIRST:") == NOT_ALLOWED)
return RET_SHELL;
/* group allowed folder */
if (global_list_folder_size > 0) {
if (group_folder_allowed(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP FIRST:") == ALLOWED)
return ALLOWED;
}
/* user allowed folder */
if (global_list_folder_size > 0) {
if (user_folder_allowed(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP FIRST:") == ALLOWED)
return ALLOWED;
}
/* allowed user */
if (user_allowed(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP FIRST:") == ALLOWED)
return ALLOWED;;
/* allowed group */
if (group_allowed(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP FIRST:") == ALLOWED)
return ALLOWED;
/* user allowed interpreter and allowed group script file*/
/* 0 allowed */
/* -1 deny */
if (param_file(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
argv,
argv_len,
global_list_prog,
global_list_prog_size,
"STAT STEP FIRST:") == ALLOWED)
return ALLOWED;
if (printk_deny == true)
printk("STAT STEP FIRST: USER/PROG. DENY :
a:%d;%ld;%s;%s\n", user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
filename);
return (RET_SHELL);
}
static int exec_second_step(const char *filename)
{
struct sum_hash_struct size_hash_sum;
int retval;
uid_t user_id = get_current_user()->uid.val;
if (learning_mode == true) {
/* works too */
mutex_lock(&learning_lock);
learning(user_id,
filename,
&global_list_learning,
&global_list_learning_size,
HASH_ALG,
DIGIT);
mutex_unlock(&learning_lock);
}
if (safer_mode == true || (safer_show_mode == true &&
printk_allowed == true )
|| (safer_show_mode == true && printk_deny == true)) {
/* if size = 0 not check */
size_hash_sum = get_file_size_hash_read(filename, HASH_ALG, DIGIT);
if (size_hash_sum.retval == NOT_ALLOWED) {
if (printk_deny == true)
printk("STAT STEP SEC : USER/PROG. UNKOWN :
a:%d;;;%s\n",user_id,
filename);
return ALLOWED;
}
/* group deny folder */
if (global_list_folder_size > 0) {
retval = group_folder_deny(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP SEC :");
if (safer_mode == true) {
if (retval == NOT_ALLOWED)
return RET_SHELL;
}
else if (retval == NOT_ALLOWED)
return ALLOWED;
}
/* deny folder */
if (global_list_folder_size > 0) {
retval = user_folder_deny(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP SEC :");
if (safer_mode == true) {
if (retval == NOT_ALLOWED)
return RET_SHELL;
}
else if (retval == NOT_ALLOWED)
return ALLOWED;
}
/* deny group */
/* if global_list_prog_size = 0, safer_mode not true */
retval = group_deny(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :");
if (safer_mode == true) {
if (retval == NOT_ALLOWED)
return RET_SHELL;
}
else if (retval == NOT_ALLOWED)
return ALLOWED;
/* deny user */
retval = user_deny(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :");
if (safer_mode == true) {
if (retval == NOT_ALLOWED)
return RET_SHELL;
}
else if (retval == NOT_ALLOWED)
return ALLOWED;
/* allowed folder */
if (global_list_folder_size > 0) {
if (group_folder_allowed(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
}
/* allowed folder */
if (global_list_folder_size > 0) {
if (user_folder_allowed(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
}
/* allowed user */
if (user_allowed(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
/* allowed group */
if (group_allowed(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
/* user allowed interpreter */
if (user_interpreter_allowed( user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
/* group allowed interpreter */
if (group_interpreter_allowed( user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
if (printk_deny == true) {
printk("STAT STEP SEC : USER/PROG. DENY :
a:%d;%ld;%s;%s\n",user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
filename);
}
/* filter end */
if (safer_mode == true)
return (RET_SHELL);
else return ALLOWED;
}
return ALLOWED;
}
static int allowed_exec(struct filename *kernel_filename,
const char __user *const __user *_argv)
{
struct user_arg_ptr argv = { .ptr.native = _argv };
const char __user *str;
char **argv_list = NULL;
long argv_list_len = 0;
long str_len;
int retval;
uid_t user_id;
if (safer_mode == false)
if (learning_mode == false)
if (safer_show_mode == false || printk_allowed == false)
if (safer_show_mode == false || printk_deny == false)
return ALLOWED;
/* argv -> kernel space */
argv_list_len = count(argv, MAX_ARG_STRINGS);
if (argv_list_len > ARGV_MAX) argv_list_len = ARGV_MAX;
argv_list = kzalloc(argv_list_len * sizeof(char *), GFP_KERNEL);
if (!argv_list)
return ALLOWED;
for (int n = 0; n < argv_list_len; n++) {
str = get_user_arg_ptr(argv, n);
str_len = strnlen_user(str, MAX_ARG_STRLEN);
argv_list[n] = kzalloc((str_len + 1) * sizeof(char), GFP_KERNEL);
retval = copy_from_user(argv_list[n], str, str_len);
}
user_id = get_current_user()->uid.val;
if (verbose_param_mode == true)
print_prog_arguments( user_id,
kernel_filename->name,
argv_list,
argv_list_len,
HASH_ALG,
DIGIT);
if (learning_mode == true) {
/* works too */
mutex_lock(&learning_lock);
learning(user_id,
kernel_filename->name,
&global_list_learning,
&global_list_learning_size,
HASH_ALG,
DIGIT);
learning_argv( user_id,
kernel_filename->name,
argv_list,
argv_list_len,
&global_list_learning_argv,
&global_list_learning_argv_size,
&global_list_learning_argv_init);
mutex_unlock(&learning_lock);
}
if (safer_mode == true || (safer_show_mode == true &&
printk_allowed == true)
|| (safer_show_mode == true && printk_deny == true))
retval = exec_first_step(user_id,
kernel_filename->name,
argv_list,
argv_list_len);
for (int n = 0; n < argv_list_len; n++) {
if (argv_list[n] != NULL)
kfree(argv_list[n]);
}
if (argv_list != NULL) {
kfree(argv_list);
argv_list = NULL;
}
if (safer_mode == true)
return (retval);
return ALLOWED;
}
SYSCALL_DEFINE5(execve,
const char __user *, filename,
const char __user *const __user *, argv,
const char __user *const __user *, envp,
const loff_t, number,
const char __user *const __user *, list)
{
uid_t user_id;
int str_len = 0;
char *list_string = NULL;
struct user_arg_ptr _list = { .ptr.native = list };
const char __user *str;
user_id = get_current_user()->uid.val;
/* command part, future ? */
switch(number) {
/* safer on */
case 999900: if (user_id != 0) return CONTROL_ERROR;
if (change_mode == false) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
if (global_list_prog_size > 0 ||
global_list_folder_size > 0) {
safer_mode = true;
printk("MODE: SAFER ON\n");
mutex_unlock(&control);
return CONRTOL_OK;
}
else {
printk("MODE: SAFER OFF\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* safer off */
case 999901: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER OFF\n");
safer_mode = false;
mutex_unlock(&control);
return CONRTOL_OK;
/* stat */
case 999902: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
printk("SAFER STATE : %d\n", safer_mode);
return(safer_mode);
/* printk allowed on */
case 999903: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER PRINTK ALLOWED ON\n");
printk_allowed = true;
mutex_unlock(&control);
return CONRTOL_OK;
/* printk allowed off */
case 999904: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER PRINTK ALLOWED OFF\n");
printk_allowed = false;
mutex_unlock(&control);
return CONRTOL_OK;
case 999905: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: NO MORE CHANGES ALLOWED\n");
change_mode = false;
mutex_unlock(&control);
return CONRTOL_OK;
case 999906: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: learning ON\n");
learning_mode = true;
mutex_unlock(&control);
return CONRTOL_OK;
case 999907: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: learning OFF\n");
learning_mode = false;
mutex_unlock(&control);
return CONRTOL_OK;
case 999908: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: verbose paramter mode ON\n");
verbose_param_mode = true;
mutex_unlock(&control);
return CONRTOL_OK;
case 999909: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: verbose parameter mode OFF\n");
verbose_param_mode = false;
mutex_unlock(&control);
return CONRTOL_OK;
/* safer show on */
case 999910: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
safer_show_mode = true;
printk("MODE: SAFER SHOW ONLY ON\n");
mutex_unlock(&control);
return CONRTOL_OK;
/* safer show off */
case 999911: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER SHOW ONLY OFF\n");
safer_show_mode = false;
mutex_unlock(&control);
return CONRTOL_OK;
/* printk deny ON */
case 999912: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER PRINTK DENY ON\n");
printk_deny = true;
mutex_unlock(&control);
return CONRTOL_OK;
/* printk deny OFF */
case 999913: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER PRINTK DENY OFF\n");
printk_deny = false;
mutex_unlock(&control);
return CONRTOL_OK;
/* set all list */
case 999920:
if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
if (list == NULL) { /* check? */
printk("ERROR: FILE LIST\n");
mutex_unlock(&control);
return CONTROL_ERROR;
} /* check!? */
int int_ret = count(_list, MAX_ARG_STRINGS);
if (int_ret == 0) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
str = get_user_arg_ptr(_list, 0); /* String 0 */
str_len = strnlen_user(str, MAX_ARG_STRLEN);
if (str_len < 1) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* safer */
if (list_string != NULL) { kfree(list_string);
list_string = NULL; }
list_string = kmalloc((str_len + 1) * sizeof(char),
GFP_KERNEL);
if (list_string == NULL) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
int_ret = copy_from_user(list_string, str, str_len);
long list_prog_size;
int_ret = kstrtol(list_string, 10, &list_prog_size);
if (list_string != NULL) { kfree(list_string);
list_string = NULL; }
if (int_ret != 0) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* new list 0 ? */
if (list_prog_size < 1) {
printk("NO FILE LIST\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* new list > MAX_DYN */
if (list_prog_size > MAX_DYN) {
printk("FILE LIST TO BIG!\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* check bytes */
/* new list */
long list_progs_bytes = 0;
for (int n = 0; n < list_prog_size; n++) {
str = get_user_arg_ptr(_list, n + 1);
list_progs_bytes += strnlen_user(str, MAX_ARG_STRLEN);
}
if (list_progs_bytes > MAX_DYN_BYTES) {
printk("FILE LIST TO BIG!\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/*
first: new list
if new list ok. clear old list.
if new list not ok clear new list
keep old list
*/
char **list_prog_temp = NULL;
/* dyn list */
list_prog_temp = kmalloc(list_prog_size * sizeof(char
*), GFP_KERNEL);
/* Create a new not ok */
if (list_prog_temp == NULL) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
for (int n = 0; n < list_prog_size; n++) {
str = get_user_arg_ptr(_list, n + 1); /*
String 0 */
str_len = strnlen_user(str, MAX_ARG_STRLEN);
list_prog_temp[n] = kmalloc((str_len + 1) *
sizeof(char), GFP_KERNEL);
/* Create a new list not ok */
if (list_prog_temp[n] == NULL) {
for (int n_error = 0; n_error < n; n_error++) {
kfree(list_prog_temp[n_error]);
list_prog_temp[n_error] = NULL;
}
kfree(list_prog_temp);
list_prog_temp = NULL;
mutex_unlock(&control);
return CONTROL_ERROR;
}
int_ret = copy_from_user(list_prog_temp[n], str,
str_len);
}
/* clear */
/* old list */
if (global_list_prog_size > 0) {
for (int n = 0; n < global_list_prog_size; n++) {
kfree(global_list_prog[n]);
global_list_prog[n] = NULL;
}
kfree(global_list_prog);
}
/* global = new */
global_list_prog = list_prog_temp;
list_prog_temp = NULL;
global_list_prog_size = list_prog_size;
global_list_progs_bytes = list_progs_bytes;
printk("FILE LIST ELEMENTS: %ld\n", global_list_prog_size);
printk("FILE LIST BYTES : %ld\n",
global_list_progs_bytes);
mutex_unlock(&control);
return(global_list_prog_size);
/* set all folder list */
case 999921:
if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
if (list == NULL) { /* check? */
printk("ERROR: FOLDER LIST\n");
mutex_unlock(&control);
return CONTROL_ERROR;
} /* check!? */
/* No Syscall Parameter 6 necessary */
int_ret = count(_list, MAX_ARG_STRINGS);
if (int_ret == 0) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
str = get_user_arg_ptr(_list, 0); /* String 0 */
str_len = strnlen_user(str, MAX_ARG_STRLEN);
if (str_len < 1) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* safer */
if (list_string != NULL) { kfree(list_string);
list_string = NULL; }
list_string = kmalloc((str_len + 1) * sizeof(char),
GFP_KERNEL);
if (list_string == NULL) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
int_ret = copy_from_user(list_string, str, str_len);
long list_folder_size;
int_ret = kstrtol(list_string, 10, &list_folder_size);
if (list_string != NULL) { kfree(list_string);
list_string = NULL; };
if (int_ret != 0) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* new list = 0 ? */
if (list_folder_size < 1) {
printk("NO FOLDER LIST\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* new list > MAX_DYN */
if (list_folder_size > MAX_DYN) {
printk("FOLDER LIST TO BIG!\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* check bytes */
/* new list */
long list_folders_bytes = 0;
for (int n = 0; n < list_folder_size; n++) {
str = get_user_arg_ptr(_list, n + 1);
list_folders_bytes += strnlen_user(str,
MAX_ARG_STRLEN);
}
if (list_folders_bytes > MAX_DYN_BYTES) {
printk("FOLDER LIST TO BIG!\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/*
first: new list
if new list ok. clear old list.
if new list not ok clear new list
keep old list
*/
char **list_folder_temp = NULL;
/* dyn array */
list_folder_temp = kmalloc(list_folder_size *
sizeof(char *), GFP_KERNEL);
/* Create a new list not ok */
if (list_folder_temp == NULL) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
for (int n = 0; n < list_folder_size; n++) {
str = get_user_arg_ptr(_list, n + 1); /*
String 0 */
str_len = strnlen_user(str, MAX_ARG_STRLEN);
list_folder_temp[n] = kmalloc((str_len + 1) *
sizeof(char), GFP_KERNEL);
/* Create a new list not ok*/
if (list_folder_temp[n] == NULL) {
for (int n_error = 0; n_error < n; n_error++) {
kfree(list_folder_temp[n_error]);
list_folder_temp[n_error] = NULL;
}
kfree(list_folder_temp);
list_folder_temp = NULL;
mutex_unlock(&control);
return CONTROL_ERROR;
}
int_ret = copy_from_user(list_folder_temp[n], str,
str_len);
}
/* clear */
/* old list */
if (global_list_folder_size > 0) {
for (int n = 0; n < global_list_folder_size; n++) {
kfree(global_list_folder[n]);
global_list_folder[n] = NULL;
}
kfree(global_list_folder);
}
/* global = new */
global_list_folder = list_folder_temp;
list_folder_temp = NULL;
global_list_folder_size = list_folder_size;
global_list_folders_bytes = list_folders_bytes;
printk("FILE LIST ELEMENTS: %ld\n",
global_list_folder_size);
printk("FILE LIST BYTES : %ld\n",
global_list_folders_bytes);
mutex_unlock(&control);
return(global_list_folder_size);
default: break;
}
if (allowed_exec(getname(filename), argv) == RET_SHELL)
return(RET_SHELL);
return do_execve(getname(filename), argv, envp);
}
---------------------------------
safer_info.c
---------------------------------
/* Copyright (c) 2022/03/28, Peter Boettcher, Germany/NRW, Muelheim
Ruhr, mail:peter.boettcher@....net
* Urheber: 2022.03.28, Peter Boettcher, Germany/NRW, Muelheim Ruhr,
mail:peter.boettcher@....net
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2, or (at your option)
* any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
Program : safer_info.c
Path : fs/
Makefile
obj-y += safer_info.o
*/
#include <linux/fs.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <linux/utsname.h>
/* proto. */
struct safer_info_struct {
bool safer_show_mode;
bool safer_mode;
bool printk_allowed;
bool printk_deny;
bool learning_mode;
bool change_mode;
long global_list_prog_size;
long global_list_folder_size;
char **global_list_prog;
char **global_list_folder;
long global_hash_size;
long global_list_progs_bytes;
long global_list_folders_bytes;
};
static struct safer_info_struct info;
extern void safer_info(struct safer_info_struct *info);
static int safer_info_display(struct seq_file *proc_show, void *v)
{
long n;
uid_t user_id;
user_id = get_current_user()->uid.val;
if (user_id != 0) return(0);
safer_info(&info);
seq_printf(proc_show, "INFO SAFER\n\n");
if (info.safer_mode == true)
seq_printf(proc_show, "MODE SAFER : ON\n");
else seq_printf(proc_show, "MODE SAFER : OFF\n");
if (info.safer_show_mode == true)
seq_printf(proc_show, "MODE SAFER SHOW ONLY : ON\n");
else seq_printf(proc_show, "MODE SAFER SHOW ONLY : OFF\n");
if (info.printk_allowed == true)
seq_printf(proc_show, "MODE PRINTK ALLOWED : ON\n");
else seq_printf(proc_show, "MODE PRINTK ALLOWED : OFF\n");
if (info.printk_deny == true)
seq_printf(proc_show, "MODE PRINTK DENY : ON\n");
else seq_printf(proc_show, "MODE PRINTK DENY : OFF\n");
if (info.learning_mode == true)
seq_printf(proc_show, "MODE LEARNING : ON\n");
else seq_printf(proc_show, "MODE LEARNING : OFF\n");
if (info.change_mode == true)
seq_printf(proc_show, "MODE SAFER CHANGE ALLOWED : ON\n");
else seq_printf(proc_show, "MODE SAFER CHANGE ALLOWED : OFF\n");
seq_printf(proc_show, "PROG. LIST MAX : %ld\n",
info.global_list_prog_size);
seq_printf(proc_show, "FOLDER LIST MAX : %ld\n",
info.global_list_folder_size);
seq_printf(proc_show, "PROG. LIST BYTES : %ld\n",
info.global_list_progs_bytes);
seq_printf(proc_show, "FOLDER LIST BYTES : %ld\n",
info.global_list_folders_bytes);
seq_printf(proc_show, "MODE SEARCH : BSEARCH\n");
seq_printf(proc_show, "HASH SIZE MAX : %ld\n",
info.global_hash_size);
seq_printf(proc_show, "\n\n");
seq_printf(proc_show, "FOLDER:\n\n");
for (n = 0; n < info.global_list_folder_size; n++) {
seq_printf(proc_show, "%s\n", info.global_list_folder[n]);
}
seq_printf(proc_show, "\n\n");
seq_printf(proc_show, "FILES:\n\n");
for (n = 0; n < info.global_list_prog_size; n++) {
seq_printf(proc_show, "%s\n", info.global_list_prog[n]);
}
return 0;
}
static int __init safer_info_show(void)
{
proc_create_single("safer.info", 0, NULL, safer_info_display);
return 0;
}
fs_initcall(safer_info_show);
---------------------------------
safer_learning.c
---------------------------------
/* Copyright (c) 2022/06/26, Peter Boettcher, Germany/NRW, Muelheim
Ruhr, mail:peter.boettcher@....net
* Urheber: 2022.06.26, Peter Boettcher, Germany/NRW, Muelheim Ruhr,
mail:peter.boettcher@....net
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2, or (at your option)
* any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
Program : safer_learning.c
Path : fs/
Makefile
obj-y += safer_learning.o
*/
#include <linux/fs.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <linux/utsname.h>
/* proto. */
struct safer_learning_struct {
long global_list_learning_size;
char **global_list_learning;
long global_list_learning_argv_max;
long global_list_learning_argv_size;
char **global_list_learning_argv;
};
static struct safer_learning_struct learning;
extern void safer_learning(struct safer_learning_struct *learning);
static int safer_learning_display(struct seq_file *proc_show, void *v)
{
long n;
uid_t user_id;
user_id = get_current_user()->uid.val;
if (user_id != 0) return(0);
safer_learning(&learning);
seq_printf(proc_show, "INFO learning\n\n");
seq_printf(proc_show, "FILES:\n\n");
seq_printf(proc_show, "FILE learning LIST LEN : %ld\n",
learning.global_list_learning_size);
if (learning.global_list_learning_size > 0) {
for (n = 0; n < learning.global_list_learning_size; n++) {
seq_printf(proc_show, "%s\n",
learning.global_list_learning[n]);
}
}
seq_printf(proc_show, "\n\nARGV:\n");
seq_printf(proc_show, "<ARGV LEARNING LIST> is organized as a
RING\n\n");
seq_printf(proc_show, "ARGV learning LIST MAX : %ld\n",
learning.global_list_learning_argv_max);
seq_printf(proc_show, "ARGV learning LIST LEN : %ld\n",
learning.global_list_learning_argv_size);
for (n = 0; n < learning.global_list_learning_argv_max; n++) {
if (learning.global_list_learning_argv[n] == NULL) return 0;
seq_printf(proc_show, "%s\n",
learning.global_list_learning_argv[n]);
}
return 0;
}
static int __init safer_learning_show(void)
{
proc_create_single("safer.learning", 0, NULL, safer_learning_display);
return 0;
}
fs_initcall(safer_learning_show);
---------------------------------
AMD64 version
---------------------------------
--- syscall_64.tbl 2024-07-24 15:54:07.000000000 +0200
+++ syscall_64.new.tbl 2024-08-11 19:54:19.474341831 +0200
@@ -385,6 +385,9 @@
461 common lsm_list_modules sys_lsm_list_modules
462 common mseal sys_mseal
+501 common set_execve_list sys_set_execve_list
+
+
#
# Due to a historical design error, certain syscalls are numbered
differently
# in x32 as compared to native x86_64. These syscalls have numbers
512-547.
---------------------------------
safer.syscall.c
---------------------------------
/* Copyright (c) 2022/03/28, 2022.09.17, Peter Boettcher, Germany/NRW,
Muelheim Ruhr, mail:peter.boettcher@....net
* Urheber: 2022.03.28, 2022.09.17, Peter Boettcher, Germany/NRW,
Muelheim Ruhr, mail:peter.boettcher@....net
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2, or (at your option)
* any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>
*/
/*
Program : safer.c
Path : fs/
TEST : Kernel 6.0 - 6.10.1
Lenovo X230, T460, T470, Fujitsu Futro S xxx, AMD Ryzen
Proxmox, Docker
*/
/*
Look -> "exec_first_step"
Limit argv[0] = 1000
Reason glibc
A GOOD IDEA? I don't know?
But it's works
when in doubt remove it
*/
/* HASH ?*/
/* Your choice */
/*
#define HASH_ALG "md5"
#define DIGIT 16
*/
#define HASH_ALG "sha256"
#define DIGIT 32
/*
#define HASH_ALG "sha512"
#define DIGIT 64
*/
/*your choice */
#define MAX_DYN 100000
#define MAX_DYN_BYTES MAX_DYN * 200
#define ARGV_MAX 16
#define LEARNING_ARGV_MAX 5000
#define KERNEL_READ_SIZE 2000000
#define RET_SHELL -2
#define ALLOWED 0
#define NOT_ALLOWED -1
#define CONTROL_ERROR -1
#define CONRTOL_OK 0
#define ERROR -1
#define NOT_IN_LIST -1
static DEFINE_MUTEX(learning_lock);
static DEFINE_MUTEX(control);
static bool safer_show_mode = false;
static bool safer_mode = false;
static bool printk_allowed = false;
static bool printk_deny = false;
static bool learning_mode = true;
static bool change_mode = true; /*true = change_mode allowed */
static bool verbose_param_mode = false;
static char **global_list_prog = NULL;
static long global_list_prog_size = 0;
static char **global_list_learning = NULL;
static long global_list_learning_size = 0;
static char **global_list_learning_argv = NULL;
static long global_list_learning_argv_size = 0;
static bool global_list_learning_argv_init = false;
static char **global_list_folder = NULL;
static long global_list_folder_size = 0;
static long global_list_progs_bytes = 0;
static long global_list_folders_bytes = 0;
/* proto. */
struct sum_hash_struct {
int retval;
char hash_string[DIGIT * 2 + 1];
ssize_t file_size;
};
/* proto. */
struct safer_info_struct {
bool safer_show_mode;
bool safer_mode;
bool printk_allowed;
bool printk_deny;
bool learning_mode;
bool change_mode;
long global_list_prog_size;
long global_list_folder_size;
char **global_list_prog;
char **global_list_folder;
long global_hash_size;
long global_list_progs_bytes;
long global_list_folders_bytes;
};
/* proto. */
struct safer_learning_struct {
long global_list_learning_size;
char **global_list_learning;
long global_list_learning_argv_max;
long global_list_learning_argv_size;
char **global_list_learning_argv;
};
/* Makes compiler happy */
void safer_info(struct safer_info_struct *info);
void safer_learning(struct safer_learning_struct *learning);
/* DATA: Only over function */
void safer_info(struct safer_info_struct *info)
{
info->safer_show_mode =safer_show_mode;
info->safer_mode = safer_mode;
info->printk_allowed = printk_allowed;
info->printk_deny = printk_deny;
info->learning_mode = learning_mode;
info->change_mode = change_mode;
info->global_list_prog_size = global_list_prog_size;
info->global_list_folder_size = global_list_folder_size;
info->global_list_prog = global_list_prog;
info->global_list_folder = global_list_folder;
info->global_hash_size = KERNEL_READ_SIZE;
info->global_list_progs_bytes = global_list_progs_bytes;
info->global_list_folders_bytes = global_list_folders_bytes;
return;
}
/* DATA: Only over function */
void safer_learning(struct safer_learning_struct *learning)
{
learning->global_list_learning_size = global_list_learning_size;
learning->global_list_learning = global_list_learning;
learning->global_list_learning_argv_max = LEARNING_ARGV_MAX;
learning->global_list_learning_argv_size =
global_list_learning_argv_size;
learning->global_list_learning_argv = global_list_learning_argv;
return;
}
static int besearch_file(char *str_search,
char **list,
long elements)
{
long left, right;
long middle;
long int_ret;
left = 0;
right = elements - 1;
while(left <= right) {
middle = (left + right) / 2;
int_ret = strcmp(list[middle], str_search);
if (int_ret == 0) return 0;
else if (int_ret < 0) left = middle + 1;
else if (int_ret > 0) right = middle - 1;
}
return NOT_IN_LIST;
}
static int besearch_folder( char *str_search,
char **list,
long elements)
{
long left, right;
long middle;
long int_ret;
if (str_search[strlen(str_search) -1] == '/' ) return NOT_IN_LIST;
left = 0;
right = elements - 1;
while(left <= right) {
middle = (left + right) / 2;
int_ret = strncmp(list[middle], str_search, strlen(list[middle]));
if (int_ret == 0) return 0;
else if (int_ret < 0) left = middle + 1;
else if (int_ret > 0) right = middle - 1;
}
return NOT_IN_LIST;
}
static long search(char *str_search,
char **list,
long elements)
{
long n;
for (n = 0; n < elements; n++) {
if (strncmp(list[n], str_search, strlen(list[n])) == 0) return 0;
}
return NOT_IN_LIST;
}
static struct sum_hash_struct get_hash_sum_buffer(char buffer[], int
max, const char *hash_alg, int digit)
{
char hash_out[64];
struct crypto_shash *hash;
struct shash_desc *shash;
struct sum_hash_struct hash_sum;
char hash_[2];
hash = crypto_alloc_shash(hash_alg, 0, 0);
if (IS_ERR(hash)) {
hash_sum.retval = ERROR;
return hash_sum;
}
shash = kmalloc(sizeof(struct shash_desc) +
crypto_shash_descsize(hash), GFP_KERNEL);
if (!shash) {
hash_sum.retval = ERROR;
return hash_sum;
}
shash->tfm = hash;
if (crypto_shash_init(shash)) {
hash_sum.retval = ERROR;
return hash_sum;
}
if (crypto_shash_update(shash, buffer, max)) {
hash_sum.retval = ERROR;
return hash_sum;
}
if (crypto_shash_final(shash, hash_out)) {
hash_sum.retval = ERROR;
return hash_sum;
}
kfree(shash);
crypto_free_shash(hash);
for (int n = 0; n < digit; n++) {
sprintf(hash_, "%02x", (unsigned char) hash_out[n]);
hash_sum.hash_string[n * 2] = hash_[0];
hash_sum.hash_string[(n * 2) + 1] = hash_[1];
}
hash_sum.hash_string[digit * 2] = '\0';
hash_sum.retval = 0;
return hash_sum;
}
static struct sum_hash_struct get_file_size_hash_read(const char
*filename, const char *hash_alg, int digit)
{
ssize_t retval;
ssize_t file_size;
void *data = NULL;
struct sum_hash_struct size_hash_sum;
int max = KERNEL_READ_SIZE;
retval = kernel_read_file_from_path( filename,
0,
&data,
KERNEL_READ_SIZE,
&file_size,
READING_POLICY);
if (retval < 1) {
size_hash_sum.file_size = 0;
size_hash_sum.hash_string[0] = '\0';
size_hash_sum.retval = ERROR;
return size_hash_sum;
}
if (file_size < 1) {
vfree(data);
size_hash_sum.file_size = 0;
size_hash_sum.hash_string[0] = '\0';
size_hash_sum.retval = ERROR;
return size_hash_sum;
}
if (file_size < max) max = file_size;
char *buffer = data;
size_hash_sum = get_hash_sum_buffer(buffer, max, hash_alg, digit);
if (size_hash_sum.retval == 0) {
vfree(data);
size_hash_sum.file_size = file_size;
return size_hash_sum;
}
vfree(data);
size_hash_sum.retval = -1;
size_hash_sum.file_size = 0;
size_hash_sum.hash_string[0] = '\0';
return size_hash_sum;
}
static ssize_t get_file_size(const char *filename)
{
loff_t i_size;
struct file *file;
file = filp_open(filename, O_RDONLY, 0);
if (IS_ERR(file))
return ERROR;
if (!S_ISREG(file_inode(file)->i_mode)) {
fput(file);
return ERROR;
}
if (deny_write_access(file)) {
fput(file);
return ERROR;
}
i_size = i_size_read(file_inode(file));
if (i_size < 1) {
allow_write_access(file);
fput(file);
return ERROR;
}
/* The file is too big for sane activities. */
if (i_size > INT_MAX) {
allow_write_access(file);
fput(file);
return ERROR;
}
allow_write_access(file);
fput(file);
return (ssize_t) i_size;
}
static void learning_argv(uid_t user_id,
const char *filename,
char **argv,
long argv_len,
char ***list,
long *list_len,
bool *list_init)
{
char str_user_id[19];
char str_file_size[19];
ssize_t file_size;
char *str_learning = NULL;
int string_length = 0;
if (argv_len == 1)
return;
file_size = get_file_size(filename);
/* file not exist or empty */
if (file_size < 1)
return;
/* init list */
if (*list_init == false) {
*list = kzalloc(sizeof(char *) * LEARNING_ARGV_MAX, GFP_KERNEL);
if (*list == NULL) {
return;
}
else *list_init = true;
}
sprintf(str_user_id, "%u", user_id);
sprintf(str_file_size, "%ld", file_size);
string_length = strlen(str_user_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen("a:;;;") + 1;
//if (argv_len > 10) argv_len = 10;
for (int n = 1; n < argv_len; n++) {
string_length += strlen(argv[n]);
string_length += 1;
}
str_learning = kzalloc(string_length * sizeof(char), GFP_KERNEL);
strcpy(str_learning, "a:");
strcat(str_learning, str_user_id);
strcat(str_learning, ";");
strcat(str_learning, str_file_size);
strcat(str_learning, ";");
strcat(str_learning, filename);
strcat(str_learning, ";");
for (int n = 1; n < argv_len; n++) {
strcat(str_learning, argv[n]);
strcat(str_learning, ";");
}
if (search(str_learning, *list, *list_len) != 0) {
if ((*list)[*list_len] != NULL)
kfree((*list)[*list_len]);
(*list)[*list_len] = kzalloc(string_length * sizeof(char),
GFP_KERNEL);
if ((*list)[*list_len] == NULL) {
kfree(str_learning);
return;
}
strcpy((*list)[*list_len], str_learning);
*list_len += 1;
/* check argv_len > lerning_argv_max */
if (*list_len > LEARNING_ARGV_MAX - 1)
*list_len = 0;
}
kfree(str_learning);
return;
}
static void learning( uid_t user_id,
const char *filename,
char ***list,
long *list_len,
char const *hash_alg,
int digit)
{
char str_user_id[19];
char str_file_size[19];
char *str_learning = NULL;
int string_length = 0;
struct sum_hash_struct size_hash_sum;
if (filename[0] != '/')
return;
//size_hash_sum = get_file_size_hash_read(filename);
size_hash_sum = get_file_size_hash_read(filename, hash_alg, digit);
if (size_hash_sum.retval == -1)
return;
sprintf(str_user_id, "%u", user_id);
sprintf(str_file_size, "%ld", size_hash_sum.file_size);
string_length = strlen(str_user_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen(size_hash_sum.hash_string);
string_length += strlen("a:;;;") + 1;
str_learning = kzalloc(string_length * sizeof(char), GFP_KERNEL);
strcpy(str_learning, "a:");
strcat(str_learning, str_user_id);
strcat(str_learning, ";");
strcat(str_learning, str_file_size);
strcat(str_learning, ";");
strcat(str_learning, size_hash_sum.hash_string);
strcat(str_learning, ";");
strcat(str_learning, filename);
if (search(str_learning, *list, *list_len) != 0) {
if (*list_len == 0) {
*list = kzalloc(sizeof(char *), GFP_KERNEL);
if (*list == NULL) {
kfree(str_learning);
return;
}
(*list)[0] = kzalloc(string_length * sizeof(char), GFP_KERNEL);
if ((*list)[0] == NULL) {
kfree(str_learning);
return;
}
strcpy((*list)[0], str_learning);
*list_len = 1;
}
else {
*list = krealloc(*list, (*list_len + 1) * sizeof(char *),
GFP_KERNEL);
if (*list == NULL) {
kfree(str_learning);
return;
}
(*list)[*list_len] = kzalloc(string_length * sizeof(char),
GFP_KERNEL);
if ((*list)[*list_len] == NULL) {
kfree(str_learning);
return;
}
strcpy((*list)[*list_len], str_learning);
*list_len += 1;
}
}
kfree(str_learning);
return;
}
static void print_prog_arguments(uid_t user_id,
const char *filename,
char **argv,
long argv_len,
const char *hash_alg,
int digit)
{
struct sum_hash_struct size_hash_sum;
size_hash_sum = get_file_size_hash_read(filename, hash_alg, digit);
if (size_hash_sum.retval == -1)
return;
printk("USER ID:%u;%ld;%s;%s\n",user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
filename);
for (int n = 0; n < argv_len; n++) {
printk("argv[%d]:%s\n", n, argv[n]);
}
return;
}
static int
user_allowed( uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char *str_user_file = NULL;
sprintf(str_user_id, "%u", user_id);
sprintf(str_file_size, "%ld", file_size);
/* user allowed */
int string_length = strlen(str_user_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen(hash);
/* i hope the compiler makes a constant ? */
string_length += strlen("a:;;;") + 1;
str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_user_file)
return NOT_ALLOWED;
strcpy(str_user_file, "a:");
strcat(str_user_file, str_user_id);
strcat(str_user_file, ";");
strcat(str_user_file, str_file_size);
strcat(str_user_file, ";");
strcat(str_user_file, hash);
strcat(str_user_file, ";");
strcat(str_user_file, filename);
if (besearch_file(str_user_file, list, list_len) == 0) {
if (printk_allowed == true)
printk("%s USER/PROG. ALLOWED: a:%s;%s;%s;%s\n", step,
str_user_id, str_file_size, hash, filename);
kfree(str_user_file);
str_user_file = NULL;
return ALLOWED;
}
kfree(str_user_file);
str_user_file = NULL;
return NOT_ALLOWED;
}
static int
user_deny(uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char *str_user_file = NULL;
sprintf(str_user_id, "%d", user_id);
sprintf(str_file_size, "%ld", file_size);
/* user allowed */
int string_length = strlen(str_user_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen(hash);
string_length += strlen("d:;;;") + 1;
str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_user_file)
return NOT_ALLOWED;
strcpy(str_user_file, "d:");
strcat(str_user_file, str_user_id);
strcat(str_user_file, ";");
strcat(str_user_file, str_file_size);
strcat(str_user_file, ";");
strcat(str_user_file, hash);
strcat(str_user_file, ";");
strcat(str_user_file, filename);
if (besearch_file(str_user_file, list, list_len) == 0) {
if (printk_deny == true)
printk("%s USER/PROG. DENY : a:%s;%s;%s;%s\n", step,
str_user_id, str_file_size, hash, filename);
kfree(str_user_file);
return NOT_ALLOWED;
}
kfree(str_user_file);
return ALLOWED;
}
static int
group_allowed(uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char str_group_id[19];
char *str_group_file = NULL;
struct group_info *group_info;
int string_length;
group_info = get_current_groups();
sprintf(str_user_id, "%d", user_id);
for (int n = 0; n < group_info->ngroups; n++) {
sprintf(str_group_id, "%u", group_info->gid[n].val);
sprintf(str_file_size, "%ld", file_size);
string_length = strlen(str_group_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen(hash);
string_length += strlen("ga:;;;") +1;
//if (str_group_file != NULL) kfree(str_group_file);
str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_group_file)
return NOT_ALLOWED;
strcpy(str_group_file, "ga:");
strcat(str_group_file, str_group_id);
strcat(str_group_file, ";");
strcat(str_group_file, str_file_size);
strcat(str_group_file, ";");
strcat(str_group_file, hash);
strcat(str_group_file, ";");
strcat(str_group_file, filename);
if (besearch_file(str_group_file, list, list_len) == 0) {
if (printk_allowed == true)
printk("%s GROUP/PROG. ALLOWED: ga:%s;%s;%s;%s\n",
step, str_group_id, str_file_size, hash, filename);
kfree(str_group_file);
str_group_file = NULL;
return ALLOWED;
}
kfree(str_group_file);
str_group_file = NULL;
}
return NOT_ALLOWED;
}
static int
group_deny( uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char str_group_id[19];
char *str_group_file = NULL;
struct group_info *group_info;
int string_length;
group_info = get_current_groups();
sprintf(str_user_id, "%d", user_id);
for (int n = 0; n < group_info->ngroups; n++) {
sprintf(str_group_id, "%u", group_info->gid[n].val);
sprintf(str_file_size, "%ld", file_size);
string_length = strlen(str_group_id);
string_length += strlen(str_file_size);
string_length += strlen(hash);
string_length += strlen(filename);
string_length += strlen("gd:;;;") +1;
str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_group_file)
return NOT_ALLOWED;
strcpy(str_group_file, "gd:");
strcat(str_group_file, str_group_id);
strcat(str_group_file, ";");
strcat(str_group_file, str_file_size);
strcat(str_group_file, ";");
strcat(str_group_file, hash);
strcat(str_group_file, ";");
strcat(str_group_file, filename);
if (besearch_file(str_group_file, list, list_len) == 0) {
if (printk_deny == true)
printk("%s GROUP/PROG. DENY : gd:%s;%s;%s;%s\n",
step, str_group_id, str_file_size, hash, filename);
kfree(str_group_file);
return NOT_ALLOWED;
}
else kfree(str_group_file);
}
return ALLOWED;
}
static int
user_folder_allowed( uid_t user_id,
const char *filename,
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char *str_folder = NULL;
int string_length;
sprintf(str_user_id, "%d", user_id);
string_length = strlen(str_user_id);
string_length += strlen(filename);
string_length += strlen("a:;") + 1;
str_folder = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_folder)
return NOT_ALLOWED;
strcpy(str_folder, "a:");
strcat(str_folder, str_user_id);
strcat(str_folder, ";");
strcat(str_folder, filename);
/* Importend! Need qsorted list */
if (besearch_folder(str_folder, list, list_len) == 0) {
if (printk_allowed == true)
printk("%s USER/PROG. ALLOWED: a:%s;%s\n", step,
str_user_id, filename);
kfree(str_folder);
return ALLOWED;
}
kfree(str_folder);
return NOT_ALLOWED;
}
static int
user_folder_deny(uid_t user_id,
const char *filename,
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char *str_folder = NULL;
int string_length;
sprintf(str_user_id, "%d", user_id);
string_length = strlen(str_user_id);
string_length += strlen(filename);
string_length += strlen("d:;") + 1;
str_folder = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_folder)
return NOT_ALLOWED;
strcpy(str_folder, "d:");
strcat(str_folder, str_user_id);
strcat(str_folder, ";");
strcat(str_folder, filename);
/* Importend! Need qsorted list */
if (besearch_folder(str_folder, list, list_len) == 0) {
if (printk_deny == true)
printk("%s USER/PROG. DENY : a:%s;%s\n", step,
str_user_id, filename);
kfree(str_folder);
return NOT_ALLOWED;
}
kfree(str_folder);
return ALLOWED;
}
static int
group_folder_allowed( uid_t user_id,
const char *filename,
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_group_id[19];
char *str_group_folder = NULL;
struct group_info *group_info;
int string_length;
group_info = get_current_groups();
sprintf(str_user_id, "%d", user_id);
for (int n = 0; n < group_info->ngroups; n++) {
sprintf(str_group_id, "%u", group_info->gid[n].val);
string_length = strlen(str_group_id);
string_length += strlen(filename);
string_length += strlen("ga:;") + 1;
//if (str_group_folder != NULL) kfree(str_group_folder);
str_group_folder = kmalloc(string_length * sizeof(char),
GFP_KERNEL);
if (!str_group_folder)
return NOT_ALLOWED;
strcpy(str_group_folder, "ga:");
strcat(str_group_folder, str_group_id);
strcat(str_group_folder, ";");
strcat(str_group_folder, filename);
/* Importend! Need qsorted list */
if (besearch_folder(str_group_folder, list, list_len) == 0) {
if (printk_allowed == true)
printk("%s USER/PROG. ALLOWED: ga:%s;%s\n", step,
str_group_id, filename);
kfree(str_group_folder);
return ALLOWED;
}
else kfree(str_group_folder);
}
return NOT_ALLOWED;
}
static int
group_folder_deny(uid_t user_id,
const char *filename,
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_group_id[19];
char *str_group_folder = NULL;
struct group_info *group_info;
int string_length;
group_info = get_current_groups();
sprintf(str_user_id, "%d", user_id);
for (int n = 0; n < group_info->ngroups; n++) {
sprintf(str_group_id, "%u", group_info->gid[n].val);
string_length = strlen(str_group_id);
string_length += strlen(filename);
string_length += strlen("gd:;") + 1;
//if (str_group_folder != NULL) kfree(str_group_folder);
str_group_folder = kmalloc(string_length * sizeof(char),
GFP_KERNEL);
if (!str_group_folder)
return NOT_ALLOWED;
strcpy(str_group_folder, "gd:");
strcat(str_group_folder, str_group_id);
strcat(str_group_folder, ";");
strcat(str_group_folder, filename);
/* Importend! Need qsorted list */
if (besearch_folder(str_group_folder, list, list_len) == 0) {
if (printk_deny == true)
printk("%s USER/PROG. DENY : gd:%s;%s\n", step,
str_group_id, filename);
kfree(str_group_folder);
return NOT_ALLOWED;
}
else kfree(str_group_folder);
}
return ALLOWED;
}
static int
user_interpreter_allowed(uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char *str_user_file = NULL;
int string_length;
sprintf(str_user_id, "%d", user_id);
sprintf(str_file_size, "%ld", file_size);
/* user allowed interpreter */
string_length = strlen(str_user_id);
string_length += strlen(str_file_size);
string_length += strlen(hash);
string_length += strlen(filename);
string_length += strlen("ai:;;;") + 1;
str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (str_user_file == NULL)
return NOT_ALLOWED;
strcpy(str_user_file, "ai:");
strcat(str_user_file, str_user_id);
strcat(str_user_file, ";");
strcat(str_user_file, str_file_size);
strcat(str_user_file, ";");
strcat(str_user_file, hash);
strcat(str_user_file, ";");
strcat(str_user_file, filename);
if (besearch_file(str_user_file, list, list_len) == 0) {
if (printk_allowed == true)
printk("%s USER/PROG. ALLOWED: ai:%s;%s;%s;%s\n", step,
str_user_id, str_file_size, hash, filename);
kfree(str_user_file);
str_user_file = NULL;
return ALLOWED;
}
kfree(str_user_file);
str_user_file = NULL;
return NOT_ALLOWED;
}
static int
group_interpreter_allowed(uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **list,
long list_len,
const char *step)
{
char str_user_id[19];
char str_file_size[19];
char str_group_id[19];
char *str_group_file = NULL;
struct group_info *group_info;
int string_length;
group_info = get_current_groups();
sprintf(str_user_id, "%d", user_id);
for (int n = 0; n < group_info->ngroups; n++) {
sprintf(str_group_id, "%u", group_info->gid[n].val);
sprintf(str_file_size, "%ld", file_size);
string_length = strlen(str_group_id);
string_length += strlen(str_file_size);
string_length += strlen(filename);
string_length += strlen(hash);
string_length += strlen("gai:;;;") +1;
//if (str_group_file != NULL) kfree(str_group_file);
str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
if (!str_group_file)
return NOT_ALLOWED;
strcpy(str_group_file, "gai:");
strcat(str_group_file, str_group_id);
strcat(str_group_file, ";");
strcat(str_group_file, str_file_size);
strcat(str_group_file, ";");
strcat(str_group_file, hash);
strcat(str_group_file, ";");
strcat(str_group_file, filename);
if (besearch_file(str_group_file, list, list_len) == 0) {
if (printk_allowed == true)
printk("%s GROUP/PROG. ALLOWED: gai:%s;%s;%s;%s\n",
step, str_group_id, str_file_size, hash, filename);
kfree(str_group_file);
str_group_file = NULL;
return ALLOWED;
}
kfree(str_group_file);
str_group_file = NULL;
}
return NOT_ALLOWED;
}
/* allowed/deny user/group script file*/
/* 0 allowed */
/* -1 deny */
static int
param_file(uid_t user_id,
const char *filename,
ssize_t file_size,
char hash[],
char **argv,
long argv_len,
char **list,
long list_len,
const char *step)
{
struct sum_hash_struct size_hash_sum;
if (argv_len == 1) return NOT_ALLOWED;
/* check interpreter and files */
/* user allowed interpreter */
/* check "ai: gai:" */
if (user_interpreter_allowed(user_id,
filename,
file_size,
hash,
list,
list_len,
step) == NOT_ALLOWED)
if (group_interpreter_allowed(user_id,
filename,
file_size,
hash,
list,
list_len,
step) == NOT_ALLOWED)
return NOT_ALLOWED;
/* java */
if (strcmp(argv[1], "-jar") == 0) {
if (argv_len != 3) return NOT_ALLOWED;
size_hash_sum = get_file_size_hash_read(argv[2], HASH_ALG, DIGIT);
if (size_hash_sum.retval == NOT_ALLOWED) {
if (printk_deny == true)
printk("STAT STEP FIRST: USER/PROG. UNKOWN :
a:%d;;;%s\n",user_id,
argv[2]);
return NOT_ALLOWED;
}
/* check file/prog is in the list: allowed or deny */
/* deny user not required. not in the list is the same */
if (user_deny(user_id,
argv[2],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) return NOT_ALLOWED;
if (group_deny(user_id,
argv[2],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) return NOT_ALLOWED;
if (user_allowed(user_id,
argv[2],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) return ALLOWED;
if (group_allowed(user_id,
argv[2],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) return ALLOWED;
if (printk_deny == true)
printk("%s USER/SCRIPT DENY : a:%d;%ld;%s;%s\n", step,
user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
argv[2]);
return(NOT_ALLOWED);
}
/* java */
if (strcmp(argv[1], "-classpath") == 0) {
if (argv_len != 4) return NOT_ALLOWED;
long str_length;
str_length = strlen(argv[2]);
str_length += strlen(argv[3]);
str_length += strlen("/.class") + 1;
char *str_class_name = kmalloc(str_length * sizeof(char),
GFP_KERNEL);
if (str_class_name == NULL) return(NOT_ALLOWED);
strcpy(str_class_name, argv[2]);
strcat(str_class_name, "/");
strcat(str_class_name, argv[3]);
strcat(str_class_name, ".class");
size_hash_sum = get_file_size_hash_read(str_class_name,
HASH_ALG, DIGIT);
if (size_hash_sum.retval == NOT_ALLOWED) {
if (printk_deny == true)
printk("STAT STEP FIRST: USER/PROG. UNKOWN :
a:%d;;;%s\n",user_id,
str_class_name);
kfree(str_class_name);
return NOT_ALLOWED;
}
/* check file/prog is in the list: allowed or deny */
/* deny user not required. not in the list is the same */
if (user_deny(user_id,
str_class_name,
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) {
kfree(str_class_name);
return NOT_ALLOWED;
}
if (group_deny(user_id,
str_class_name,
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) {
kfree(str_class_name);
return NOT_ALLOWED;
}
if (user_allowed(user_id,
str_class_name,
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) {
kfree(str_class_name);
return ALLOWED;
}
if (group_allowed(user_id,
str_class_name,
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) {
kfree(str_class_name);
return ALLOWED;
}
if (printk_deny == true)
printk("%s USER/SCRIPT DENY : d:%d;%ld;%s;%s\n", step,
user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
str_class_name);
kfree(str_class_name);
return(NOT_ALLOWED);
}
/* other */
size_hash_sum = get_file_size_hash_read(argv[1], HASH_ALG, DIGIT);
if (size_hash_sum.retval == NOT_ALLOWED)
return NOT_ALLOWED;
/* check file/prog is in the list: allowed or deny */
/* deny user not required. not in the list is the same */
if (user_deny(user_id,
argv[1],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) return NOT_ALLOWED;
if (group_deny(user_id,
argv[1],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == NOT_ALLOWED) return NOT_ALLOWED;
if (user_allowed(user_id,
argv[1],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) return ALLOWED;
if (group_allowed(user_id,
argv[1],
size_hash_sum.file_size,
size_hash_sum.hash_string,
list,
list_len,
step) == ALLOWED) return ALLOWED;
if (printk_deny == true)
printk("%s USER/SCRIPT DENY : d:%d;%ld;%s;%s\n", step,
user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
argv[1]);
/* not found */
return NOT_ALLOWED;
}
static int exec_first_step(uid_t user_id, const char *filename, char
**argv, long argv_len)
{
struct sum_hash_struct size_hash_sum;
/* Limit argv[0] = 1000 */
/* Reason glibc */
/* A GOOD IDEA? I don't know? */
/* But it's works */
/* when in doubt remove it */
/*
if (strlen(argv[0]) > 1000) {
if (printk_deny == true || printk_allowed == true)
printk("STAT STEP FIRST: USER/PROG. DENY. ARGV[0] ERROR:
a:%d;;;%s\n",user_id,
filename);
return RET_SHELL;
}
*/
/* if Size = 0 not check */
size_hash_sum = get_file_size_hash_read(filename, HASH_ALG, DIGIT);
if (size_hash_sum.retval == NOT_ALLOWED) {
if (printk_deny == true)
printk("STAT STEP FIRST: USER/PROG. UNKOWN :
a:%d;;;%s\n",user_id,
filename);
return ALLOWED;
}
/* group deny folder */
if (global_list_folder_size > 0) {
if (group_folder_deny(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP FIRST:") == NOT_ALLOWED)
return RET_SHELL;
}
/* deny folder */
if (global_list_folder_size > 0) {
if (user_folder_deny(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP FIRST:") == NOT_ALLOWED)
return RET_SHELL;
}
/* deny group */
/* if global_list_prog_size = 0, safer_mode not true */
if (group_deny( user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP FIRST:") == NOT_ALLOWED)
return RET_SHELL;
/* deny user */
if (user_deny(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP FIRST:") == NOT_ALLOWED)
return RET_SHELL;
/* group allowed folder */
if (global_list_folder_size > 0) {
if (group_folder_allowed(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP FIRST:") == ALLOWED)
return ALLOWED;
}
/* user allowed folder */
if (global_list_folder_size > 0) {
if (user_folder_allowed(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP FIRST:") == ALLOWED)
return ALLOWED;
}
/* allowed user */
if (user_allowed(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP FIRST:") == ALLOWED)
return ALLOWED;;
/* allowed group */
if (group_allowed(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP FIRST:") == ALLOWED)
return ALLOWED;
/* user allowed interpreter and allowed group script file*/
/* 0 allowed */
/* -1 deny */
if (param_file(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
argv,
argv_len,
global_list_prog,
global_list_prog_size,
"STAT STEP FIRST:") == ALLOWED)
return ALLOWED;
if (printk_deny == true)
printk("STAT STEP FIRST: USER/PROG. DENY :
a:%d;%ld;%s;%s\n", user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
filename);
return (RET_SHELL);
}
static int exec_second_step(const char *filename)
{
struct sum_hash_struct size_hash_sum;
int retval;
uid_t user_id = get_current_user()->uid.val;
if (learning_mode == true) {
/* works too */
mutex_lock(&learning_lock);
learning(user_id,
filename,
&global_list_learning,
&global_list_learning_size,
HASH_ALG,
DIGIT);
mutex_unlock(&learning_lock);
}
if (safer_mode == true || (safer_show_mode == true &&
printk_allowed == true )
|| (safer_show_mode == true && printk_deny == true)) {
/* if size = 0 not check */
size_hash_sum = get_file_size_hash_read(filename, HASH_ALG, DIGIT);
if (size_hash_sum.retval == NOT_ALLOWED) {
if (printk_deny == true)
printk("STAT STEP SEC : USER/PROG. UNKOWN :
a:%d;;;%s\n",user_id,
filename);
return ALLOWED;
}
/* group deny folder */
if (global_list_folder_size > 0) {
retval = group_folder_deny(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP SEC :");
if (safer_mode == true) {
if (retval == NOT_ALLOWED)
return RET_SHELL;
}
else if (retval == NOT_ALLOWED)
return ALLOWED;
}
/* deny folder */
if (global_list_folder_size > 0) {
retval = user_folder_deny(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP SEC :");
if (safer_mode == true) {
if (retval == NOT_ALLOWED)
return RET_SHELL;
}
else if (retval == NOT_ALLOWED)
return ALLOWED;
}
/* deny group */
/* if global_list_prog_size = 0, safer_mode not true */
retval = group_deny(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :");
if (safer_mode == true) {
if (retval == NOT_ALLOWED)
return RET_SHELL;
}
else if (retval == NOT_ALLOWED)
return ALLOWED;
/* deny user */
retval = user_deny(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :");
if (safer_mode == true) {
if (retval == NOT_ALLOWED)
return RET_SHELL;
}
else if (retval == NOT_ALLOWED)
return ALLOWED;
/* allowed folder */
if (global_list_folder_size > 0) {
if (group_folder_allowed(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
}
/* allowed folder */
if (global_list_folder_size > 0) {
if (user_folder_allowed(user_id,
filename,
global_list_folder,
global_list_folder_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
}
/* allowed user */
if (user_allowed(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
/* allowed group */
if (group_allowed(user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
/* user allowed interpreter */
if (user_interpreter_allowed( user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
/* group allowed interpreter */
if (group_interpreter_allowed( user_id,
filename,
size_hash_sum.file_size,
size_hash_sum.hash_string,
global_list_prog,
global_list_prog_size,
"STAT STEP SEC :") == ALLOWED)
return ALLOWED;
if (printk_deny == true) {
printk("STAT STEP SEC : USER/PROG. DENY :
a:%d;%ld;%s;%s\n",user_id,
size_hash_sum.file_size,
size_hash_sum.hash_string,
filename);
}
/* filter end */
if (safer_mode == true)
return (RET_SHELL);
else return ALLOWED;
}
return ALLOWED;
}
static int allowed_exec(struct filename *kernel_filename,
const char __user *const __user *_argv)
{
struct user_arg_ptr argv = { .ptr.native = _argv };
const char __user *str;
char **argv_list = NULL;
long argv_list_len = 0;
long str_len;
int retval;
uid_t user_id;
if (safer_mode == false)
if (learning_mode == false)
if (safer_show_mode == false || printk_allowed == false)
if (safer_show_mode == false || printk_deny == false)
return ALLOWED;
/* argv -> kernel space */
argv_list_len = count(argv, MAX_ARG_STRINGS);
if (argv_list_len > ARGV_MAX) argv_list_len = ARGV_MAX;
argv_list = kzalloc(argv_list_len * sizeof(char *), GFP_KERNEL);
if (!argv_list)
return ALLOWED;
for (int n = 0; n < argv_list_len; n++) {
str = get_user_arg_ptr(argv, n);
str_len = strnlen_user(str, MAX_ARG_STRLEN);
argv_list[n] = kzalloc((str_len + 1) * sizeof(char), GFP_KERNEL);
retval = copy_from_user(argv_list[n], str, str_len);
}
user_id = get_current_user()->uid.val;
if (verbose_param_mode == true)
print_prog_arguments( user_id,
kernel_filename->name,
argv_list,
argv_list_len,
HASH_ALG,
DIGIT);
if (learning_mode == true) {
/* works too */
mutex_lock(&learning_lock);
learning(user_id,
kernel_filename->name,
&global_list_learning,
&global_list_learning_size,
HASH_ALG,
DIGIT);
learning_argv( user_id,
kernel_filename->name,
argv_list,
argv_list_len,
&global_list_learning_argv,
&global_list_learning_argv_size,
&global_list_learning_argv_init);
mutex_unlock(&learning_lock);
}
if (safer_mode == true || (safer_show_mode == true &&
printk_allowed == true)
|| (safer_show_mode == true && printk_deny == true))
retval = exec_first_step(user_id,
kernel_filename->name,
argv_list,
argv_list_len);
for (int n = 0; n < argv_list_len; n++) {
if (argv_list[n] != NULL)
kfree(argv_list[n]);
}
if (argv_list != NULL) {
kfree(argv_list);
argv_list = NULL;
}
if (safer_mode == true)
return (retval);
return ALLOWED;
}
/* SYSCALL NR: my choice: above 500 */
SYSCALL_DEFINE2(set_execve_list,
const loff_t, number,
const char __user *const __user *, list)
{
uid_t user_id;
int str_len = 0;
char *list_string = NULL;
struct user_arg_ptr _list = { .ptr.native = list };
const char __user *str;
user_id = get_current_user()->uid.val;
/* command part, future ? */
switch(number) {
/* safer on */
case 999900: if (user_id != 0) return CONTROL_ERROR;
if (change_mode == false) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
if (global_list_prog_size > 0 ||
global_list_folder_size > 0) {
safer_mode = true;
printk("MODE: SAFER ON\n");
mutex_unlock(&control);
return CONRTOL_OK;
}
else {
printk("MODE: SAFER OFF\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* safer off */
case 999901: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER OFF\n");
safer_mode = false;
mutex_unlock(&control);
return CONRTOL_OK;
/* stat */
case 999902: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
printk("SAFER STATE : %d\n", safer_mode);
return(safer_mode);
/* printk allowed on */
case 999903: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER PRINTK ALLOWED ON\n");
printk_allowed = true;
mutex_unlock(&control);
return CONRTOL_OK;
/* printk allowed off */
case 999904: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER PRINTK ALLOWED OFF\n");
printk_allowed = false;
mutex_unlock(&control);
return CONRTOL_OK;
case 999905: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: NO MORE CHANGES ALLOWED\n");
change_mode = false;
mutex_unlock(&control);
return CONRTOL_OK;
case 999906: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: learning ON\n");
learning_mode = true;
mutex_unlock(&control);
return CONRTOL_OK;
case 999907: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: learning OFF\n");
learning_mode = false;
mutex_unlock(&control);
return CONRTOL_OK;
case 999908: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: verbose paramter mode ON\n");
verbose_param_mode = true;
mutex_unlock(&control);
return CONRTOL_OK;
case 999909: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: verbose parameter mode OFF\n");
verbose_param_mode = false;
mutex_unlock(&control);
return CONRTOL_OK;
/* safer show on */
case 999910: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
safer_show_mode = true;
printk("MODE: SAFER SHOW ONLY ON\n");
mutex_unlock(&control);
return CONRTOL_OK;
/* safer show off */
case 999911: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER SHOW ONLY OFF\n");
safer_show_mode = false;
mutex_unlock(&control);
return CONRTOL_OK;
/* printk deny ON */
case 999912: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER PRINTK DENY ON\n");
printk_deny = true;
mutex_unlock(&control);
return CONRTOL_OK;
/* printk deny OFF */
case 999913: if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
printk("MODE: SAFER PRINTK DENY OFF\n");
printk_deny = false;
mutex_unlock(&control);
return CONRTOL_OK;
/* set all list */
case 999920:
if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
if (list == NULL) { /* check? */
printk("ERROR: FILE LIST\n");
mutex_unlock(&control);
return CONTROL_ERROR;
} /* check!? */
int int_ret = count(_list, MAX_ARG_STRINGS);
if (int_ret == 0) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
str = get_user_arg_ptr(_list, 0); /* String 0 */
str_len = strnlen_user(str, MAX_ARG_STRLEN);
if (str_len < 1) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* safer */
if (list_string != NULL) { kfree(list_string);
list_string = NULL; }
list_string = kmalloc((str_len + 1) * sizeof(char),
GFP_KERNEL);
if (list_string == NULL) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
int_ret = copy_from_user(list_string, str, str_len);
long list_prog_size;
int_ret = kstrtol(list_string, 10, &list_prog_size);
if (list_string != NULL) { kfree(list_string);
list_string = NULL; }
if (int_ret != 0) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* new list 0 ? */
if (list_prog_size < 1) {
printk("NO FILE LIST\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* new list > MAX_DYN */
if (list_prog_size > MAX_DYN) {
printk("FILE LIST TO BIG!\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* check bytes */
/* new list */
long list_progs_bytes = 0;
for (int n = 0; n < list_prog_size; n++) {
str = get_user_arg_ptr(_list, n + 1);
list_progs_bytes += strnlen_user(str, MAX_ARG_STRLEN);
}
if (list_progs_bytes > MAX_DYN_BYTES) {
printk("FILE LIST TO BIG!\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/*
first: new list
if new list ok. clear old list.
if new list not ok clear new list
keep old list
*/
char **list_prog_temp = NULL;
/* dyn list */
list_prog_temp = kmalloc(list_prog_size * sizeof(char
*), GFP_KERNEL);
/* Create a new not ok */
if (list_prog_temp == NULL) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
for (int n = 0; n < list_prog_size; n++) {
str = get_user_arg_ptr(_list, n + 1); /*
String 0 */
str_len = strnlen_user(str, MAX_ARG_STRLEN);
list_prog_temp[n] = kmalloc((str_len + 1) *
sizeof(char), GFP_KERNEL);
/* Create a new list not ok */
if (list_prog_temp[n] == NULL) {
for (int n_error = 0; n_error < n; n_error++) {
kfree(list_prog_temp[n_error]);
list_prog_temp[n_error] = NULL;
}
kfree(list_prog_temp);
list_prog_temp = NULL;
mutex_unlock(&control);
return CONTROL_ERROR;
}
int_ret = copy_from_user(list_prog_temp[n], str,
str_len);
}
/* clear */
/* old list */
if (global_list_prog_size > 0) {
for (int n = 0; n < global_list_prog_size; n++) {
kfree(global_list_prog[n]);
global_list_prog[n] = NULL;
}
kfree(global_list_prog);
}
/* global = new */
global_list_prog = list_prog_temp;
list_prog_temp = NULL;
global_list_prog_size = list_prog_size;
global_list_progs_bytes = list_progs_bytes;
printk("FILE LIST ELEMENTS: %ld\n", global_list_prog_size);
printk("FILE LIST BYTES : %ld\n",
global_list_progs_bytes);
mutex_unlock(&control);
return(global_list_prog_size);
/* set all folder list */
case 999921:
if (change_mode == false) return CONTROL_ERROR;
if (user_id != 0) return CONTROL_ERROR;
if (!mutex_trylock(&control)) return CONTROL_ERROR;
if (list == NULL) { /* check? */
printk("ERROR: FOLDER LIST\n");
mutex_unlock(&control);
return CONTROL_ERROR;
} /* check!? */
/* No Syscall Parameter 6 necessary */
int_ret = count(_list, MAX_ARG_STRINGS);
if (int_ret == 0) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
str = get_user_arg_ptr(_list, 0); /* String 0 */
str_len = strnlen_user(str, MAX_ARG_STRLEN);
if (str_len < 1) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* safer */
if (list_string != NULL) { kfree(list_string);
list_string = NULL; }
list_string = kmalloc((str_len + 1) * sizeof(char),
GFP_KERNEL);
if (list_string == NULL) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
int_ret = copy_from_user(list_string, str, str_len);
long list_folder_size;
int_ret = kstrtol(list_string, 10, &list_folder_size);
if (list_string != NULL) { kfree(list_string);
list_string = NULL; };
if (int_ret != 0) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* new list = 0 ? */
if (list_folder_size < 1) {
printk("NO FOLDER LIST\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* new list > MAX_DYN */
if (list_folder_size > MAX_DYN) {
printk("FOLDER LIST TO BIG!\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/* check bytes */
/* new list */
long list_folders_bytes = 0;
for (int n = 0; n < list_folder_size; n++) {
str = get_user_arg_ptr(_list, n + 1);
list_folders_bytes += strnlen_user(str,
MAX_ARG_STRLEN);
}
if (list_folders_bytes > MAX_DYN_BYTES) {
printk("FOLDER LIST TO BIG!\n");
mutex_unlock(&control);
return CONTROL_ERROR;
}
/*
first: new list
if new list ok. clear old list.
if new list not ok clear new list
keep old list
*/
char **list_folder_temp = NULL;
/* dyn array */
list_folder_temp = kmalloc(list_folder_size *
sizeof(char *), GFP_KERNEL);
/* Create a new list not ok */
if (list_folder_temp == NULL) {
mutex_unlock(&control);
return CONTROL_ERROR;
}
for (int n = 0; n < list_folder_size; n++) {
str = get_user_arg_ptr(_list, n + 1); /*
String 0 */
str_len = strnlen_user(str, MAX_ARG_STRLEN);
list_folder_temp[n] = kmalloc((str_len + 1) *
sizeof(char), GFP_KERNEL);
/* Create a new list not ok*/
if (list_folder_temp[n] == NULL) {
for (int n_error = 0; n_error < n; n_error++) {
kfree(list_folder_temp[n_error]);
list_folder_temp[n_error] = NULL;
}
kfree(list_folder_temp);
list_folder_temp = NULL;
mutex_unlock(&control);
return CONTROL_ERROR;
}
int_ret = copy_from_user(list_folder_temp[n], str,
str_len);
}
/* clear */
/* old list */
if (global_list_folder_size > 0) {
for (int n = 0; n < global_list_folder_size; n++) {
kfree(global_list_folder[n]);
global_list_folder[n] = NULL;
}
kfree(global_list_folder);
}
/* global = new */
global_list_folder = list_folder_temp;
list_folder_temp = NULL;
global_list_folder_size = list_folder_size;
global_list_folders_bytes = list_folders_bytes;
printk("FILE LIST ELEMENTS: %ld\n",
global_list_folder_size);
printk("FILE LIST BYTES : %ld\n",
global_list_folders_bytes);
mutex_unlock(&control);
return(global_list_folder_size);
default: printk("ERROR: COMMAND NOT IN LIST\n");
return CONTROL_ERROR;
}
}
SYSCALL_DEFINE3(execve,
const char __user *, filename,
const char __user *const __user *, argv,
const char __user *const __user *, envp)
{
if (allowed_exec(getname(filename), argv) == RET_SHELL) return
RET_SHELL;
return do_execve(getname(filename), argv, envp);
}
---------------------------------
TOOL
csafer.c
same as fpsafer.pas
---------------------------------
/** Copyright (c) 2022/05/12, Peter Boettcher, Germany/NRW, Muelheim Ruhr
* Urheber: 2022/05/12, Peter Boettcher, Germany/NRW, Muelheim Ruhr
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2, or (at your option)
* any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*)
*/
/*
Frontend for Linux SYSCALL Extension <execve>
Autor/Urheber : Peter Boettcher
: Muelheim Ruhr
: Germany
Date : 2023.11.15 - 2024.05.26
Program : csafer.c
: Simple Frontend
: Control Program for Extension <SYSCALL execve>
: It only works as ROOT
: If you use binary search, a sorted list ist required.
List : ALLOW and DENY list
Control : 0 = safer ON
: 1 = safer OFF
: 2 = State
: 3 = printk allowed LOG ON
: 4 = printk allowed Log OFF
: 5 = LOCK changes
: 6 = learning ON
: 7 = learning OFF
: 8 = Verbose LOG ON
: 9 = Verbose LOG OFF
: 10 = Safer Show LOG ON
: 11 = Safer Show LOG OFF
: 12 = printk deny on
: 13 = printk deny off
: 20 = Set FILE List
: 21 = Set FOLDER List
ALLOW/DENY List : 2 DIM. dyn. char Array = string
: String 0 = Number of strings
: a:USER-ID;SIZE;HASH;Path
: d:USER-ID;SIZE;HASH;Path
: ga:GROUP-ID;HASH;Path
: gd:GROUP-ID;HASH;Path
: ai:USER-ID;SIZE;HASH;PATH/python
: a:ai:USER-ID;SIZE;HASH;PATH/python-script
: Example:
: a:100;1224;HASH;/bin/test = allow file
: a:100;1234;HASH;/bin/test1 = allow file
: a:100;/usr/sbin/ = allow Folder
: d:100;HASH;/usr/sbin/test = deny file
: d:100;/usr/sbin/ = deny folder
: ga:100;usr/sbin/ = allow group folder
: gd:100;/usr/bin/ = deny group folder
: gd:101;1234;HASH;/usr/bin/mc = deny group file
: ga:101;1234;HASH;/usr/bin/mc = allow group file
: ai:100;1234;HASH;/bin/python = allow file
: a:100;1234;HASH;/bin/test1.py = allow file
program start :
: python = allone = not allowed
: python /PATH/test.py = allowed
: test1.py = allowed
: It is up to the ADMIN to keep the list reasonable
according to these rules!
I would like to remember ALICIA ALONSO, MAYA PLISETSKAYA, CARLA
FRACCI, EVA EVDOKIMOVA, VAKHTANG CHABUKIANI and the
"LAS CUATRO JOYAS DEL BALLET CUBANO". Admirable ballet dancers.
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#define SAFER_ON 0
#define SAFER_OFF 1
#define STAT 2
#define PRINTK_ALLOWED_ON 3
#define PRINTK_ALLOWED_OFF 4
#define PRINTK_DENY_ON 12
#define PRINTK_DENY_OFF 13
#define SAFER_LOCK 5
#define PRINTK_LEARNING_ON 6
#define PRINTK_LEARNING_OFF 7
#define PRINTK_ARGV_ON 8
#define PRINTK_ARGV_OFF 9
#define PRINTK_SHOW_ON 10
#define PRINTK_SHOW_OFF 11
#define LIST_PROG 20
#define LIST_FOLDER 21
#define SAFER_SORT 30
typedef signed long long int s64;
typedef unsigned long long int u64;
typedef int bool;
#define true 1
#define false 0
/* #define VERSION_SYSCALL */
#ifdef VERSION_SYSCALL
#define SYSCALL_NR 501
#else
#define SYSCALL_NR 59
#endif
//--------------------------------------------------------------------------------------------------------------------
typedef struct {
//public
char **TStringList;
s64 COUNT_BYTES_FILE;
s64 COUNT_LINES_FILE;
s64 TStringList_Length_Max;
s64 TStringList_Lines;
bool DelDUP;
bool SORT;
//public Funktionen
s64 (*CountBytesFile) (void *self, char *file_name);
s64 (*CountLinesFile) (void *self, char *file_name);
s64 (*SetLines) (void *self, s64 numbers);
s64 (*DynStrcpy) (void *self, s64 number, char *newstring);
s64 (*DynStrcat) (void *self, s64 number, char *newstring);
s64 (*Del) (void *self, s64 number);
s64 (*CountLines) (void *self);
s64 (*StringLengthMax) (void *self);
s64 (*LoadFromFile) (void *self, char *file_name);
s64 (*DelDup) (void *self);
s64 (*DynFree) (void *self);
s64 (*MaxStr) (void *self);
s64 (*Add) (void *self, char *newstring);
s64 (*Sort) (void *self);
s64 (*SetSort) (void *self, bool b);
s64 (*SetDelDUP) (void *self, bool b);
} TStringList;
int TryStrToInt64 (char *STRING_NUMBER, s64 *NUMBER, int ZAHLEN_SYSTEM) {
char *ERROR;
if (strlen(STRING_NUMBER) == 0) return (-1);
*NUMBER = strtoll(STRING_NUMBER, &ERROR, ZAHLEN_SYSTEM);
if (strlen(ERROR) != 0) return (-1);
if (*NUMBER == 9223372036854775807) {
if (strncmp(STRING_NUMBER, "9223372036854775807", 19) != 0)
return(-1);
else return(0);
}
/* Warning gcc: -922337203685477508 */
if (*NUMBER + 1 == -9223372036854775807) {
if (strncmp(STRING_NUMBER, "-9223372036854775808", 20) != 0)
return(-1);
else return(0);
}
return(0);
}
int str_compare(const void *a, const void *b)
{
const char **pa = (const char **)a;
const char **pb = (const char **)b;
return strcmp(*pa, *pb);
}
s64 Sort (void *self) {
TStringList *struct_tstringlist = self;
qsort(struct_tstringlist->TStringList,
struct_tstringlist->TStringList_Lines, sizeof(char *), str_compare);
return(0);
}
s64 SetSort (void *self, bool b) {
TStringList *struct_tstringlist = self;
if (b == true) struct_tstringlist->SORT = true;
else struct_tstringlist->SORT = false;
return(0);
}
s64 SetDelDUP (void *self, bool b) {
TStringList *struct_tstringlist = self;
if (b == true) struct_tstringlist->DelDUP = true;
else struct_tstringlist->DelDUP = false;
return(0);
}
s64 Add(void *self, char *newstring)
{
TStringList *struct_tstringlist = self;
//New
if (struct_tstringlist->TStringList_Lines == -1) {
struct_tstringlist->TStringList = malloc(1 * sizeof(char *));
if (struct_tstringlist->TStringList == NULL) return(-1);
struct_tstringlist->TStringList[0] = malloc((strlen(newstring)
+ 1) * sizeof(char));
if
(struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines]
== NULL) {
//former state
free(struct_tstringlist->TStringList);
return(-1);
}
strcpy(struct_tstringlist->TStringList[0], newstring);
struct_tstringlist->TStringList_Lines = 1;
return(0);
}
//backup pointer
char **backup_ptr = struct_tstringlist->TStringList;
s64 lines = struct_tstringlist->TStringList_Lines + 1;
//New LINE
backup_ptr = realloc(backup_ptr, lines * sizeof(char *));
if (backup_ptr == NULL) return(-1);
else struct_tstringlist->TStringList = backup_ptr;
//MEM Columns
struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines] =
malloc((strlen(newstring) + 1) * sizeof(char));
if
(struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines]
== NULL) {
//former state
struct_tstringlist->TStringList =
realloc(struct_tstringlist->TStringList, (lines - 1) * sizeof(char *));
return(-1);
}
strcpy(struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines],
newstring);
struct_tstringlist->TStringList_Lines++;
return(0);
}
s64 MaxStr (void *self)
{
TStringList *struct_tstringlist = self;
s64 MAX;
for (s64 n = 0; n < struct_tstringlist->TStringList_Lines; n++) {
if (struct_tstringlist->TStringList[n] != NULL) {
MAX = strlen(struct_tstringlist->TStringList[n]);
if (MAX > struct_tstringlist->TStringList_Length_Max)
struct_tstringlist->TStringList_Length_Max = MAX;
}
}
return(0);
}
s64 DynFree (void *self)
{
TStringList *struct_tstringlist = self;
if (struct_tstringlist->TStringList_Lines == -1) return(-1);
for (s64 n = 0; n < struct_tstringlist->TStringList_Lines; n++) {
if (struct_tstringlist->TStringList[n] != NULL)
free(struct_tstringlist->TStringList[n]);
}
free(struct_tstringlist->TStringList);
struct_tstringlist->TStringList = NULL;
struct_tstringlist->TStringList_Lines = -1;
struct_tstringlist->TStringList_Length_Max = -1;
struct_tstringlist->COUNT_BYTES_FILE = -1;
struct_tstringlist->COUNT_LINES_FILE = -1;
return(0);
}
s64 CountLinesFile(void *self, char *file_name)
{
long long n = 1;
int c;
FILE *fp;
fp = fopen(file_name, "r");
if (!fp) return(-1);
while ((c = fgetc(fp)) != EOF) {
if (c == '\n') n++;
}
if (ferror(fp)) return(-1);
fclose(fp);
TStringList *struct_tstringlist = self;
struct_tstringlist->COUNT_LINES_FILE = n;
return(n);
}
s64 CountBytesFile(void *self, char *file_name)
{
long n = 1;
int c;
FILE *fp;
fp = fopen(file_name, "r");
if (!fp) return(-1);
while ((c = fgetc(fp)) != EOF) {
n++;
}
if (ferror(fp)) { fclose(fp); return(-1); }
fclose(fp);
TStringList *struct_tstringlist = self;
struct_tstringlist->COUNT_BYTES_FILE = n;
return(n);
}
s64 SetLines(void *self, s64 numbers)
{
TStringList *struct_tstringlist = self;
if (numbers < 1) return(-1);
if (numbers == struct_tstringlist->TStringList_Lines) return(0);
//do nothing
//New
if (struct_tstringlist->TStringList_Lines == -1) {
struct_tstringlist->TStringList = calloc(numbers, sizeof(char *));
if (struct_tstringlist->TStringList == NULL) return(-1);
struct_tstringlist->TStringList_Lines = numbers;
//malloc
//for (s64 n = 0; n < numbers; n++)
struct_tstringlist->TStringList[n] = NULL;
return(0);
}
//resize <
if (numbers < struct_tstringlist->TStringList_Lines) {
s64 diff = struct_tstringlist->TStringList_Lines - numbers;
for (s64 n = diff - 1; n <
struct_tstringlist->TStringList_Lines; n++)
free(struct_tstringlist->TStringList[n]);
struct_tstringlist->TStringList =
realloc(struct_tstringlist->TStringList, numbers * sizeof(char *));
struct_tstringlist->TStringList_Lines = numbers;
return(0);
}
//resize >
if (numbers > struct_tstringlist->TStringList_Lines) {
s64 diff = numbers - struct_tstringlist->TStringList_Lines;
char **tmp_ptr = struct_tstringlist->TStringList;
tmp_ptr = realloc(tmp_ptr, numbers * sizeof(char *));
if (tmp_ptr == NULL) return(-1);
struct_tstringlist->TStringList = tmp_ptr;
struct_tstringlist->TStringList_Lines = numbers;
for (s64 n = diff - 1; n <
struct_tstringlist->TStringList_Lines; n++) {
struct_tstringlist->TStringList[n] = NULL;
}
return(0);
}
return(0);
}
s64 DynStrcpy (void *self, s64 number, char *newstring)
{
TStringList *struct_tstringlist = self;
if (number < 0 ) return(-1);
if (struct_tstringlist->TStringList_Lines == -1) return(-1);
if (struct_tstringlist->TStringList == NULL) return(-1);
if (number >= struct_tstringlist->TStringList_Lines) return(-1);
if (struct_tstringlist->TStringList[number] != NULL)
free(struct_tstringlist->TStringList[number]);
s64 len = strlen(newstring) + 1;
struct_tstringlist->TStringList[number] = malloc(len * sizeof(char *));
strcpy(struct_tstringlist->TStringList[number], newstring);
return(0);
}
s64 DynStrcat (void *self, s64 number, char *newstring)
{
TStringList *struct_tstringlist = self;
if (number < 0 ) return(-1);
if (number >= struct_tstringlist->TStringList_Lines) return(-1);
if (struct_tstringlist->TStringList == NULL) return(-1);
s64 len = strlen(struct_tstringlist->TStringList[number]) +
strlen(newstring) + 1;
struct_tstringlist->TStringList[number] =
realloc(struct_tstringlist->TStringList[number], len * sizeof(char *));
strcat(struct_tstringlist->TStringList[number], newstring);
return(0);
}
s64 Del(void *self, s64 number)
{
TStringList *struct_tstringlist = self;
s64 lines_max = struct_tstringlist->TStringList_Lines;
if (number < 0) return(-1);
if (number >= struct_tstringlist->TStringList_Lines) return(-1);
//if number = last line
if (number == struct_tstringlist->TStringList_Lines - 1) {
//delete
free(struct_tstringlist->TStringList[number]);
struct_tstringlist->TStringList =
realloc(struct_tstringlist->TStringList,
(struct_tstringlist->TStringList_Lines - 1) * sizeof(char *));
struct_tstringlist->TStringList_Lines--;
return(0);
}
//delete
free(struct_tstringlist->TStringList[number]);
//address last line -> delete line
struct_tstringlist->TStringList[number] =
struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines - 1];
struct_tstringlist->TStringList =
realloc(struct_tstringlist->TStringList,
(struct_tstringlist->TStringList_Lines - 1) * sizeof(char *));
struct_tstringlist->TStringList_Lines--;
return(0);
}
s64 CountLines(void *self)
{
TStringList *struct_tstringlist = self;
return(struct_tstringlist->TStringList_Lines);
}
s64 DelDup(void *self)
{
TStringList *struct_tstringlist = self;
qsort(struct_tstringlist->TStringList,
struct_tstringlist->TStringList_Lines, sizeof(char *), str_compare);
s64 counter = 0;
for (s64 n = struct_tstringlist->TStringList_Lines - 1; n > 0; n--) {
if (strcmp(struct_tstringlist->TStringList[n - 1],
struct_tstringlist->TStringList[n]) == 0) {
free(struct_tstringlist->TStringList[n]);
struct_tstringlist->TStringList[n] =
struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines -
1 - counter];
counter++;
}
}
struct_tstringlist->TStringList_Lines -= counter;
struct_tstringlist->TStringList =
realloc(struct_tstringlist->TStringList,
struct_tstringlist->TStringList_Lines * sizeof(char *));
return(0);
}
s64 StringLengthMax(void *self)
{
TStringList *struct_tstringlist = self;
return(struct_tstringlist->TStringList_Length_Max);
}
s64 LoadFromFile(void *self, char *file_name)
{
long max_bytes = 0;
int c;
FILE *fp;
long max_lines = 0;
char *TEXT;
long str_length = 0;
fp = fopen(file_name, "r");
if (!fp) return(-1);
while ((c = fgetc(fp)) != EOF) {
max_bytes++;
}
if (ferror(fp)) { fclose(fp); return(-1); }
fseek(fp, 0, SEEK_SET);
while ((c = fgetc(fp)) != EOF) {
if (c == '\n') max_lines++;
}
fseek(fp, 0, SEEK_SET);
TEXT = calloc(max_bytes, sizeof(char));
if (TEXT == NULL) { fclose(fp); return(-1); }
fread(TEXT, max_bytes, sizeof(char), fp);
if (ferror(fp)) { fclose(fp); return(-1); }
fclose(fp);
//Zeilen reservieren
TStringList *struct_tstringlist = self;
struct_tstringlist->COUNT_LINES_FILE = max_lines;
struct_tstringlist->COUNT_BYTES_FILE = max_bytes;
struct_tstringlist->TStringList = calloc(max_lines, sizeof(char *));
if (struct_tstringlist->TStringList == NULL) return(-1);
long lines = 0;
long start = 0;
long len = 0;
for (int n = 0; n < max_bytes; n++) {
if (TEXT[n] == '\n') {
if (n > start) {
struct_tstringlist->TStringList[lines] = malloc((n -
start + 1) * sizeof(char));
strncpy(struct_tstringlist->TStringList[lines],
&TEXT[start], n - start);
struct_tstringlist->TStringList[lines][n - start] = '\0';
len = n - start;
if (len > struct_tstringlist->TStringList_Length_Max)
struct_tstringlist->TStringList_Length_Max = len;
start = n + 1;
lines++;
}
else start++;
}
}
struct_tstringlist->TStringList_Lines = lines;
if (struct_tstringlist->DelDUP == true) {
qsort(struct_tstringlist->TStringList,
struct_tstringlist->TStringList_Lines, sizeof(char *), str_compare);
s64 counter = 0;
for (s64 n = struct_tstringlist->TStringList_Lines - 1; n > 0;
n--) {
if (strcmp(struct_tstringlist->TStringList[n - 1],
struct_tstringlist->TStringList[n]) == 0) {
free(struct_tstringlist->TStringList[n]);
struct_tstringlist->TStringList[n] =
struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines -
1 - counter];
counter++;
}
}
struct_tstringlist->TStringList_Lines -= counter;
struct_tstringlist->TStringList =
realloc(struct_tstringlist->TStringList,
struct_tstringlist->TStringList_Lines * sizeof(char *));
}
if (struct_tstringlist->SORT == true) {
qsort(struct_tstringlist->TStringList,
struct_tstringlist->TStringList_Lines, sizeof(char *), str_compare);
}
return(0);
}
//--------------------------------------------------------------------------------------------------------------------
s64 TStringListCreate(void *self) {
TStringList *struct_tstringlist = self;
struct_tstringlist->CountBytesFile = &CountBytesFile;
struct_tstringlist->CountLinesFile = &CountLinesFile;
struct_tstringlist->SetLines = &SetLines;
struct_tstringlist->DynStrcpy = &DynStrcpy;
struct_tstringlist->DynStrcat = &DynStrcat;
struct_tstringlist->Del = ∇
struct_tstringlist->CountLines = &CountLines;
struct_tstringlist->StringLengthMax = &StringLengthMax;
struct_tstringlist->LoadFromFile = &LoadFromFile;
struct_tstringlist->DelDup = &DelDup;
struct_tstringlist->DynFree = &DynFree;
struct_tstringlist->MaxStr = &MaxStr;
struct_tstringlist->Add = &Add;
struct_tstringlist->Sort = &Sort;
struct_tstringlist->SetSort = &SetSort;
struct_tstringlist->SetDelDUP = &SetDelDUP;
struct_tstringlist->COUNT_BYTES_FILE = -1;
struct_tstringlist->COUNT_LINES_FILE = -1;
struct_tstringlist->TStringList_Length_Max = -1;
struct_tstringlist->TStringList_Lines = -1;
struct_tstringlist->DelDUP = false;
struct_tstringlist->SORT = false;
//(*struct_tstringlist).DelDUP = false; //geht auch so
return(0);
}
int ErrorMessage()
{
printf("csafer, 2022/05 Peter Boettcher, Germany, Muelheim Ruhr\n");
printf("VERSION : C, LINUX VERSION\n");
printf("\n");
printf("\n");
printf("SYSCALL : %ld\n", SYSCALL_NR);
printf("\n");
printf("Parameter : <SON> Safer ON\n");
printf("Parameter : <SOFF> Safer OFF\n");
printf("\n");
printf("Parameter : <STAT> Safer STAT\n");
printf("\n");
printf("Parameter : <PAON> Safer Printk ALLOWED ON\n");
printf("Parameter : <PAOFF> Safer Printk ALLOWED OFF\n");
printf("\n");
printf("Parameter : <PDON> Safer Printk DENY ON\n");
printf("Parameter : <PDOFF> Safer Printk DENY OFF\n");
printf("\n");
printf("Parameter : <SLOCK> Safer DO NOT allowed any more
changes\n");
printf("\n");
printf("Parameter : <SLON> Safer MODE: LEARNING ON\n");
printf("Parameter : <SLOFF> Safer MODE: LEARNING OFF\n");
printf("\n");
printf("Parameter : <SVON> Safer MODE: VERBOSE PARAM ON\n");
printf("Parameter : <SVOFF> Safer MODE: VERBOSE PARAM OFF\n");
printf("\n");
printf("Parameter : <SHOWON> Safer MODE: SAFER SHOW ONLY ON\n");
printf("Parameter : <SHOWOFF> Safer MODE: SAFER SHOW ONLY OFF\n");
printf("\n");
printf("Parameter : <PLIST> Safer SET FILE LIST\n");
printf(" : <safer list>\n");
printf("\n");
printf("Parameter : <FLIST> Safer SET FOLDER LIST\n");
printf(" : <safer list>\n");
printf("\n");
printf("Parameter : <SORT> Safer LIST SORT\n");
printf(" : <safer list>\n");
printf("\n");
printf("\n");
exit(0);
}
TStringList all_list;
TStringList folder_list;
TStringList file_list;
TStringList work_list;
//--------------------------------------------------------------------------------------------------
void main(int argc, char *argv[]) {
s64 NUMBER = 0;
if (argc == 2) {
for(;;) {
if (strcmp(argv[1], "SON") == 0) { NUMBER = SAFER_ON; break; }
if (strcmp(argv[1], "SOFF") == 0) { NUMBER = SAFER_OFF;
break; }
if (strcmp(argv[1], "STAT") == 0) { NUMBER = STAT; break; }
if (strcmp(argv[1], "PAON") == 0) { NUMBER =
PRINTK_ALLOWED_ON; break; }
if (strcmp(argv[1], "PAOFF") == 0) { NUMBER =
PRINTK_ALLOWED_OFF; break; }
if (strcmp(argv[1], "PDON") == 0) { NUMBER =
PRINTK_DENY_ON; break; }
if (strcmp(argv[1], "PDOFF") == 0) { NUMBER =
PRINTK_DENY_OFF; break; };
if (strcmp(argv[1], "SLOCK") == 0) { NUMBER = SAFER_LOCK;
break; }
if (strcmp(argv[1], "SLON") == 0) { NUMBER =
PRINTK_LEARNING_ON; break; }
if (strcmp(argv[1], "SLOFF") == 0) { NUMBER =
PRINTK_LEARNING_OFF; break; }
if (strcmp(argv[1], "SVON") == 0) { NUMBER =
PRINTK_ARGV_ON; break; }
if (strcmp(argv[1], "SVOFF") == 0) { NUMBER =
PRINTK_ARGV_OFF; break; }
if (strcmp(argv[1], "SHOWON") == 0) { NUMBER =
PRINTK_SHOW_ON; break; }
if (strcmp(argv[1], "SHOWOFF") == 0) { NUMBER =
PRINTK_SHOW_OFF; break; }
ErrorMessage();
}
#ifdef VERSION_SYSCALL
printf("%ld\n", syscall(SYSCALL_NR, 999900 + NUMBER));
#else
printf("%ld\n", syscall(SYSCALL_NR, 0, 0, 0, 999900 + NUMBER));
#endif
exit(0);
}
if (argc == 3) {
for (;;) {
if (strcmp(argv[1], "PLIST") == 0) { NUMBER = LIST_PROG;
break; }
if (strcmp(argv[1], "FLIST") == 0) { NUMBER = LIST_FOLDER;
break; }
if (strcmp(argv[1], "SORT") == 0) { NUMBER = SAFER_SORT;
break; }
ErrorMessage();
}
switch(NUMBER) {
case 20: TStringListCreate(&all_list);
TStringListCreate(&file_list);
all_list.SetDelDUP(&all_list, true);
all_list.LoadFromFile(&all_list, argv[2]);
if (all_list.TStringList_Lines == -1) ErrorMessage();
for (s64 n = 0; n < all_list.TStringList_Lines; n++) {
if (strncmp(all_list.TStringList[n], "a:", 2)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "ai:", 3)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "d:", 2)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "ga:", 3)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "gai:", 4)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "gd:", 2)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
}
}
if (file_list.TStringList_Lines == -1 ) {
printf("ERROR: NO ELEMENT IN LIST\n"); exit(1); }
file_list.Sort(&file_list);
TStringListCreate(&work_list);
char str_len [19];
sprintf(str_len, "%u",
file_list.TStringList_Lines); /* int to string */
work_list.Add(&work_list, str_len);
for (s64 n = 0; n < file_list.TStringList_Lines; n++) {
work_list.Add(&work_list,
file_list.TStringList[n]);
}
/* Your choice */
for (s64 n = 0; n < work_list.TStringList_Lines; n++) {
printf("%s\n", work_list.TStringList[n]);
}
#ifdef VERSION_SYSCALL
printf("%ld\n", syscall(SYSCALL_NR, 999900 +
NUMBER, work_list.TStringList));
#else
printf("%ld\n", syscall(SYSCALL_NR, 0, 0, 0, 999900
+ NUMBER, work_list.TStringList));
#endif
exit(0);
case 21: TStringListCreate(&all_list);
TStringListCreate(&folder_list);
all_list.SetDelDUP(&all_list, true);
all_list.LoadFromFile(&all_list, argv[2]);
if (all_list.TStringList_Lines == -1) ErrorMessage();
for (s64 n = 0; n < all_list.TStringList_Lines; n++) {
if (strncmp(all_list.TStringList[n], "a:", 2)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] !=
'/') continue;
folder_list.Add(&folder_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "d:", 2)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] !=
'/') continue;
folder_list.Add(&folder_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "ga:", 3)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] !=
'/') continue;
folder_list.Add(&folder_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "gd:", 2)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] !=
'/') continue;
folder_list.Add(&folder_list,
all_list.TStringList[n]);
}
}
if (folder_list.TStringList_Lines == -1 ) {
printf("ERROR: NO ELEMENT IN LIST\n"); exit(1); }
folder_list.Sort(&folder_list);
TStringListCreate(&work_list);
sprintf(str_len, "%u",
folder_list.TStringList_Lines); /* int to string */
work_list.Add(&work_list, str_len);
for (s64 n = 0; n < folder_list.TStringList_Lines;
n++) {
work_list.Add(&work_list,
folder_list.TStringList[n]);
}
/* Your choice */
for (s64 n = 0; n < work_list.TStringList_Lines; n++) {
printf("%s\n", work_list.TStringList[n]);
}
#ifdef VERSION_SYSCALL
printf("%ld\n", syscall(SYSCALL_NR, 999900 +
NUMBER, work_list.TStringList));
#else
printf("%ld\n", syscall(SYSCALL_NR, 0, 0, 0, 999900
+ NUMBER, work_list.TStringList));
#endif
exit(0);
case 30: TStringListCreate(&all_list);
TStringListCreate(&file_list);
all_list.SetDelDUP(&all_list, true);
all_list.LoadFromFile(&all_list, argv[2]);
if (all_list.TStringList_Lines == -1) ErrorMessage();
for (s64 n = 0; n < all_list.TStringList_Lines; n++) {
if (strncmp(all_list.TStringList[n], "a:", 2)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "ai:", 3)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "d:", 2)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "ga:", 3)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "gai:", 4)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
continue;
}
if (strncmp(all_list.TStringList[n], "gd:", 2)
== 0) {
s64 last = strlen(all_list.TStringList[n]);
if (all_list.TStringList[n][last - 1] ==
'/') continue;
file_list.Add(&file_list,
all_list.TStringList[n]);
}
}
if (file_list.TStringList_Lines == -1 ) {
printf("ERROR: NO ELEMENT IN LIST\n"); exit(1); }
file_list.Sort(&file_list);
TStringListCreate(&work_list);
//char str_len [19];
sprintf(str_len, "%u",
file_list.TStringList_Lines); /* int to string */
work_list.Add(&work_list, str_len);
for (s64 n = 0; n < file_list.TStringList_Lines; n++) {
work_list.Add(&work_list,
file_list.TStringList[n]);
}
for (s64 n = 0; n < work_list.TStringList_Lines; n++) {
printf("%s\n", work_list.TStringList[n]);
}
exit(0);
ErrorMessage();
}
}
ErrorMessage();
}
---------------------------------
TOOL
fpsafer.pas
same as csafer.c
---------------------------------
(* Copyright (c) 2022/03/28, Peter Boettcher, Germany/NRW, Muelheim Ruhr
* Urheber: 2022/03/28, Peter Boettcher, Germany/NRW, Muelheim Ruhr
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2, or (at your option)
* any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*)
(* FreePascal:
* fpc fpsafer.pas
*
*)
(*
Frontend for Linux SYSCALL Extension <execve>
Autor/Urheber : Peter Boettcher
: Muelheim Ruhr
: Germany
Date : 2023.11.15 - 2024.05.26
Program : fpsafer.c
: Simple Frontend
: Control Program for Extension <SYSCALL execve>
: It only works as ROOT
: If you use binary search, a sorted list ist required.
List : ALLOW and DENY list
Control : 0 = safer ON
: 1 = safer OFF
: 2 = State
: 3 = printk allowed LOG ON
: 4 = printk allowed Log OFF
: 5 = LOCK changes
: 6 = learning ON
: 7 = learning OFF
: 8 = Verbose LOG ON
: 9 = Verbose LOG OFF
: 10 = Safer Show LOG ON
: 11 = Safer Show LOG OFF
: 12 = printk deny on
: 13 = printk deny off
: 20 = Set FILE List
: 21 = Set FOLDER List
ALLOW/DENY List : 2 DIM. dyn. char Array = string
: String 0 = Number of strings
: a:USER-ID;SIZE;HASH;Path
: d:USER-ID;SIZE;HASH;Path
: ga:GROUP-ID;HASH;Path
: gd:GROUP-ID;HASH;Path
: ai:USER-ID;SIZE;HASH;PATH/python
: a:ai:USER-ID;SIZE;HASH;PATH/python-script
: Example:
: a:100;1224;HASH;/bin/test = allow file
: a:100;1234;HASH;/bin/test1 = allow file
: a:100;/usr/sbin/ = allow Folder
: d:100;HASH;/usr/sbin/test = deny file
: d:100;/usr/sbin/ = deny folder
: ga:100;usr/sbin/ = allow group folder
: gd:100;/usr/bin/ = deny group folder
: gd:101;1234;HASH;/usr/bin/mc = deny group file
: ga:101;1234;HASH;/usr/bin/mc = allow group file
: ai:100;1234;HASH;/bin/python = allow file
: a:100;1234;HASH;/bin/test1.py = allow file
program start :
: python = allone = not allowed
: python /PATH/test.py = allowed
: test1.py = allowed
: It is up to the ADMIN to keep the list reasonable
according to these rules!
I would like to remember ALICIA ALONSO, MAYA PLISETSKAYA, CARLA
FRACCI, EVA EVDOKIMOVA, VAKHTANG CHABUKIANI and the
"LAS CUATRO JOYAS DEL BALLET CUBANO". Admirable ballet dancers.
*)
{$mode objfpc}{$H+}
Uses
linux,
syscall,
sysutils,
strutils,
dateUtils,
classes;
//{$define NEW_SYSCALLVERSION}
{$define SYSCALL_VERSION}
const
{$ifdef SYSCALL_VERSION}
SYSCALL_NR = 59;
{$else NEW_SYSCALLVERSION}
SYSCALL_NR = 501;
{$endif SYSCALL_VERSION}
var
WORK_LIST : array of ^char;
NUMBER : qword;
LIST : TStringList;
N_LIST : TStringList;
n : qword;
const
SAFER_ON = 0;
SAFER_OFF = 1;
STAT = 2;
PRINTK_ALLOWED_ON = 3;
PRINTK_ALLOWED_OFF = 4;
PRINTK_DENY_ON = 12;
PRINTK_DENY_OFF = 13;
SAFER_LOCK = 5;
PRINTK_LEARNING_ON = 6;
PRINTK_LEARNING_OFF = 7;
PRINTK_ARGV_ON = 8;
PRINTK_ARGV_OFF = 9;
PRINTK_SHOW_ON = 10;
PRINTK_SHOW_OFF = 11;
LIST_PROG = 20;
LIST_FOLDER = 21;
SAFER_SORT = 30;
Procedure ErrorMessage;
begin
writeln('fpsafer, 2022/03 Peter Boettcher, Germany, Muelheim Ruhr');
writeln('VERSION : PASCAL 0, fpc, LINUX VERSION');
writeln;
writeln('FreePascal Project : www.freepascal.org');
writeln('LGPL : www.gnu.org');
writeln('Special Thanks : Niklaus Wirth');
writeln;
writeln('SYSCALL : ', SYSCALL_NR);
writeln;
writeln('Parameter : <SON> Safer ON');
writeln('Parameter : <SOFF> Safer OFF');
writeln;
writeln('Parameter : <STAT> Safer STAT');
writeln;
writeln('Parameter : <PAON> Safer Printk ALLOWED ON');
writeln('Parameter : <PAOFF> Safer Printk ALLOWED OFF');
writeln;
writeln('Parameter : <PDON> Safer Printk DENY ON');
writeln('Parameter : <PDOFF> Safer Printk DENY OFF');
writeln;
writeln('Parameter : <SLOCK> Safer DO NOT allowed any more
changes');
writeln;
writeln('Parameter : <SLON> Safer MODE: LEARNING ON');
writeln('Parameter : <SLOFF> Safer MODE: LEARNING OFF');
writeln;
writeln('Parameter : <SVON> Safer MODE: VERBOSE PARAM ON');
writeln('Parameter : <SVOFF> Safer MODE: VERBOSE PARAM OFF');
writeln;
writeln('Parameter : <SHOWON> Safer MODE: SAFER SHOW ONLY ON');
writeln('Parameter : <SHOWOFF> Safer MODE: SAFER SHOW ONLY OFF');
writeln;
writeln('Parameter : <PLIST> Safer SET FILE LIST');
writeln(' : <safer list>');
writeln;
writeln('Parameter : <FLIST> Safer SET FOLDER LIST');
writeln(' : <safer list>');
writeln;
writeln('Parameter : <SORT> Safer LIST SORT');
writeln(' : <safer list>');
writeln;
writeln;
halt(0);
end;
Function strncmp(str0 : ansistring; str1 : ansistring; Elements : qword)
: integer;
begin
exit(CompareStr(copy(str0, 0, Elements), copy(str1, 0, Elements)));
end;
//simple
begin
if ParamCount = 1 then begin
while true do begin
if ParamStr(1) = 'SON' then begin NUMBER := SAFER_ON;
break; end;
if ParamStr(1) = 'SOFF' then begin NUMBER := SAFER_OFF;
break; end;
if ParamStr(1) = 'STAT' then begin NUMBER := STAT; break; end;
if ParamStr(1) = 'PAON' then begin NUMBER :=
PRINTK_ALLOWED_ON; break; end;
if ParamStr(1) = 'PAOFF' then begin NUMBER :=
PRINTK_ALLOWED_OFF; break; end;
if ParamStr(1) = 'PDON' then begin NUMBER :=
PRINTK_DENY_ON; break; end;
if ParamStr(1) = 'PDOFF' then begin NUMBER :=
PRINTK_DENY_OFF; break; end;;
if ParamStr(1) = 'SLOCK' then begin NUMBER := SAFER_LOCK;
break; end;
if ParamStr(1) = 'SLON' then begin NUMBER :=
PRINTK_LEARNING_ON; break; end;
if ParamStr(1) = 'SLOFF' then begin NUMBER :=
PRINTK_LEARNING_OFF; break; end;
if ParamStr(1) = 'SVON' then begin NUMBER :=
PRINTK_ARGV_ON; break; end;
if ParamStr(1) = 'SVOFF' then begin NUMBER :=
PRINTK_ARGV_OFF; break; end;
if ParamStr(1) = 'SHOWON' then begin NUMBER :=
PRINTK_SHOW_ON; break; end;
if ParamStr(1) = 'SHOWOFF' then begin NUMBER :=
PRINTK_SHOW_OFF; break; end;
ErrorMessage;
end;;
{$ifdef SYSCALL_VERSION}
writeln(do_SysCall(SYSCALL_NR, 0, 0, 0, 999900 + NUMBER));
{$else NEW_SYSCALLVERSION}
writeln(do_SysCall(SYSCALL_NR, 999900 + NUMBER));
{$endif SYSCALL_VERSION}
halt(0);
end;
if ParamCount = 2 then begin
while true do begin
if ParamStr(1) = 'PLIST' then begin NUMBER := LIST_PROG;
break; end;
if ParamStr(1) = 'FLIST' then begin NUMBER := LIST_FOLDER;
break; end;
if ParamStr(1) = 'SORT' then begin NUMBER := SAFER_SORT;
break; end;
ErrorMessage;
end;
case NUMBER of
//FILES
20: begin
LIST := TStringList.Create;
LIST.Sorted := TRUE;
LIST.Duplicates := dupIgnore; //dupIgnore,
dupAccept, dupError
List.CaseSensitive := TRUE;
try
LIST.LoadFromFile(ParamStr(2));
except
LIST.Free;
ErrorMessage;
end;
N_LIST := TStringList.Create;
N_LIST.Sorted := TRUE;
N_LIST.Duplicates := dupIgnore;
N_List.CaseSensitive := TRUE;
for n := 0 to LIST.Count - 1 do begin
if copy(LIST[n], 0, 2) = 'a:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(LIST[n], 0, 3) = 'ai:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(LIST[n], 0, 4) = 'gai:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(List[n], 0, 2) = 'd:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(List[n], 0, 3) = 'ga:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(List[n], 0, 3) = 'gd:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
end;
end;
if N_LIST.count = 0 then begin writeln('ERROR: NO
ELEMENT IN LIST'); halt(0); end;
setlength(WORK_LIST, N_LIST.COUNT +
1); //RESERVIEREN
WORK_LIST[0] :=
StrAlloc(length(IntToStr(N_LIST.COUNT))); //elements
StrpCopy(WORK_LIST[0], IntToStr(N_LIST.COUNT));
//Your choice
writeln(WORK_LIST[0]);
for n := 0 to N_LIST.COUNT - 1 do begin
WORK_LIST[n+1] := StrAlloc(length(N_LIST[n]) + 1);
StrpCopy(WORK_LIST[n+1], N_LIST[n]);
writeln(WORK_LIST[n+1]);
end;
{$ifdef SYSCALL_VERSION}
writeln(do_SysCall(SYSCALL_NR, 0, 0, 0, 999900 +
NUMBER, qword(WORK_LIST)));
{$else NEW_SYSCALLVERSION}
writeln(do_SysCall(SYSCALL_NR, 999900 + NUMBER,
qword(WORK_LIST)));
{$endif SYSCALL_VERSION}
halt(0);
end;
//FOLDER
21: begin
LIST := TStringList.Create;
LIST.Sorted := TRUE;
LIST.Duplicates := dupIgnore; //dupIgnore,
dupAccept, dupError
List.CaseSensitive := TRUE;
try
LIST.LoadFromFile(ParamStr(2));
except
LIST.Free;
ErrorMessage;
end;
N_LIST := TStringList.Create;
N_LIST.Sorted := TRUE;
N_LIST.Duplicates := dupIgnore;
N_List.CaseSensitive := TRUE;
for n := 0 to LIST.Count - 1 do begin
if copy(LIST[n], 0, 2) = 'a:' then begin
if LIST[n][length(LIST[n])] <> '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(List[n], 0, 2) = 'd:' then begin
if LIST[n][length(LIST[n])] <> '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(List[n], 0, 3) = 'ga:' then begin
if LIST[n][length(LIST[n])] <> '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(List[n], 0, 3) = 'gd:' then begin
if LIST[n][length(LIST[n])] <> '/' then
continue;
N_LIST.add(List[n]);
end;
end;
if N_LIST.count = 0 then begin writeln('ERROR: NO
ELEMENT IN LIST'); halt(0); end;
setlength(WORK_LIST, N_LIST.COUNT +
1); //RESERVIEREN
WORK_LIST[0] :=
StrAlloc(length(IntToStr(N_LIST.COUNT))); //elements
StrpCopy(WORK_LIST[0], IntToStr(N_LIST.COUNT));
//Your choice
writeln(WORK_LIST[0]);
for n := 0 to N_LIST.COUNT - 1 do begin
WORK_LIST[n+1] := StrAlloc(length(N_LIST[n]) + 1);
StrpCopy(WORK_LIST[n+1], N_LIST[n]);
writeln(WORK_LIST[n+1]);
end;
{$ifdef SYSCALL_VERSION}
writeln(do_SysCall(SYSCALL_NR, 0, 0, 0, 999900 +
NUMBER, qword(WORK_LIST)));
{$else NEW_SYSCALLVERSION}
writeln(do_SysCall(SYSCALL_NR, 999900 + NUMBER,
qword(WORK_LIST)));
{$endif SYSCALL_VERSION}
halt(0);
end;
//FILES
30: begin
LIST := TStringList.Create;
LIST.Sorted := TRUE;
LIST.Duplicates := dupIgnore; //dupIgnore,
dupAccept, dupError
List.CaseSensitive := TRUE;
try
LIST.LoadFromFile(ParamStr(2));
except
LIST.Free;
ErrorMessage;
end;
N_LIST := TStringList.Create;
N_LIST.Sorted := TRUE;
N_LIST.Duplicates := dupIgnore;
N_List.CaseSensitive := TRUE;
for n := 0 to LIST.Count - 1 do begin
if copy(LIST[n], 0, 2) = 'a:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(LIST[n], 0, 4) = 'gai:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(LIST[n], 0, 3) = 'ai:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(List[n], 0, 2) = 'd:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(List[n], 0, 3) = 'ga:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
continue;
end;
if copy(List[n], 0, 3) = 'gd:' then begin
if LIST[n][length(LIST[n])] = '/' then
continue;
N_LIST.add(List[n]);
end;
end;
if N_LIST.count = 0 then begin writeln('ERROR: NO
ELEMENT IN LIST'); halt(0); end;
setlength(WORK_LIST, N_LIST.COUNT +
1); //RESERVIEREN
WORK_LIST[0] :=
StrAlloc(length(IntToStr(N_LIST.COUNT))); //elements
StrpCopy(WORK_LIST[0], IntToStr(N_LIST.COUNT));
writeln(WORK_LIST[0]);
for n := 0 to N_LIST.COUNT - 1 do begin
WORK_LIST[n+1] := StrAlloc(length(N_LIST[n]) + 1);
StrpCopy(WORK_LIST[n+1], N_LIST[n]);
writeln(WORK_LIST[n+1]);
end;
halt(0);
end;
else ErrorMessage;
end;
end;
ErrorMessage;
end.
---------------------------------
example config file:
command:
csafer PLIST safer.conf
csafer FLIST safer.conf
or
fpsafer PLIST safer.conf
fpsafer FLIST safer.conf
#---------------------------------
part of safer.conf
#---------------------------------
#Achtung
#Ausdruecklich root nichts in /home erlauben. eigentlich nicht erforderlich.
d:0:/home/
gd:20000:/home/
#docker
a:0;/proc/
a:1003;/proc/
ga:20000;/proc/
#--------------------------------------------------------------
#test
#a:0;/home/
#d:0;72856;b7362ffec250678ad4d60b8cf0444091;/home/abc
#------------------------------------------------------------
#interpreter
#python
ai:1000;5479736;b2d95fb4e79f786c26dcf22f9b4cb97fd831a679a48135daeeac48e48fc58e69;/usr/bin/python3
ai:1000;3553696;cb73d86795116af6e270acdaa63d15de26291a2b433351851739de6421fb27e8;/usr/bin/python
a:10000;460;89994bedbe1375ffc2f085210441b5f5f525b664f7520fae439dd287a48e1924;/etc/safer/python/p.i.div
a:1000;466;67d02f4eab5492539a5c6e798d67c53f4801d7f04aed5e66f9a26d6aa9174bbf;/usr/sbin/p3.i.mul
a:1000;468;196dba9b4d884c9626c1572d9aa1d1fc9f18991807d1029d919ad3560d5cdcae;/usr/sbin/p3.i.div
a:0;14496;fadd2d1403da4a6fbb94f5ba4264ec2ebbe3aa833d3dfcc51c3004857080e9d8;/usr/bin/cls
ai:1000;5479736;b2d95fb4e79f786c26dcf22f9b4cb97fd831a679a48135daeeac48e48fc58e69;/usr/bin/python3
ai:1003;5479736;b2d95fb4e79f786c26dcf22f9b4cb97fd831a679a48135daeeac48e48fc58e69;/usr/bin/python3
#java
ai:0;14304;efef2156655f7095dec0a65491e6a25f6f7ea83d318e6ae466cb1b9333ef55bd;/usr/bin/java
a:0;14352;ee63c89ad8cd1099ee34edaabde789dce105d4e849b7b0a01bd910110383631d;/usr/bin/javac
a:0;773;8b077b5e324969ba56f169b2e497a35b32534572152824db5aae3d9d03f995e7;/etc/safer/java/HalloWelt.jar
a:0;423;28c121ad3da3319ec96f370b312c8eeebde8dbadf752a2fc573c929ce9a3b041;/etc/safer/java/HalloWelt.class
#ai:1000;14304;efef2156655f7095dec0a65491e6a25f6f7ea83d318e6ae466cb1b9333ef55bd;/usr/bin/java
gai:20000;14304;efef2156655f7095dec0a65491e6a25f6f7ea83d318e6ae466cb1b9333ef55bd;/usr/bin/java
ga:20000;773;8b077b5e324969ba56f169b2e497a35b32534572152824db5aae3d9d03f995e7;/etc/safer/java/HalloWelt.jar
ga:20000;423;28c121ad3da3319ec96f370b312c8eeebde8dbadf752a2fc573c929ce9a3b041;/etc/safer/java/HalloWelt.class
gai:20000;14304;efef2156655f7095dec0a65491e6a25f6f7ea83d318e6ae466cb1b9333ef55bd;/usr/lib/jvm/java-17-openjdk-amd64/bin/java
gai:20000;14368;be9c11011990619512f3f68a4f192bdc6d7153ec0941e9228da440190b300979;/usr/lib/jvm/java-11-openjdk-amd64/bin/java
ga:20000;1435;d007a3607218f5f055c2f35718c04efd22f6147240e67bbafec51fe71baa6891;/usr/lib/libreoffice/program/JREProperties.class
ga:20000;1740;a33f1601459d02460ed11040fc7dfaed1ba285fc801f8f80816546ec4b544b8f;/opt/libreoffice7.5/program/JREProperties.class
a:0;96968;0f72ae1f19c1361af0ec23ca1e499f11c459bf464a0cf5499873cf73a1b3b3a3;/usr/bin/bc
#perl
ai:0;3681152;8936dd645cc6f3c1fe23bf1de6128fcb505e737a02b00b2b916fbf0f628a998b;/usr/bin/perl
a:0;1485;038e33ff0fe099ce45e4ad763de87612ed770b95d007116225653d9beba74523;/etc/safer/perl/daytime.pl
#julia
ai:1000;18496;de06390d8a9b1ca1293d116dc68189f229a7b7a294ba1887eb15ed2df7f77fae;/usr/bin/julia
ai:0;18496;de06390d8a9b1ca1293d116dc68189f229a7b7a294ba1887eb15ed2df7f77fae;/usr/bin/julia
#php
ai:0;4760504;9780c2ccf2c49150ab6de2b685af91d922363b15b16af15dcb5e1156b1d10cad;/usr/bin/php
a:0;74;3d183c1619b556fad61202ec978593615c7f4c169c6dae0489225f4e1326109d;/etc/safer/php/php1.php
a:0;74;df076eac45e21c0cafbe60589554d29a5dc748a8493bbbeb0540803390526d96;/etc/safer/php/php.php
#--------------------------------------------------------------
#docker
#--------------------------------------------------------------
#debian
a:0;2228;71df780c5048354d192175751686be1fb12aa57556b4b91eb9c4d07bb0991d67;/usr/bin/on_ac_power
a:0;158376;d968a8636eb811f4176935cb50512f5a051b1854d720639675a105662dba0f4c;/usr/bin/awk
a:0;9099;2bf2bff98e94b686f1ca477ba4e7f5e8be972a70fc57f14144c5ba6300caf8f3;/usr/sbin/service
a:0;1155;a6b67423b7a7667a9c06f81a8e85b6e39bf80fc09141d944434ca234db0e904c;/usr/lib/mc/ext.d/web.sh
a:0;1155;a6b67423b7a7667a9c06f81a8e85b6e39bf80fc09141d944434ca234db0e904c;/usr/lib/mc/ext.d/web.sh
a:0;1265648;7ebfc53f17925af4340d4218aafd16ba39b5afa8b6ac1f7adc3dd92952a2a237;/usr/bin/bash
a:0;210968;fa00e11432d68470e2b429605cff856659892611eec3a0908af7e077d2295c27;/lib64/ld-linux-x86-64.so.2
a:0;31504;f92ee15ed2dfe4c0f5b857fc0be12d83d21b1b8aa79a6e574ed179ff1e24862e;/usr/bin/whereis
a:0;1074624;b8275e6cc29962f5a05188b5d7db189b765358d38758483c80a0a773780c4d6e;/usr/bin/mc
a:0;14568;fa62d52a85daab3c3f7a980ba32f9a44fdaf4d851d63a7a34b5672a6b7211b49;/usr/lib/mc/cons.saver
a:0;1265648;7ebfc53f17925af4340d4218aafd16ba39b5afa8b6ac1f7adc3dd92952a2a237;/bin/bash
a:0;72824;26b4d4643e3791f277ee734b162428347164435a20456643e5346bfffb60d1a9;/usr/bin/ln
a:0;1074624;b8275e6cc29962f5a05188b5d7db189b765358d38758483c80a0a773780c4d6e;/usr/bin/mcedit
a:0;102200;44741cf49aded8a77eb97499f9d9e42e572918513560e2c0a033c0860c3b36cd;/usr/bin/df
a:0;14584;c6543c0d7d5479fc76c1808f9e5a033b54b67e35f2ec1663b7c354267e2adfb6;/usr/bin/cls
a:0;317320;2d08025f8af56a059847a151c18da55c922c788ea3ec3e2f568204f98ab4a7b1;/usr/bin/htop
a:0;78408;12f7f00cb1bf15d2d8c55966ad2d9da9db25df952c81889abf936859f2e41f29;/usr/bin/ping
a:0;9099;b25b0d0bb747dda5b6e4b9c0c27e8b6257051922a347272c79ab4891ec85f5bf;/usr/sbin/service
a:0;125640;f5adb8bf0100ed0f8c7782ca5f92814e9229525a4b4e0d401cf3bea09ac960a6;/bin/sh
a:0;43856;bc0828b09781a8b19a6d31f23f3f6e0d4e2f216490dc1d1e98321f684cbfe0a2;/usr/bin/basename
a:0;48536;615c46b39130a04a08da04163542ce7ce1164fa4b35408efb43aac0a8a9f7ae5;/usr/bin/env
a:0;4579;d856e15d5604ac0f430afe70b90ead159314049c431292f0c6a07238d0717627;/etc/init.d/nginx
a:0;44016;008f819498fe591f3cc920d543709347d8d14a139bb3482bc2cd8635c1b3162e;/bin/cat
a:0;27560;fe6b936df0b3de8d55d502413bed14be48a1804b09e18aed76bf7ca63f3e8a5c;/bin/run-parts
a:0;48080;eb93339329ad9ecf68acf3e7cc3415cea3a1d25e1885b4a0e42bdb70063b7ca9;/bin/head
a:0;203152;9a9c5a0c3b5d1d78952252f7bcf4a992ab9ea1081c84861381380a835106b817;/bin/grep
a:0;158376;301315e7e2e964b4e403824b3f6c7ad8db1023e4ce87e6f6c92bf367e047f311;/bin/awk
a:0;44464;76841860cdb3a3afabcb7fd9dbcdb2d059519f007f5a480678fd061da0ed3ce8;/sbin/start-stop-daemon
a:0;1260032;92d6f8de6c27c9b7f27c04e7041eea59abcf3ed50c22bf9b982ffecb2174385c;/usr/sbin/nginx
a:0;43888;4add4bb89d8ca0e3b1bd861130ddd7ae0fd9617a8055de0a38c8d2ca1ac95723;/bin/sleep
a:0;151344;cb30d69b24245bf2ecdc9e7f53bbad19159999970b6d82c0c00c7d32d9e37aa4;/usr/bin/ls
a:0;210968;fa00e11432d68470e2b429605cff856659892611eec3a0908af7e077d2295c27;/lib64/ld-linux-x86-64.so.2
#--------------------------------------------------------------
#ubuntu
a:0;88144;ce4b725a963c92a9f179f08f0df04272a6e56231f985ac8170aa610d3d4e4288;/sbin/ifdown
a:0;320;f68f766bebb7737e4d8331b4515ff67ae332837bb4a59670ff1b7a5d5b453386;/usr/bin/man
a:0;35328;3bc0dba021341fba9049a14564366d93be2e68d355581868bb5f650a5d919b01;/usr/bin/groups
a:0;39432;53a0f3f6fb2986081c68b40ed6a0c5b8ac43def56e53c5fb5d09cd464e6aefca;/usr/bin/dircolors
a:0;14568;d0b3d96f68ccb893f24b2d0d4f3162e1eaa9abe0f4e33008c0d5692d0c651709;/usr/bin/mesg
a:0;150016;e57cf0c3467e61143b4f8eabfbe0029bcfe1ebd3eb6eb98bbe0951d828d7bc63;/usr/bin/du
a:0;43432;41884442b983a7889fe80b78d7eee3b84a1169a61c6e979e036b4445287f3d70;/usr/bin/wc
a:0;158504;740c7f7d632d487adf557244715b6b448554b49e49c25587882ac4ff731b73af;/usr/bin/awk
a:0;43968;21867f7f24754a61e64e3b902adb34d65776f477ce1d492ebf9aa86ebfea4d3a;/usr/bin/env
a:0;9097;a1c6975e1dbaf1ac353b49996b3b6b2112a1e35e3bf84b739165ac84005dcd93;/usr/sbin/service
a:0;35328;d060e07070978679888acc139f4fde2a158bcd7dba22015ef1ab24df6fe9d282;/usr/bin/basename
a:0;108960;f7d2b5e6814d65f87dfa2306d5034f75735dc715f0db33895c05bc47e16f4ff9;/usr/bin/expr
a:0;39424;14b1780838a0a4f25a187410539f68269d93c3da11be84344e10f3ecca1ea9dc;/usr/bin/id
a:0;31232;adff5b545b080ac7d42546bc3b9cd3cede85cdd64aad33f1df16c3b93f571d42;/usr/bin/whoami
a:0;35280;e2e4a02c29a87f4c47eec446d246798925a57772cfb7d7af46d700959c5e2d6f;/bin/cat
a:0;27176;49a47ef3f234d31d5f526a6b279451bec6b6fdc8280b977b11ca2adfab4611ce;/bin/run-parts
a:0;92672;0d31ceed11600069e665736d38d9c161923e5d3de4d049f2006e9121eb6c2c08;/usr/bin/touch
a:0;1396520;2c336c63e26881d2f02f34379024e7c314bce572c08cbaa319bacbbec29f93ed;/bin/bash
a:0;240936;4d2657934fc7442f86bd1258a7c6440aeab584add04f0c3dae6c6f4610c612f4;/lib64/ld-linux-x86-64.so.2
a:0;35328;7737c02bd7d750a6e1489a9599736310cb9de8dbf9f110412a82deb2546e9370;/usr/bin/groups
a:0;39432;3a7e4ec42e36d19f87fba109180bc7263d7c31bedcf0506ad444c142bc29c3f4;/usr/bin/dircolors
a:0;1103352;1501bd6009b8849029d1a8097bcec8e49d9d6fc66d313f0ed5b70463843a67f8;/usr/bin/mc
a:0;14640;beec22a99ad12ae4233b0c4306b9b6153df11edb2b6a73d39bfb56c00103cc43;/usr/lib/mc/cons.saver
a:0;283144;c436995a1790379cc502650638551cb52ded4ca7be6c599596064b0c04da5fce;/usr/bin/nano
a:0;1103352;1501bd6009b8849029d1a8097bcec8e49d9d6fc66d313f0ed5b70463843a67f8;/usr/bin/mcedit
a:0;14640;beec22a99ad12ae4233b0c4306b9b6153df11edb2b6a73d39bfb56c00103cc43;/usr/lib/mc/cons.saver
a:0;26864;5b8ed969b21b3ed55eb5fdb6ce3ddcb9989c041d3df991fb323f4bd795717cd8;/usr/bin/free
a:0;85064;b416059d22259e077632190ae01301516168ce0a075c251c276eed55e7d7793d;/usr/bin/df
a:0;283840;a65f1ebc545b7602f59056134cefc31001b578c026a21f3bf1a2f6f2bbf55e19;/usr/bin/htop
a:0;320;1150abfca60bce252e8a6a449719fec697aa8ac844ae330882a1618a78db05b7;/usr/bin/man
a:0;125688;4f291296e89b784cd35479fca606f228126e3641f5bcaee68dee36583d7c9483;/bin/sh
a:0;9097;8cb36beb5ab42abef8131504d58a1af425b0202051c2743666597fa45fc5d035;/usr/sbin/service
a:0;125688;4f291296e89b784cd35479fca606f228126e3641f5bcaee68dee36583d7c9483;/bin/sh
a:0;35328;aceee0bcbfb3eea45142a59e64ee5dff789d3de539993a7fad37988aa6422614;/usr/bin/basename
a:0;43968;9b5a2c349d5f54684960e3282e56dadce404ce27bb136bd3b3f6bc18390d4d40;/usr/bin/env
a:0;35280;dd5526c5872cce104a80f4d4e7f787c56ab7686a5b8dedda0ba4e8b36a3c084c;/bin/cat
a:0;27176;6662ac8211738cab5e9c8138f92c9f54319a1892ec3da24f47620d46963671a8;/bin/run-parts
a:0;35280;dd5526c5872cce104a80f4d4e7f787c56ab7686a5b8dedda0ba4e8b36a3c084c;/bin/cat
a:0;43520;8d9c49a5f7219522582e3b89d87dd528599f2383039c63401f55705dcae8a369;/bin/head
a:0;182728;73abb4280520053564fd4917286909ba3b054598b32c9cdfaf1d733e0202cc96;/bin/grep
a:0;158504;dc157030a32367742480403025a6f731275b07d039238d167ade535e6f3eb98e;/bin/awk
a:0;26968;6287b4f0dc1e95a810d6737d2aa71d7433bf83988916103590b941525e44427f;/usr/bin/tput
a:0;108960;3ef43371e88b02f18f9bb069a8345517e6a0a44d6c88e5c67b0e829044dc7459;/usr/bin/expr
a:0;48488;0af2d0e5cd23f9d7d2be72c9ac134d1ca5a96768bec2c6bdbc62838f295fb02f;/sbin/start-stop-daemon
a:0;1240136;c817dce0a80d4183b3b12f8509e6b5ec14ee157d5f030657b43aab9fc9de3d0c;/usr/sbin/nginx
a:0;35328;8b2e8564da06c4712a580fd7bd91a236ad3f891ae6ba0a50b117bbe050d328f0;/bin/sleep
a:0;138208;ad9ba0724dc5d457f6f36dbd646db34773fff2ded43551aca6cf55d5d288d8b8;/usr/bin/dir
a:0;138208;8696974df4fc39af88ee23e307139afc533064f976da82172de823c3ad66f444;/usr/bin/ls
a;4304;1f6f4198272208d4595b25aeecc5069dcf4ae68b709da1214f56b47cb2122e99;/check
a:0;400;2ac940d3144ea22a49f4cc7b0bcc8fe78ce8d197f5382be2d4abac0dce2e96f6;/check
a:0;400;a9a31ac9ab34a248afff6064ed45371b0799de0cd24fb5e9ce37f67e54368a37;/check
a:0;472;fe87220353164b279682f902127128ed8fa67e4cf51577a031bce6034368e651;/check
a:0;472;fe87220353164b279682f902127128ed8fa67e4cf51577a031bce6034368e651;/check
a:0;400;ece4026fcacb01b0ee9b7eee1811b4b45945e414dfbbf4f80443ddf41ed5b4c4;/check
a:0;4304;1f6f4198272208d4595b25aeecc5069dcf4ae68b709da1214f56b47cb2122e99;/check
a:0;340;4f7067f1f72b55ad3d4f48a8a096745d4d6cdf01e88a1aa754cda080b721ba8d;/check
a:0;31560;652a029a904a095af89d3f3de7aa577d04c87439896e80bd6b50b0c52d153bb6;/usr/bin/whereis
#---------------------------------------------------------------
#root
#test
a:0;52;3d577acd78f3c19345f89805b1dd8dd2aa49a6b56847381801e64e63d511cf91;/etc/safer/glibc.fehler
a:0;26776;1e386f769fb341cfb8d17b58aa7c4fd3dd2ac70cedbc75a340229c904879db28;/sbin/csafer
a:0;932096;66de6aabc35a5a9ad7597eda1ba073de7ca04b4644ad06f26c1277b9adf6e6df;/sbin/fpsafer
a:0;1196248;04eb0adcebbb29965bba61860fb2620f6259bf1da6680afe91edfd432f252e5b;./tools/objtool/objtool
a:0;4784;f2f312526fdb71824d0b52aa82879fec2699b7d38cdd41d74c3c3e451e4bc669;/lib/modules/6.10.1/build/scripts/config
#---------------------------------------------
#root
#initramfs begin
a:0;170168;cc76e8741f2d36478c049eb3410db6173bbecaa01bfe9fa52f9b2e2b3584aa62;/sbin/modprobe
a:0;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:0;6301;078e9d839dbdbcf7a63c93e208e94b5baa3b8432cf4c9ad5e983613543ba1ff6;/init
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/bin/sh
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/bin/mount
a:0;384;d6e4045a43660a69a33d623c8dc8fb3fd219def71efacf75dccc4bd024ca497f;/scripts/init-top/all_generic_ide
a:0;296;e3fd2f67b92756f053ee3045c45f4d40ba957bf310f2ca64c11f80f6f25604a1;/scripts/init-top/blacklist
a:0;167;2d04d7d7705d1c06cb9fff4c5290c02e719120e43ac65c387f00d8ef37b2d4cf;/scripts/init-top/keymap
a:0;229;fff1dc28c42d101d6e959edb8d5f6bdc96a81495c26aa872db4c484eb8697f87;/bin/setupcon
a:0;14976;1521008b8d42b6661ab4abcb89ea3a48040bd88867d36217cb41be44df0b9549;/bin/kbd_mode
a:0;220304;ca4b67ce227b7301dea1dcfc6b4ca23bea789936aabf695fed601e71eed2ac7c;/bin/loadkeys
a:0;658;0b375e793f70de3329064fa1efcefee7d59e054aff46ce885c73e9a6aeb08f5f;/scripts/init-top/udev
a:0;342552;b0cc8b09827d118d019e4cba3c8b845cfb8618a84e66e5d8e12750977636aa8d;/sbin/udevd
a:0;358872;6f4cdacffafc0bc4dc7d5f9614ca7b95f577a64e6dbc331ba84d5ec3b99f380a;/sbin/udevadm
a:0;321;ff35f886ce26d27358eb635531d9f42be6b84558cb982673c710ede9516cdce3;/scripts/init-premount/brltty
a:0;757;48387c4868e05dc729d57988b58f195de78906b3e15ad94c5bd2233de7fb01c6;/scripts/local-top/cryptopensc
a:0;356;73d7cb791d3907e4c4a3f4fb53435c4cdcf4ce2aa7b076c914a2c568a82e04d7;/scripts/local-top/dmraid
a:0;29464;fde66c477e3a6be1d4a76b36bbbbf88aa4b143f7e53e93d149b995369792b4df;/sbin/dmraid
a:0;970;0308f526fe8d0f963335e0394fd2af3484947d39856a5756dfeaec3bf007d53e;/scripts/local-top/lvm2
a:0;8630;099f79e829383fa100a8b3522c0442e686ab972b5966417a97f3341efd92d937;/scripts/local-top/cryptroot
a:0;2042;49669fdd14b6c0ba7af5c5d59df30f2a233b2d56474ff046b0185df7c8861825;/scripts/local-premount/bcachefs
a:0;1003016;b9af1dc56c247213bab54c55c8aeadbe97828ea5bda62eb6daa6fa9b8e5d3212;/sbin/bcachefs
a:0;274;642807af4437aa1c88a764933169a3907b90e8bff4714191b65d56b6a517f49d;/scripts/local-premount/btrfs
a:0;829136;8188995eef2a4e18779a6ced422af0322688ce3c859d2cc8245142e0b08579d2;/bin/btrfs
a:0;226;1d5253aa05e2fc6ca4cb887296a1b1324b403b27fda74e368995c701336f1c25;/scripts/local-premount/ntfs_3g
a:0;863;e8b4ec9ba6e78965e9c054cd296291b3ed1441b3eef25c9c94b8a37afee53b3a;/scripts/local-premount/resume
a:0;10048;981049085412a4e02f9958fbe227fafeb89dc6ea79e3c95dd2d75fd98d5cffeb;/bin/fstype
a:0;74688;f406be2c852e5f5506ceece7aae140dd3752cfda9d9a9ab320cbf0a4408d0c99;/lib/klibc-YUkGbOClhnaZRUUd4cUed0X2XZI.so
a:0;253;4af31bf99d709441e447bb878160582775f952712725f2024f17de9eca3f13ff;/scripts/local-bottom/cryptgnupg-sc
a:0;449;a797ac8a0eebd5e3a0441ceb63c275b5619dfabedff3839d791a0f72e22629ff;/scripts/local-bottom/cryptopensc
a:0;307;bb5859e98734587f7ecde5f6b15b31764de26e2144521c8ecd3390e1f5153ce0;/scripts/local-bottom/cryptroot
a:0;46;b869c815c88f44df40f61b32f3f61c2aefe8139d354cfe8cb59ba9e95aae84f9;/scripts/local-bottom/mdadm
a:0;345;a9fc8e10ba7af2a21513b88f2443c0bfeae129f370e02592776ff31f246b7227;/scripts/local-bottom/ntfs_3g
a:0;403;b7d524c5c0f085c4aa7470b36a7707ed158d09d7ffa6bc9bdb47c7e2b5f30cf5;/scripts/init-bottom/udev
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/sbin/run-init
a:0;69032;7dcb9f56914ade0a6ca742c0cacae7b8744942f1361ac843b48590957c314e61;/bin/findmnt
a:0;55576;2fadedb310f95335d57b1f3f6d23d5c3b7c7a5e135106f0129db9de41ea9476b;/sbin/fsck
a:0;47336;c3b4bd4e603601ea5076f111b3db14a8787c1bae65ba00ba510bbe71c697d0fe;/usr/bin/setterm
a:0;18664;4557fc5d5ef43aa9054a88fdf27b5e7162b1c12ece0dad231d17d0b298ea1e37;/bin/mountpoint
#initramfs end
#---------------------------------------------------------------------------
#test
ai:0;170168;cc76e8741f2d36478c049eb3410db6173bbecaa01bfe9fa52f9b2e2b3584aa62;/sbin/insmod
a:0;134880;9793ed58a238fedb23fcfb8e87d83d21b8f48c9252027a1d954e995acd056fbb;/lib/modules/6.10.1/kernel/drivers/md/raid10.ko
a:0;31618;9157ed73f17869072813203d7f764639b3d75e055bb24d73988cc0d53b18b386;/etc/init.d/vboxdrv
a:0;4404;dd02be4d81fb89591ae0ef73e4539a92bd4920619b65f44286034b5312c59e3c;/etc/init.d/vboxautostart-service
a:0;6716;47ec69031bc41ea14d74ea84e1c424d3a729a0bb19463444c47c0784a3b2e44e;/etc/init.d/vboxweb-service
a:0;6773;0810c6134472f7c7bde79c51f9e5dd893a4a09d46c12e511b504908d07c4d69b;/etc/init.d/vboxballoonctrl-service
a:0;1778;ce52b721c12709997dfb2bd29602256541854807ca1fbee9fb9f481b95fe1468;/usr/lib/virtualbox/VBoxCreateUSBNode.sh
a:0;2938824;48cf66e72731afbe1646a202c9e696e2184fb0dd93e63146d29124bcd24ee4fe;/usr/lib/virtualbox/VBoxManage
a:0;4784;f2f312526fdb71824d0b52aa82879fec2699b7d38cdd41d74c3c3e451e4bc669;/lib/modules/6.10.1/build/scripts/config
a:0;2994;a2a4856c5491e1c8b84230348a41added61deaa465db4d850ce42bfe30f0ee6b;/usr/share/virtualbox/src/vboxhost/build_in_tmp
a:0;8201;0b2d64c7a4cc85ef7c07d66e8751f7a8918798114e69016da0b2d962bf217bae;/usr/lib/virtualbox/check_module_dependencies.sh
a:0;170168;cc76e8741f2d36478c049eb3410db6173bbecaa01bfe9fa52f9b2e2b3584aa62;/sbin/depmod
a:0;991016;345c39e470af8c13b492768944c1373b06ad45ad4c598cdcd343806888c468a7;/sbin/ldconfig
a:0;17324;718ff57f27652ccaf5835e14376f9e1b405b168fa0458b94f73252be03317102;/usr/sbin/update-rc.d
a:0;113048;9b47f67c96360600a36fd974ae592cd823752ff5a304f93d73bf03f9b0cc944c;/usr/bin/jmtpfs
a:0;888456;563d0d0a29e99ffe9886b229b35b7bea925f1c18df1b1417c30ee3535d8bf1b7;/usr/sbin/sshd
a:0;44424;489d9c376f8423849bc86bbb93a6e1de4a6c932dcde89f2ae3d2b35efb78aaed;/usr/sbin/hddtemp
a:0;901008;d94603e67194e522f91e85c2dd392dd578e42e34e4f5e2feb0e3a7e99cb0dc16;/usr/sbin/smartctl
a:0;31472;60681804e78a8fbc1cb9992b060fb789b30404539d719f28e75d6cd404bdba09;/usr/bin/sensors
a:0;817704;693abcb42e67fb871673f258a3644257ca69a209691ec4d8137a42442834bd19;/usr/bin/gcc
a:0;31648;28cabd05e190bc623bed6c2fdcdcf19acaa009fb02fd59a22c9791c41e8d72ab;/usr/bin/strings
a:0;60384;475a0af7fb2aeffd33a379ce5d1f2aa9f4bee566f21e7ce75ab55d2d9e4a081a;/usr/bin/who
a:0;56160;35063e9a799095a82ba0d0f1197152cfcdddf9356d5cdc16cb6e8d7e56c02e5c;/usr/bin/realpath
a:0;255;fe217144cef121a91ed18b8d42bc66bde711547dbfe867eef7631e53287321b4;/etc/cron.daily/calendar
a:0;30952;eb6d84427a5ada852028f5df9580cfa46c578fac533109d593e7a9de7443dd62;/usr/bin/ionice
a:0;35128;20545229851fb715ec8d2b04f6deea495702806b8f783c3ca2d5cd13a422ca78;/usr/bin/flock
a:0;184008;82228c8615a226c611a7b962fe722caf2bad00965116d817826fec56f0bc2683;/usr/bin/pager
a:0;55336;fc50cc3d9427fb8c15d041b3b179425057bea6d1bf6420b73898d44e39254453;/bin/locale
#----------------------------------------------------------------------------------------
a:1000;71912;c96cb2a75eb1361b05dc9a181a9e63ae3de0384e4d79c4b8e8d0a3f150577cbc;/bin/su
a:1000;64;14ba3d7bdcbb89824ccf411393060b605913e6ff5ed01d9589f3eb3db7007926;/daten//glibc.fehler
a:1000;14840;e666accbf7cdc7ac98fe451a4dc8380766bdbade2effac00424ec15586b4831b;/opt/libreoffice7.5/program/javaldx
a:1000;19000;bbbb1a2eb80ed00d2ab8188bbccc2066eddec29c1ca1731f2643b0620f9b73aa;/usr/lib/libreoffice/program/javaldx
#a:1000;15269;8dc4718f1d4270b66baa6640715bed293446cb8615d27ca0f619225c2b94cce8;/usr/lib/mc/extfs.d/uzip
a:1000;1796512;0f174ca5f8e9e84d77143fa6b0aa28b479ae1e6b1b8c38d2580cbb2e7c7a683e;/usr/bin/dicomscope
a:1000;63920;651b873cc0aa2c284a0f1d07662f6fb8a0fd5e752b840d6de85ed72f2067194e;/usr/lib/binfmt-support/run-detectors
a:1000;86;8ddc57e3a2c149ebe5432f8870b01b965510669e5bdc9dbcbd0cc42fccbe6c67;/usr/bin/jardetector
a:1000;14320;02016ff9c0da1f1204c24200c34317cf047c8668e3f03bb027a9750d9c8a17e8;/usr/bin/jar
a:1000;2248;974349bbadc15cc6cb9c5a111b25c5bfc918077a2f2cef737751336819fdd50c;/usr/bin/jarwrapper
a:1000;48064;e7162f1ea7ddaff3eadc9e871d296451235c9c295645b01aab38c2e4b8c34bdb;/bin/mktemp
a:1000;51872;15aa33090f5ca437f711db6e8c98390e1a5913d02992f4fce4a7e3a1f53719f6;/usr/bin/fastjar
ai:1000;3681152;8936dd645cc6f3c1fe23bf1de6128fcb505e737a02b00b2b916fbf0f628a998b;/usr/bin/perl
a:1000;797480;19269e22521f8e5aacbb47ec9b868abe8214fe4cfad7c36de3a7cadf2d1f7cc4;/usr/bin/ssh
#----------------------------------------------------------------------------------------
#group all
ga:20000;31400;e58629082e06b943d2c85a5f275afc694799ac6f6360298d20fd71004d100d16;/usr/bin/whereis
ga:20000;2765616;a3040a5c0454d9d3e07780a8aaedebd4b4b977eb3314d1cda81b6ca25694671d;/usr/lib/virtualbox/VirtualBox
ga:20000;5878;f11dfff14b70e34886a4ea3086ce591b60f124cb31f379703833538f96a1101b;/usr/bin/virtualbox
ga:20000;8555296;e7f2cabb2bb665e22da7d6562e97930f5f302b636f7cddab8cd08053e26b4558;/usr/lib/virtualbox/VBoxSVC
ga:20000;55336;fc50cc3d9427fb8c15d041b3b179425057bea6d1bf6420b73898d44e39254453;/bin/locale
ga:20000;55336;fc50cc3d9427fb8c15d041b3b179425057bea6d1bf6420b73898d44e39254453;/usr/bin/locale
ga:20000;72840;0273014b3ca3c0bfea114a55ff758c036895c74fe56fea8cc2470fe6171a8bb4;/bin/ln
ga:20000;43840;f2ea4402bdb62b5f151c23028d671fafe0392131294116f88b77fb66d6384460;/usr/bin/fold
ga:20000;3046;8293421fa6cff1023cb9dd4120a9a558f098dc87c596928d76f26d8f9df5ed4c;/usr/bin/x-session-manager
ga:20000;260496;54955f70fbea11d7bf1936cf2037a1a15f0475482013b3a18faddfbbb20fe6bd;/usr/bin/xfce4-session
ga:20000;28144;0ac9fd38af903ba7df04f7ee1e815a0754437ad2f6c5451c5c93f7a4b04304ce;/usr/bin/xmessage
ga:20000;175360;54efbba524703e89f128f3fe9aa53eec4e152f91b327d4bb3926b2f492bc5b6e;/usr/bin/du
ga:20000;162352;8c9310a4fef6d8557d40ea116e1c51e5896a7b10a1c5470c6bc9d8a1de04505d;/bin/cpio
ga:20000;151168;4ad96abf4ede1c952d1eb05a301ffbfeda9765b9aa518cfe0074fd2969109fe8;/bin/cp
ga:20000;47904;d93d79bc89491701522ba604cb8993753ee8eb63d51b0021492f7bf1d507c4c8;/usr/bin/cmp
ga:20000;37640;feb61e95aed348e18aa4416d9b250a7be3ab9119aba21dedd1bff215caa64284;/usr/bin/cal
ga:20000;534048;88ecee8d0936f033f554daf33b832fec2937d483e793eb53c69c681163f25a0b;/usr/bin/rdesktop
ga:20000;407768;b1ccfb2e0adc7c2d4e1824a2f72fd0f4d9fa02f50669401537e79b66c07eb9e5;/usr/bin/simple-scan
a:1003;937984;3f621b1eef41b98de3f1f04689e801103cff0db02f6d8f71ecab7b37a7cf2cc3;/usr/libexec/xdg-desktop-portal
a:1003;14664;b232291933e8f13993c54bf0c184ef0bffa325996f9b29dd54046dbd8dc7ea80;/usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu_stub
a:1003;30712;420b903ea2457f8a3161ad8be1c99b3eb017bf4673562a9035acf0c0e7cea883;/usr/bin/dbus-launch
a:1003;244928;54dfc2ed53a6bc2e24320154066a59284f6d3d299623ef21aeb9592b3a91261f;/usr/bin/dbus-daemon
a:1003;1219216;53473e1529d3a9802b70ccb648352bd633c44ec09761f48296e01c62e9d564e9;/usr/bin/kolourpaint
a:1003;1234376;d86b21405852d8642ca41afae9dcf0f532e2d67973b0648b0af7c26933f1becb;/bin/bash
a:1003;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:1003;125560;f3bf59164816762430e8cdf5a5d64b4284a86af86245a52067c533c8cd98f215;/bin/sh
a:1003;52680;fe2a721d2d781adc0a2fef761cebb351fb4ddecfa942dcfab4cedf405e1d1836;/usr/bin/xauth
a:1003;39472;097a1bbb53acf4020eae1937e59d52b0e2651226ae78c5751672271511a3bc87;/usr/bin/iceauth
a:1003;5432;2cf1df0b93bb8b6aceb1d4b48ed6917f028ee5f2d179860d1c878c8bbd213d06;/opt/thunderbird/thunderbird
a:1003;789032;26b3b8adc6042e0652e66c0d6b221371b5b0e8e6a4a4b38fb770337588dc823e;/opt/thunderbird/thunderbird-bin
a:1003;27072;2c8f410a953e795e6387e3823ef8fb2874859120ffa7f2aac2e4faa37e95aa61;/opt/thunderbird/glxtest
a:1003;3638;484b6a9de8b41aa9310a305b64c092e473ee73bead994e52c4271c66df9ba3c8;/usr/bin/lsb_release
a:1003;244416472;50fe5ae596f81d45129edbb38df1d153fda0cc1b8e6c11d7e650dbeef9e46427;/opt/google/chrome/chrome
a:1003;52032;4cd4f001e88b7dc250852fa712fd960132a73f12fd9351c4e1391c541bd419dc;/bin/readlink
a:1003;39712;86a44c16148c40f4765601dd056180a76ac7b34fca3f474f98d4229ee9f21c27;/usr/bin/dirname
a:1003;85184;6b3ab9e9994a1a81a69e3a12a0b4a4c5eeb65b7a3e81e9ce65a71fc65078aabf;/bin/mkdir
a:1003;43936;e9165e34728e37ee65bf80a2f64cd922adeba2c9f5bef88132e1fc3fd891712b;/bin/cat
a:1003;38397;2f8589103045fa34702cd476060df6aeb6623b4f0765ee70c6f6d0014c4dbece;/usr/bin/xdg-settings
a:1003;30856;8ba8d769c807849220b6c9003423cb4b19219117ec186852ebfa45c99f882d2f;/usr/bin/dbus-send
a:1003;50224;1f37fa2b7d1e26a9f96604a17f118be44ec53ba68620ec5d4fde3710e0a9fcc1;/usr/bin/xprop
a:1003;203072;5212564899a46d5c342f3f49b42587446794a5b06389942db3145154a3fcd5c8;/bin/grep
a:1003;39744;44804d166aea77032b661059e6b70f860cb146b4ac25c0ad9cc9683c3b62b0f8;/bin/uname
a:1003;42126;13fabfe59c74aa2f52521b4403ff1a512a152de4d15d98fe9b61c7537dd54d8d;/usr/bin/xdg-mime
a:1003;56160;9cbbc6abdd1348e4d84de8814b68b59ccf5e7602601e1939f2a6e15997b6c48f;/usr/bin/tr
a:1003;48032;aee3ca7e450d891011150526269fe3023a8884f8e750437bb1ddf5bb9d5f5174;/usr/bin/cut
a:1003;694624;dc883511e9a83c37c421f40ebdcc0086a3275a06014634e38d8b5cf46856132b;/usr/bin/awk
a:1003;39712;efe5a5b339c257372a4daacfb99f7aa1228ab1ddec8a8e6df4f05860af9a2c0e;/usr/bin/basename
a:1003;946;7bdde142dc5cb004ab82f55adba0c56fc78430a6f6b23afd33be491d4c7c238b;/usr/bin/which
a:1003;14352;f092a2742c7310da18bf4ff6837591041bd7d75b6d029b93c25e2c741bfab885;/opt/firefox/firefox
a:1003;675160;3e338a3810a689229ef91faa5fd2737197a135e304be012f4e6c92adc1fb0ed2;/opt/firefox/firefox-bin
a:1003;1219216;53473e1529d3a9802b70ccb648352bd633c44ec09761f48296e01c62e9d564e9;/usr/bin/kolourpaint
a:1003;59656;ddced0d3d2244ee1c7aa830aae1bfbb61b2f5795ba87d389193a4b2b848b6f76;/usr/bin/kdeinit5
a:1003;14560;b1fd9d1760c5d82dac603e2c2e2e5c2575f4e4fda39e0d0fccb809aac1fc1a38;/usr/lib/x86_64-linux-gnu/libexec/kf5/kioslave5
a:1003;5368;94706f30a7e16594501affb54d523c984855af50f3b67f624d3abbd6c7d9f4ae;/opt/firefox/firefox
a:1003;916080;f7afa769c743d8be9c7e7ed11b47da25a68ab624a38b73f422bfb54f3ae4139f;/opt/firefox/firefox-bin
a:1003;31264;b54c3622a2b95fa53c4bc2b631c11920a85c9aead7d0214afacf8aa9b56d6ddd;/opt/firefox/glxtest
a:1003;218036352;ee607e7d8ca211ca0c06dbb995e7b1d0c02c3a7a4e2f4f5627d7023026b24b65;/opt/opera/opera
#a:1003;5683832;d9e8cb5f74cb47a4ff0d62ee3226075c818d289b5555142605862b9f2f53ff44;/opt/opera/opera_autoupdate
#a:1003;1339992;0bdd308ace84af73c9b01494c0879e6014a8b6943eda4b6290454f8708afb1e7;/opt/opera/opera_crashreporter
a:1003;26075;faec92df30f89fa338d9fba723e010265ffd062b41decd7885b1ff8fd46cc529;/usr/bin/xdg-open
#-----------------------------------------------------------------------------
#colord
a:113;362856;76f0938901d8a9a3d06a9247b89ef0f5634c5eba3a65f9d836f048f2c8781856;/usr/libexec/colord
a:113;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:113;18584;c8b5a547e26dfa04cae6855e76985464c83275ba0da870b23d0fa5b2402bcb7a;/usr/libexec/colord-sane
#-----------------------------------------------------------------------------
#man page
a:6;125560;f3bf59164816762430e8cdf5a5d64b4284a86af86245a52067c533c8cd98f215;/bin/sh
a:6;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:6;76152;d907ee7791050903ce57bf6d15735711476a387a4d25a63e40969b0968ec59a8;/usr/bin/xargs
a:6;311008;2ad499c88e0343f5c414e38f810cb3505fd83ac5b1d4d690fb0967f450f52233;/usr/bin/find
a:6;138392;6f773a6c72fc9f77dc5cffc06accc497e0bae07a3fe3f31ba2cd800ed3e304c3;/usr/bin/mandb
#-----------------------------------------------------------------
#cups/lp
a:7;174424;892c38c58dd0fa71a9fb9194968fa36856db8743ffeccb917fc5501a180bc864;/usr/lib/cups/filter/pdftopdf
a:7;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:7;125560;f3bf59164816762430e8cdf5a5d64b4284a86af86245a52067c533c8cd98f215;/bin/sh
a:7;101408;a822be429afafc8b5876ba18b7dd3ccb5b7721ac88b13e94262fe795e879be07;/usr/bin/touch
a:7;64448;b6365e442b815fc60e2bc63681121c45341a7ca0f540840193ddabaefef290df;/bin/chmod
a:7;203072;5212564899a46d5c342f3f49b42587446794a5b06389942db3145154a3fcd5c8;/bin/grep
a:7;39680;369d57c05e6621ac31b8a58e68efb6be7b5c2ae71c26e37845a5ed3ea15fbaa3;/usr/bin/printenv
a:7;122224;6baa01dd34e2b67590865b24b92cc9b6c43a2566e4803ea5630e41b00a846827;/bin/sed
a:7;151168;4ad96abf4ede1c952d1eb05a301ffbfeda9765b9aa518cfe0074fd2969109fe8;/bin/cp
a:7;48064;e7162f1ea7ddaff3eadc9e871d296451235c9c295645b01aab38c2e4b8c34bdb;/bin/mktemp
a:7;43936;e9165e34728e37ee65bf80a2f64cd922adeba2c9f5bef88132e1fc3fd891712b;/bin/cat
a:7;175500;9cc99c379376d7ab686179c21a7609f4a53a56cc51dc653b133642451827eb56;/lib/ld-linux.so.2
a:7;72704;4adcaeb3700af8910af3c791511d12b5b53c9e62ec09af1fd2674d93866b3522;/bin/rm
a:7;27056;0c87595d87bb6590a8eea1cfb2aa59d8e95cc5585cb52db7d579c1bcf7cf77c4;/usr/bin/file
a:7;909;c153d8fbc178ea6e576ddca45edcc23ed933bf9dc715fdd074148041107d5de8;/usr/bin/pdf2ps
a:7;39712;86a44c16148c40f4765601dd056180a76ac7b34fca3f474f98d4229ee9f21c27;/usr/bin/dirname
a:7;14520;bbe665e1bddfe0f6c6cafabed9659a6fd47e2ba2d4e7b2cf3d88cec4b7dbbafe;/usr/bin/gs
a:7;694624;dc883511e9a83c37c421f40ebdcc0086a3275a06014634e38d8b5cf46856132b;/usr/bin/awk
a:7;946;7bdde142dc5cb004ab82f55adba0c56fc78430a6f6b23afd33be491d4c7c238b;/usr/bin/which
a:0;135128;7574177379fa7bb833265faadd423282df8d8113ac1556366616d6be41911b4b;/usr/lib/x86_64-linux-gnu/cups-pk-helper-mechanism
a:7;555;d4ca356244ed5bcd1a509fd6343b96c8c2289c3f1864fb32f972f2875269e0ab;/usr/lib/cups/filter/gstopdf
a:7;63808;2d2d0cb7a1c54da384354eafaa0a88cbb523d9ef708786de43e05fd43f4a97c8;/usr/lib/cups/filter/gstoraster
a:7;555;d4ca356244ed5bcd1a509fd6343b96c8c2289c3f1864fb32f972f2875269e0ab;/usr/lib/cups/filter/gstopdf
a:7;26792;5411ebc1d838c35e74d9c63954070b67c2e095bebd8d609d0b5706b51c035d43;/usr/lib/cups/backend/driverless
a:7;30872;20bf4b9647ff722f5fa7c9e743c6e83bb5c5dad8717aef198460a0783692269a;/usr/lib/cups/backend/snmp
a:7;174424;892c38c58dd0fa71a9fb9194968fa36856db8743ffeccb917fc5501a180bc864;/usr/lib/cups/filter/pdftopdf
a:7;125560;f3bf59164816762430e8cdf5a5d64b4284a86af86245a52067c533c8cd98f215;/bin/sh
a:7;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:7;43240;b86a2fc5064ad7c1870dfa7a5d81917986417dd5ef5bd3b52a9dfa4df83d7043;/usr/lib/cups/backend/socket
a:7;64448;b6365e442b815fc60e2bc63681121c45341a7ca0f540840193ddabaefef290df;/bin/chmod
a:7;39680;369d57c05e6621ac31b8a58e68efb6be7b5c2ae71c26e37845a5ed3ea15fbaa3;/usr/bin/printenv
a:7;122224;6baa01dd34e2b67590865b24b92cc9b6c43a2566e4803ea5630e41b00a846827;/bin/sed
a:7;151168;4ad96abf4ede1c952d1eb05a301ffbfeda9765b9aa518cfe0074fd2969109fe8;/bin/cp
a:7;48064;e7162f1ea7ddaff3eadc9e871d296451235c9c295645b01aab38c2e4b8c34bdb;/bin/mktemp
a:7;203072;5212564899a46d5c342f3f49b42587446794a5b06389942db3145154a3fcd5c8;/bin/grep
a:7;43936;e9165e34728e37ee65bf80a2f64cd922adeba2c9f5bef88132e1fc3fd891712b;/bin/cat
a:7;72704;4adcaeb3700af8910af3c791511d12b5b53c9e62ec09af1fd2674d93866b3522;/bin/rm
a:7;27056;0c87595d87bb6590a8eea1cfb2aa59d8e95cc5585cb52db7d579c1bcf7cf77c4;/usr/bin/file
a:7;909;c153d8fbc178ea6e576ddca45edcc23ed933bf9dc715fdd074148041107d5de8;/usr/bin/pdf2ps
a:7;39712;86a44c16148c40f4765601dd056180a76ac7b34fca3f474f98d4229ee9f21c27;/usr/bin/dirname
a:7;14520;bbe665e1bddfe0f6c6cafabed9659a6fd47e2ba2d4e7b2cf3d88cec4b7dbbafe;/usr/bin/gs
a:7;694624;dc883511e9a83c37c421f40ebdcc0086a3275a06014634e38d8b5cf46856132b;/usr/bin/awk
a:7;946;7bdde142dc5cb004ab82f55adba0c56fc78430a6f6b23afd33be491d4c7c238b;/usr/bin/which
a:7;80120;fd75296170266046c54554249e4f714b39466ad644d024b173f2b5ef91b5fbc0;/usr/lib/cups/backend/http
a:7;537;8e49d137f5ca0f8cc0824262f6286a2697635ba74f4918bfb18ef757142fa774;/usr/lib/cups/backend/driverless-fax
a:7;80120;fd75296170266046c54554249e4f714b39466ad644d024b173f2b5ef91b5fbc0;/usr/lib/cups/backend/ipp
a:7;26776;098b9fa04a21202e0e60e3fab91374b8d83a12d372b174ed141b9a6f5c17b334;/usr/lib/cups/backend/parallel
a:7;317072;85c777c9645139d14b167e045c3dd136a4b99082bd1a6e60cf672dc67d9ae11f;/usr/lib/cups/backend/gutenprint53+usb
a:7;14488;7d1350a295b21d0767de78cea1d5f1266b6eb1e55a7ab2018dc97ef8c5989aed;/usr/lib/cups/backend/beh
a:7;43256;37d97bbe6fda76e09bf44e821c0f041ec6bd27ae95719486134ba77c3236aa6c;/usr/bin/ippfind
#--------------------------------------------------------------------------------
#_apt
a:100;28191;42d698778e869d04053a78404377ac4df1853ca05f23082e31345ec80608d399;/usr/bin/apt-key
a:100;125560;f3bf59164816762430e8cdf5a5d64b4284a86af86245a52067c533c8cd98f215;/bin/sh
a:100;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:100;26856;4e286f7679a7a6ad024ba78706b67166f6bec5bc972b9a61f836e18f1314bc6c;/usr/bin/apt-config
a:100;313888;c92aa5a52a7aa420e5ca32e61297aadd695be7f2dc5bb99eb40b105f31b35d04;/usr/bin/dpkg
a:100;48064;e7162f1ea7ddaff3eadc9e871d296451235c9c295645b01aab38c2e4b8c34bdb;/bin/mktemp
a:100;64448;b6365e442b815fc60e2bc63681121c45341a7ca0f540840193ddabaefef290df;/bin/chmod
a:100;52032;4cd4f001e88b7dc250852fa712fd960132a73f12fd9351c4e1391c541bd419dc;/bin/readlink
a:100;72704;4adcaeb3700af8910af3c791511d12b5b53c9e62ec09af1fd2674d93866b3522;/bin/rm
a:100;101408;a822be429afafc8b5876ba18b7dd3ccb5b7721ac88b13e94262fe795e879be07;/bin/touch
a:100;47904;d93d79bc89491701522ba604cb8993753ee8eb63d51b0021492f7bf1d507c4c8;/usr/bin/cmp
a:100;43936;e9165e34728e37ee65bf80a2f64cd922adeba2c9f5bef88132e1fc3fd891712b;/bin/cat
a:100;311008;2ad499c88e0343f5c414e38f810cb3505fd83ac5b1d4d690fb0967f450f52233;/usr/bin/find
a:100;118408;1646c86cb8fb94e9abc6a4b87550fd94cc4439e1d12888e30dc642fe84a41fc9;/usr/bin/sort
a:100;151168;4ad96abf4ede1c952d1eb05a301ffbfeda9765b9aa518cfe0074fd2969109fe8;/bin/cp
a:100;122224;6baa01dd34e2b67590865b24b92cc9b6c43a2566e4803ea5630e41b00a846827;/bin/sed
a:100;449400;1c64b8f6c581b976507c8ca0d11dd702ab242416421d6a07a83a1d6610910faa;/usr/bin/gpgv
a:100;166496;1124ae4a35a0aafb6f3b26216ebce3ef265ae8154957a5dc7968e1da6a600fa3;/usr/bin/gpgconf
a:100;150400;3ab3ca4a2df0dab1f35689372ac8083669206d9ff8fd35befcf2f2df984c69d6;/usr/bin/gpg-connect-agent
#--------------------------------------------------------------------------------
a:102;51336;e04aa48609f92454087d28197d06c7cdfe622ee84feb6d3381b18f77be932162;/usr/lib/dbus-1.0/dbus-daemon-launch-helper
a:102;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
---------------------------------------------------------------
example
part of /proc/safer.learning
---------------------------------------------------------------
INFO learning
FILES:
FILE learning LIST LEN : 309
a:0;170168;cc76e8741f2d36478c049eb3410db6173bbecaa01bfe9fa52f9b2e2b3584aa62;/sbin/modprobe
a:0;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:0;6301;078e9d839dbdbcf7a63c93e208e94b5baa3b8432cf4c9ad5e983613543ba1ff6;/init
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/bin/sh
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/bin/mount
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/proc/self/exe
a:0;384;d6e4045a43660a69a33d623c8dc8fb3fd219def71efacf75dccc4bd024ca497f;/scripts/init-top/all_generic_ide
a:0;296;e3fd2f67b92756f053ee3045c45f4d40ba957bf310f2ca64c11f80f6f25604a1;/scripts/init-top/blacklist
a:0;167;2d04d7d7705d1c06cb9fff4c5290c02e719120e43ac65c387f00d8ef37b2d4cf;/scripts/init-top/keymap
a:0;229;fff1dc28c42d101d6e959edb8d5f6bdc96a81495c26aa872db4c484eb8697f87;/bin/setupcon
a:0;14976;1521008b8d42b6661ab4abcb89ea3a48040bd88867d36217cb41be44df0b9549;/bin/kbd_mode
a:0;220304;ca4b67ce227b7301dea1dcfc6b4ca23bea789936aabf695fed601e71eed2ac7c;/bin/loadkeys
a:0;658;0b375e793f70de3329064fa1efcefee7d59e054aff46ce885c73e9a6aeb08f5f;/scripts/init-top/udev
a:0;342552;b0cc8b09827d118d019e4cba3c8b845cfb8618a84e66e5d8e12750977636aa8d;/sbin/udevd
a:0;358872;6f4cdacffafc0bc4dc7d5f9614ca7b95f577a64e6dbc331ba84d5ec3b99f380a;/sbin/udevadm
a:0;321;ff35f886ce26d27358eb635531d9f42be6b84558cb982673c710ede9516cdce3;/scripts/init-premount/brltty
a:0;757;48387c4868e05dc729d57988b58f195de78906b3e15ad94c5bd2233de7fb01c6;/scripts/local-top/cryptopensc
a:0;356;73d7cb791d3907e4c4a3f4fb53435c4cdcf4ce2aa7b076c914a2c568a82e04d7;/scripts/local-top/dmraid
a:0;29464;fde66c477e3a6be1d4a76b36bbbbf88aa4b143f7e53e93d149b995369792b4df;/sbin/dmraid
a:0;970;0308f526fe8d0f963335e0394fd2af3484947d39856a5756dfeaec3bf007d53e;/scripts/local-top/lvm2
a:0;8630;099f79e829383fa100a8b3522c0442e686ab972b5966417a97f3341efd92d937;/scripts/local-top/cryptroot
a:0;2042;49669fdd14b6c0ba7af5c5d59df30f2a233b2d56474ff046b0185df7c8861825;/scripts/local-premount/bcachefs
a:0;1003016;b9af1dc56c247213bab54c55c8aeadbe97828ea5bda62eb6daa6fa9b8e5d3212;/sbin/bcachefs
a:0;274;642807af4437aa1c88a764933169a3907b90e8bff4714191b65d56b6a517f49d;/scripts/local-premount/btrfs
a:0;829136;8188995eef2a4e18779a6ced422af0322688ce3c859d2cc8245142e0b08579d2;/bin/btrfs
a:0;226;1d5253aa05e2fc6ca4cb887296a1b1324b403b27fda74e368995c701336f1c25;/scripts/local-premount/ntfs_3g
a:0;863;e8b4ec9ba6e78965e9c054cd296291b3ed1441b3eef25c9c94b8a37afee53b3a;/scripts/local-premount/resume
a:0;10048;981049085412a4e02f9958fbe227fafeb89dc6ea79e3c95dd2d75fd98d5cffeb;/bin/fstype
a:0;74688;f406be2c852e5f5506ceece7aae140dd3752cfda9d9a9ab320cbf0a4408d0c99;/lib/klibc-YUkGbOClhnaZRUUd4cUed0X2XZI.so
a:0;253;4af31bf99d709441e447bb878160582775f952712725f2024f17de9eca3f13ff;/scripts/local-bottom/cryptgnupg-sc
a:0;449;a797ac8a0eebd5e3a0441ceb63c275b5619dfabedff3839d791a0f72e22629ff;/scripts/local-bottom/cryptopensc
a:0;307;bb5859e98734587f7ecde5f6b15b31764de26e2144521c8ecd3390e1f5153ce0;/scripts/local-bottom/cryptroot
a:0;46;b869c815c88f44df40f61b32f3f61c2aefe8139d354cfe8cb59ba9e95aae84f9;/scripts/local-bottom/mdadm
a:0;345;a9fc8e10ba7af2a21513b88f2443c0bfeae129f370e02592776ff31f246b7227;/scripts/local-bottom/ntfs_3g
a:0;403;b7d524c5c0f085c4aa7470b36a7707ed158d09d7ffa6bc9bdb47c7e2b5f30cf5;/scripts/init-bottom/udev
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/sbin/run-init
a:0;92544;e673d22233914f69da6b7af3b38e7c3aff18526d36c5d40d9c44679193369d7a;/lib/systemd/systemd
a:0;210976;4e4ee4c72387fd8e27661728af322ccb62d5a3f9183e20b271e1d12e07e87480;/lib64/ld-linux-x86-64.so.2
a:0;178448;c6dd853884a0df890e1b66366bbc269f18bc6fd6fb7d4b4a19a735f07d1ca4ae;/sbin/modprobe
a:0;84536;5138a643a5affb4ae5c4bea349666512595a8bd0a617af66bff771d1be5bc2be;/usr/lib/systemd/system-generators/nfs-server-generator
a:0;35336;7be0a1a9f8651a8d61d61aa26a9f477c2360ff652484e7c4d6797f6c22fce0ca;/usr/lib/systemd/system-generators/systemd-cryptsetup-generator
a:0;899;addb7f1ca1f7a204237511c6358ae542268291e33124a056575d6f1409316fb5;/usr/lib/systemd/system-generators/openvpn-generator
a:0;31032;3e18ce86ffd27ce51095a38c78d5712fdc7ddf3f6c0949480feb43ed6135ecb7;/usr/lib/systemd/system-generators/systemd-gpt-auto-generator
a:0;39264;04957d804962539c9d40fa8a2cc623a04072789e16fff5473066348d323f298e;/usr/lib/systemd/system-generators/rpc-pipefs-generator
a:0;14640;d100f0e4a74c4d704f0daac302c9b24098465c2a00a16744655a51995e292953;/usr/lib/systemd/system-generators/systemd-rc-local-generator
a:0;18888;b9e2c34a125ae01fc1b1d13e65ead70584ef0712c12f0ca5b88b7e9a8e5cf3ac;/usr/lib/systemd/system-generators/systemd-debug-generator
a:0;31096;f2bda13f4424a0470c9070668b065b914dcd6db4d7c4bd1a335ec2619f803736;/usr/lib/systemd/system-generators/systemd-sysv-generator
a:0;22832;cf5e56093d000ca9edce5cf3c6392e074b46a16230f270f062163dd4d2846335;/usr/lib/systemd/system-generators/systemd-getty-generator
a:0;43616;e85c4ea7ccac5de36530e44e9f36550f136ac501e42d3018504196d350f2b45c;/usr/lib/systemd/system-generators/systemd-fstab-generator
a:0;14776;fe05cc270fc6e32464744973efdda1b2e11052ff9da8e3434c976d09566b472e;/usr/lib/systemd/system-generators/systemd-hibernate-resume-generator
a:0;22936;3db84c11c362288abe9d77c221296bc8709572bb0709dfbe706958b99a3ecc83;/usr/lib/systemd/system-generators/systemd-integritysetup-generator
a:0;14776;78eccdd11990a27ac0275ece87b736e145a3a7689de88d2029a380ec3793a039;/usr/lib/systemd/system-generators/systemd-run-generator
a:0;14640;aa8370abb3aba1324d14f108afbf40d60f9532f3f81c861b64f4f61fe5db861f;/usr/lib/systemd/system-generators/systemd-system-update-generator
a:0;31248;dfaaf73699caa12b80673942978a3357ea316a09e47e973691b52de097a54899;/usr/lib/systemd/system-generators/systemd-veritysetup-generator
a:0;125640;f5adb8bf0100ed0f8c7782ca5f92814e9229525a4b4e0d401cf3bea09ac960a6;/bin/sh
a:0;97552;ba74b1a15a5b9b7929a595f45103d7fbe722840b7211d313dd4872893f031fb9;/usr/bin/mkdir
a:0;151344;cb30d69b24245bf2ecdc9e7f53bbad19159999970b6d82c0c00c7d32d9e37aa4;/usr/bin/ls
a:0;59704;83e4e0e5b9317f9a1e87790c923bf92120d89e2b05baae78c54c100c75563488;/bin/mount
a:0;390;f79265d2ad5b43ed44bbd6efa2b002f007cc97b369e45238b5385f35cdc00587;/lib/console-setup/keyboard-setup.sh
a:0;178448;c6dd853884a0df890e1b66366bbc269f18bc6fd6fb7d4b4a19a735f07d1ca4ae;/bin/kmod
a:0;3164824;58f8121b8f4b637e4c4576f17b519e63d3df036c023d960a61c2a613967ee724;/sbin/lvm
a:0;170496;91dca27b2f4e03ab19d9341aa6118d0fe0c2f169010a9ca3f5613b67e1e1cab0;/lib/systemd/systemd-journald
a:0;358;874bf484f844ad1003255481c36b04bfba66051ed021b4c859c79beb3c232ea2;/etc/console-setup/cached_setup_keyboard.sh
a:0;26936;0b1acc7b55d04e84e12b57337e912d2b541dea7c410e847bc3f66378d7be2e7a;/lib/systemd/systemd-fsck
a:0;18912;51e3b5795ede0be423995d576c47a650562bb15cbb1dbe784ee95405a24ed8c4;/lib/systemd/systemd-modules-load
a:0;1336848;e19e6302e04650a221c84462ebf04d8d9af28d46c0db840bb6f80f4a165ac3b1;/usr/bin/udevadm
a:0;72752;58e8be37049deaaacaf56196d507584b94e87a35a524db0c0459eb5ee6ae4b8c;/usr/bin/rm
a:0;55664;78c0b3a725e7c909d549d0ee01021ab66643f5c3f3d8f55bac1e12b10f0399c6;/sbin/fsck
a:0;2594;8d5f0d75d277ac0eea85bb7dadb7edc2f86b07db7e6e42603756f45f5a323d50;/usr/sbin/fsck.xfs
a:0;27000;aa1161b6351c24478727f8f5919248896b02454f51db0006bb2a00c5c3f25213;/lib/systemd/systemd-fsckd
a:0;18736;cf7fe3ae6d011cd13f02894f8390f9e1e1a792cd6c6563da24807aad82d3f346;/lib/systemd/systemd-remount-fs
a:0;23008;dcb355bd3c3541c281e0d09ae80bd5f140453f331646cc88098b789981e9569a;/lib/systemd/systemd-sysctl
a:0;51512;1c3011375d9ba2f2f0f867e1bcd38dd72ad613cfc3232b5dbe469449ad6b38eb;/sbin/swapon
a:0;76432;3ac549ef150d957b7aef3e11db55062862c09c1581213e118f53ad98dd06a966;/usr/bin/journalctl
a:0;22832;b55c4ca2d7332ec80c4e1cdaef007ce62df7463859acd9a7ebf159320e3caa03;/lib/systemd/systemd-random-seed
a:0;60088;98ac83d0fd26e09ac86e9fa8dd8dff759a9bd1f162b1ab64020cff50f35aa6c3;/usr/bin/systemd-sysusers
a:0;88232;6090a833f6006182549861d34f2da2712fe965dd47e10d1ad8f9e59cd96b05e6;/usr/sbin/ifquery
a:0;113224;e0d10626764729cc3b2e9022a57470b8ebcc95322a71efbbc09907124f28e9fb;/usr/bin/systemd-tmpfiles
a:0;920;26565008e9dbc7332fd999dbe92fb66b2410b66460b2c844b836de672d6040d8;/lib/console-setup/console-setup.sh
a:0;35664;c79bf44242829108e323378531f4ac839513ca1fba45efd6583643526e1e9fd2;/bin/true
a:0;88232;6090a833f6006182549861d34f2da2712fe965dd47e10d1ad8f9e59cd96b05e6;/sbin/ifup
a:0;43888;ed210303cc81299ad2bf8804d4a2f1e2853ad34f6307a3114b48444ceb6c60da;/usr/bin/uname
a:0;47936;68e9c6cd741cc47549dc9e59fbeb2ae7cac195f66c40ad73921ceb77719c11c0;/usr/bin/plymouth
a:0;18808;48409d180f3e0fff63e112d2136ba351d0a58732ac235b45c127fb620c0f1b3b;/lib/systemd/systemd-binfmt
a:0;27560;78b6e84e2a38fc763e71506c25cea342c7d83ff7d655577b798552f523b67f03;/usr/bin/run-parts
a:0;344;736329a67c074e6acf2056508028977c2edd7d7fd408b0e054843920b18d1f7d;/etc/network/if-pre-up.d/ethtool
a:0;4191;aa9ffc4995729f674d0b729ffa0a0a14304bc4f04a6a59eb64379f238b69271f;/etc/network/if-pre-up.d/wireless-tools
a:0;35392;b209e12c5272ea4d50ac1e9fbf087f020be0453bdb377185b7ad42a3b79fbf30;/sbin/iwconfig
a:0;1336848;e19e6302e04650a221c84462ebf04d8d9af28d46c0db840bb6f80f4a165ac3b1;/lib/systemd/systemd-udevd
a:0;4696;77dfc5b63e0276c8dafc26dae9b6d0ccb7bba645956dd98d43f648fcb1cbc65d;/etc/network/if-pre-up.d/wpasupplicant
a:0;203152;9a9c5a0c3b5d1d78952252f7bcf4a992ab9ea1081c84861381380a835106b817;/usr/bin/grep
a:0;691016;aa39a2d90d051a8dc3cdcb85f933b1306c399abaaa53c5310a0cfc819a4ac9a7;/usr/sbin/ip
a:0;63976;54a84dd0ca36aa15acd969df1cd29921c2d1132622761855884a44f353f9ac50;/sbin/rpcbind
a:0;18808;4e1cd1024513b98401bdefb45522706fc665f46c7e15bbfa60f3aa097f851994;/lib/systemd/systemd-update-utmp
a:0;145;89b2dd9fc15e7361cdf64de7db8eb038dd8a8677097591c89411ff380ea55f15;/etc/network/if-up.d/chrony
a:0;1685;445c0423f3e48697fd2f4161bab7b2ab7883aa398c68e26258c673adf6a0a032;/etc/network/if-up.d/ethtool
a:0;4938;2304420cb057e7231e8c8fefb96a96b9263b4f2be61c71bd77c0a08d22655ec8;/etc/network/if-up.d/mountnfs
a:0;1345168;4934ec39fb44798be04f0f06a37da77afa480bb76c7eedd8943a5e1c571c7de6;/usr/bin/systemctl
a:0;31544;f67d71f886406f395c06c7deb3a6b48d37772acae1e8a661831ce4090a7150d2;/usr/sbin/haveged
a:0;147544;71261c08339a3b050319d2051231a731acd595aabc9db6cf25f4040597bd8ca2;/usr/sbin/plymouthd
a:0;31040;f4860f0aaa2ccabdc359e23ac2b984c15dbd89e90e62a4332acb85dc7df0821e;/sbin/sysctl
a:0;385;ec5cef9ef50fe79d4085bf2753417ca1ae41ba3400cabbdaad92f39c853e3ccf;/etc/network/if-up.d/openvpn
a:0;4663;60aa2dc986c5c35fae90429334cf3002d9d9c0d0e7895d7d193c03e890a861a7;/etc/network/if-up.d/resolved
a:0;4696;77dfc5b63e0276c8dafc26dae9b6d0ccb7bba645956dd98d43f648fcb1cbc65d;/etc/network/if-up.d/wpasupplicant
a:0;606664;5e0cbefd85dd9676a7fad2172673e3b7d57c1e8ea8349768afdd958a4a0972e8;/usr/sbin/ethtool
a:0;2779;975868db14362baeaf0835f337dd95121706ec59e39143e42890a4360f3ff8c6;/lib/udev/ifupdown-hotplug
a:0;126424;73b13fa951d414c5434c88e0acf8f993e375fb970c1a9b05b61722217f721c48;/usr/bin/sed
a:0;88232;6090a833f6006182549861d34f2da2712fe965dd47e10d1ad8f9e59cd96b05e6;/sbin/ifquery
a:0;14576;509c41e82eb3bfd97ec0652e992cd19a879e2d0c9d07a8de58e9f21e8b5e1aef;/usr/sbin/obex-check-device
a:0;1998;0118bddbc23fdb4c82518aa260c19dbf23ff7c5abafce9af72dd88afcee1aeae;/lib/udev/tlp-usb-udev
a:0;48144;a3d987dd3f9ec0610dc13b7fdccef84895628065434f44247a65ef0d2a341b3c;/usr/bin/id
a:0;43952;879a70d44241bc6704bb8baae38ebd8466ac95707c3b74ca598a9487a841bfb4;/usr/bin/mktemp
a:0;6757;1f762ae21a50d61a2837d97f5bf96850749afd9bf79950a70fb21158ddc86d3a;/usr/share/tlp/tlp-readconfs
a:0;3804432;8558e358f7ec62f5c5f2d5b39777cf0b8d08b64bc5b6c45cba8592c6a79d5cff;/usr/bin/perl
a:0;44016;008f819498fe591f3cc920d543709347d8d14a139bb3482bc2cd8635c1b3162e;/usr/bin/cat
a:0;43888;4add4bb89d8ca0e3b1bd861130ddd7ae0fd9617a8055de0a38c8d2ca1ac95723;/usr/bin/sleep
a:0;55648;afd126f8fd8200c03f0261c53ad5cc5b30bf264d665810e5a5aaeb636158951e;/usr/sbin/blkmapd
a:0;56264;87fa4a8201e44b3105ded5d7aa0f70618121609f8b5e6933975418cd40b4aca4;/usr/sbin/acpid
a:0;34920;67ce01942e82096a4114c908bfdc88c214d4dac952c5725c16fd87d08e623d1f;/usr/sbin/anacron
a:0;2489;92e94db5f8934f0760a76da7fb4ba4ff545b14ee03209950db6224ad049114f2;/etc/init.d/cpufrequtils
a:0;149944;6e465a5a3ef4c43aa4ae0c7afb55817ad8e9e4cca914cbdaeb40fdeebf9d4f50;/usr/sbin/avahi-daemon
a:0;5394;ca2883dfcc5568121cf4afe5d1556a4fdaa5e24c6677d56e1c03da07bfc5356b;/sbin/e2scrub_all
a:0;51776;bbfa16dde02dae2aca823960c39966a5f58ea5aec2a46ae8ed92ee0e06381673;/usr/sbin/cron
a:0;244288;1f729ba5672fa1b3d6dfb9d4415db98e023537d7e3a7c20737a29438dfcca412;/usr/bin/dbus-daemon
a:0;1748;6154f14d18f1c6b5a296412d9830c04648e787a70ae01761093523ef2c1dba6e;/etc/init.d/hwclock.sh
a:0;27560;78b6e84e2a38fc763e71506c25cea342c7d83ff7d655577b798552f523b67f03;/bin/run-parts
a:0;117272;52d5ecabb67d8f3362898161193c08f984e58efe5b104e3432f4d8d13baae99e;/usr/lib/polkit-1/polkitd
a:0;749352;b79d66056ac3d630928485101b053cecb7d028aef8a952c0694e002be0507c2d;/usr/sbin/rsyslogd
a:0;1265648;a4b895f98db75079f2af6e510c95db0d5c5d596e448bf3fe689d0bfdd182e28e;/bin/bash
a:0;281096;98aaafe157e671f267ed1d77ef7155bce90e6bcaf64ce9c8a1c41caf6085eab5;/lib/systemd/systemd-logind
a:0;1345168;4934ec39fb44798be04f0f06a37da77afa480bb76c7eedd8943a5e1c571c7de6;/bin/systemctl
a:0;100520;75d119f710acc16345781b5fa3efcb188c9882808b4f02d19069db7fed1ff9f7;/usr/sbin/logrotate
a:0;3364352;761026a7a8302b14a3a674da00b0cb772620386be78c8cd8bcf825709813b5c9;/sbin/wpa_supplicant
a:0;52112;bfeeebae7ec8362788bc6e58182d5d1f534e6f7ec970be28ef63590b74edc4a5;/bin/readlink
a:0;3366144;6bce8a7a5280593d89d2c49b25982789aa648c53c9004cf07d2bef6cfe851f01;/usr/sbin/NetworkManager
a:0;47936;68e9c6cd741cc47549dc9e59fbeb2ae7cac195f66c40ad73921ceb77719c11c0;/bin/plymouth
a:0;2108184;f47b3a398d53e792e81616280940c9efe6277358091202f252e254886bdd1c5a;/usr/sbin/ModemManager
a:0;44016;008f819498fe591f3cc920d543709347d8d14a139bb3482bc2cd8635c1b3162e;/bin/cat
a:0;126424;73b13fa951d414c5434c88e0acf8f993e375fb970c1a9b05b61722217f721c48;/bin/sed
a:0;203152;9a9c5a0c3b5d1d78952252f7bcf4a992ab9ea1081c84861381380a835106b817;/bin/grep
a:0;14640;2794a52dbbe01fb1f60f5b305c1ec6a082bd7c2fc3dde860c0ac8d4d9aa58314;/lib/systemd/systemd-user-sessions
a:0;22760;e1f4b1093f066b00572dfdedd8fccea61259050c1e0d9ed8f7f0a31b6e69dfd7;/usr/bin/nm-online
a:0;252;8cdd9cfef02b7b6bf1f44e6bac157f14d6d0c28e107e3f084be41c16c7688df5;/usr/lib/udev/hwclock-set
a:0;43408;0abff8369dcfe54068b6489bc020581550fff01f4a6fa71727b367d1e4fc8491;/lib/systemd/systemd-hostnamed
a:0;59992;0f3a100bdff2317ae41996ca7a49c909dc870b54143b530f0b9ff150f6864eac;/usr/lib/NetworkManager/nm-dispatcher
a:0;2293;d8c5ec76ea9aa2cdcd536232543fe7d2e31bec0ffd7aac8103cc4b91d232a198;/etc/NetworkManager/dispatcher.d/01-ifupdown
a:0;1339;c7da2786cdabb3cf196b97eca9741c9191fbcc63679ae7b1f3e9b3827e057f15;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp
a:0;39264;52d6c2f2dd8a8dc37b9809f414c2ff810259985261dc11d78a5ec7a51433111f;/usr/libexec/nfsrahead
a:0;623;116c2cf7410df8e6a6816b6d21168870d22c2ca10401b7ef8adfc4fac7c88d84;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline
a:0;109672;8ef0da9cfc3256a7f6e44e8db92c342d5cec29c5d9ed57e12d5839badaf5c34a;/usr/bin/chronyc
a:0;76432;38e4759fdcff1dde5c3a37baca01f58a2465d68f980171fc3c2a6b5df6edc45c;/lib/udev/dmi_memory_id
a:0;467;3aab477e758d7f00759e00ad0260845c9a519b9bb2d93cf1653a2f8af90dae65;/etc/console-setup/cached_setup_font.sh
a:0;60312;5368bc17c43cd268ade25e8a4b0e1d05f408a988cd84183bbe2aa4271104523b;/usr/bin/setfont
a:0;19040;aed891155d4fe50a4bb7367be309cbd16c0acf127600ac6fd3960731bfcac4de;/lib/udev/libinput-device-group
a:0;14734;230fdad26d166d491acbf04d9fe315523da260efa9c6cecc9406ed3061269b51;/usr/sbin/tlp
a:0;98136;953d326212574b5ad3cbe5f87034b0c142b6e6d71bb619c51eaa3d2ce47f7e24;/usr/bin/gzip
a:0;23192;19ea1dee1ea1dc7fbc2cee781c971397dbdb2e58375a9987fce9849d63e635f7;/lib/udev/libinput-fuzz-extract
a:0;14760;600395b9885601c94d466413da2b6aab9f042bb2aa44551a36f8a7500eb8b8fd;/lib/udev/libinput-fuzz-to-zero
a:0;56208;cf8a29847ff95b77fe6ef3d9ba3d750c7fd1c807763980e8c5f918da81acb1eb;/usr/bin/tr
a:0;130584;6e8c47dbc5b9b9c47054437318922bfa5787d20f4f25ad07e6db679faef3ca11;/usr/sbin/alsactl
a:0;31096;901151e3ce1d19dd5c66fecf2585a3a89ae21d9bc6a6e72709b4e93b6d928a78;/lib/systemd/systemd-backlight
a:0;56216;ed665c8993678683e7ff97a1f7c914a83411f97147a1224c5f5f4ca7627d2c25;/usr/bin/logger
a:0;35216;0ea8c0be00334f018187237baddc24f66f22e9755ad5eebb9227096115601bba;/usr/bin/flock
a:0;52112;bfeeebae7ec8362788bc6e58182d5d1f534e6f7ec970be28ef63590b74edc4a5;/usr/bin/readlink
a:0;290072;078c2bd209057e4ff1573b55482d5e7d90d5fb510f9fd7b7390459b1a69f07fa;/usr/sbin/iw
a:0;151152;e296487a3a8f10a1c55e56056ba4bbb2d3ca22ae625af9f0d5cebaed28e55fa4;/usr/bin/cp
a:0;64496;623fdf73612f898ec829e529ffd143520fb617a75bca84e242030f48d2144645;/usr/bin/chmod
a:0;1774;9224004fb7e347bf86f089af547b25b251381a938f1ab4453e24791a894ecc4f;/etc/rc.local
a:0;80392;be42bcef0acb4536d99c8ada4c9cbd6f5c88e86e6dd7d13889aca327e863fe2c;/sbin/sm-notify
a:0;14872;1a733de5fa95dfbcdf7dfbf8eedc60640fe0f50a9d227ad3dc13e396bfbc42a8;/usr/bin/setlogcons
a:0;88656;7af543d1ff7a9e62d98303b6277b7466ad72a0bf8238dfc6e32273ed996ac866;/bin/dmesg
a:0;47424;28bc53c5239cc490aaca3ca8a4b958396ec7a0a3bbe766d28b8c096ef39ea2e5;/usr/bin/setterm
a:0;35248;30f31da8ba0660d6875fcfe48924bdf908c28c944e543728379623ad4691fe44;/usr/bin/pkill
a:0;31792;272e1fae5ce8eb29548ea7e430270bb247cec513c06ac7d1a178562da83e829c;/usr/bin/setxkbmap
a:0;691016;aa39a2d90d051a8dc3cdcb85f933b1306c399abaaa53c5310a0cfc819a4ac9a7;/bin/ip
a:0;51360;490db2b6737006383340ebc26fac2ca81a61fafa7a23810b4e8d407f547aa5f2;/usr/sbin/rfkill
a:0;145;89b2dd9fc15e7361cdf64de7db8eb038dd8a8677097591c89411ff380ea55f15;/etc/network/if-post-down.d/chrony
a:0;1409;2a3a295ace3eb0526000a5941de60a07f93ad684af602103f20aba05a3fd1d87;/etc/network/if-post-down.d/wireless-tools
a:0;4696;77dfc5b63e0276c8dafc26dae9b6d0ccb7bba645956dd98d43f648fcb1cbc65d;/etc/network/if-post-down.d/wpasupplicant
a:0;69112;faee3ffb8aae9e7a04580eef139765bb7d6fa9e6bfa1adcc95b8442d9def8b9a;/sbin/agetty
a:0;53024;a3af84194f3f8928094d53a48daf388d3295404c4e54aaa911d7d54a29f9a6f8;/bin/login
a:0;18736;1fd4643d4ceb7f3ad3010de3c28f142cdc18571ddd170be495a9708cdcb26243;/lib/systemd/systemd-user-runtime-dir
a:0;14640;212f673d55ecb2621e80028ff12291470e2949aa083db4da81228d624ca8bdec;/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
a:0;772;5a7c93bcd4301f48201b6c846babdff3e70c33d4e634749691c0b9d06acb84b1;/usr/lib/systemd/user-environment-generators/90gpg-agent
a:0;178928;e2d3556bd5c8cb9d9ff9d0805ca402c852e6ce032b2aeface3a4c1208cea8582;/usr/bin/gpgconf
a:0;713152;f67ae79386186747c21cb4ca6d449161490840fff1ec6b9d8123641bfe6fdc27;/usr/bin/awk
a:0;435424;c731e9175a16a24a60ba783636c5847779f87c643c9a1d3b5803600e05e65def;/usr/bin/gpg-agent
a:0;31096;5442951dca0ea43152e524917ef8af0f01a053d96e81f0b5e2123abf0dacc315;/usr/lib/systemd/user-generators/systemd-xdg-autostart-generator
a:0;1606;1fc3385a320be604fa903456f37e367c5f9334cc6847ceb2df30da7daf197915;/usr/sbin/lgmount.name
a:0;35128;3b59400a5ed7f2067cc846b30f2c2684f09c935a001943d237f0bddaea37b0b9;/usr/bin/fusermount
a:0;4118400;b17162878549d78c89fc2fe85604776f074c8b39e0696dea4bed6b2d3d06f5ed;/usr/bin/gocryptfs
a:0;9099;b25b0d0bb747dda5b6e4b9c0c27e8b6257051922a347272c79ab4891ec85f5bf;/usr/sbin/service
a:0;43856;bc0828b09781a8b19a6d31f23f3f6e0d4e2f216490dc1d1e98321f684cbfe0a2;/usr/bin/basename
a:0;35200;b356a1615c4dcec53a06a1f3117bc084987ff5db4ccdda7eb97b9039892132a0;/bin/systemd-tty-ask-password-agent
a:0;637416;04108ea85914b34e55e25ffed31934c83aa0e9fc69f4c0bc04490bfd338462f6;/usr/bin/sddm
a:0;52736;d5d3c556e7acc1a224a2847095bd5551a81b2418e2de827193119a028b0d0058;/usr/bin/xauth
a:0;274;bca1ceb412614f4e0cb13a68b5d78e86b32ac25f7f2f66b40de73517c8f239eb;/usr/bin/X
a:0;14672;aeb9f5f800a8e1e6aec10d49f7f62fb4b124113391bbbe3a57d8f571105c4fe6;/usr/lib/xorg/Xorg.wrap
a:0;2531136;0f26f34728d7e3f81fb6cc497d1bef5d4e65e4836fd25249a59b98f7f4275207;/usr/lib/xorg/Xorg
a:0;73;944a6ff2b756619aa977ccadb27c7d32384c3a38a3126575dddc1bd054879991;/etc/console-setup/cached_setup_terminal.sh
a:0;222144;eca6986af7d15277394b8476b8ad85229ee1a1a879d43d2a526f106af3761550;/usr/bin/xkbcomp
a:0;23144;aa37e60c8282f1ecb944d1de464b75f95a9880803d8a782ce7f5041bea1e5f7f;/usr/bin/xsetroot
a:0;74;8f51093622f8e242e027631600fad4960ca9d54468c03ced4f2368d582492ffc;/usr/share/sddm/scripts/Xsetup
a:0;260568;9920bec4ffe6716c1cc9c519474f1a6dafd52b64bb7dcc072c5daef6d38101d6;/usr/lib/x86_64-linux-gnu/sddm/sddm-helper
a:111;92544;e673d22233914f69da6b7af3b38e7c3aff18526d36c5d40d9c44679193369d7a;/lib/systemd/systemd
a:111;210976;4e4ee4c72387fd8e27661728af322ccb62d5a3f9183e20b271e1d12e07e87480;/lib64/ld-linux-x86-64.so.2
a:111;14640;212f673d55ecb2621e80028ff12291470e2949aa083db4da81228d624ca8bdec;/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
a:111;772;5a7c93bcd4301f48201b6c846babdff3e70c33d4e634749691c0b9d06acb84b1;/usr/lib/systemd/user-environment-generators/90gpg-agent
a:111;1265648;a4b895f98db75079f2af6e510c95db0d5c5d596e448bf3fe689d0bfdd182e28e;/bin/bash
a:111;178928;e2d3556bd5c8cb9d9ff9d0805ca402c852e6ce032b2aeface3a4c1208cea8582;/usr/bin/gpgconf
a:111;713152;f67ae79386186747c21cb4ca6d449161490840fff1ec6b9d8123641bfe6fdc27;/usr/bin/awk
a:111;435424;c731e9175a16a24a60ba783636c5847779f87c643c9a1d3b5803600e05e65def;/usr/bin/gpg-agent
a:111;31096;5442951dca0ea43152e524917ef8af0f01a053d96e81f0b5e2123abf0dacc315;/usr/lib/systemd/user-generators/systemd-xdg-autostart-generator
a:111;1345168;4934ec39fb44798be04f0f06a37da77afa480bb76c7eedd8943a5e1c571c7de6;/bin/systemctl
a:111;592344;b502f1a27f567b18e646c81f729e699d98481a0eb3e61bd4468dfee3eb207b37;/usr/bin/sddm-greeter
a:111;14520;2c5a33b6095114546e10f0282d07a2ee437905bd9882175aba5934405be88f43;/usr/bin/pipewire
a:111;22792;f927e3ea66e51c65a45a9e3d592514ae4a7b7fc35afa632b562e69107333fd3d;/usr/bin/wireplumber
a:111;244288;1f729ba5672fa1b3d6dfb9d4415db98e023537d7e3a7c20737a29438dfcca412;/usr/bin/dbus-daemon
a:0;486304;8a77e3dba726be283cec9556fa10766912006bc2fcc6f6f248fd463f92253c79;/usr/libexec/udisks2/udisksd
a:0;130216;02531b2784861dbe4923f899cff0b15bd42982f6f8fb3c34131acfb2babb0324;/usr/sbin/dmidecode
a:0;31040;a60346b947f47b83f4aabfb7a46a27c76f7e100025fcf2762e4f7dc820e1302f;/usr/sbin/dumpe2fs
a:0;1294;522b8b4f5f88652fd5a4f1e6fd01dfcc84898d29a0a226960d52a6e73e7b72e7;/usr/sbin/xfs_info
a:0;117168;91bddfd127a492e12129c504f019bfe3de3a9fbf2a537cdeda237fa7612727fd;/usr/sbin/losetup
a:0;76944;cd67c2baaef8395ae68a396b8ce0bd24dabd9272f501f1afb7f76f7ef0cfc083;/usr/bin/tail
a:0;85600;c4c89ad3b79c785f7b170a43417d10ba1d64fd98a6906345eeeec18ce168bbff;/usr/bin/findmnt
a:0;43736;193d44d1fd65c4138d9f13be6cdff5918396757a2009d1d9a11060db9c506b49;/usr/sbin/xfs_spaceman
a:0;141528;5ca8cfa2909ba43ed7b48057a00f450c4c43363e93b28866b70ae42d45df686d;/usr/libexec/upowerd
a:1000;92544;e673d22233914f69da6b7af3b38e7c3aff18526d36c5d40d9c44679193369d7a;/lib/systemd/systemd
a:1000;210976;4e4ee4c72387fd8e27661728af322ccb62d5a3f9183e20b271e1d12e07e87480;/lib64/ld-linux-x86-64.so.2
a:1000;14640;212f673d55ecb2621e80028ff12291470e2949aa083db4da81228d624ca8bdec;/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
a:1000;772;5a7c93bcd4301f48201b6c846babdff3e70c33d4e634749691c0b9d06acb84b1;/usr/lib/systemd/user-environment-generators/90gpg-agent
a:1000;1265648;a4b895f98db75079f2af6e510c95db0d5c5d596e448bf3fe689d0bfdd182e28e;/bin/bash
a:1000;178928;e2d3556bd5c8cb9d9ff9d0805ca402c852e6ce032b2aeface3a4c1208cea8582;/usr/bin/gpgconf
a:1000;713152;f67ae79386186747c21cb4ca6d449161490840fff1ec6b9d8123641bfe6fdc27;/usr/bin/awk
a:1000;435424;c731e9175a16a24a60ba783636c5847779f87c643c9a1d3b5803600e05e65def;/usr/bin/gpg-agent
a:1000;31096;5442951dca0ea43152e524917ef8af0f01a053d96e81f0b5e2123abf0dacc315;/usr/lib/systemd/user-generators/systemd-xdg-autostart-generator
a:1000;1345168;4934ec39fb44798be04f0f06a37da77afa480bb76c7eedd8943a5e1c571c7de6;/bin/systemctl
a:1000;14520;2c5a33b6095114546e10f0282d07a2ee437905bd9882175aba5934405be88f43;/usr/bin/pipewire
a:1000;125640;f5adb8bf0100ed0f8c7782ca5f92814e9229525a4b4e0d401cf3bea09ac960a6;/bin/sh
a:1000;22792;f927e3ea66e51c65a45a9e3d592514ae4a7b7fc35afa632b562e69107333fd3d;/usr/bin/wireplumber
a:1000;52736;d5d3c556e7acc1a224a2847095bd5551a81b2418e2de827193119a028b0d0058;/usr/bin/xauth
a:1000;244288;1f729ba5672fa1b3d6dfb9d4415db98e023537d7e3a7c20737a29438dfcca412;/usr/bin/dbus-daemon
a:1000;1674;9bdbde965c5b5ad98939e3541e4c64133b6a34589d8083fcf26e4606fbe103e0;/etc/sddm/Xsession
a:1000;48144;a3d987dd3f9ec0610dc13b7fdccef84895628065434f44247a65ef0d2a341b3c;/bin/id
a:1000;44016;008f819498fe591f3cc920d543709347d8d14a139bb3482bc2cd8635c1b3162e;/usr/bin/cat
a:1000;109616;76100d3a8613237bf8b18bdd007c2881b749033ee89dd92d48b86f0ce8acfd54;/usr/bin/touch
a:1000;64496;623fdf73612f898ec829e529ffd143520fb617a75bca84e242030f48d2144645;/usr/bin/chmod
a:1000;121904;b047bec6f8fed78ad9c59c8eda24d6772d51baa766fc0f71f5936d45267e4036;/usr/bin/date
a:1000;43952;879a70d44241bc6704bb8baae38ebd8466ac95707c3b74ca598a9487a841bfb4;/usr/bin/mktemp
a:1000;72752;58e8be37049deaaacaf56196d507584b94e87a35a524db0c0459eb5ee6ae4b8c;/usr/bin/rm
a:1000;27560;78b6e84e2a38fc763e71506c25cea342c7d83ff7d655577b798552f523b67f03;/usr/bin/run-parts
a:1000;14560;59081d7d01ef57b60661d0084cd73979e9fe9ac2dd9e766d74e40ae8bd58b0a6;/usr/bin/dbus-update-activation-environment
a:1000;35760;e518d9e8d3b77386d523f51ba23997d0559d929edf88588adceae42bde563c90;/usr/bin/xrdb
a:1000;1301496;7e0a72c0e201d3f2e83f42848caf23de2ba77ff43d57a8fe26621cdfaea730ca;/usr/bin/cpp
a:1000;33342568;ffb46aa0b216fd4e7334a685e8560f6b50292b998fccbf99e85087c9bd316119;/usr/lib/gcc/x86_64-linux-gnu/12/cc1
a:1000;203152;9a9c5a0c3b5d1d78952252f7bcf4a992ab9ea1081c84861381380a835106b817;/usr/bin/grep
a:1000;76944;cd67c2baaef8395ae68a396b8ce0bd24dabd9272f501f1afb7f76f7ef0cfc083;/usr/bin/tail
a:1000;48144;a3d987dd3f9ec0610dc13b7fdccef84895628065434f44247a65ef0d2a341b3c;/usr/bin/id
a:1000;19032;dfda731d4559d8d1d4572515d4558a41cedc5b2032e00182d19b92dc204b6d91;/usr/bin/xhost
a:1000;106536;66340980ebe1126b4f4fd574c8a16df1bd4b277ff46ebb97de896f73d9c300ce;/usr/bin/lspci
a:1000;481664;5c219e5b680350f551102a477d681d04aad639860d0164226d94bafc1394e683;/usr/bin/ssh-agent
a:1000;194952;b88807c1d7ded99c7409c5473da9543e60eb500e7069fabe53098a8285271fda;/usr/bin/startplasma-x11
a:1000;133512;99543201e07abb111631e74d32a823368d4e3209067b74a1e571b0a54618ef3b;/usr/bin/kapplymousetheme
a:1000;39304;f35134a3ab2a421cbe7aa68d79af9aa37e6dea0e062b17d894f8a88109d0628a;/usr/bin/ksplashqml
a:1000;48536;615c46b39130a04a08da04163542ce7ce1164fa4b35408efb43aac0a8a9f7ae5;/usr/bin/env
a:1000;23144;aa37e60c8282f1ecb944d1de464b75f95a9880803d8a782ce7f5041bea1e5f7f;/usr/bin/xsetroot
a:1000;31112;054e7df55210bd19a6305c511b10cd085ea62587f742bd4dac798165dd470416;/usr/bin/kde-systemd-start-condition
a:1000;35208;d3ebf11a38f627a542ff159166da3139435215480d8cd51e9f13d17430a145b9;/usr/bin/kcminit_startup
a:1000;736;eaec72ca46358ac17f31294c2d0dd019b687d4682067a1086ce738d350201373;/usr/lib/openssh/agent-launch
a:1000;305544;dfdfc5b86bf811b7f739e3081900de902c550f5b08c5b578565de0bac7e9b9a8;/usr/lib/x86_64-linux-gnu/libexec/baloo_file
a:1000;80104;165a089cd3fb097f549d00106771303da6710904881f8428d6bef7532acd93ae;/usr/bin/kded5
a:1000;186768;adadcf8d5eed5f7c9bc0d330c48f64a48fc752e983e14935373f16d972ae9b7a;/usr/bin/ksmserver
a:1000;1358136;d3d361ffe394a81a827c5aab09492b0515da21cb374ff4903a95b10d77a21423;/usr/bin/kwin_x11
a:1000;64880;b486fcadbd70e7cf14c48ad802bced9bbe64bdf9c0339b24656d1b932ceeb862;/usr/lib/qt5/bin/qdbus
a:1000;18752;fea0a8929b527f545836a68a0c71c42f3739f7a74478b97cb46c4bf03dcc7f2c;/usr/bin/kglobalaccel5
a:1000;31792;272e1fae5ce8eb29548ea7e430270bb247cec513c06ac7d1a178562da83e829c;/usr/bin/setxkbmap
a:1000;39688;0bc6ae9369c7918de7db6152df061150ed85984ef4562790f93468a70d2583b5;/usr/bin/iceauth
a:1000;764296;aa1c3d1329c899d7ab13c2f7024235f750daf54b1bec9e768af3b709a61a0d16;/usr/bin/plasmashell
a:1000;84280;20a1909f8a418366021b195550cb6e4c531d44e9e79c23c211a9b4ae3d0a44d0;/usr/lib/x86_64-linux-gnu/libexec/kf5/kconf_update
a:1000;43400;44de055aa3be87b437a6c40000deb2786d6da7350e826ea38213a39faefdfbeb;/usr/lib/x86_64-linux-gnu/libexec/kf5/kscreen_backend_launcher
a:1000;178576;55518dcfe406bac3dcdb9b55d2c01746740be717999367a4114da8b51098175d;/usr/lib/x86_64-linux-gnu/libexec/kactivitymanagerd
a:1000;289160;658b7b9078f9b343e9b99a48372f2b9633ed8469c9a5d4c3e692c862df7ad6f3;/usr/bin/gmenudbusmenuproxy
a:1000;88464;3427ad5e899badf4e8ab160f74f4b691a31cab64b34b291e156c12f05664461e;/usr/bin/xembedsniproxy
a:1000;92392;0a50063c37cbf882187d94f6411856b621a47ef336538e999dbdbc40c297e047;/usr/lib/x86_64-linux-gnu/libexec/polkit-kde-authentication-agent-1
a:1000;88456;42b73d0b53fb6bf48085199f9d008704cc1132a5c27d574460187e91bc87c2b4;/usr/lib/x86_64-linux-gnu/libexec/org_kde_powerdevil
a:101;51272;f097377452b62d6e41b23c6f8644705e96a54abca4b011e0e31b4f2a98243f2e;/usr/lib/dbus-1.0/dbus-daemon-launch-helper
a:101;210976;4e4ee4c72387fd8e27661728af322ccb62d5a3f9183e20b271e1d12e07e87480;/lib64/ld-linux-x86-64.so.2
a:0;18824;3e134c0a8a0d7dc105664a82da5d3ffab15ce063ec75bad165a9653baa49b087;/usr/lib/kauth/libexec/discretegpuhelper
a:0;39304;36e657105c26ece6bb7e204def30ef8caa1cb7e20ad38cb3ebc29ed1efe69287;/usr/lib/kauth/libexec/chargethresholdhelper
a:0;39304;2213720e54ef3a8cbe7d2db21ad01bedde6321c45cc1195f81becc1cf0c6b074;/usr/lib/kauth/libexec/backlighthelper
a:1000;125640;f5adb8bf0100ed0f8c7782ca5f92814e9229525a4b4e0d401cf3bea09ac960a6;/usr/bin/sh
a:1000;14640;351b7e216cdd81e20fb1f76f89332677c1355fdadb15cb8a192607698a6fd59a;/lib/systemd/systemd-xdg-autostart-condition
a:1000;43888;4add4bb89d8ca0e3b1bd861130ddd7ae0fd9617a8055de0a38c8d2ca1ac95723;/usr/bin/sleep
a:1000;67976;8bcd911c7de5ddfc374364952c3a133c64f1dad5128270ff46944b497428b72b;/usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
a:1000;88456;dbbb083975039bc8e2e3b6a0a1ce7fa7e98806cb39c0e6e2de807bad152cb044;/usr/bin/kaccess
a:1000;88456;d9cf4909552156a20ea752f5e81f1fe8a2b847380197bfe2001e4f581773c321;/usr/lib/x86_64-linux-gnu/libexec/DiscoverNotifier
a:1000;26944;231139f082f153244419738c62d5cf7fa0152339f21b6cd0666a4c19c7abc660;/usr/bin/apt-config
a:0;296648;752a3f1f2c449bae2e8fb77aa264ba3cba4fa0c0294766f6fb327d163979b56c;/usr/libexec/packagekitd
a:1000;318096;628e9419d3022787966ac9d6e9ae6d35698a6c9f10ae8589976bafec149fc060;/usr/bin/dpkg
a:1000;26944;b713ea14f9f81f3ef7ccd3ebbc56dca542663a20d4e69ba0517d9f163fa4e498;/usr/bin/gsettings
a:0;318096;628e9419d3022787966ac9d6e9ae6d35698a6c9f10ae8589976bafec149fc060;/usr/bin/dpkg
a:1000;88216;e2e80ef8e9b5c025add3bb1fd2abe389ff0a3209b7a841fc58ccc9fd26dee47e;/usr/libexec/dconf-service
a:1000;27016;8a008670c0c00f5a4a739c6d190d702c8e0f90f887e9154425187a1529e9c2bf;/usr/bin/plasma_waitforname
a:1000;14640;90ba4dbe8453eac7ffff8f4e16bf2313a0cda569329a710b1bee87846513e441;/lib/x86_64-linux-gnu/libexec/kf5/kioslave5
a:1000;47496;6e4d506b6da59d0006e432ebe312a90925e7e8a911c5d00f6ae89836cf58fa69;/usr/bin/plasma-shutdown
a:1000;22832;7c2159b5b2d7cc482b134254b72db24cbe136f86c26953ae6faf0a3b8f0b9344;/usr/bin/kdeinit5_shutdown
a:0;90;ec957b2b035262dd235e23b19e353e4f508c4d1684e38b41cde8931dd420d2ab;/usr/share/sddm/scripts/Xstop
a:0;573;0f3c9c125582f96aeb9a6767c34a661e17345a96cda0c4dc9e8a4de671f6b68c;/usr/share/sddm/scripts/sddm-shutdown
a:0;18744;fc643d26847e0d4eb5cb52c5ba3eabffb9acd04d33404b4a12d0347f05288947;/usr/bin/mesg
ARGV:
<ARGV LEARNING LIST> is organized as a RING
ARGV learning LIST MAX : 5000
ARGV learning LIST LEN : 664
a:0;2011200;/bin/mount;-t;sysfs;-o;nodev,noexec,nosuid;sysfs;/sys;
a:0;2011200;/bin/mount;-t;proc;-o;nodev,noexec,nosuid;proc;/proc;
a:0;2011200;/proc/self/exe;/proc/cmdline;
a:0;2011200;/proc/self/exe;-t;devtmpfs;-o;nosuid,mode=0755;udev;/dev;
a:0;2011200;/proc/self/exe;-t;devpts;-o;noexec,nosuid,gid=5,mode=0620;devpts;/dev/pts;
a:0;2011200;/proc/self/exe;-t;tmpfs;-o;nodev,noexec,nosuid,size=10%,mode=0755;tmpfs;/run;
a:0;14976;/bin/kbd_mode;-u;
a:0;220304;/bin/loadkeys;/etc/console-setup/cached_UTF-8_del.kmap;
a:0;342552;/sbin/udevd;--daemon;--resolve-names=never;
a:0;358872;/sbin/udevadm;trigger;--action=add;
a:0;358872;/sbin/udevadm;settle;
a:0;2011200;/proc/self/exe;/proc/uptime;
a:0;29464;/sbin/dmraid;-r;-c;
a:0;2011200;/proc/self/exe;-qE;^(.*\s)?cryptopts=;/proc/cmdline;
a:0;1003016;/sbin/bcachefs;unlock;-c;/dev/nvme0n1p10;
a:0;829136;/bin/btrfs;device;scan;
a:0;10048;/bin/fstype;/dev/nvme0n1p10;
a:0;2011200;/proc/self/exe;-r;-t;xfs;/dev/nvme0n1p10;/root;
a:0;358872;/sbin/udevadm;control;--exit;
a:0;2011200;/proc/self/exe;-n;-o;move;/dev;/root/dev;
a:0;2011200;/proc/self/exe;-n;-o;move;/run;/root/run;
a:0;2011200;/proc/self/exe;-n;/root;/lib/systemd/systemd;
a:0;2011200;/proc/self/exe;-n;-o;move;/sys;/root/sys;
a:0;2011200;/proc/self/exe;-n;-o;move;/proc;/root/proc;
a:0;2011200;/sbin/run-init;/root;/lib/systemd/systemd;
a:0;84536;/usr/lib/systemd/system-generators/nfs-server-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;35336;/usr/lib/systemd/system-generators/systemd-cryptsetup-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;899;/usr/lib/systemd/system-generators/openvpn-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;31032;/usr/lib/systemd/system-generators/systemd-gpt-auto-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;39264;/usr/lib/systemd/system-generators/rpc-pipefs-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;14640;/usr/lib/systemd/system-generators/systemd-rc-local-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;18888;/usr/lib/systemd/system-generators/systemd-debug-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;31096;/usr/lib/systemd/system-generators/systemd-sysv-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;22832;/usr/lib/systemd/system-generators/systemd-getty-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;43616;/usr/lib/systemd/system-generators/systemd-fstab-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;14776;/usr/lib/systemd/system-generators/systemd-hibernate-resume-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;22936;/usr/lib/systemd/system-generators/systemd-integritysetup-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;14776;/usr/lib/systemd/system-generators/systemd-run-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;14640;/usr/lib/systemd/system-generators/systemd-system-update-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;31248;/usr/lib/systemd/system-generators/systemd-veritysetup-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;97552;/usr/bin/mkdir;-p;/run/systemd/generator/openvpn.service.wants;
a:0;151344;/usr/bin/ls;*.conf;
a:0;59704;/bin/mount;hugetlbfs;/dev/hugepages;-t;hugetlbfs;
a:0;59704;/bin/mount;mqueue;/dev/mqueue;-t;mqueue;-o;nosuid,nodev,noexec;
a:0;59704;/bin/mount;debugfs;/sys/kernel/debug;-t;debugfs;-o;nosuid,nodev,noexec;
a:0;59704;/bin/mount;tracefs;/sys/kernel/tracing;-t;tracefs;-o;nosuid,nodev,noexec;
a:0;178448;/bin/kmod;static-nodes;--format=tmpfiles;--output=/run/tmpfiles.d/static-nodes.conf;
a:0;178448;/sbin/modprobe;-abq;dm_mod;
a:0;178448;/sbin/modprobe;-abq;configfs;
a:0;178448;/sbin/modprobe;-abq;efi_pstore;
a:0;3164824;/sbin/lvm;vgchange;--monitor;y;
a:0;178448;/sbin/modprobe;-abq;drm;
a:0;178448;/sbin/modprobe;-abq;fuse;
a:0;178448;/sbin/modprobe;-abq;loop;
a:0;1336848;/usr/bin/udevadm;trigger;--type=all;--action=add;--prioritized-subsystem=module,block,tpmrm,net,tty,input;
a:0;59704;/bin/mount;fusectl;/sys/fs/fuse/connections;-t;fusectl;-o;nosuid,nodev,noexec;
a:0;72752;/usr/bin/rm;/run/console-setup/keymap_loaded;
a:0;59704;/bin/mount;configfs;/sys/kernel/config;-t;configfs;-o;nosuid,nodev,noexec;
a:0;55664;/sbin/fsck;-a;-T;-l;-C5;/dev/nvme0n1p10;
a:0;2594;/usr/sbin/fsck.xfs;-a;/dev/nvme0n1p10;
a:0;59704;/bin/mount;/;-o;remount;
a:0;51512;/sbin/swapon;--fixpgsz;/swap/swap;
a:0;76432;/usr/bin/journalctl;--flush;
a:0;22832;/lib/systemd/systemd-random-seed;load;
a:0;125640;/bin/sh;-c;if [ "$CONFIGURE_INTERFACES" != "no" ] && [ -n
"$(ifquery --read-environment --list --exclude=lo)" ] && [ -x
/bin/udevadm ]; then udevadm settle; fi;
a:0;88232;/usr/sbin/ifquery;--read-environment;--list;--exclude=lo;
a:0;113224;/usr/bin/systemd-tmpfiles;--prefix=/dev;--create;--boot;
a:0;88232;/sbin/ifup;-a;--read-environment;
a:0;47936;/usr/bin/plymouth;update-root-fs;--read-write;
a:0;97552;/usr/bin/mkdir;-p;/run/console-setup;
a:0;125640;/bin/sh;-c;run-parts --exit-on-error /etc/network/if-pre-up.d;
a:0;27560;/usr/bin/run-parts;--exit-on-error;/etc/network/if-pre-up.d;
a:0;35392;/sbin/iwconfig;--all;
a:0;203152;/usr/bin/grep;-q;^IF_WPA;
a:0;125640;/bin/sh;-c;;
a:0;113224;/usr/bin/systemd-tmpfiles;--create;--remove;--boot;--exclude-prefix=/dev;
a:0;35392;/sbin/iwconfig;lo;
a:0;125640;/bin/sh;-c;ip link set dev lo up;
a:0;691016;/usr/sbin/ip;link;set;dev;lo;up;
a:0;63976;/sbin/rpcbind;-f;-w;
a:0;18808;/lib/systemd/systemd-update-utmp;reboot;
a:0;125640;/bin/sh;-c;run-parts --exit-on-error /etc/network/if-up.d;
a:0;27560;/usr/bin/run-parts;--exit-on-error;/etc/network/if-up.d;
a:0;1345168;/usr/bin/systemctl;list-jobs;
a:0;203152;/usr/bin/grep;-q;network.target;
a:0;31544;/usr/sbin/haveged;--Foreground;--verbose=1;
a:0;147544;/usr/sbin/plymouthd;--mode=boot;--pid-file=/run/plymouth/pid;--attach-to-session;
a:0;31040;/sbin/sysctl;-q;--pattern;^fs.nfs;--system;
a:0;31040;/sbin/sysctl;-q;--pattern;^fs.nfs.n[sl]m;--system;
a:0;31040;/sbin/sysctl;-q;--pattern;^fs.nfs.(nfs_callback_tcpport|idmap_cache_timeout);--system;
a:0;31040;/sbin/sysctl;-q;--pattern;^sunrpc;--system;
a:0;1345168;/usr/bin/systemctl;is-enabled;systemd-resolved;
a:0;47936;/usr/bin/plymouth;show-splash;
a:0;125640;/bin/sh;-c;/usr/sbin/ethtool -i $1 |/usr/bin/sed -n
s/^driver:\ //p;--;lo;
a:0;606664;/usr/sbin/ethtool;-i;lo;
a:0;126424;/usr/bin/sed;-n;s/^driver: //p;
a:0;88232;/sbin/ifquery;--allow;hotplug;-l;eth0;
a:0;23008;/lib/systemd/systemd-sysctl;--prefix=/net/ipv4/conf/eth0;--prefix=/net/ipv4/neigh/eth0;--prefix=/net/ipv6/conf/eth0;--prefix=/net/ipv6/neigh/eth0;
a:0;126424;/usr/bin/sed;-n;
/^IF_ETHERNET_PAUSE_[A-Za-z0-9_]*=/ {
h; # hold line
s/^IF_ETHERNET_PAUSE_//; s/=.*//; s/_/-/g; # get name without prefix
y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/; # lower-case
p;
g; # restore line
s/^[^=]*=//; s/^'\(.*\)'/\1/; # get value
p;
};
a:0;126424;/usr/bin/sed;-n;
/^IF_HARDWARE_IRQ_COALESCE_[A-Za-z0-9_]*=/ {
h; # hold line
s/^IF_HARDWARE_IRQ_COALESCE_//; s/=.*//; s/_/-/g; # get name
without prefix
y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/; # lower-case
p;
g; # restore line
s/^[^=]*=//; s/^'\(.*\)'/\1/; # get value
p;
};
a:0;126424;/usr/bin/sed;-n;
/^IF_HARDWARE_DMA_RING_[A-Za-z0-9_]*=/ {
h; # hold line
s/^IF_HARDWARE_DMA_RING_//; s/=.*//; s/_/-/g; # get name without
prefix
y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/; # lower-case
p;
g; # restore line
s/^[^=]*=//; s/^'\(.*\)'/\1/; # get value
p;
};
a:0;126424;/usr/bin/sed;-n;
/^IF_OFFLOAD_[A-Za-z0-9_]*=/ {
h; # hold line
s/^IF_OFFLOAD_//; s/=.*//; s/_/-/g; # get name without prefix
y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/; # lower-case
p;
g; # restore line
s/^[^=]*=//; s/^'\(.*\)'/\1/; # get value
p;
};
a:0;14576;/usr/sbin/obex-check-device;1d6b;0002;
a:0;14576;/usr/sbin/obex-check-device;1d6b;0003;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/pci0000:00/0000:00:14.0/usb1;
a:0;48144;/usr/bin/id;-u;
a:0;97552;/usr/bin/mkdir;-p;/run/tlp;
a:0;125640;/bin/sh;-c;if [ -f /run/network/restart-hotplug ]; then
/sbin/ifup -a --read-environment --allow=hotplug; fi;
a:0;43952;/usr/bin/mktemp;-p;/run/tlp;tlp-run.conf_tmpXXXXXX;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpAXGiON;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.0/usb3;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/pci0000:00/0000:00:14.0/usb2;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpvASKAb;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.0/usb4;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.3/usb10;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/idVendor;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.3/usb9;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.2/usb8;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/idProduct;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.5/usb14;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmph0E8XB;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.4/usb11;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.1/usb6;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/busnum;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.1/usb5;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.4/usb12;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.5/usb13;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpBO72bI;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.2/usb7;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/idVendor;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpOu8p5V;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/idProduct;
a:0;59704;/bin/mount;binfmt_misc;/proc/sys/fs/binfmt_misc;-t;binfmt_misc;-o;nosuid,nodev,noexec;
a:0;59704;/bin/mount;sunrpc;/run/rpc_pipefs;-t;rpc_pipefs;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/bDeviceClass;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpLY7DFp;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/idVendor;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmps9izAx;
a:0;43888;/usr/bin/sleep;0.5;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpXsv0Da;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpRlWl45;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/idVendor;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmp77J3rz;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/idProduct;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpnHCpKm;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/idProduct;
a:0;34920;/usr/sbin/anacron;-d;-q;-s;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/busnum;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmp04cAHX;
a:0;2489;/etc/init.d/cpufrequtils;start;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/idVendor;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmp6smPtl;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/bDeviceClass;
a:0;149944;/usr/sbin/avahi-daemon;-s;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpXZ4weg;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/busnum;
a:0;5394;/sbin/e2scrub_all;-A;-r;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/devnum;
a:0;51776;/usr/sbin/cron;-f;
a:0;244288;/usr/bin/dbus-daemon;--system;--address=systemd:;--nofork;--nopidfile;--systemd-activation;--syslog-only;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/idVendor;
a:0;1748;/etc/init.d/hwclock.sh;start;
a:0;27560;/bin/run-parts;--lsbsysinit;--list;/lib/lsb/init-functions.d;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/busnum;
a:0;117272;/usr/lib/polkit-1/polkitd;--no-debug;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/idProduct;
a:0;749352;/usr/sbin/rsyslogd;-n;-iNONE;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/devnum;
a:0;1345168;/bin/systemctl;-p;LoadState;--value;show;cpufrequtils.service;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/busnum;
a:0;100520;/usr/sbin/logrotate;/etc/logrotate.conf;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/devnum;
a:0;3364352;/sbin/wpa_supplicant;-u;-s;-O;DIR=/run/wpa_supplicant
GROUP=netdev;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/bDeviceClass;
a:0;52112;/bin/readlink;-q;-s;-e;/dev/mapper/*.e2scrub*;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/bDeviceClass;
a:0;3366144;/usr/sbin/NetworkManager;--no-daemon;
a:0;47936;/bin/plymouth;--ping;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/busnum;
a:0;44016;/bin/cat;/proc/stat;
a:0;126424;/bin/sed;-ne;s/^cpu\([[:digit:]]\+\).*/\1/p;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/busnum;
a:0;47936;/usr/bin/plymouth;update;--status=CPUFreq Utilities: Setting
ondemand CPUFreq governor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/devnum;
a:0;203152;/bin/grep;-q;\<ondemand\>;/sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/bDeviceClass;
a:0;14640;/lib/systemd/systemd-user-sessions;start;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/devnum;
a:0;22760;/usr/bin/nm-online;-s;-q;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/bDeviceClass;
a:0;252;/usr/lib/udev/hwclock-set;/dev/rtc0;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.6/usb15;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.7/usb18;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.6/usb16;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.7/usb17;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-0:1.0/bInterfaceClass;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpnHpWTM;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpIl52Lj;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpW3lz9N;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/power/control;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;none;hostname;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpAXGiON;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;none;hostname;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpIvt7EG;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/idVendor;
a:0;39264;/usr/libexec/nfsrahead;1:1;
a:0;39264;/usr/libexec/nfsrahead;179:0;
a:0;39264;/usr/libexec/nfsrahead;1:0;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/idProduct;
a:0;97552;/usr/bin/mkdir;-p;/run/chrony-dhcp;
a:0;39264;/usr/libexec/nfsrahead;1:10;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/idVendor;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;none;hostname;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/idProduct;
a:0;39264;/usr/libexec/nfsrahead;1:11;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/busnum;
a:0;14576;/usr/sbin/obex-check-device;8087;0a2b;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/idVendor;
a:0;39264;/usr/libexec/nfsrahead;1:12;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/idProduct;
a:0;39264;/usr/libexec/nfsrahead;1:13;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/10-0:1.0/bInterfaceClass;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/pci0000:00/0000:00:14.0/usb1/1-7;
a:0;39264;/usr/libexec/nfsrahead;1:14;
a:0;39264;/usr/libexec/nfsrahead;1:15;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/bDeviceClass;
a:0;39264;/usr/libexec/nfsrahead;1:2;
a:0;39264;/usr/libexec/nfsrahead;1:3;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpBO72bI;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmp5ZPFA0;
a:0;39264;/usr/libexec/nfsrahead;1:4;
a:0;39264;/usr/libexec/nfsrahead;1:5;
a:0;39264;/usr/libexec/nfsrahead;1:6;
a:0;39264;/usr/libexec/nfsrahead;1:7;
a:0;39264;/usr/libexec/nfsrahead;1:8;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;;connectivity-change;
a:0;39264;/usr/libexec/nfsrahead;1:9;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;;connectivity-change;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;;connectivity-change;
a:0;109672;/usr/bin/chronyc;onoffline;
a:0;39264;/usr/libexec/nfsrahead;251:0;
a:0;39264;/usr/libexec/nfsrahead;252:0;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;lo;up;
a:0;27560;/usr/bin/run-parts;/etc/network/if-up.d;
a:0;39264;/usr/libexec/nfsrahead;259:0;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/3-0:1.0/bInterfaceClass;
a:0;39264;/usr/libexec/nfsrahead;43:0;
a:0;39264;/usr/libexec/nfsrahead;43:192;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/9-0:1.0/bInterfaceClass;
a:0;39264;/usr/libexec/nfsrahead;43:224;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/6-0:1.0/bInterfaceClass;
a:0;39264;/usr/libexec/nfsrahead;43:160;
a:0;39264;/usr/libexec/nfsrahead;43:128;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/11-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/14-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/2-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/power/control;
a:0;44016;/bin/cat;/proc/cmdline;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/8-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/5-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/power/control;
a:0;39264;/usr/libexec/nfsrahead;43:256;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/7-0:1.0/bInterfaceClass;
a:0;1345168;/bin/systemctl;-p;LoadState;--value;show;mountnfs.service;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/12-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/13-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/4-0:1.0/bInterfaceClass;
a:0;39264;/usr/libexec/nfsrahead;43:384;
a:0;39264;/usr/libexec/nfsrahead;43:288;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/power/control;
a:0;39264;/usr/libexec/nfsrahead;43:32;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/power/control;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/power/control;
a:0;39264;/usr/libexec/nfsrahead;43:320;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpvASKAb;
a:0;39264;/usr/libexec/nfsrahead;43:352;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/devnum;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmp77J3rz;
a:0;39264;/usr/libexec/nfsrahead;43:416;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpRlWl45;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmph0E8XB;
a:0;39264;/usr/libexec/nfsrahead;43:64;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpOu8p5V;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmp04cAHX;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/power/control;
a:0;39264;/usr/libexec/nfsrahead;7:0;
a:0;39264;/usr/libexec/nfsrahead;43:448;
a:0;39264;/usr/libexec/nfsrahead;43:480;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/power/control;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpXsv0Da;
a:0;39264;/usr/libexec/nfsrahead;43:96;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpLY7DFp;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmps9izAx;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpnHCpKm;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmp6smPtl;
a:0;39264;/usr/libexec/nfsrahead;7:5;
a:0;39264;/usr/libexec/nfsrahead;7:1;
a:0;39264;/usr/libexec/nfsrahead;7:2;
a:0;39264;/usr/libexec/nfsrahead;7:6;
a:0;39264;/usr/libexec/nfsrahead;7:7;
a:0;39264;/usr/libexec/nfsrahead;7:3;
a:0;39264;/usr/libexec/nfsrahead;7:4;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpXZ4weg;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;lo;up;
a:0;72752;/usr/bin/rm;-f;/run/chrony-dhcp/lo.sources;
a:0;109672;/usr/bin/chronyc;reload;sources;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;lo;up;
a:0;60312;/usr/bin/setfont;/usr/share/consolefonts/Uni2-Fixed16.psf.gz;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/18-0:1.0/bInterfaceClass;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/platform/i8042/serio0/input/input0/event0;
a:0;125640;/bin/sh;-c;gzip -d -c
/usr/share/consolefonts/Uni2-Fixed16.psf.gz;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0D:00/input/input4/event3;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input6/event5;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0E:00/input/input5/event4;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/platform/i8042/serio1/input/input2/event1;
a:0;14734;/usr/sbin/tlp;auto;
a:0;98136;/usr/bin/gzip;-d;-c;/usr/share/consolefonts/Uni2-Fixed16.psf.gz;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/17-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/16-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/power/control;
a:0;23192;/lib/udev/libinput-fuzz-extract;/sys/devices/platform/i8042/serio1/input/input2/event1;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/power/control;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/power/control;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpntLREV;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/15-0:1.0/bInterfaceClass;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpnHpWTM;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpW3lz9N;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpIl52Lj;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpFE1hF4;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpIvt7EG;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmp4dKnD1;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/LNXVIDEO:00/input/input8/event7;
a:0;14760;/lib/udev/libinput-fuzz-to-zero;/sys/devices/platform/i8042/serio1/input/input2/event1;
a:0;88232;/sbin/ifquery;--allow;hotplug;-l;wlan0;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/platform/thinkpad_acpi/input/input7/event6;
a:0;56208;/usr/bin/tr;[:lower:];[:upper:];
a:0;130584;/usr/sbin/alsactl;-E;HOME=/run/alsa;-E;XDG_RUNTIME_DIR=/run/alsa/runtime;restore;0;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input14/event13;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input15/event14;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input12/event11;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input10/event9;
a:0;203152;/usr/bin/grep;-E;-q;sbs-charger|hidpp_battery|hid-;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input9/event8;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input13/event12;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input11/event10;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input16/event15;
a:0;23008;/lib/systemd/systemd-sysctl;--prefix=/net/ipv4/conf/wlan0;--prefix=/net/ipv4/neigh/wlan0;--prefix=/net/ipv6/conf/wlan0;--prefix=/net/ipv6/neigh/wlan0;
a:0;44016;/usr/bin/cat;/sys/class/power_supply/AC/type;
a:0;44016;/usr/bin/cat;/sys/class/power_supply/AC/online;
a:0;1345168;/usr/bin/systemctl;is-enabled;tlp.service;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/platform/i8042/serio1/serio2/input/input3/event2;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/1-7:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/1-7:1.1/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmp5ZPFA0;
a:0;31096;/lib/systemd/systemd-backlight;load;leds:tpacpi::kbd_backlight;
a:0;151344;/usr/bin/ls;/dev/fb0;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1620;--;Error: tlp.service
is not enabled, power saving will not apply on boot.;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1620;--;>>> Invoke
'systemctl enable tlp.service' to correct this!;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1636;--;Error: tlp.service
is not enabled, power saving will not apply on boot.;
a:0;1345168;/usr/bin/systemctl;is-enabled;power-profiles-daemon.service;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1636;--;>>> Invoke
'systemctl enable tlp.service' to correct this!;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1637;--;Error: tlp.service
is not enabled, power saving will not apply on boot.;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1637;--;>>> Invoke
'systemctl enable tlp.service' to correct this!;
a:0;130584;/usr/sbin/alsactl;-E;HOME=/run/alsa;-E;XDG_RUNTIME_DIR=/run/alsa/runtime;restore;
a:0;203152;/usr/bin/grep;-q;-v;masked;
a:0;31096;/lib/systemd/systemd-backlight;load;backlight:intel_backlight;
a:0;1345168;/usr/bin/systemctl;is-enabled;systemd-rfkill.service;
a:0;1345168;/usr/bin/systemctl;is-enabled;systemd-rfkill.socket;
a:0;35216;/usr/bin/flock;-x;-n;9;
a:0;44016;/usr/bin/cat;/run/tlp/last_pwr;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpFE1hF4;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmp4dKnD1;
a:0;203152;/usr/bin/grep;-E;^[0-9]+$;
a:0;203152;/usr/bin/grep;-E;-q;-m;1;^flags.+hwp_epp;/proc/cpuinfo;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:00.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:02.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:08.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:14.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:14.2/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:16.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1c.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1c.2/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1c.4/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1f.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1f.2/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1f.3/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1f.4/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1f.6/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:02:00.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:04:00.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:05:00.0/class;
a:0;52112;/usr/bin/readlink;/dev/disk/by-id/nvme-SPCC_M.2_PCIe_SSD_AA230718NV02KG00581;
a:0;1336848;/usr/bin/udevadm;info;-q;property;/dev/nvme0n1;
a:0;203152;/usr/bin/grep;-E;^(DEVPATH|ID_BUS|ID_PATH|ID_ATA_FEATURE_SET_PM_ENABLED)=;
a:0;52112;/usr/bin/readlink;/sys/class/drm/card0/device/driver;
a:0;203152;/usr/bin/grep;-q;-s;DEVTYPE=wlan;/sys/class/net/eth0/uevent;
a:0;203152;/usr/bin/grep;-q;-s;DEVTYPE=wlan;/sys/class/net/lo/uevent;
a:0;203152;/usr/bin/grep;-q;-s;DEVTYPE=wlan;/sys/class/net/wlan0/uevent;
a:0;290072;/usr/sbin/iw;dev;wlan0;set;power_save;off;
a:0;44016;/usr/bin/cat;/sys/class/net/eth0/device/class;
a:0;44016;/usr/bin/cat;/sys/class/net/wlan0/device/class;
a:0;606664;/usr/sbin/ethtool;-s;eth0;wol;d;
a:0;72752;/usr/bin/rm;-f;/var/lib/tlp/rfkill_saved;
a:0;151152;/usr/bin/cp;--preserve=timestamps;/run/tlp/tlp-run.conf_tmpntLREV;/run/tlp/run.conf;
a:0;64496;/usr/bin/chmod;664;/run/tlp/tlp-run.conf_tmpntLREV;/run/tlp/run.conf;
a:0;72752;/usr/bin/rm;-f;/run/tlp/lock_tlp;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpntLREV;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;eth0;dhcp4-change;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;eth0;dhcp4-change;
a:0;72752;/usr/bin/rm;-f;/run/chrony-dhcp/eth0.sources;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;eth0;dhcp4-change;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;eth0;up;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;eth0;up;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;eth0;up;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;wlan0;dhcp4-change;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;wlan0;dhcp4-change;
a:0;72752;/usr/bin/rm;-f;/run/chrony-dhcp/wlan0.sources;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;wlan0;dhcp4-change;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;wlan0;up;
a:0;1774;/etc/rc.local;start;
a:0;14872;/usr/bin/setlogcons;N;
a:0;88656;/bin/dmesg;-D;
a:0;47424;/usr/bin/setterm;-blength;0;
a:0;35248;/usr/bin/pkill;tracker*;
a:0;31792;/usr/bin/setxkbmap;-option;terminate:;ctrl_alt_bksp;
a:0;691016;/bin/ip;link;set;dev;lo;down;
a:0;691016;/bin/ip;-4;addr;del;dev;lo;
Powered by blists - more mailing lists