ANN: syscalltrack version 0.60 released
- [ apologies to those of you who get this announcement more than once ]
Haifux, the Haifa Linux Club (http://linuxclub.il.eu.org) is proud to
present 'syscalltrack-0.60', the first _alpha_ release of the
system-call-tracking linux kernel module and user space utilities.
'syscalltrack' supports both versions 2.2.x and 2.4.x of the linux
* What is syscalltrack?
Imagine you have a file being deleted every day at midnight. How will
you know which process does it?
Imagine you wish to know when any non root process tries to open a file
for writing, but you dont care if it tries to open it for reading. How
will you do that?
Imagine you wish to know when _any_ process tries to temper with
/var/log/messages. How will you do it?
'syscalltrack' is a linux kernel module which allows you to hijack and
track any system call invocation on your linux box. Using a
configuration utility you can specify 'filters' based on both system
call parameters and process state parameters. You also specify 'actions'
to take if the the filter matches - for example, you can log the
invocation to a log file. More actions are planned but not yet
For example, you might say "log all processes which try to 'unlink'
'/etc/passwd" or "log all processes which try to 'open' '/dev/dsp' with
a mode of O_CREAT, where the UID is less than 100 and the GID is more
* Where can i get it?
Information on 'syscalltrack' is available on the project's homepage:
http://syscalltrack.sf.net, and in the project's file release.
Files and development information are available from
You can download the source directly from:
* Call for developers:
The syscalltrack project is looking for developers, both for kernel
space and user space. If you want to join in on the fun, get in touch
with us on the 'syscalltrack-hackers' mailing list
* License and NO Warrany
'syscalltrack' is Free Software, licensed under the GNU General Public
License (GPL) version 2. The 'sct_ctrl_lib' library is licensed under
the GNU Lesser General Public License (LGPL).
'syscalltrack' is in early _alpha_ stages and comes with NO warranty. If
it breaks something, you get to keep all of the pieces. You have been
Happy hacking and tracking!