rflament / loggedfs Goto Github PK
View Code? Open in Web Editor NEWLoggedFS - Filesystem monitoring with Fuse
License: Apache License 2.0
LoggedFS - Filesystem monitoring with Fuse
License: Apache License 2.0
I notice that i get a UID output from loggedFS ( the main draw to it was finding out who edited things ), but we're 1 step away from printing the actual linux username which would be a lot better to read.
Any hope adding this?
Hello,
we are having websites which are getting injected with malicious scripts, 8x7ash2hbx8.php and so on. We are trying to find out the root of the problem, so we know exactly what process/script/path a specific file wrote. We have an exact date of file creation and were hoping to use LoggedFS to find it out.
But when we mount the website directory, we get a "Forbidden" on our webserver/website. Is the whole directory not accessable by other processes/users while logging?
Regards,
Dennis
I ran the latest release of pjdfstest
against LoggedFS.
The test link/00.t
fails the following sub-tests (out of 202 total):
I attached the corresponding log from LoggedFS: test_link_00_err_redux.log
I am running openSUSE Leap 42.3, latest patch-level, Kernel 4.4.103 (-36-default x86_64), fuse 2.9.3 (-11.3.x86_64). The filesystem underneath is ext4
. It passed all tests.
Closely related to #16: In your implementation of open
, you are using the open
system call. You should be using the openat
system call instead.
rlog is marked as unmaintained upstream. Even encfs, where is stems from originally and where it was used for a long time, moved to easylogging++ (https://github.com/muflihun/easyloggingpp).
I'm not saying loggedfs should use the same, but staying with rlog is not really a good option.
I ran into this issue testing my Python implementation - your C++ implementation shows the same problem:
You implement truncate by calling the truncate
system call. As you might have noticed, there is no truncateat
system call which would be required for truncating something with a path relative to a file descriptor. So your implementation assumes that its current working directory is never changed throughout its lifetime.
I have spend a while researching it ( 1, 2 ) and it appears that the best solution is to just divert from the truncate
system call to an openat
-ftruncate
-close
-sequence. I have successfully tested this with my Python implementation.
EDIT: Actually, this issue applies to most system calls that you use which take a path as an argument. You are always relying on the current working directory. You should use the savefd
file descriptor throughout your code and specify paths relative to it.
It would be pretty cool to know how to create an entry in fstab so the system starts logging automatically.
Especially an example with a log location and config file would be helpful.
I ran the latest release of pjdfstest
against LoggedFS.
LoggedFS consistently crashes (i.e. does not permit any further operations on it, returning ENOTCONN
) after the following tests:
All of those tests have in common that they try to check the behavior of the filesystem when operations with path names exceeded PATH_MAX
characters are attempted. It is expected that the filessystem returns ENAMETOOLONG
.
I am running openSUSE Leap 42.3, latest patch-level, Kernel 4.4.103 (-36-default x86_64), fuse 2.9.3 (-11.3.x86_64). The filesystem underneath is ext4
. PATH_MAX
for both ext4
and LoggedFS equaled 4096. pjdfstest
was configured for ext4
. The filesystem underneath on its own passed all tests.
Hello, I am studying your project.
Could you tell me
how I can increase the default block size (4KB) to 64KB?
Hey, great piece of software; i'm using it to monitor systems now :)
The logging feature is not working for me in ubuntu 20.04 straight from the repo ( not sure what version i picked up )
It writes something like bootup messages and then logs nothing.
Switch over to -f and i get the messages.
Quite a bummer.. can it be fixed? until then i'll be doing loggedfs > /var/log/loggedfs.log 2>&1
I ran the latest release of pjdfstest
against LoggedFS.
The test utimensat/02.t
fails the following sub-tests (out of 10 total):
I attached the corresponding log from LoggedFS: test_utimensat_02_err_redux.log
The test utimensat/05.t
fails the following sub-tests (out of 16 total):
I attached the corresponding log from LoggedFS: test_utimensat_05_err_redux.log
I see the exact same tests fail in another FUSE filesystem, so I suspect it's FUSE's fault. The failures are consistent across multiple Linux distributions with Kernels 4.4 to 4.10 with FUSE 2.9.x releases. (The filesystem underneath in every case was ext4
. It always passed all tests.) I'd love to have a confirmation though before I file a bug there.
This third issue concludes my series of reports. LoggedFS passed all other tests that pjdfstest
has to offer. Impressive - congratulations.
With commit 02339be and earlier, things work as expected. With commit 6a85fbd and later (with the inclusion of easylogging
, loggedfs essentially does not log anything for me anymore - even if I allow everything in the XML configuration file.
All I get is something along those lines ...
2019-04-11 12:42:10,442 INFO [default] Configuration file : /demo/test_loggedfs_cfg.xml
2019-04-11 12:42:10,442 INFO [default] LoggedFS running as a public filesystem
2019-04-11 12:42:10,442 INFO [default] LoggedFS starting at /demo/test_mount/test_child.
2019-04-11 12:42:10,442 INFO [default] Using configuration file /demo/test_loggedfs_cfg.xml.
2019-04-11 12:42:10,442 INFO [default] chdir to /demo/test_mount/test_child
2019-04-11 12:42:10,755 INFO [default] LoggedFS closing.
... although I ran a few actions on it, like creating a file, changing it, etc.
Testing on openSUSE Leap 42.3 x86_64, patch level as of today. Tried to compile with both g++ 4.7 and 6.2.
There is a list of fuse filesystems, would you like to add yours there?
https://github.com/libfuse/libfuse/wiki/Filesystems
Do you consider your fs already mature and production-quality?
Thanks a lot for the very needed for me filesystem.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.