Exemple #1
0
void update_display(void)
{
  char      start[9], *utime;
  struct tm *ltime;
  time_t    now;
  run       *rptr;
  proc      *pptr;
  int       index, row, col, y, x;

  now = time(NULL);
  mvprintw(0, 2, "Active Jobs: %2d/%2d", ac, sc);
  mvprintw(0, 28, "%s", ctime(&now));

  getmaxyx(stdscr, row, col);

  mvaddstr(2, 3, "START   PID  ST   CPU   COMMAND");
  for (index=0, y=3; index<rc; index++) {
    if (row-y <= rc-index && rptr->stage == STAGE_DONE)
      continue;
    rptr = runs+index;
    pptr = &(rptr->pc);

    if (rptr->stage == STAGE_ISSUE) {
      pptr->state = '!';
      proc_stat(rptr->run_pid, pptr);
      attron(A_REVERSE);
    }
    if (rptr->stage == STAGE_ATTN)
      attron(A_BLINK);

    move(y++, 0);
    if (rptr->stage != STAGE_FETCH) {
      utime = time_string(pptr->utime);
      ltime = localtime(&(pptr->start_time));
      strftime(start, sizeof (start), "%T", ltime);
      printw("%s %5d ", start, rptr->run_pid);
      if (rptr->stage == STAGE_ISSUE)
        printw("  %c %s  ", pptr->state, utime);
      else
        printw("%3d %s  ", rptr->status, utime);
    }
    else {
      addstr("       -     - ");
      addstr("        -   ");
    }

    addnstr(rptr->cmd.buffer, col-27);
    for (x=27+strlen(rptr->cmd.buffer); x<col; x++)
      addch(' ');
    attroff(A_REVERSE);
    attroff(A_BLINK);
  }
  move(0, col-1);
  refresh();
}
Exemple #2
0
int main(int argc, char **argv)
{
	proc_t ps;
	pid_t pid = (argc == 2 ? atoi(argv[1]) : getpid());
	if (proc_stat(pid, &ps) != 0) {
		printf("proc_stat(%u) failed: %m", pid);
		exit(1);
	}

	printf("pid %u; ppid %u; state %c; uid %u/%u; gid %u/%u\n",
		ps.pid, ps.ppid, ps.state, ps.uid, ps.euid, ps.gid, ps.egid);
	exit(0);
}
Exemple #3
0
// return current memory usage in bytes
size_t get_memory_usage_now()
{
  size_t memory = 0;

#if defined(__APPLE__)
  struct task_basic_info t_info;
  mach_msg_type_number_t t_info_count = TASK_BASIC_INFO_COUNT;

  if (KERN_SUCCESS != task_info(mach_task_self(),
      TASK_BASIC_INFO,
      reinterpret_cast<task_info_t>(&t_info),
      &t_info_count))
  {
    return 0;
  }
  memory = t_info.resident_size;

#elif defined(__LIBCATAMOUNT__) && defined(REDSTORM_HEAP_INFO)
  size_t frags;
  unsigned long total_free, largest_free, total_used;
  heap_info( &frags, &total_free, &largest_free, &total_used );
  memory = total_used * 1024;

#elif defined(BGQ_LWK)
  uint64_t heap;
  Kernel_GetMemorySize(KERNEL_MEMSIZE_HEAP, &heap);
  memory = heap;

#elif defined(PROCFS)
  unsigned long rss_pages = 0;
  // Read memory size data from /proc/pid/stat
  // see "man proc" for details.
  std::ifstream proc_stat("/proc/self/stat");
  if (proc_stat)
  {
    std::string buf;
    proc_stat
       >> buf >> buf >> buf >> buf >> buf
       >> buf >> buf >> buf >> buf >> buf
       >> buf >> buf >> buf >> buf >> buf
       >> buf >> buf >> buf >> buf >> buf
       >> buf >> buf >> buf
       >> rss_pages;
    proc_stat.close();
  }
  memory = rss_pages * sysconf( _SC_PAGESIZE);
#endif

  /* Success */
  return memory;
}
Exemple #4
0
void		proc_parser(t_proc *proc, char *path, t_task *task, t_taupe *t)
{
  (task->overall)++;
  proc_status(proc, path, task);
  proc_stat(proc, path, t->old);
  proc_statm(proc, path, t->mem);
  if (proc->status == 'S')
    (task->sleep)++;
  else if (proc->status == 'R')
    (task->run)++;
  else if (proc->status == 'Z')
    (task->zombie)++;
  else if (proc->status == 'T')
    (task->stop)++;
}
Exemple #5
0
/* Compute percent utilization.
 * Initialize usage and total to zero, and first call will return percent
 * cpu utilization since boot.  Subsequent calls will return percent cpu
 * utilization since last call.
 */
int
proc_stat2 (pctx_t ctx, uint64_t *usagep, uint64_t *totalp, double *pctp)
{
    uint64_t usr, nice, sys, idle, iowait, irq, softirq;
    uint64_t usage, ousage = usagep ? *usagep : 0;
    uint64_t total, ototal = totalp ? *totalp : 0;

    if (proc_stat (ctx, &usr, &nice, &sys, &idle, &iowait, &irq, &softirq) < 0)
        return -1;
    usage = usr + nice + sys + irq + softirq;
    total = usr + nice + sys + idle + iowait + irq + softirq;

    if (pctp) {
        if (total - ototal > 0)
            *pctp = (double)(usage - ousage) / (total - ototal) * 100.0;
        else
            *pctp = 0;
    }
    if (usagep)
        *usagep = usage;
    if (totalp)
        *totalp = total;
    return 0;
}
Exemple #6
0
/** void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
 * Check all the available PIDs for hidden stuff.
 */
void loop_all_pids(char *ps, pid_t max_pid, int *_errors, int *_total)
{
    int _kill0 = 0;
    int _kill1 = 0;
    int _gsid0 = 0;
    int _gsid1 = 0;
    int _gpid0 = 0;
    int _gpid1 = 0;
    int _ps0 = -1;
    int _proc_stat  = 0;
    int _proc_read  = 0;
    int _proc_chdir = 0;

    pid_t i = 1;
    pid_t my_pid;

    char command[OS_SIZE_1024 +1];

    my_pid = getpid();

    for(;;i++)
    {
        if((i <= 0)||(i > max_pid))
            break;

        (*_total)++;

        _kill0 = 0;
        _kill1 = 0;
        _gsid0 = 0;
        _gsid1 = 0;
        _gpid0 = 0;
        _gpid1 = 0;
        _ps0 = -1;
        _proc_stat  = 0;
        _proc_read  = 0;
        _proc_chdir = 0;


        /* kill test */
        if(!((kill(i, 0) == -1)&&(errno == ESRCH)))
        {
            _kill0 = 1;
        }

        /* getsid to test */
        if(!((getsid(i) == -1)&&(errno == ESRCH)))
        {
            _gsid0 = 1;
        }

        /* getpgid test */
        if(!((getpgid(i) == -1)&&(errno == ESRCH)))
        {
            _gpid0 = 1;
        }


        /* proc stat */
        _proc_stat = proc_stat(i);

        /* proc readdir */
        _proc_read = proc_read(i);

        /* proc chdir */
        _proc_chdir = proc_chdir(i);


        /* IF PID does not exist, keep going */
        if(!_kill0 && !_gsid0 && !_gpid0 &&
           !_proc_stat && !_proc_read && !_proc_chdir)
        {
            continue;
        }

        /* We do not need to look at our own pid */
        else if(i == my_pid)
        {
            continue;
        }

        /* Checking the number of errors */
        if((*_errors) > 15)
        {
            char op_msg[OS_SIZE_1024 +1];
            snprintf(op_msg,OS_SIZE_1024,"Excessive number of hidden processes"
                    ". It maybe a false-positive or "
                    "something really bad is going on.");
            notify_rk(ALERT_SYSTEM_CRIT, op_msg);
            return;
        }


        /* checking if process appears on ps */
        if(*ps)
        {
            snprintf(command, OS_SIZE_1024, "%s -p %d > /dev/null 2>&1",
                                                        ps,
                                                        (int)i);

            /* Found PID on ps */
            _ps0 = 0;
            if(system(command) == 0)
                _ps0 = 1;
        }

        /* If we are being run by the ossec hids, sleep here (no rush) */
        #ifdef OSSECHIDS
        sleep(2);
        #endif

        /* Everyone returned ok */
        if(_ps0 && _kill0 && _gsid0 && _gpid0 && _proc_stat && _proc_read)
        {
            continue;
        }



        /* If our kill or getsid system call, got the
         * PID , but ps didn't, we need to find if it was a problem
         * with a PID being deleted (not used anymore)
         */
        {
            if(!((getsid(i) == -1)&&(errno == ESRCH)))
            {
                _gsid1 = 1;
            }

            if(!((kill(i, 0) == -1)&&(errno == ESRCH)))
            {
                _kill1 = 1;
            }

            if(!((getpgid(i) == -1)&&(errno == ESRCH)))
            {
                _gpid1 = 1;
            }


            _proc_stat = proc_stat(i);

            _proc_read = proc_read(i);

            _proc_chdir = proc_chdir(i);

            /* If it matches, process was terminated */
            if(!_gsid1 &&!_kill1 &&!_gpid1 &&!_proc_stat &&
               !_proc_read &&!_proc_chdir)
            {
                continue;
            }
        }

        #ifdef AIX
        /* Ignoring AIX wait and sched programs. */
        if((_gsid0 == _gsid1) &&
           (_kill0 == _kill1) &&
           (_gpid0 == _gpid1) &&
           (_ps0 == 1) &&
           (_gsid0 == 1) &&
           (_kill0 == 0))
        {
            /* The wait and sched programs do not respond to kill 0.
             * So, if everything else finds it, including ps, getpid, getsid,
             * but not
             * kill, we can safely ignore on AIX.
             * A malicious program would specially try to hide from ps..
             */
            continue;
        }
        #endif


        if((_gsid0 == _gsid1)&&
           (_kill0 == _kill1)&&
           (_gsid0 != _kill0))
        {
            /* If kill found, but getsid and getpgid didnt', it may
             * be a defunct process -- ignore.
             */
            if(!((_kill0 == 1)&&(_gsid0 == 0)&&(_gpid0 == 0)&&(_gsid1 == 0)))
            {
                char op_msg[OS_SIZE_1024 +1];

                snprintf(op_msg, OS_SIZE_1024, "Process '%d' hidden from "
                        "kill (%d) or getsid (%d). Possible kernel-level"
                        " rootkit.", (int)i, _kill0, _gsid0);

                notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
                (*_errors)++;
            }
        }
        else if((_kill1 != _gsid1)||
                (_gpid1 != _kill1)||
                (_gpid1 != _gsid1))
        {
            /* See defunct process comment above. */
            if(!((_kill1 == 1)&&(_gsid1 == 0)&&(_gpid0 == 0)&&(_gsid1 == 0)))
            {
                char op_msg[OS_SIZE_1024 +1];
                snprintf(op_msg, OS_SIZE_1024, "Process '%d' hidden from "
                        "kill (%d), getsid (%d) or getpgid. Possible "
                        "kernel-level rootkit.", (int)i, _kill1, _gsid1);

                notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
                (*_errors)++;
            }
        }
        else if((_proc_read != _proc_stat)||
                (_proc_read != _proc_chdir)||
                (_proc_stat != _kill1))
        {
            /* checking if the pid is a thread (not showing on proc */
            if(!noproc && !check_rc_readproc((int)i))
            {
                char op_msg[OS_SIZE_1024 +1];
                snprintf(op_msg, OS_SIZE_1024, "Process '%d' hidden from "
                        "/proc. Possible kernel level rootkit.", (int)i);
                notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
                (*_errors)++;
            }
        }
        else if(_gsid1 && _kill1 && !_ps0)
        {
            /* checking if the pid is a thread (not showing on ps */
            if(!check_rc_readproc((int)i))
            {
                char op_msg[OS_SIZE_1024 +1];
                snprintf(op_msg, OS_SIZE_1024, "Process '%d' hidden from "
                             "ps. Possible trojaned version installed.",
                             (int)i);

                notify_rk(ALERT_ROOTKIT_FOUND, op_msg);
                (*_errors)++;
            }
        }
    }
}