Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

artif: dump /etc/ld.so.preload with debugfs/xfs_db #280

Open
wants to merge 11 commits into
base: develop
Choose a base branch
from
Open

artif: dump /etc/ld.so.preload with debugfs/xfs_db #280

wants to merge 11 commits into from
+398 −3

Commits on Sep 10, 2024

  1. artif: /etc/ld.so.preload via debugfs 

    Add a new artifact to collect /etc/ld.so.preload.
Although LD_PRELOAD rootkits may hide /etc/ld.so.preload, it can be read via debugfs.
    @mnrkbys
    mnrkbys committed Sep 10, 2024
    Configuration menu
    Copy the full SHA
    41c50d4 View commit details
    Browse the repository at this point in the history

Commits on Sep 12, 2024

  1. artif: Dump /etc/ld.so.preload with xfs_db 

    Add a new artifact to dump /etc/ld.so.preload.
If the file system where /etc is located is XFS, we need to use xfs_db instead of debugfs.
    @mnrkbys
    mnrkbys committed Sep 12, 2024
    Configuration menu
    Copy the full SHA
    51b1a2a View commit details
    Browse the repository at this point in the history

  2. artif: modify command

    @mnrkbys
    mnrkbys committed Sep 12, 2024
    Configuration menu
    Copy the full SHA
    45e6eef View commit details
    Browse the repository at this point in the history

Commits on Sep 13, 2024

  1. refactor: tidy up linux_dump_ldsopreload.sh 

    Refactor command options.
    @mnrkbys
    mnrkbys committed Sep 13, 2024
    Configuration menu
    Copy the full SHA
    04d85b9 View commit details
    Browse the repository at this point in the history

  2. refactor: suppress the status message of dd

    @mnrkbys
    mnrkbys committed Sep 13, 2024
    Configuration menu
    Copy the full SHA
    8f1b5eb View commit details
    Browse the repository at this point in the history

Commits on Sep 16, 2024

  1. artif: merge artifacts 

    Merge debugfs.yaml and xfs_db.yaml into one file.
    @mnrkbys
    mnrkbys committed Sep 16, 2024
    Configuration menu
    Copy the full SHA
    125e3b8 View commit details
    Browse the repository at this point in the history

Commits on Sep 17, 2024

  1. refactor: optimize awk code

    @mnrkbys
    mnrkbys committed Sep 17, 2024
    Configuration menu
    Copy the full SHA
    f65765a View commit details
    Browse the repository at this point in the history

Commits on Sep 18, 2024

  1. refactor: calculate offset based on blocksize

    @mnrkbys
    mnrkbys committed Sep 18, 2024
    Configuration menu
    Copy the full SHA
    6a3efea View commit details
    Browse the repository at this point in the history

Commits on Sep 19, 2024

  1. refactor: improve versatility 

    Any file can be dumped.
    @mnrkbys
    mnrkbys committed Sep 19, 2024
    Configuration menu
    Copy the full SHA
    3f6f95c View commit details
    Browse the repository at this point in the history

Commits on Sep 25, 2024

  1. refactor: fix problems detected by ShellCheck 

    Fix problems detected by ShellCheck and a bug regarding tracking of symbolic links
    @mnrkbys
    mnrkbys committed Sep 25, 2024
    Configuration menu
    Copy the full SHA
    6100e27 View commit details
    Browse the repository at this point in the history

Commits on Oct 4, 2024

  1. refactor: remove the mount point string from file path on EXT4 filesy… 

    …stem
    @mnrkbys
    mnrkbys committed Oct 4, 2024
    Configuration menu
    Copy the full SHA
    361dcd8 View commit details
    Browse the repository at this point in the history