FILE(GLOB SEND_SRCS send.cpp)
FILE(GLOB SPEED_SRCS speed.cpp)
-SET(RULES_SRCS rule_verification.cpp
+FILE(GLOB RULES_SRCS rule_verification.cpp
groups/group.cpp
groups/audit.cpp
groups/file.cpp
groups/account.cpp
groups/network.cpp
)
+FILE(GLOB OVERHEAD_SRCS overhead.cpp)
SET(SEND_NAME ${PROJECT_NAME}-send-test)
SET(SPEED_NAME ${PROJECT_NAME}-speed-test)
SET(RULES_NAME ${PROJECT_NAME}-rules-test)
+SET(OVERHEAD_NAME ${PROJECT_NAME}-overhead-test)
ADD_EXECUTABLE(${SEND_NAME} ${SEND_SRCS})
ADD_EXECUTABLE(${SPEED_NAME} ${SPEED_SRCS})
ADD_EXECUTABLE(${RULES_NAME} ${RULES_SRCS})
-
+ADD_EXECUTABLE(${OVERHEAD_NAME} ${OVERHEAD_SRCS})
SET_TARGET_PROPERTIES(${SEND_NAME} PROPERTIES PREFIX ""
COMPILE_FLAGS "-fPIE"
COMPILE_FLAGS "-fPIE"
LINK_FLAGS "-pie"
)
+SET_TARGET_PROPERTIES(${OVERHEAD_NAME} PROPERTIES PREFIX ""
+ COMPILE_FLAGS "-fPIE"
+ LINK_FLAGS "-pie"
+)
PKG_CHECK_MODULES(CLI_DEPS REQUIRED
klay
INCLUDE_DIRECTORIES(SYSTEM ${CLI_DEPS_INCLUDE_DIRS} ${AUDIT_TRAIL_LIB} groups)
TARGET_LINK_LIBRARIES(${SPEED_NAME} ${CLI_DEPS_LIBRARIES} ${PROJECT_NAME} audit-trail)
+TARGET_LINK_LIBRARIES(${OVERHEAD_NAME} ${CLI_DEPS_LIBRARIES} ${PROJECT_NAME})
INSTALL(TARGETS ${SEND_NAME} DESTINATION sbin)
INSTALL(TARGETS ${SPEED_NAME} DESTINATION sbin)
INSTALL(TARGETS ${RULES_NAME} DESTINATION sbin)
+INSTALL(TARGETS ${OVERHEAD_NAME} DESTINATION sbin)
+
INSTALL(FILES data/test_module.ko DESTINATION ${DATA_INSTALL_DIR})
--- /dev/null
+/*
+ * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+/**
+ * @file
+ * @brief CLI tool to measure overheads of auditing rule apply
+ */
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/wait.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/syscall.h>
+#include <asm/unistd.h>
+#include <linux/audit.h>
+
+#include <klay/process.h>
+#include <klay/exception.h>
+#include <audit-trail/rule.h>
+
+#include <string>
+#include <iomanip>
+#include <iostream>
+#include <functional>
+
+#define BENCHMARK_COUNT 4
+
+using namespace std::placeholders;
+
+static const std::vector<std::string> commandFileIO[] = {
+ {"/usr/bin/dd",
+ "bs=256",
+ "count=524288",
+ "if=/dev/zero",
+ "of=/tmp/test",
+ "oflag=dsync",
+ },
+ {"/usr/bin/dd",
+ "bs=512",
+ "count=262144",
+ "if=/dev/zero",
+ "of=/tmp/test",
+ "oflag=dsync",
+ },
+ {"/usr/bin/dd",
+ "bs=1024",
+ "count=131072",
+ "if=/dev/zero",
+ "of=/tmp/test",
+ "oflag=dsync",
+ },
+ {"/usr/bin/dd",
+ "bs=2048",
+ "count=65536",
+ "if=/dev/zero",
+ "of=/tmp/test",
+ "oflag=dsync",
+ },
+ {"/usr/bin/dd",
+ "bs=4096",
+ "count=32768",
+ "if=/dev/zero",
+ "of=/tmp/test",
+ "oflag=dsync",
+ },
+ {"/usr/bin/dd",
+ "bs=8192",
+ "count=16384",
+ "if=/dev/zero",
+ "of=/tmp/test",
+ "oflag=dsync",
+ },
+ {"/usr/bin/dd",
+ "bs=16384",
+ "count=8192",
+ "if=/dev/zero",
+ "of=/tmp/test",
+ "oflag=dsync",
+ },
+ {"/usr/bin/dd",
+ "bs=32768",
+ "count=4096",
+ "if=/dev/zero",
+ "of=/tmp/test",
+ "oflag=dsync",
+ },
+};
+
+static void executeCommand(std::vector<std::string> argv)
+{
+ runtime::Process proc(argv[0], argv);
+ if (proc.execute() == -1) {
+ std::cerr << "Failed to execute command : " << argv[0]
+ << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ proc.waitForFinished();
+
+}
+
+static int benchmark(std::function<void(void)> load)
+{
+ struct timeval begin_time, end_time;
+ unsigned long long total = 0;
+
+ //warm up
+ load();
+
+ for (int i = 0; i < BENCHMARK_COUNT; i++) {
+ gettimeofday(&begin_time, NULL);
+ load();
+ gettimeofday(&end_time, NULL);
+
+ int diff;
+ diff = end_time.tv_sec - begin_time.tv_sec;
+ diff *= 1000000;
+ diff += end_time.tv_usec - begin_time.tv_usec;
+ total += diff;
+ }
+
+ sleep(1);
+
+ return total / BENCHMARK_COUNT;
+}
+
+static void foreachRuleToRemove(audit_rule_h rule, void *userData)
+{
+ auto auditTrail = (audit_trail_h)userData;
+ audit_trail_remove_rule(auditTrail, rule);
+ audit_rule_destroy(rule);
+}
+
+typedef std::function<void(void)> loadFunc;
+static const std::vector<std::pair<std::string, loadFunc>> loads = {
+ {"FileIO block=256, count=524288",
+ std::bind(executeCommand, commandFileIO[0])
+ },
+ {"FileIO block=512, count=262144",
+ std::bind(executeCommand, commandFileIO[1])
+ },
+ {"FileIO block=1024, count=131072",
+ std::bind(executeCommand, commandFileIO[2])
+ },
+ {"FileIO block=2048, count=65536",
+ std::bind(executeCommand, commandFileIO[3])
+ },
+ {"FileIO block=4096, count=32768",
+ std::bind(executeCommand, commandFileIO[4])
+ },
+ {"FileIO block=8192, count=16384",
+ std::bind(executeCommand, commandFileIO[5])
+ },
+ {"FileIO block=16384, count=8192",
+ std::bind(executeCommand, commandFileIO[6])
+ },
+ {"FileIO block=32768, count=4096",
+ std::bind(executeCommand, commandFileIO[7])
+ },
+};
+
+typedef std::function<void(audit_trail_h)> ruleFunc;
+static const std::vector<std::pair<std::string, ruleFunc>> rules = {
+ {"systemcall={nice}",
+ [] (audit_trail_h audittrail) {
+ audit_rule_h rule;
+
+ audit_rule_create(&rule);
+ audit_rule_add_systemcall(rule, __NR_nice);
+ audit_trail_add_rule(audittrail, rule);
+ audit_rule_destroy(rule);
+ }
+ },
+ {"CAPP profile",
+ [] (audit_trail_h auditTrail) {
+ audit_trail_load_ruleset(auditTrail, "capp");
+ }
+ },
+ {"LSPP profile",
+ [] (audit_trail_h auditTrail) {
+ audit_trail_load_ruleset(auditTrail, "lspp");
+ }
+ },
+ {"NISPOM profile",
+ [] (audit_trail_h auditTrail) {
+ audit_trail_load_ruleset(auditTrail, "nispom");
+ }
+ },
+ {"PCI-DSS profile",
+ [] (audit_trail_h auditTrail) {
+ audit_trail_load_ruleset(auditTrail, "pci-dss");
+ }
+ },
+ {"stig profile",
+ [] (audit_trail_h auditTrail) {
+ audit_trail_load_ruleset(auditTrail, "stig");
+ }
+ },
+ {"All profiles",
+ [] (audit_trail_h auditTrail) {
+ audit_trail_load_ruleset(auditTrail, "capp");
+ audit_trail_load_ruleset(auditTrail, "lspp");
+ audit_trail_load_ruleset(auditTrail, "nispom");
+ audit_trail_load_ruleset(auditTrail, "pci-dss");
+ audit_trail_load_ruleset(auditTrail, "stig");
+ }
+ },
+};
+
+int main(int argc, char* argv[])
+{
+ int original, result;
+ audit_trail_h auditTrail = nullptr;
+
+
+ audit_trail_create(&auditTrail);
+ if (auditTrail == nullptr) {
+ std::cerr << "Audit trail can't be usable" << std::endl;
+ return EXIT_FAILURE;
+ }
+
+ audit_trail_foreach_rule(auditTrail, foreachRuleToRemove, auditTrail);
+
+ std::cout << "Starting the tests..." << std::endl;
+
+ for (auto load : loads) {
+ std::cout << '<' << load.first << '>' << std::endl;
+ original = benchmark(load.second);
+ std::cout << "Original : " << (original / 1000000) << "."
+ << std::setfill('0') << std::setw(6) << (original % 1000000)
+ << " sec" << std::endl;
+
+ for (auto rule : rules) {
+ std::cout << rule.first << " : ";
+ rule.second(auditTrail);
+ result = benchmark(load.second);
+ std::cout << (result / 1000000) << "."
+ << std::setfill('0') << std::setw(6)
+ << (result % 1000000) << " sec";
+
+ if (original != 0) {
+ std::cout << " (" << ((result - original) * 100 / original)
+ << "%)";
+ }
+
+ std::cout << std::endl;
+
+ audit_trail_foreach_rule(auditTrail, foreachRuleToRemove,
+ auditTrail);
+ }
+ std::cout << "================================" << std::endl;
+ }
+
+ audit_trail_destroy(auditTrail);
+
+ return EXIT_SUCCESS;
+}
projects / platform / core / security / audit-trail.git / commitdiff