SET (BIN_DIR "/usr/apps/sam")
endif (NOT DEFINED BIN_DIR)
-pkg_check_modules(pkgs REQUIRED boost libcurl dpm dlog audit-trail)
+pkg_check_modules(pkgs REQUIRED boost libcurl dpm dlog audit audit-trail)
FOREACH(flag ${pkgs_CFLAGS})
SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
include_directories(
../communication/inc
dpm
+ audit
)
+file(GLOB AUDIT_SOURCES audit/*.cpp)
file(GLOB DPM_SOURCES dpm/*.cpp)
file(GLOB SAM_SOURCES *.cpp)
SET (SOURCES
+ ${AUDIT_SOURCES}
${DPM_SOURCES}
${SAM_SOURCES}
)
pthread
dpm
dlog
+ audit
audit-trail
jsoncpp
boost_system
--- /dev/null
+/**
+ * Samsung Ukraine R&D Center (SRK under a contract between)
+ * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
+ * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ */
+/**
+ * @file audit_utils.cpp
+ * @brief Audit helper
+ * @date Created Apr 03, 2018
+ * @author Mail to: <A HREF="mailto:i.metelytsia@samsung.com">Iurii Metelytsia, i.metelytsia@samsung.com</A>
+ */
+
+#include <libaudit.h>
+
+#include "audit_utils.h"
+
+namespace audit
+{
+
+const char* AuditUtils::platformType()
+{
+ int pt = platform();
+ return (pt != -1) ? audit_machine_to_name(pt) : nullptr;
+}
+
+AuditUtils::SyscallList AuditUtils::syscallTable()
+{
+ SyscallList res;
+
+ int pt = platform();
+ if (pt != -1) {
+ for (int i = 0; i < 8192; ++i) {
+ const char* name = audit_syscall_to_name(i, pt);
+ if (name) {
+ res.push_back(std::make_pair(i,name));
+ }
+ }
+ }
+
+ return res;
+}
+
+int AuditUtils::platform()
+{
+ return audit_detect_machine();
+}
+
+} // namespace audit
--- /dev/null
+/**
+ * Samsung Ukraine R&D Center (SRK under a contract between)
+ * LLC "Samsung Electronics Co", Ltd (Seoul, Republic of Korea)
+ * Copyright (C) 2018 Samsung Electronics Co., Ltd. All rights reserved.
+ */
+/**
+ * @file audit_utils.h
+ * @brief Audit helper
+ * @date Created Apr 03, 2018
+ * @author Mail to: <A HREF="mailto:i.metelytsia@samsung.com">Iurii Metelytsia, i.metelytsia@samsung.com</A>
+ */
+
+#ifndef AUDIT_UTILS_H
+#define AUDIT_UTILS_H
+
+#include <string>
+#include <vector>
+#include <utility>
+
+namespace audit
+{
+/**
+ * @brief Audit helper class
+ */
+class AuditUtils
+{
+public:
+ /**
+ * @typedef SyscallList
+ * @brief System call list
+ */
+ using SyscallList = std::vector<std::pair<int,std::string>>;
+
+ /**
+ * @brief Get supported system calls
+ * @return system call list
+ */
+ static SyscallList syscallTable();
+
+ /**
+ * @brief Get the platform type
+ * @return platform string or nullptr
+ */
+ static const char* platformType();
+
+private:
+ /**
+ * @brief Get the platform type
+ * @return platform type or -1 in case of error
+ */
+ static int platform();
+};
+
+} // namespace audit
+
+#endif // AUDIT_UTILS_H
BuildRequires: pkgconfig(boost)
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(jsoncpp)
+BuildRequires: pkgconfig(audit)
BuildRequires: pkgconfig(audit-trail)
BuildRequires: pkgconfig(libtzplatform-config)
Summary: Suspicious Activity Monitor
Provides: sam
Requires: dpm
+Requires: libaudit
Requires: libaudit-trail
%description sam
Suspicious Activity Monitor daemon