camflow-dev
camflow-dev copied to clipboard
CamFlow
Generates kernel patch for CamFlow Linux Provenance Capture.
Hello, I managed to successfully install camflow on ubuntu using the configuration from the install repo and the rest of the install steps from this repo and it works fine....
I installed it in the Debian system, and the service starts normally, but it always automatically restarts the next time it starts up. Unable to start up normally. What is...
I want to install Camflow on Ubuntu20.04LST (aarch64 architecture), but when the installation process finished, I didn't see XXXCamFlow_YYY after typing 'uname -r', which means the installation was failed. Before...
We would want to run CamFlow on Raspberry Pi (testing on V3 model B) Progress to this point: - kernel build on the pi as of commit https://github.com/CamFlow/camflow-dev/commit/6b084cf7d02686f04bcc453110b8228980913a9a `make compile...
Adding the following line: `prov_policy.prov_node_filter = ENT_INODE_UNKNOWN & ENT_INODE_DIRECTORY & ENT_INODE_DIRECTORY & ENT_ENV;` here https://github.com/CamFlow/camflow-dev/blob/0fab1b96c7d7ee0511dbcfef8ae2b9f3b86fe43d/security/provenance/hooks.c#L2905 should work. It should be added when whole provenance capture is selected in the kernel...
Add: - Log if we overwrite. - Means to have some information about the state of the buffers.
There is two options that come to my mind: - As node attributes (current implemented approach); - As a separate node in the graph? (in the same way, the "machine"...
`provenance_mmap_munmap` might not record memory unmapping activity if the memory to be unmapped is private. But should it actually be recorded regardless of the ownership status (public or private)?
One of the two socket pair is not connected. Neither through `socket_create` nor `socker_pair_create`.  Expectation is for the second socket to be connected too. Looking at CamFlow's code it...
At the moment we verify that we do not crash by running CamFlow for a while in a VM. It helps catch some issues, but we need a more systematic...