From 65c3b2584decee4d9d136b31311092cf70d48003 Mon Sep 17 00:00:00 2001 From: takeshix Date: Sat, 28 Nov 2015 19:26:35 +0100 Subject: [PATCH] Added all ioctl commands --- rtscan/README.md | 43 +++++++++++++++++++++++++++++++-- rtscan/resctl.py | 63 ++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 97 insertions(+), 9 deletions(-) diff --git a/rtscan/README.md b/rtscan/README.md index 24fd830..03b07e8 100644 --- a/rtscan/README.md +++ b/rtscan/README.md @@ -1,5 +1,44 @@ -# Interact with /dev/res +# Interact with `rtscan` `resctl.py` can be used to interact with `rtscan` kernel module via ioctl calls to `/dev/res`. -**TODO**: Implement all ioctl calls +*Note*: On Red Star 3.0 this needs to be executed with root privileges. + +## Usage Examples + +### Disable/Enable `rtscan` + +``` +# python resctl.py disable +``` +``` +# python resctl.py enable +``` + +### Protect/Hide a File + +The following example adds a new file extension to the list of scanned extensions and a new file to the protected and hidden files: + +``` +# cat /tmp/secret.32c3 +Kim loves Katy +# python resctl.py setsign .32c3 +# python resctl.py protect /tmp/secret.32c3 +# python resctl.py hide /tmp/secret.32c3 +# cat /tmp/secret.32c3 +cat: /tmp/secret.32c3: Operation not permitted +``` + +Disabling `rtscan` will make the file readable again: + +``` +# python resctl.py disable +# cat /tmp/secret.32c3 +Kim loves Katy +``` + +*Note*: The default list of extensions added by `opprc`: + +``` +.mpg.dat.avi.vob.gif.doc.pdf.ppt.xls.mp3.wav.mpa.wma.asf.mp2..jpg.bmp.png.tif.jpeg.tiff.mov.wmv.mp4.rm.rmv.rmvb.swf.flv.3gp.chm..djuv.djv.caj.kdh.teb.nh.caa.docx.xlsx.pptx.txt.htm.html.mht.hwp.pdg. +``` diff --git a/rtscan/resctl.py b/rtscan/resctl.py index dd584d7..4c55e97 100644 --- a/rtscan/resctl.py +++ b/rtscan/resctl.py @@ -1,11 +1,60 @@ #!/usr/bin/env python2 -from fcntl import ioctl +# This needs to run under Python2.6 +import sys +import fcntl -filename = '/dev/res' -fd = open(filename, 'wb') -ret = ioctl(fd, 29187, 0) +DEV = '/dev/res' +SCAN_ENABLE = 29188 +SCAN_DISABLE = 29187 +ADD_PID = 29189 +DEL_PID = 29193 +RECV_FILES = 29191 +PROTECT_FILE = 29192 +UNPROTECT_FILE = 29194 +HIDE_FILE = 29195 +UNHIDE_FILE = 29196 +SET_SIGN_EXTS = 29197 +GET_SIGN_EXTS = 29198 -if ret is not 0: - print('Error') +if __name__ == '__main__': + if len(sys.argv) < 2: + print('usage: {s} [CMD] [ARG]'.format(s=sys.argv[0])) + sys.exit(1) -fd.close() + CMD = sys.argv[1] + + if len(sys.argv) is 3: + ARG = sys.argv[2] + else: + ARG = 0 + + if CMD == 'enable': + CMD = SCAN_ENABLE + elif CMD == 'disable': + CMD = SCAN_DISABLE + elif CMD == 'pid': + CMD = ADD_PID + elif CMD == 'unpid': + CMD = DEL_PID + elif CMD == 'recv': + CMD = RECV_FILES + elif CMD == 'protect': + CMD = PROTECT_FILE + elif CMD == 'unprotect': + CMD = UNPROTECT_FILE + elif CMD == 'hide': + CMD = HIDE_FILE + elif CMD == 'unhide': + CMD = UNHIDE_FILE + elif CMD == 'setsign': + CMD = SET_SIGN_EXTS + elif CMD == 'getsign': + CMD = GET_SIGN_EXTS + else: + print('unknown command: {c}'.format(c=CMD)) + sys.exit(1) + + fd = open(DEV, 'wb') + ret = fcntl.ioctl(fd, CMD, ARG) + print(ret) + fd.close()