The simulator Task
simulator is a task that interacts with the host system in a way that produces traceable activity and artifacts. For example, a simulator task can call arbitrary syscalls to facilitate demonstrations and tests of the syscalls or syswire task. Simulator tasks are designed and developed in a way that avoids making changes to the system. Syscalls are called in such a way that will introduce no changes and generate known, safe errors. Also note that the simulator task will require a condition only because all tasks require a condition as a filter, but in the case of simulator, this is ignored.
Configuration options
simulation-
simulationaccepts a the name of a simulation that simulator knows how to perform.For example, the command below will run the cap_net_raw simulation
tawonctl d sub -c "process.name:*" -t "simulator|simulation:cap_net_raw"
Supported simulations
Simulation |
Syscalls Generated |
cap_chown |
socket, setsockopt, bind |
cap_ipc_lock |
mlockall, mlock |
cap_kill |
kill |
cap_net_raw |
socket, setsockopt, bind |
cap_setuid |
setuid, setreuid |
cap_sys_chroot |
chroot, setns |
cap_sys_ptrace |
ptrace |
all |
Runs all simulations above |
interval-
intervalaccepts an integer that dictates the amount of time the task will sleep between simulations. (defaults to 10 seconds)For example, to run the cap_net_raw simulation and have it run every 15 seconds, use the command below
tawonctl d sub -c "process.name:*" -t "simulator|simulation:cap_net_raw;interval:15"
Sample Command Lines
The example below will run the cap_sys_ptrace simulation every 22 seconds
tawonctl d sub -c "process.name:*" -t "simulator|simulation:cap_sys_ptrace;interval:22"The example below will run all simulation every 10 seconds (the default value)
tawonctl d sub -c "process.name:*" -t "simulator|simulation:all"