GLBOX software is a a lightweight version of a sandbox.
Since all processes access operating system resources via system calls, controlling those calls is the most general way to monitor a program’s behavior.
Therefore we monitor the syscall that a process uses and we display a message to inform the administrator.
Here are some key features of "GLBOX":
· Multiple and single traces. GLBOX will allow tracing individual processes, specifying the process id on the GLBOX command line, or trace all the processes belonging to the user.
· Trace output. All tracee system calls will be controlled by GLBOX, which will display a text message each time the tracee executes a system call, and display an histogram of the sequence calls issued during the tracee execution. The trace must be redirectable to disk for offline analysis.
· Policy-based flagging. GLBOX will support a list of forbidden system calls, which will be stored in a text file called a “policy”. Whenever a system call is made which is listed in the policy, GLASSBOX will generate a special alert message.
· Statistics. GLBOX will show also some statistics about the syscalls done during the last execution.
· Send email to the admin. GLBOX will allow the administrator to specify an email address where to send an email when a blacklistd syscall is used.
What's New in This Release:
· I have fixed some bugs
· I have modified the color scheme
· I have restricted the usage of this tool only to non-privileged users