Track the evolution of operating systems over time
OSWatcher is an ambitious project that aims to track the evolution of operating
systems by making diffs
between recognizable characteristics.
The core of OSWatcher
is to build a reference database about every OS
releases, that is to be populated by an extractor
in charge of capturing the
various information that can be extracted from an installed operating system, both online
and offline, in a reproducible way.
Offline:
- filesystem hierarchy
- setuid binaries
- executable properties
- library graph dependencies
- statistics around
perl/sh/python
scripts - syscall tables
- kernel configuration
- cronjobs
/etc
configuration
Online:
- IDLE memory consumption
- default processes running
- mapped libraries
- listening ports and associated services
- DNS requests sent
- unix sockets
- dbus traffic
- iptables rules
- loaded drivers
Docker
python3
virtualenv
libguestfs
- Clone repo and submodules
git clone https://github.com/Wenzel/oswatcher.git
cd oswatcher
git submodule update --init
- Install system dependencies
For Docker
please refer to your distribution
On Ubuntu 18.04
sudo apt-get install virtualenv python3-virtualenv libguestfs0 libguestfs-dev python3-guestfs
- Create virtualenv
virtualenv --system-site-packages -p python3 venv
source venv/bin/activate
pip install -r requirements.txt
Note: We have to use --system-site-packages
because libguestfs
is not
available on pip
.
OSWatcher
's data is stored on a neo4j
database.
Follow the instructions in the db
directory to run a it inside a docker
container.
OSWatcher works on VMs stored in libvirt
, either via qemu:///session
or qemu:///system
.
Note: qemu:///session
is recommended as it requires less permission
and should work without further configuration.
The only setup required is to specify a release_date
in JSON
format, so that
the capture tool can insert this information in the database as well.
-> In the VM XML <description>
field, add the following content:
{"release_date": "2012-04-01"}
You can use edit virsh edit <domain>
or virt-manager
tool which should be easier.
Start the capture tool on a VM
and specify the hooks configuration.
(venv) $ python -m oswatcher <vm_name> hooks.json
Access Neo4j
web interface at http://localhost:7474
MATCH(n)
RETURN(n)
LIMIT 300;
A web frontend developed on top of VueJS
is available in the web
folder
cd web
npm install
npm run dev
If libguestfs
fails to initialize, you can use the libguestfs-test-tool
to
quickly understand the root cause of the failure.
PRs accepted.
Small note: If editing the Readme, please conform to the standard-readme specification.