Using the parameters in the sepmd utility, makers can list, retrieve and edit, or delete unprocessed transactions; checkers can lock transactions in order to authorize or reject them, and they can unlock transactions for processing at a later time or by a different checker.
When the sepmdd daemon receives the start_transaction command, it sends the child process a unique number. The child process tags any further commands with this identifying number, and the number is added to the new transaction and kept in the memory of the sepmdd daemon. When sepmdd receives the end_transaction command, the authorization algorithm is invoked. The authorization algorithm checks that none of the commands in the transaction pertain to the maker of the transaction, and none of the objects in the commands are already locked by another transaction that is waiting to be processed prior to execution.
You cannot use the same objects in different transactions before they are processed. If the check passes, then the relevant objects are locked, the transaction is assigned a unique sequential number, and the data is saved in a file. Each transaction is saved in a different file.
This seems to work when trying to find unique values for a field, like 'host':
* | chart count by host
* | chart count by host
I am doing my case study for ccna 2 but cant get the access list to work right.
I have one centre router connected to a switch thats connected to a file server1 and WS2
I then have another router Boaz coonected to centre which has a switch and ws3 and 4
I then have another router thats connected to centre and that has a switch ws5 and wks6
For centre i have
ip host boaz 10.6.1.2 10.6.4.1
ip host centre 10.6.1.1 10.6.2.1 10.6.3.1
ip host eva 10.6.5.1 10.6.2.2
ip host fileserver 10.6.3.2
For boaz i have -
ip host boaz 10.6.1.2 10.6.4.1
ip host centre 10.6.1.1 10.6.2.1 10.6.3.1
ip host eva 10.6.5.1 10.6.2.2
ip host fileserver 10.6.3.2
ip host workstation3 10.6.4.2
ip host workstation4 10.6.4.3
access-list 101 permit ip 10.6.4.0 0.0.0.255 host 10.6.3.2
access-list 101 permit icmp 10.6.4.0 0.0.0.255 any echo-reply
for eva i have
ip host boaz 10.6.1.2 10.6.4.1
ip host centre 10.6.1.1 10.6.2.1 10.6.3.1
ip host eva 10.6.5.1 10.6.2.2
ip host fileserver 10.6.3.2
ip host workstation5 10.6.5.2
ip host workstation6 10.6.5.3
access-list 102 permit ip 10.6.5.0 0.0.0.255 host 10.6.3.2
access-list 102 permit icmp 10.6.5.0 0.0.0.255 10.6.3.0 0.0.0.255
This is what its suppose to do
Telnet from Boaz to Eva Successful
Telnet from #4 to Eva Blocked
Telnet from #5 to Boaz Blocked
Telnet from #2 to Boaz Successful
Telnet from #2 to Eva Successful
ping from #5 to #1Successful
Ping from #3 to #1 Successful
Ping from #3 to #4 Successful
Ping from #5 to #6Successful
Ping from #3 to #5 Blocked
Ping from #2 to #5 Successful
Ping from #2 to #3 Successful
Ping from Eva to #3 Successful
Ping from Boaz to #5 Successful
But when i telnet i get an [Connection to 10.6.2.2 closed by foreign host] error and when i ping from boaz ws5 it fails.
WHAT AM I DOING WRONG?
Thanks
I have one centre router connected to a switch thats connected to a file server1 and WS2
I then have another router Boaz coonected to centre which has a switch and ws3 and 4
I then have another router thats connected to centre and that has a switch ws5 and wks6
For centre i have
ip host boaz 10.6.1.2 10.6.4.1
ip host centre 10.6.1.1 10.6.2.1 10.6.3.1
ip host eva 10.6.5.1 10.6.2.2
ip host fileserver 10.6.3.2
For boaz i have -
ip host boaz 10.6.1.2 10.6.4.1
ip host centre 10.6.1.1 10.6.2.1 10.6.3.1
ip host eva 10.6.5.1 10.6.2.2
ip host fileserver 10.6.3.2
ip host workstation3 10.6.4.2
ip host workstation4 10.6.4.3
access-list 101 permit ip 10.6.4.0 0.0.0.255 host 10.6.3.2
access-list 101 permit icmp 10.6.4.0 0.0.0.255 any echo-reply
for eva i have
ip host boaz 10.6.1.2 10.6.4.1
ip host centre 10.6.1.1 10.6.2.1 10.6.3.1
ip host eva 10.6.5.1 10.6.2.2
ip host fileserver 10.6.3.2
ip host workstation5 10.6.5.2
ip host workstation6 10.6.5.3
access-list 102 permit ip 10.6.5.0 0.0.0.255 host 10.6.3.2
access-list 102 permit icmp 10.6.5.0 0.0.0.255 10.6.3.0 0.0.0.255
This is what its suppose to do
Telnet from Boaz to Eva Successful
Telnet from #4 to Eva Blocked
Telnet from #5 to Boaz Blocked
Telnet from #2 to Boaz Successful
Telnet from #2 to Eva Successful
ping from #5 to #1Successful
Ping from #3 to #1 Successful
Ping from #3 to #4 Successful
Ping from #5 to #6Successful
Ping from #3 to #5 Blocked
Ping from #2 to #5 Successful
Ping from #2 to #3 Successful
Ping from Eva to #3 Successful
Ping from Boaz to #5 Successful
But when i telnet i get an [Connection to 10.6.2.2 closed by foreign host] error and when i ping from boaz ws5 it fails.
WHAT AM I DOING WRONG?
Thanks
Let Intel Pin follow child processes
Intel Pin is a very successful tool for dynamic bynary instrumentation and is used widely for program analysis (especially for analysing malicious behaviours when the source code is not available).
One feature of it is
FOLLOW_CHILD_PROCESS_CALLBACK, which allows a user to choose whether the instrumentation is enabled or not for each child prosess of the target program. What the documentation says is that the callback is called everytime the target program does exec (in Linux) and the callback may return true/false in accordance to whether the exec’ed child process has to be instrumented.
However in my environment (Debian GNU/Linux 8.5 + gcc 4.8 / 4.9), the callback is not called even when my program does
exec and I believe it’s not a fault of my instrumentation code because even a very simple example (for this follow child functionality) provided by Intel itself does not work. This is very bad as in default Pin does not instrument child processes, so I cannot instrument multi-processed programs!
One possible reason might be the compiler, as the README in the tarball says:
you cannot use gcc versions 4.5 or newer to compile Probe mode tools, since these versions create files with a new OS ABI version which is not compatible with the pin kit.
Although I’m not using the Probe mode, the ABI difference might affect anywhere in this kind of binary instrumentation tool.
The problem is that building an older version of gcc is very troublesome, since it relies on a lot of old library versions and even on some old linux kernel headers.
Dirty Hack
So, I decided to do some dirty hack to let Pin instrument my child processes.
Fortunately, the PIN_AddSyscallEntryFunction functionality, which is invoked at every system call, does work. The idea is to use this callback to (TO BE ADDED)
