Sonar [C]ernel Commander (SCC) is an advanced Linux kernel module that specializes in syscall hooking and event logging. Designed with performance and extensibility in mind, SCC offers a robust solution for system call monitoring and provides a seamless interface for user-space applications.
- Advanced Syscall Hooking: Efficiently monitor and log system call activities with minimal performance overhead.
- Detailed Event Logging: Capture comprehensive details of each syscall, including arguments, return values, and precise timestamps.
- User-Space Interface: Leverage a character device to facilitate direct and efficient communication between user space and the kernel module.
- Dynamic Control: Dynamically manage hooking behavior and logging mechanisms through simple read/write operations.
- Linux kernel version 5.x or newer.
- Kernel development and compilation tools (e.g.,
make,gcc,kernel headers).
-
Clone the repository:
git clone https://github.com/25077667/sonar-cernel-commander cd sonar-cernel-commander -
Compile the module:
make
-
Insert the module into the kernel:
sudo insmod scc.ko
-
Verify the module is loaded:
lsmod | grep scc
The SCC module registers a character device named scc. You can interact with this device to control and monitor the module's behavior.
- Reading Events: Fetch logged syscall events with detailed information.
- Writing Commands: Send commands to control hooking behavior, toggle event logging, or configure module settings.
- Reading from the device:
cat /dev/scc
- Writing to the device:
echo "command" > /dev/scc
- Use Python See /client/client.py for an example of how to interact with the SCC module using Python.
We welcome contributions from the community. If you wish to contribute to SCC, please submit a pull request with a clear description of your changes, adhering to the coding standards and documentation practices of the project.
SCC is distributed under the Dual BSD/GPL License.
A heartfelt thank you to all individuals and organizations who have contributed to the development and maintenance of SCC.
For support, feedback, or queries, please reach out to open an issue on our GitHub repository.
SCC is currently in its alpha stage of development. It is under active development, and we advise against using it in critical production environments until it reaches a stable release.