I need to write a daemon, much like windows service on os x using objective c.
Can anyone point to some sample? or guide me about how to do this?
There is a complete technical note available on the Apple Developer site.
You will find all the needed information, as well as the restrictions for creating, launching and debugging a daemon, whatever its language.
See also this entry on SO.
Related
I was wondering if it was even possible with RUBY to watch other applications and if a certain application is below a memory threshold it kills it and starts it again.
Operating System would be Windows 7+
Things I need to be able to do:
Monitor Memory
Determine between different processes
Kill Processes
Start new process (bat script or powershell)
Start monitoring again
The watched application running would run high memory when it is working and that is good. If it goes below 1gb I want this application to kill it. Of course when it restarts it would give a grace period for it to load the RAM.
I was going to use the Shoes gui framework to make something nice to wrap around it. It would be theoretically nice to have some sort of auto detection if the application is running.
If this is possible, but requires Gem you think may help I would like to hear about them.
I found Usagewatch Gem seems to be headed the right way, but from a glance at the documentation it is general and I need to be specific about which process I am watching.
If this question is not appropriate here please let me know via a comment and I will remove it and/or move it to a proper place for this type of question to be asked.
I appreciate your time and effort into helping me with this endeavor.
Thank You
I would suggest using the win32 gem. Than start by looking through the Win32 Api documentation. This will give you the most flexible solution and will give you the whole system programming power for Windows. My advice is to make some wrapper functions about the things connected with Windows you need and use them that way, so if you find a more appriete solution you can switch to it easily.
I'm new to SNMP. I have to develop a manager. I've been searching on how to program for a manager. I've come across WinSNMP, SNMP++ and Net-SNMP. The plus point for Net-SNMP is that it can translate the trap content from the MIB (it can parse the MIB). But would Net-SNMP be a good choice of library for developing a manager? I was wondering if it would be a good idea to use snmptrapd as a basis to develop a manager. At the moment I'm focusing on receiving traps but eventually I'll have to program for the others too (Get, Set, ...).
What is the general outline on how to program for a manager? I have been reading on SNMP for weeks but still haven't got a clear understanding of how to go about doing it.
Any help would be much appreciated. Thanks.
Which toolkit you want will greatly depend on your final-end-goals and preferred language (eg, C vs C++). Make sure you get one with SNMPv3 support, which the native windows library doesn't have (but mg-soft and snmp research's implementation does). You'll likely have to pay money, eventually, if you want SNMPv3 support on windows using the winsnmp APIs.
Net-SNMP and SNMP++ are both well respected open libraries. Net-SNMP has pretty much cornered the market in terms of deployment and comes pre-installed or easily available on every OS except windows (where it also works fine, but MS just doesn't package it for you).
If you want to receive traps, Net-SNMP's snmptrapd is certainly an easy place to start and offers some very simply ways to get started through extensible commands (see the snmptrapd.conf man page to help you get started) or via C (see the apps/snmptrapd*.c files for some example C-registrations).
To get started with Net-SNMP and programming outgoing management operations, you should start with the tutorials about writing management applications. If your management application is ever going to talk to multiple hosts at once, make sure you get a toolkit that does asynchronous support (see the second item in the above link).
There is also JDMK 5.1 API from Sun microsyatem, it is very easy to develop the SNMP Agent as well Manager.
Well I found a nice tutorial about how to program applications using Bonjour. It's cool. But the only problem, I do not understand which language they teach. I am not even sure that it is a programming language? May be they write about commands that should be typed in a command line? Or may be these are commands which should be executed in some GUI applications? Somehow I cannot find the context in which this tutorial is given. It is strange to me that they do not write what is that.
Can somebody resolve this mystery?
Its the C API for apple's Bonjour services; this is hardly a programming tutorial.
Looking at the left, there's a block that says:
RELATED REFERENCE
PROCEDURAL C DNS
Service Discovery C Reference
I'm going to go out on a limb and say it's probably C.
From the URL, title, and menu you can tell that it's a article about registering services using their dns_discovery_api in C.
This is not a programming tutorial.
That’s not a tutorial about how to program, OS X programs are written in Objective-C (although this is a C API), and that page has a table of contents on the left side.
The mDNS command line tool can be used to test Bonjour services.
I couldn't find a suitable title for this. I'm going to express my query with examples.
Consider following softwares:
Process explorer from sysinternals (an advanced task manager)
Resource Manager : resmon.exe (lists each and every fine detail about resource usage about each process).
For me these softwares seems like miracles. I wonder how these are even made. C'mon how a user process can know such fine details about other processes? Who tells this software, what processes are running and what all resources are utilized? Which dlls are used? etc..
Does windows operating system give these software that information? I mean though (obviously the most lower level api) WIN32API. Are there some functions,which on calling return these values
abstractly say:
GetAllRunningProcesses()
GetMemoryUsedByProcess(Process* proc)
etc..
Other similar applications are
network Packet Capture software. How does it get information about all those packets? It clearly sits just infront of the NIC card. How is it possible?
Anti-virus: It scans memory for viruses. Intercepts other processes. Acts like a sandbox for the user application space. How? How??
If its WIN32API. I swear, I'm going to master it.
I don't want to create a multi-threaded application. I want to get information about other multithreaded applications.
I don't want to create a program which communicates using sockets. I want to learn how to learn how to capture all communication packets.
I actually want to work at the lower level. But I don't know, what should I learn. Please guide me in proper direction.
This is really a pretty open-ended question. For things like a list of running processes, look up "PSAPI" or "Toolhelp32". For memory information about a particular process, you can use VirtualQuery.
Capturing network packets is normally done by installing a device driver. If you look, you should be able to find a fair amount about how to write device drivers, though don't expect to create wonders overnight, and do expect to crash your machine a few times in the process (device drivers run in kernel mode, so it's easy for a mistake to crash the machine hard).
I can't say as much with any certainty about anti-virus, because I've never tried to write one. My immediate guess would be that their primary technique is API hooking. There's probably more to it than that, but offhand I've never spent enough time looking at them to know what.
Mark Russinovich's classic, Windows Internals, is the go-to book if you want to get deep in this kind of stuff. I notice that the just-released 5th edition includes Vista. Here's a sample chapter to peek at.
If you like Process Explorer, this is the guy who wrote that, and there are lots of examples using it in the book.
Plus, at 1232 hardcover pages, you can use it to press your clothes.
I'm looking for the concept to spawn a process such that:
it has only access to certain libraries/APIs
it cannot acess the file system or only specific parts
it can do least harm should malicious code run in it
This concept is known as sandbox or jail.
It is required to do this for each major Operating system (Windows, MacOSX and Linux) and the question is conceptual (as in what to do, which APIs to use and and what to observe) rather then language specific.
answer requirements
I really want to accept an answer and give you 20 points for that. I cannot accept my own answer, and I don't have it yet anyway. So if you really want your answer to be accepted, please observe:
The answer has to be specific and complete
With specific I mean that it is more then a pointer to some resource on the internet. It has to summarize what the resource says about the topic at least.
It may or may not contain example code, but if it does please write it in C
I cannot accept an answer that is 2/3 complete even if the 2/3 that are there are perfect.
this question FAQ
Is this homework? No.
Why do you ask this like a homework question? If you ask a specific question and you want to get a specific answer, and you know how that answer should look like, even though you don't know the answer, that's the style of question you get.
If you know how it should look like, why do you ask? 1) because I don't know all the answer 2) because on the internet there's no single place that contains all the details to this question in one place. Please also read the stackoverflow FAQ
Why is the main part of your question how to answer this question? Because nobody reads the FAQ.
Mac OS X has a sandbox facility code-named Seatbelt. The public API for it is documented in the sandbox(7), sandbox_init(3), and related manual pages. The public API is somewhat limited, but the facility itself is very powerful. While the public API only lets you choose from some pre-defined sandboxes (e.g. “All sockets-based networking is prohibited”), you can also use the more powerful underlying implementation which allows you to specify exactly what operating system resources are available via a Scheme-like language. For example, here is an excerpt of the sandbox used for portmap:
(allow process-exec (regex #"^/usr/sbin/portmap$"))
(allow file-read-data file-read-metadata (regex
#"^/etc"
#"^/usr/lib/.*\.dylib$"
#"^/var"
#"^/private/var/db/dyld/"
#"^/dev/urandom$"))
(allow file-write-data (regex
#"^/dev/dtracehelper$"))
You can see many sandboxes used by the system in /usr/share/sandbox. It is easy to experiment with sandboxes by using the sandbox-exec(1) command.
For Windows, you may want to have a look at David LeBlanc’s “Practical Sandboxing” talk given at Black Hat USA 2007. Windows has no built-in sandboxing technology per se, so the techniques described leverage an incomplete mechanism introduced with Windows 2000 called SAFER. By using restricted tokens, one can create a process that has limited access to operating system resources.
For Linux, you might investigate the complicated SELinux mechanism:
SELinux home,
a HOWTO. It is used by Red Hat, for example, to harden some system services in some of their products.
For Windows there is a sandbox in Google Chrome. You may want to investigate it. It uses liberal BSD-like license.
For Linux there would be good old chroot or more sophisticated http://plash.beasts.org/wiki/.
OS X since Leopard has some SELinux-like protection available.
The site codepad.prg has a good "About" page on how they safely allow the execution of any code snippets..
Code execution is handled by a supervisor based on geordi. The strategy is to run everything under ptrace, with many system calls disallowed or ignored. Compilers and final executables are both executed in a chroot jail, with strict resource limits. The supervisor is written in Haskell.
When your app is remote code execution, you have to expect security problems. Rather than rely on just the chroot and ptrace supervisor, I've taken some additional precautions:
The supervisor processes run on virtual machines, which are firewalled such that they are incapable of making outgoing connections.
The machines that run the virtual machines are also heavily firewalled, and restored from their source images periodically.
FreeBSD has specific concepts of jails, and Solaris has containers. Depending on what you're looking for, these may help.
chroot jails can help to limit what an application can do (though any app with root privileges can escape a jail), and they're available on most UNIXen, including OS X.
As for Windows, I'm not sure. If there was an easy way to sandbox a Windows app, most of them would be a lot more secure by now, I'm sure.
On windows (2000 and later) you can use Job objects to restrict processes.
If you really want a technique that will work with all these platforms, as opposed to a separate solution for each platform, then I think your only answer is to set up a virtual machine for each testing environment. You can restore back to a snapshot at any time.
Another big advantage of using virtualization is that you can have all of the testing environments with their guest operating systems all on the same box.
For Linux, there is AppArmor. Unfortunately, the project is somewhat on hiatus.
Another sandboxing-alternative is VServer, which uses virtualization.
Generally any virtual private server will do:
Linux VServer
http://linux-vserver.org/Welcome_to_Linux-VServer.org
Parallels Virtuozzo Containers
http://www.parallels.com/products/pvc/
and as was mentioned FreeBSD and Solaris has own implementations.
Oh. actually I've noticed you're asking it to work on ANY OS. Well, that might be complicated a bit as the I think less effort is just to reuse some VM that can support some level of sandboxing like:
Java
.NET
I'm not an expert on the topic, but i think the standard answer for linux is to define a SeLinux policy with the right capabilities for the process.