One Hat Cyber Team
Your IP :
216.73.216.14
Server IP :
194.44.31.54
Server :
Linux zen.imath.kiev.ua 4.18.0-553.77.1.el8_10.x86_64 #1 SMP Fri Oct 3 14:30:23 UTC 2025 x86_64
Server Software :
Apache/2.4.37 (Rocky Linux) OpenSSL/1.1.1k
PHP Version :
5.6.40
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
systemtap
/
examples
/
security-band-aids
/
View File Name :
security-bandaid-template.stp
#!/usr/bin/stap -g -m CVE_YYYY_ABCD /* The following is a template for security bandaids for use * in live patching CVEs with systemtap * See: https://securityblog.redhat.com/2015/06/03/emergency-security-band-aids-with-systemtap/ * * The template will define global variables * cve_notify_p: Nonzero int if the user wants notifications on the loading(begin)/unloading(end) of the patch. O otherwise * cve_fix_p: Nonzero int if the user wants their CVE to run the fix payload. 0 otherwise * cve_trace_p: Nonzero int if the user wants their CVE to trace the issue. 0 otherwise * cve_enabled_p: Nonzero int if the user's patch code should be run. 0 otherwise * When disabled, there is minimal overhead for the patch and all probes which should be * toggleable should have `if(cve_enabled_p)` before the probe body. * cve_tmpdisabled_s: A countdown timer for temporary disabling of probes by setting * cve_enabled_p to 0 until this number of seconds decreases to <0. * * It is assumed that the user's probes will utilize the above for these purposes * These can be changed within the user's probes at runtime using procfs (/proc/systemtap/CVE_YYYY_ABCD/*) * For example see cve-2016-0728-templatized.stp or cve-2018-6485-templatized.stp * * The user can also track metrics using cve_count_metric(key:string) and cve_record_metric(key:string, value:long) * Where cve_count_metric increments a counter each time called and cve_record_metric can store any long value * These are visable along with some buildin metrics at /proc/systemtap/CVE_YYYY_ABCD/__prometheus * * The patch can also be fully disabled programatically using cve_tmpdisable(duration:long), where * a non-negative duration is the number of seconds to disable the patch, and negative is disabled until reenabled * via procfs */ // User Action Item: Add fix payload here using defined globals probe X.Y.Z if(cve_enabled_p) {...}