This page describes how to configure and run Tracker. It should run as administrator.
Configuration
tracker.conf is a configuration file of Tracker and should exist in the current working directory. Each line has a key-value pair that is delimited by either a tab or a space. A line beginning with a hash (#) is a comment.
SERVERURI
This value includes the scheme, host, and port (if necessary) of URL for the service. Don't put a slash (/) at the end.
SERVERURI https://pennprovenance.net
USERNAME
[OPTIONAL] Specify your username of PROV Storage to log in the service.
USERNAME myUserName
PASSWORD
PASSWORD myPassWord
[OPTIONAL] Specify your password of PROV Storage to log in the service.
When your credentials don't exist in tracker.conf or they are invalid, a login page will show up in GUI mode. In console mode, the terminal will ask your credentials. You may specify your credentials in the arguments. See Console Mode.
NOTRACE
(EXPERIMENTAL - Use carefully. You will lose process events of dropped processes.)
[OPTIONAL] If a process name of an event is identical to any of notrace values, the event will be dropped. Notrace values are seperated by commas. Don't put a space between values.
NOTRACE date,mv,rm,uname,basename
NOTRACE_USER
[OPTIONAL] If you want not to capture processes executed by specific users, you can use this option.
NOTRACE_USER root,foobar
Sample file
# This is a very simple configuration file # This file should be located at the current working directory when you run Tracker. SERVERURI https://pennprovenance.net USERNAME myusername PASSWORD mypassword NOTRACE date,mv,rm,uname,basename NOTRACE_USER root,foobar
Program Usage
Tracker should run as administrator.
- On Windows, only GUI mode is available, and all command line arguments are ignored.
GUI Mode
Usage: sudo ./ceftracker no options
Console Mode
Usage: sudo ./ceftracker [options...]
sudo ./noceftracker [options...]
Options:
--console Run in console mode (only for ceftracker)
-p, --pname PROCNAME Simplified regular expressions for process name
-f, --fpath FILEPATH Simplified regular expressions for file path
-u, --username Your username
-w, --password Your password (use only if you really want to)
Example
sudo ./ceftracker --console -p "^prog|^test.sh$" -f "^/home/"
Rules for process names
A user can give rules (in simplified regular expressions) for process names to capture. Tracker will collect events from a process that matches one of the specified rules and its descendant processes. A process name is the name of an executable file.
- Windows - A process name includes the file extension of an executable.
- Linux - In the
topcommand, it is shown as a command name. Note that its maximum length is 15. You can run a script as an executable by adding#!/bin/bash,#!/bin/python, etc. in the first line of the script. Without it, its process name is justbashorpython. - OSX - Similar to Linux, but there is no limitation on the length.
Simplified Regular Expressions
Tracker uses the simple regular expression which supports the Match-beginning-of-line Operator (^) and the Match-end-of-line Operator ($). For example,
- ^vi matches vi, vim, etc.
- cat$ matches cat, nocat, etc.
- ^test$ matches only test.
- notepad matches notepad, notepad.exe, newnotepad, etc.
The Alternation Operator (|) can be used as follows.
- ^vi|cat$ matches vim, nocat, etc.