Execution profile for web server
I would like to know if there is a way to run an app to exhaustion in terms of all possible outcomes that it can provide.
What do I mean by that:
Let's assume that someone has an (Apache) HTTP Server. What I am trying to do is to create profiles of nominal execution of this http server. These profiles will then be used as a sandbox/wrapper for this specific app and if the app executes anything else other than that (due to malicious activity to the app such as code injection) to halt the execution and throw a warning.
So to make it more clear let's assume that the execution of an app is completely deterministic.
We know from the start that the app will output either the number 30, either the number -5 or the number 0. If the app, for example, outputs any other number other than the aforementioned ones then I need to show an error. Or maybe if it outputs a string or a char then again I need to throw an error, because we are expecting only the numbers 30, -5 or 0.
To make it more realistic:
What I am trying to do is to somehow exhaust all possible execution outcomes of an http server and audit what calls it makes on the linux kernel. That way, I could profile how it normally interacts with the kernel considering all normal executions and then compare these/this profile(s) with real life executions. If at some point, the real-life executions diverge from these/this profile(s) then I should display a message that something is off.
Now you may wonder that if for example the server receives a software update then its execution may diverge because the source code changed from the previous version. And you are right. But let's assume that we stick with a specific version and we do not move from there no matter if there are updates or not. So we profile only one version of the http server.
What I have tried to do so far is to download apache and run an strace and at the same time send http requests via postman. But it seems that it is not very helpful as I do not see much difference in the strace logs.
So is it possible to create such profiles?
You could provide real-life scenarios with apache server (if possible) or any other http server that may be easier.
---UPDATE---
CLARIFICATIONS:
I understand that I have not made the problem very clear. I apologize for any confusion that my question has created. I was not in the right mind when I was writing this. So, to clarify things:
Basically if I have an http server (apache or any other) according to the different possible executions of the server I want to observe/audit how it interacts with the Linux Kernel.
Let me give you an example:
Lets assume that I run an http server on 10.0.0.2 on a Ubuntu machine and I make a GET request like this: http://10.0.0.2/log/log.txt.
I want to see on the level of linux kernel how the http server interacts with the kernel for this request. For example did the server tried to call some version of alloc (malloc,calloc,etc...). If yes, what were the parameters? Or maybe it called system(). Why? What were the parameters, if any?
Now according to what functions it calls and what type of parameters it passes through the calls I want to profile the server.
I get the fact that there are tons of different requests on http servers with different parameters and false-positives, false-negatives, etc... are very much possible. But at least I want to try and see what data could I possibly trace.
Sorry again for the confusion and I hope it clarify things a little bit more.
