adulau/aha
1
0
Fork 0
mirror of https://github.com/adulau/aha.git synced 2024-12-26 10:46:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Clean up process trees in aha

Browse source
This commit is contained in:
Gerard Wagener 2010-01-18 17:00:47 +01:00
parent bd4b19f8a7
commit 0c51cfd662
2 changed files with 17 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
aha/aha.py
View file

@ -19,6 +19,10 @@ class KernelEvents(ProcessEvent):
pid = int(msg['pid'][0])
ppid = int(msg['ppid'][0])
type = int(msg['type'][0])
#Was a process closed?
if type == 3:
self.processtrees.silent_remove_pid(pid)
return
if type == 1:
# Got sys_execve
command = msg['file'][0]
@ -33,7 +37,7 @@ class KernelEvents(ProcessEvent):
#is this process induced by clone or sys_execve related to a user?
if self.processtrees.searchTree(pid,ppid) == False:
print "Process belongs to the system, allow it"
#print "Process belongs to the system, allow it"
#Note the process could also belong to a local
#connected user
self.ahaa.create_message(filekey,block=0, exitcode=0,
@ -41,7 +45,7 @@ class KernelEvents(ProcessEvent):
return
else:
print "Process belongs to a user, play"
#TODO add default action
#TODO add default action
except KeyError,e:
print "EXCEPTION: KeyError"
except IndexError,w:

12
aha/ahalib.py
View file

@ -31,6 +31,7 @@ class AHAActions:
except OSError,e:
pass
#Can trow IOError
def create_message(self,filename,block,exitcode,substitue,insult):
try:
@ -129,7 +130,16 @@ class ProcessTrees:
self.processList.pop(pid)
return self.foundUser
def silent_remove_pid(self,pid):
try:
if self.processList.has_key(pid):
self.processList.pop(pid)
if self.userList.has_key(pid):
self.userList.pop(pid)
print "User in process ",pid," pid disconnected"
except KeyError,e:
pass
class TestProcessTree(unittest.TestCase):
def testSearchRegular0(self):
x = ProcessTrees()