mirror of
https://github.com/adulau/aha.git
synced 2024-12-27 19:26:25 +00:00
Worker should is also maintaining a process list
This commit is contained in:
parent
0c51cfd662
commit
6f75d2f7d0
2 changed files with 36 additions and 4 deletions
|
@ -27,12 +27,15 @@ class PeriodTaks():
|
||||||
#Log file descriptor
|
#Log file descriptor
|
||||||
self.lfd = open(logfile,'a')
|
self.lfd = open(logfile,'a')
|
||||||
self.aha = AHAActions(inqueue,outqueue)
|
self.aha = AHAActions(inqueue,outqueue)
|
||||||
|
#Processtree related stuff
|
||||||
|
self.ptree = ProcessTrees()
|
||||||
|
|
||||||
#Make close action externally available
|
#Make close action externally available
|
||||||
def closeLogFile(self):
|
def closeLogFile(self):
|
||||||
self.lfd.close()
|
self.lfd.close()
|
||||||
|
|
||||||
def remove_old_msg(self,queue):
|
def remove_old_msg(self,queue):
|
||||||
|
msg = None
|
||||||
#Get current date if the files are older than the timeout remove them
|
#Get current date if the files are older than the timeout remove them
|
||||||
t0 = int(time.strftime("%s"))
|
t0 = int(time.strftime("%s"))
|
||||||
files = dircache.listdir(queue)
|
files = dircache.listdir(queue)
|
||||||
|
@ -44,11 +47,14 @@ class PeriodTaks():
|
||||||
if (delta > self.timeout):
|
if (delta > self.timeout):
|
||||||
#Old file was found record it
|
#Old file was found record it
|
||||||
if queue == self.outqueue:
|
if queue == self.outqueue:
|
||||||
self.record_message(af,t1,PeriodTaks.FROM_KERNEL)
|
msg = self.record_message(af,t1,PeriodTaks.FROM_KERNEL)
|
||||||
|
print msg
|
||||||
if queue == self.inqueue:
|
if queue == self.inqueue:
|
||||||
self.record_message(af,t1,PeriodTaks.TO_KERNEL)
|
msg = self.record_message(af,t1,PeriodTaks.TO_KERNEL)
|
||||||
#Remove it
|
#Remove it
|
||||||
self.aha.silent_clean(af)
|
self.aha.silent_clean(af)
|
||||||
|
#Return the message for further processing
|
||||||
|
return msg
|
||||||
|
|
||||||
def clean_input_queue(self):
|
def clean_input_queue(self):
|
||||||
try:
|
try:
|
||||||
|
@ -57,9 +63,29 @@ class PeriodTaks():
|
||||||
sys.stderr.write(str(e))
|
sys.stderr.write(str(e))
|
||||||
|
|
||||||
|
|
||||||
|
def maintain_process_tree(self,msg):
|
||||||
|
try:
|
||||||
|
pid = int(msg['pid'][0])
|
||||||
|
ppid = int(msg['ppid'][0])
|
||||||
|
type = int(msg['type'][0])
|
||||||
|
#Focus on do_execve messages
|
||||||
|
if (type == 1 ) or (type== 2):
|
||||||
|
self.ptree.searchTree(pid,ppid)
|
||||||
|
#Focus on sys_close
|
||||||
|
if (type == 3):
|
||||||
|
self.ptree.silent_remove_pid(pid)
|
||||||
|
except IndexError,e:
|
||||||
|
pass
|
||||||
|
except ValueError,e:
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
def clean_output_queue(self):
|
def clean_output_queue(self):
|
||||||
try:
|
try:
|
||||||
self.remove_old_msg(self.outqueue)
|
msg = self.remove_old_msg(self.outqueue)
|
||||||
|
if msg:
|
||||||
|
self.maintain_process_tree(msg)
|
||||||
|
|
||||||
except OSError,e:
|
except OSError,e:
|
||||||
sys.stderr.write(str(e))
|
sys.stderr.write(str(e))
|
||||||
|
|
||||||
|
@ -72,13 +98,16 @@ class PeriodTaks():
|
||||||
msg = self.aha.load_file(filename)
|
msg = self.aha.load_file(filename)
|
||||||
logEntry = self.aha.serializeKernelMessage(msg,filename,ctime)
|
logEntry = self.aha.serializeKernelMessage(msg,filename,ctime)
|
||||||
self.lfd.write(logEntry)
|
self.lfd.write(logEntry)
|
||||||
|
return msg
|
||||||
|
|
||||||
if type == PeriodTaks.TO_KERNEL:
|
if type == PeriodTaks.TO_KERNEL:
|
||||||
msg = self.aha.get_kernel_reply(filename)
|
msg = self.aha.get_kernel_reply(filename)
|
||||||
logEntry=self.aha.serializeAhaReply(msg,filename,ctime)
|
logEntry=self.aha.serializeAhaReply(msg,filename,ctime)
|
||||||
self.lfd.write(logEntry)
|
self.lfd.write(logEntry)
|
||||||
|
return msg
|
||||||
except IOError,e:
|
except IOError,e:
|
||||||
sys.stderr.write('Failed to record message: %s\n'%filename)
|
sys.stderr.write('Failed to record message: %s\n'%filename)
|
||||||
|
return None
|
||||||
|
|
||||||
def usage(exitcode):
|
def usage(exitcode):
|
||||||
print """
|
print """
|
||||||
|
@ -122,6 +151,7 @@ try:
|
||||||
logfile = c.get('worker','logfile')
|
logfile = c.get('worker','logfile')
|
||||||
p = PeriodTaks(outqueue, inqueue, timeout,sleeptime,logfile)
|
p = PeriodTaks(outqueue, inqueue, timeout,sleeptime,logfile)
|
||||||
print "Start working ..."
|
print "Start working ..."
|
||||||
|
|
||||||
while True:
|
while True:
|
||||||
p.clean_input_queue()
|
p.clean_input_queue()
|
||||||
p.clean_output_queue()
|
p.clean_output_queue()
|
||||||
|
|
|
@ -5,6 +5,8 @@ sleeptime=3
|
||||||
#removed or not
|
#removed or not
|
||||||
timeout=3
|
timeout=3
|
||||||
logfile=/home/gerard/kernel/adaptive-honeypot/linux-2.6/aha/aha.log
|
logfile=/home/gerard/kernel/adaptive-honeypot/linux-2.6/aha/aha.log
|
||||||
|
#Directory where UML information is periodically stored
|
||||||
|
exportdir=/tmp/ahaworker
|
||||||
|
|
||||||
[common]
|
[common]
|
||||||
#Directory where the kernel writes data
|
#Directory where the kernel writes data
|
||||||
|
|
Loading…
Reference in a new issue