Try #3 seems to run

2024-12-26 10:46:11 +00:00 · 2010-01-15 11:40:18 +01:00 · 2010-01-15 11:40:18 +01:00 · a4c919c452
commit a4c919c452
parent f3d7347537
2 changed files with 5 additions and 3 deletions
--- a/aha/aha.py
+++ b/aha/aha.py
@ -29,9 +29,9 @@ class KernelEvents(ProcessEvent):
                    self.processtrees.addUser(pid)
                    self.ahaa.create_message(filekey,block=0, exitcode=0,
                                             insult=0, substitue=0)
-                return
+                    return

-            #is this process related to a user?
+            #is this process induced by clone or sys_execve related to a user?
            if self.processtrees.searchTree(pid,ppid) == False:
                print "Process belongs to the system, allow it"
                #Note the process could also belong to a local
@ -39,6 +39,8 @@ class KernelEvents(ProcessEvent):
                self.ahaa.create_message(filekey,block=0, exitcode=0,
                                         insult=0, substitue=0)
                return
+            else:
+                print "Process belongs to a user, play"


        except KeyError,e:
--- a/aha/ahalib.py
+++ b/aha/ahalib.py
@ -107,7 +107,7 @@ class ProcessTrees:
        #Always add it pid and ppid the list
        self.processList[pid] = ppid
        if self.userList.has_key(ppid):
-            print "DEBUG: user related command"
+            #print "DEBUG: user related command"
            self.foundUser = 1
            return
        #print "DEBUG: Searching ppid ",ppid, "in ",self.processList