mirror of
https://github.com/adulau/aha.git
synced 2024-12-27 03:06:10 +00:00
Try #3 seems to run
This commit is contained in:
parent
f3d7347537
commit
a4c919c452
2 changed files with 5 additions and 3 deletions
|
@ -29,9 +29,9 @@ class KernelEvents(ProcessEvent):
|
||||||
self.processtrees.addUser(pid)
|
self.processtrees.addUser(pid)
|
||||||
self.ahaa.create_message(filekey,block=0, exitcode=0,
|
self.ahaa.create_message(filekey,block=0, exitcode=0,
|
||||||
insult=0, substitue=0)
|
insult=0, substitue=0)
|
||||||
return
|
return
|
||||||
|
|
||||||
#is this process related to a user?
|
#is this process induced by clone or sys_execve related to a user?
|
||||||
if self.processtrees.searchTree(pid,ppid) == False:
|
if self.processtrees.searchTree(pid,ppid) == False:
|
||||||
print "Process belongs to the system, allow it"
|
print "Process belongs to the system, allow it"
|
||||||
#Note the process could also belong to a local
|
#Note the process could also belong to a local
|
||||||
|
@ -39,6 +39,8 @@ class KernelEvents(ProcessEvent):
|
||||||
self.ahaa.create_message(filekey,block=0, exitcode=0,
|
self.ahaa.create_message(filekey,block=0, exitcode=0,
|
||||||
insult=0, substitue=0)
|
insult=0, substitue=0)
|
||||||
return
|
return
|
||||||
|
else:
|
||||||
|
print "Process belongs to a user, play"
|
||||||
|
|
||||||
|
|
||||||
except KeyError,e:
|
except KeyError,e:
|
||||||
|
|
|
@ -107,7 +107,7 @@ class ProcessTrees:
|
||||||
#Always add it pid and ppid the list
|
#Always add it pid and ppid the list
|
||||||
self.processList[pid] = ppid
|
self.processList[pid] = ppid
|
||||||
if self.userList.has_key(ppid):
|
if self.userList.has_key(ppid):
|
||||||
print "DEBUG: user related command"
|
#print "DEBUG: user related command"
|
||||||
self.foundUser = 1
|
self.foundUser = 1
|
||||||
return
|
return
|
||||||
#print "DEBUG: Searching ppid ",ppid, "in ",self.processList
|
#print "DEBUG: Searching ppid ",ppid, "in ",self.processList
|
||||||
|
|
Loading…
Reference in a new issue