From b58b2ecea2efcd4254cab95b7918e8974126a148 Mon Sep 17 00:00:00 2001
From: Gerard Wagener <gerard@ncr0.(none)>
Date: Wed, 20 Jan 2010 19:09:13 +0100
Subject: [PATCH] First version of exporting information like ssh addresses and
 timestamps besides process vectors

---
 aha/aha-eye.py |  7 ++++---
 aha/ahalib.py  | 33 +++++++++++++--------------------
 2 files changed, 17 insertions(+), 23 deletions(-)

diff --git a/aha/aha-eye.py b/aha/aha-eye.py
index 539a4a832bb..7c2f532c8d0 100644
--- a/aha/aha-eye.py
+++ b/aha/aha-eye.py
@@ -16,8 +16,8 @@ def extract_object(obj):
         ts = obj['timestamp']
         #handle sys_clone messages
         if (tp == 2):
-            ptress.searchTree(pid,ppid) 
-            return
+            ptress.searchTree(pid,ppid)
+            
         
         #handle sys_execve
         if (tp ==  1):
@@ -25,6 +25,7 @@ def extract_object(obj):
             if file == '/usr/sbin/sshd':
                 print "Potential new user found: pid=",pid,"ppid=",ppid
                 ptress.addUser(pid)
+                ptress.annotateProcessList(obj) 
                 return
             if ptress.searchTree(pid,ppid):
                 print "User related command: ",file,"pid=",pid," ppid=",ppid
@@ -52,4 +53,4 @@ except ValueError,e:
     print line
 
 #Dump process trees
-print ptress.exportUserListTxt('userlist.txt')
+ptress.exportUserListTxt('userlist.txt')
diff --git a/aha/ahalib.py b/aha/ahalib.py
index 160ee0a0431..234dd520472 100644
--- a/aha/ahalib.py
+++ b/aha/ahalib.py
@@ -145,7 +145,7 @@ class ProcessTrees:
                     if ev.startswith('SSH_CLIENT='):
                         ev = ev.replace('SSH_CLIENT=','')
                         self.aplist[pid]['ssh_client'] = ev
-                        #print "Annotated pid=", pid," ev",ev
+                        print "Annotated with ssh info pid=", pid," ev",ev
             # Is there a timestamp?
             if msg.has_key('timestamp'):
                 self.aplist[pid]['timestamp'] = msg['timestamp']
@@ -219,30 +219,23 @@ class ProcessTrees:
         except KeyError,e:
             pass
 
+    # Describe the root process 
+    # f is file object
+    # pid is the root process
     def desc_root_process(self,f,pid):
         f.write("** user root process %d **\n"%pid)
-        #See if some annotation is found for this pid
-        if self.aplist.has_key(pid):
-            print "Found some annotations for",pid
-            #Look for SSH variables in the first child process
-            sshinfo = self.search_ssh_info(pid)
-            if sshinfo:
-                f.write("%s\n"%sshinfo)
-            else:
-                sys.stderr.write("No SSH information is there\n")
-                if self.aplist[pid].has_key('timestamp'):
-                    #Convert timestamp
-                    ts = self.aplist[pid]['timestamp']
-                    obj=datetime.datetime.fromtimestamp(float(ts))
-                    f.write("Connection date:%s\n\n"%str(obj))
-                else:
-                    f.write("No timestamp information is there\n")
-        else:
-            sys.stderr.write("No annotations found for pid: %d\n"%pid)
+        sshinfo = self.search_ssh_info(pid)
+        if sshinfo:
+            f.write("SSH_client: %s\n"%sshinfo)
+        ts = self.get_timestamp_from_pid(pid)
+        print "11111",ts
+        if ts >0:
+            obj=datetime.datetime.fromtimestamp(float(ts))
+            f.write("Connection date: %s\n"%str(obj))
         #Add process vector
         vec = self.recover_process_vector(pid)
         f.write("Process vector: %s\n"%','.join(vec))
-
+        f.write('\n')
     def exportUserListTxt(self,filename):
         try:
             #Opens the file in append mode aiming to keep the history