A process do sys_execve multiple times

This commit is contained in:
Gerard Wagener 2010-01-20 21:48:51 +01:00
parent b58b2ecea2
commit c68124b88d
2 changed files with 20 additions and 3 deletions

View file

@ -32,6 +32,14 @@ def extract_object(obj):
#Annotation info is only available in sys_execve messages
print "annotate process ",pid
ptress.annotateProcessList(obj)
# Thread exited
if (tp == 3):
if ptress.does_user_disconnects(pid):
#User disconnected generate a report, to avoid that other
#information is droped
print "List export is triggered"
ptress.exportUserListTxt('userlist.txt')
ptress.silent_remove_pid(pid)
except ValueError,e:
print "Failed to parse ",obj

View file

@ -219,6 +219,11 @@ class ProcessTrees:
except KeyError,e:
pass
def does_user_disconnects(self,pid):
if self.userList.has_key(pid):
return True
else:
return False
# Describe the root process
# f is file object
# pid is the root process
@ -280,15 +285,19 @@ class ProcessTrees:
print "Children of ",pid," ",self.get_children(pid)
for pid in self.get_children(pid):
ts = self.get_timestamp_from_pid(pid)
its = int(ts)
file = self.get_command_from_pid(pid)
if ts != -1 and file != None:
vector[int(ts)] = file
if vector.has_key(its) == False:
vector[its] = []
vector[its].append(file)
#Now sort the vector
tab = vector.keys()
tab.sort()
ret = []
for ts in tab:
ret.append(vector[ts])
for c in vector[ts]:
ret.append(c)
return ret
class TestProcessTree(unittest.TestCase):