mirror of
https://github.com/adulau/aha.git
synced 2024-12-27 11:16:11 +00:00
AHA with the GUI was too slow
This commit is contained in:
parent
cdb9e2970b
commit
d54122dd6c
2 changed files with 33 additions and 27 deletions
56
aha/aha.py
56
aha/aha.py
|
@ -6,6 +6,7 @@ import os,sys,random,getopt,ConfigParser
|
||||||
from pyinotify import *
|
from pyinotify import *
|
||||||
from ctypes import *
|
from ctypes import *
|
||||||
from ahalib import *
|
from ahalib import *
|
||||||
|
import sys
|
||||||
import sqlite3,os.path
|
import sqlite3,os.path
|
||||||
database = '../gui.db'
|
database = '../gui.db'
|
||||||
class KernelEvents(ProcessEvent):
|
class KernelEvents(ProcessEvent):
|
||||||
|
@ -15,40 +16,47 @@ class KernelEvents(ProcessEvent):
|
||||||
self.processtrees = ProcessTrees()
|
self.processtrees = ProcessTrees()
|
||||||
if os.path.exists(database):
|
if os.path.exists(database):
|
||||||
self.con = sqlite3.connect(database)
|
self.con = sqlite3.connect(database)
|
||||||
|
#Do it here to win time
|
||||||
|
self.cur = self.con.cursor()
|
||||||
else:
|
else:
|
||||||
self.con = None
|
|
||||||
print "[ERROR] Database file not found ",database
|
print "[ERROR] Database file not found ",database
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
def askgui(self, filekey,msg):
|
def askgui(self, filekey,msg):
|
||||||
if self.con == None:
|
ret = False
|
||||||
return False
|
|
||||||
cur = self.con.cursor()
|
|
||||||
program = os.path.basename(msg['file'][0])
|
program = os.path.basename(msg['file'][0])
|
||||||
args = ','.join(msg['argument'][1:])
|
args = ','.join(msg['argument'][1:])
|
||||||
#Update the gui shell
|
|
||||||
outstr = program + "(" + args + ")"
|
|
||||||
print "######### User wants to execute ",outstr
|
|
||||||
cur.execute('INSERT INTO shell (cmd) VALUES (?)',[outstr])
|
|
||||||
self.con.commit()
|
|
||||||
#Lets see what the user has defined
|
#Lets see what the user has defined
|
||||||
action = 0
|
action = 0
|
||||||
for row in cur.execute('SELECT action FROM perms WHERE cmd=?',[program]):
|
for row in self.cur.execute('SELECT action FROM perms WHERE cmd=?',[program]):
|
||||||
action = int(row[0])
|
action = int(row[0])
|
||||||
if action == 0:
|
if action == 0:
|
||||||
self.ahaa.create_message(filekey,block=0,exitcode=0, insult=0,substitue=0)
|
#Message is allowed
|
||||||
print "##### Allowed action"
|
self.ahaa.create_message(filekey,block=0,exitcode=0, insult=0,
|
||||||
return True
|
substitue=0)
|
||||||
|
ret = True
|
||||||
if action == 1:
|
if action == 1:
|
||||||
self.ahaa.create_message(filekey, block=1,exitcode=1, insult=0, substitue=0)
|
#Message is blocked
|
||||||
print "##### Blocked action"
|
self.ahaa.create_message(filekey, block=1,
|
||||||
return True
|
exitcode=KERNEL_ERRORS.EACESS, insult=0,
|
||||||
|
substitue=0)
|
||||||
|
ret = True
|
||||||
if action == 2:
|
if action == 2:
|
||||||
self.ahaa.create_message(filekey, block=0, exitcode=0, insult=2, substitue=0)
|
#User is insulted
|
||||||
print "##### Insulted user"
|
self.ahaa.create_message(filekey, block=0, exitcode=0, insult=2,
|
||||||
return True
|
substitue=0)
|
||||||
|
ret = True
|
||||||
|
|
||||||
|
#Update the gui shell this takes time but the message had already
|
||||||
|
#been transmitted to the kernel
|
||||||
|
outstr = program + "(" + args + ")"
|
||||||
|
self.cur.execute('INSERT INTO shell (cmd) VALUES (?)',[outstr])
|
||||||
|
self.con.commit()
|
||||||
|
#FIXME If fallback of decision to allow it is anyhow too late
|
||||||
|
#Therefore allows the kernel by it self the execution
|
||||||
|
return ret
|
||||||
#Exception handling is done in decision method
|
#Exception handling is done in decision method
|
||||||
#By default no decision was taken
|
|
||||||
return False
|
|
||||||
def decision(self,filekey,msg):
|
def decision(self,filekey,msg):
|
||||||
try:
|
try:
|
||||||
pid = int(msg['pid'][0])
|
pid = int(msg['pid'][0])
|
||||||
|
@ -61,28 +69,26 @@ class KernelEvents(ProcessEvent):
|
||||||
if type == 1:
|
if type == 1:
|
||||||
# Got sys_execve
|
# Got sys_execve
|
||||||
command = msg['file'][0]
|
command = msg['file'][0]
|
||||||
print "Got command: ",command, "in ",filekey
|
|
||||||
#Is there a new SSH connection?
|
#Is there a new SSH connection?
|
||||||
if msg['file'][0] == '/usr/sbin/sshd':
|
if msg['file'][0] == '/usr/sbin/sshd':
|
||||||
print "New user found pid=",pid,",ppid=",ppid
|
|
||||||
self.processtrees.addUser(pid)
|
self.processtrees.addUser(pid)
|
||||||
self.ahaa.create_message(filekey,block=0, exitcode=0,
|
self.ahaa.create_message(filekey,block=0, exitcode=0,
|
||||||
insult=0, substitue=0)
|
insult=0, substitue=0)
|
||||||
|
#print "New user found pid=",pid,",ppid=",ppid
|
||||||
return
|
return
|
||||||
|
|
||||||
#is this process induced by clone or sys_execve related to a user?
|
#is this process induced by clone or sys_execve related to a user?
|
||||||
if self.processtrees.searchTree(pid,ppid) == False:
|
if self.processtrees.searchTree(pid,ppid) == False:
|
||||||
print "Process belongs to the system, allow it"
|
|
||||||
#Note the process could also belong to a local
|
#Note the process could also belong to a local
|
||||||
#connected user
|
#connected user
|
||||||
self.ahaa.create_message(filekey,block=0, exitcode=0,
|
self.ahaa.create_message(filekey,block=0, exitcode=0,
|
||||||
insult=0, substitue=0)
|
insult=0, substitue=0)
|
||||||
|
#print "Process belongs to the system, allow it"
|
||||||
return
|
return
|
||||||
else:
|
else:
|
||||||
if msg.has_key('file'):
|
if msg.has_key('file'):
|
||||||
r = self.askgui(filekey,msg)
|
r = self.askgui(filekey,msg)
|
||||||
if r:
|
if r:
|
||||||
print "#A message was sent return"
|
|
||||||
return
|
return
|
||||||
|
|
||||||
except KeyError,e:
|
except KeyError,e:
|
||||||
|
|
|
@ -37,8 +37,6 @@ class AHAActions:
|
||||||
|
|
||||||
#Can trow IOError
|
#Can trow IOError
|
||||||
def create_message(self,filename,block,exitcode,substitue,insult):
|
def create_message(self,filename,block,exitcode,substitue,insult):
|
||||||
print "CREATE_MESSAGE ",filename,"block=",block, "insult=",insult,\
|
|
||||||
"substitue=",substitue
|
|
||||||
try:
|
try:
|
||||||
reply = ReplyMessage(block=block,exitcode=exitcode,substitue=substitue,
|
reply = ReplyMessage(block=block,exitcode=exitcode,substitue=substitue,
|
||||||
insult = insult)
|
insult = insult)
|
||||||
|
@ -48,6 +46,8 @@ class AHAActions:
|
||||||
f.close()
|
f.close()
|
||||||
reply="(key=%s, block=%d,exitcode=%d,substitue=%d,insult=%d)"\
|
reply="(key=%s, block=%d,exitcode=%d,substitue=%d,insult=%d)"\
|
||||||
%(filename,block,exitcode, substitue,insult)
|
%(filename,block,exitcode, substitue,insult)
|
||||||
|
#print "CREATE_MESSAGE ",filename,"block=",block, "insult=",insult,\
|
||||||
|
#"substitue=",substitue
|
||||||
return reply
|
return reply
|
||||||
except IOError,e:
|
except IOError,e:
|
||||||
sys.stderr.write('Could not create reply file=(%s)\n'%filename)
|
sys.stderr.write('Could not create reply file=(%s)\n'%filename)
|
||||||
|
|
Loading…
Reference in a new issue