adulau/aha
1
0
Fork 0
mirror of https://github.com/adulau/aha.git synced 2024-12-26 18:56:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

AHA with the GUI was too slow

Browse source
This commit is contained in:
Gerard Wagener 2010-10-11 18:11:11 +02:00
parent cdb9e2970b
commit d54122dd6c
2 changed files with 33 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
aha/aha.py
View file

@ -6,6 +6,7 @@ import os,sys,random,getopt,ConfigParser
from pyinotify import * from pyinotify import *
from ctypes import * from ctypes import *
from ahalib import * from ahalib import *
import sys
import sqlite3,os.path import sqlite3,os.path
database = '../gui.db' database = '../gui.db'
class KernelEvents(ProcessEvent): class KernelEvents(ProcessEvent):
@ -15,40 +16,47 @@ class KernelEvents(ProcessEvent):
self.processtrees = ProcessTrees() self.processtrees = ProcessTrees()
if os.path.exists(database): if os.path.exists(database):
self.con = sqlite3.connect(database) self.con = sqlite3.connect(database)
#Do it here to win time
self.cur = self.con.cursor()
else: else:
self.con = None
print "[ERROR] Database file not found ",database print "[ERROR] Database file not found ",database
sys.exit(1)
def askgui(self, filekey,msg): def askgui(self, filekey,msg):
if self.con == None: ret = False
return False
cur = self.con.cursor()
program = os.path.basename(msg['file'][0]) program = os.path.basename(msg['file'][0])
args = ','.join(msg['argument'][1:]) args = ','.join(msg['argument'][1:])
#Update the gui shell
outstr = program + "(" + args + ")"
print "######### User wants to execute ",outstr
cur.execute('INSERT INTO shell (cmd) VALUES (?)',[outstr])
self.con.commit()
#Lets see what the user has defined #Lets see what the user has defined
action = 0 action = 0
for row in cur.execute('SELECT action FROM perms WHERE cmd=?',[program]): for row in self.cur.execute('SELECT action FROM perms WHERE cmd=?',[program]):
action = int(row[0]) action = int(row[0])
if action == 0: if action == 0:
self.ahaa.create_message(filekey,block=0,exitcode=0, insult=0,substitue=0) #Message is allowed
print "##### Allowed action" self.ahaa.create_message(filekey,block=0,exitcode=0, insult=0,
return True substitue=0)
ret = True
if action == 1: if action == 1:
self.ahaa.create_message(filekey, block=1,exitcode=1, insult=0, substitue=0) #Message is blocked
print "##### Blocked action" self.ahaa.create_message(filekey, block=1,
return True exitcode=KERNEL_ERRORS.EACESS, insult=0,
substitue=0)
ret = True
if action == 2: if action == 2:
self.ahaa.create_message(filekey, block=0, exitcode=0, insult=2, substitue=0) #User is insulted
print "##### Insulted user" self.ahaa.create_message(filekey, block=0, exitcode=0, insult=2,
return True substitue=0)
ret = True
#Update the gui shell this takes time but the message had already
#been transmitted to the kernel
outstr = program + "(" + args + ")"
self.cur.execute('INSERT INTO shell (cmd) VALUES (?)',[outstr])
self.con.commit()
#FIXME If fallback of decision to allow it is anyhow too late
#Therefore allows the kernel by it self the execution
return ret
#Exception handling is done in decision method #Exception handling is done in decision method
#By default no decision was taken
return False
def decision(self,filekey,msg): def decision(self,filekey,msg):
try: try:
pid = int(msg['pid'][0]) pid = int(msg['pid'][0])
@ -61,28 +69,26 @@ class KernelEvents(ProcessEvent):
if type == 1: if type == 1:
# Got sys_execve # Got sys_execve
command = msg['file'][0] command = msg['file'][0]
print "Got command: ",command, "in ",filekey
#Is there a new SSH connection? #Is there a new SSH connection?
if msg['file'][0] == '/usr/sbin/sshd': if msg['file'][0] == '/usr/sbin/sshd':
print "New user found pid=",pid,",ppid=",ppid
self.processtrees.addUser(pid) self.processtrees.addUser(pid)
self.ahaa.create_message(filekey,block=0, exitcode=0, self.ahaa.create_message(filekey,block=0, exitcode=0,
insult=0, substitue=0) insult=0, substitue=0)
#print "New user found pid=",pid,",ppid=",ppid
return return
#is this process induced by clone or sys_execve related to a user? #is this process induced by clone or sys_execve related to a user?
if self.processtrees.searchTree(pid,ppid) == False: if self.processtrees.searchTree(pid,ppid) == False:
print "Process belongs to the system, allow it"
#Note the process could also belong to a local #Note the process could also belong to a local
#connected user #connected user
self.ahaa.create_message(filekey,block=0, exitcode=0, self.ahaa.create_message(filekey,block=0, exitcode=0,
insult=0, substitue=0) insult=0, substitue=0)
#print "Process belongs to the system, allow it"
return return
else: else:
if msg.has_key('file'): if msg.has_key('file'):
r = self.askgui(filekey,msg) r = self.askgui(filekey,msg)
if r: if r:
print "#A message was sent return"
return return
except KeyError,e: except KeyError,e:

4
aha/ahalib.py
View file

@ -37,8 +37,6 @@ class AHAActions:
#Can trow IOError #Can trow IOError
def create_message(self,filename,block,exitcode,substitue,insult): def create_message(self,filename,block,exitcode,substitue,insult):
print "CREATE_MESSAGE ",filename,"block=",block, "insult=",insult,\
"substitue=",substitue
try: try:
reply = ReplyMessage(block=block,exitcode=exitcode,substitue=substitue, reply = ReplyMessage(block=block,exitcode=exitcode,substitue=substitue,
insult = insult) insult = insult)
@ -48,6 +46,8 @@ class AHAActions:
f.close() f.close()
reply="(key=%s, block=%d,exitcode=%d,substitue=%d,insult=%d)"\ reply="(key=%s, block=%d,exitcode=%d,substitue=%d,insult=%d)"\
%(filename,block,exitcode, substitue,insult) %(filename,block,exitcode, substitue,insult)
#print "CREATE_MESSAGE ",filename,"block=",block, "insult=",insult,\
#"substitue=",substitue
return reply return reply
except IOError,e: except IOError,e:
sys.stderr.write('Could not create reply file=(%s)\n'%filename) sys.stderr.write('Could not create reply file=(%s)\n'%filename)