adulau/aha
1
0
Fork 0
mirror of https://github.com/adulau/aha.git synced 2024-12-27 11:16:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Try 2: If booted works, but does not boot

Browse source
This commit is contained in:
Gerard Wagener 2010-01-15 11:13:19 +01:00
parent 3fd629f6f3
commit f3d7347537
2 changed files with 26 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
aha/aha.py
View file

@ -14,11 +14,14 @@ class KernelEvents(ProcessEvent):
self.processtrees = ProcessTrees() self.processtrees = ProcessTrees()
def decision(self,filekey,msg): def decision(self,filekey,msg):
print msg print filekey
try: try:
command = msg['file'][0]
pid = int(msg['pid'][0]) pid = int(msg['pid'][0])
ppid = int(msg['ppid'][0]) ppid = int(msg['ppid'][0])
type = int(msg['type'][0])
if type == 1:
# Got sys_execve
command = msg['file'][0]
print "Got command: ",command print "Got command: ",command
#Is there a new SSH connection? #Is there a new SSH connection?
if msg['file'][0] == '/usr/sbin/sshd': if msg['file'][0] == '/usr/sbin/sshd':
@ -27,7 +30,7 @@ class KernelEvents(ProcessEvent):
self.ahaa.create_message(filekey,block=0, exitcode=0, self.ahaa.create_message(filekey,block=0, exitcode=0,
insult=0, substitue=0) insult=0, substitue=0)
return return
else:
#is this process related to a user? #is this process related to a user?
if self.processtrees.searchTree(pid,ppid) == False: if self.processtrees.searchTree(pid,ppid) == False:
print "Process belongs to the system, allow it" print "Process belongs to the system, allow it"
@ -35,18 +38,9 @@ class KernelEvents(ProcessEvent):
#connected user #connected user
self.ahaa.create_message(filekey,block=0, exitcode=0, self.ahaa.create_message(filekey,block=0, exitcode=0,
insult=0, substitue=0) insult=0, substitue=0)
return
if msg['file'][0] == '/usr/bin/bvi':
self.ahaa.create_message(filekey, block=1,
exitcode=KERNEL_ERRORS.ENOMEM,
insult = 0, substitue=0)
return
if msg['file'][0] == '/usr/bin/vi':
# The index 0 is reserved
idx = random.randint(1,insultmaxidx)
self.ahaa.create_message(filekey, block=0, exitcode=0,
insult=idx, substitue=0)
return
except KeyError,e: except KeyError,e:
print "EXCEPTION: KeyError" print "EXCEPTION: KeyError"
except IndexError,w: except IndexError,w:

9
aha/ahalib.py
View file

@ -107,15 +107,16 @@ class ProcessTrees:
#Always add it pid and ppid the list #Always add it pid and ppid the list
self.processList[pid] = ppid self.processList[pid] = ppid
if self.userList.has_key(ppid): if self.userList.has_key(ppid):
print "DEBUG: Found user" print "DEBUG: user related command"
self.foundUser = 1 self.foundUser = 1
return return
print "DEBUG: Searching ppid ",ppid, "in ",self.processList #print "DEBUG: Searching ppid ",ppid, "in ",self.processList
if self.processList.has_key(ppid): if self.processList.has_key(ppid):
print "DEBUG: found parent of ",pid, "which is ",ppid #print "DEBUG: found parent of ",pid, "which is ",ppid
self.searchTree(ppid,self.processList[ppid]) self.searchTree(ppid,self.processList[ppid])
else: else:
print "DEBUG: Cannot find parent of ",ppid #print "DEBUG: Cannot find parent of ",ppid
pass
def searchTree(self,pid,ppid): def searchTree(self,pid,ppid):
self.foundUser = 0 self.foundUser = 0