Try 2: If booted works, but does not boot

This commit is contained in:
Gerard Wagener 2010-01-15 11:13:19 +01:00
parent 3fd629f6f3
commit f3d7347537
2 changed files with 26 additions and 31 deletions

View file

@ -14,39 +14,33 @@ class KernelEvents(ProcessEvent):
self.processtrees = ProcessTrees() self.processtrees = ProcessTrees()
def decision(self,filekey,msg): def decision(self,filekey,msg):
print msg print filekey
try: try:
command = msg['file'][0]
pid = int(msg['pid'][0]) pid = int(msg['pid'][0])
ppid = int(msg['ppid'][0]) ppid = int(msg['ppid'][0])
print "Got command: ",command type = int(msg['type'][0])
#Is there a new SSH connection? if type == 1:
if msg['file'][0] == '/usr/sbin/sshd': # Got sys_execve
print "New user found pid=",pid,",ppid=",ppid command = msg['file'][0]
self.processtrees.addUser(pid) print "Got command: ",command
self.ahaa.create_message(filekey,block=0, exitcode=0, #Is there a new SSH connection?
insult=0, substitue=0) if msg['file'][0] == '/usr/sbin/sshd':
print "New user found pid=",pid,",ppid=",ppid
self.processtrees.addUser(pid)
self.ahaa.create_message(filekey,block=0, exitcode=0,
insult=0, substitue=0)
return return
else:
#is this process related to a user?
if self.processtrees.searchTree(pid,ppid) == False:
print "Process belongs to the system, allow it"
#Note the process could also belong to a local
#connected user
self.ahaa.create_message(filekey,block=0, exitcode=0,
insult=0, substitue=0)
if msg['file'][0] == '/usr/bin/bvi': #is this process related to a user?
self.ahaa.create_message(filekey, block=1, if self.processtrees.searchTree(pid,ppid) == False:
exitcode=KERNEL_ERRORS.ENOMEM, print "Process belongs to the system, allow it"
insult = 0, substitue=0) #Note the process could also belong to a local
return #connected user
if msg['file'][0] == '/usr/bin/vi': self.ahaa.create_message(filekey,block=0, exitcode=0,
# The index 0 is reserved insult=0, substitue=0)
idx = random.randint(1,insultmaxidx)
self.ahaa.create_message(filekey, block=0, exitcode=0,
insult=idx, substitue=0)
return return
except KeyError,e: except KeyError,e:
print "EXCEPTION: KeyError" print "EXCEPTION: KeyError"
except IndexError,w: except IndexError,w:

View file

@ -107,15 +107,16 @@ class ProcessTrees:
#Always add it pid and ppid the list #Always add it pid and ppid the list
self.processList[pid] = ppid self.processList[pid] = ppid
if self.userList.has_key(ppid): if self.userList.has_key(ppid):
print "DEBUG: Found user" print "DEBUG: user related command"
self.foundUser = 1 self.foundUser = 1
return return
print "DEBUG: Searching ppid ",ppid, "in ",self.processList #print "DEBUG: Searching ppid ",ppid, "in ",self.processList
if self.processList.has_key(ppid): if self.processList.has_key(ppid):
print "DEBUG: found parent of ",pid, "which is ",ppid #print "DEBUG: found parent of ",pid, "which is ",ppid
self.searchTree(ppid,self.processList[ppid]) self.searchTree(ppid,self.processList[ppid])
else: else:
print "DEBUG: Cannot find parent of ",ppid #print "DEBUG: Cannot find parent of ",ppid
pass
def searchTree(self,pid,ppid): def searchTree(self,pid,ppid):
self.foundUser = 0 self.foundUser = 0