network.detectors
Class AbnormalRootLoginEventDetector

java.lang.Object
  network.detectors.EventDetector
      network.detectors.AbnormalRootLoginEventDetector

All Implemented Interfaces:

java.lang.Runnable, java.io.Serializable

public class AbnormalRootLoginEventDetector

extends EventDetector

implements java.io.Serializable

The AbnormalRootLoginEvent Detector checks to see if there is any root login from a host that is not specified in the $NETMON/config/roothosts files (list of hosts that a root login is permitted from).

See Also:

Serialized Form

Field Summary

Fields inherited from class network.detectors.EventDetector

agentURN, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, remoteTriggeringEvents, reportTable

Constructor Summary

AbnormalRootLoginEventDetector(ConfigObject configObj)
The default constructor; it obtains the default location of the roothosts file from network.AdminClient.

AbnormalRootLoginEventDetector(java.lang.String rootLoginHostsFile, ConfigObject configObj)
Creates the detector using config info from the specified file.

Method Summary

java.util.Vector	generateEvent(Event triggeredEvent) Processes the triggerring event (a LoginEvent) and determines if it should generate an AbnormalRootLoginEvent.
java.lang.String	getGeneratingEventClassName() Returns the name of the event that this detector will produce.
static void	parseRootLoginHostsFile(java.lang.String rootLoginHostsFile, java.util.Vector localHosts) Processes a roothosts file.

Methods inherited from class network.detectors.EventDetector

getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, modifyDetector, populatePatterns, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbnormalRootLoginEventDetector

public AbnormalRootLoginEventDetector(ConfigObject configObj)

The default constructor; it obtains the default location of the roothosts file from network.AdminClient.

See Also:

network.AdminClient

AbnormalRootLoginEventDetector

public AbnormalRootLoginEventDetector(java.lang.String rootLoginHostsFile,
                                      ConfigObject configObj)

Creates the detector using config info from the specified file.

Parameters:

rootLoginHostsFile - Path to config file.

Method Detail

getGeneratingEventClassName

public java.lang.String getGeneratingEventClassName()

Returns the name of the event that this detector will produce.

Specified by:

getGeneratingEventClassName in class EventDetector

Returns:

Event produced by this detector.

generateEvent

public java.util.Vector generateEvent(Event triggeredEvent)

Processes the triggerring event (a LoginEvent) and determines if it should generate an AbnormalRootLoginEvent. This method contains the detector's main logic: if a LoginEvent comes from a host that is unlisted in the config file, we generate the AbnormalRootLoginEvent.

Specified by:

generateEvent in class EventDetector

Parameters:

triggeredEvent - the event processed by this detector.

Returns:

a vector of AbnormalRootLoginEvents, possibly null.

parseRootLoginHostsFile

public static void parseRootLoginHostsFile(java.lang.String rootLoginHostsFile,
                                           java.util.Vector localHosts)

Processes a roothosts file. Each line is a hostname (name or IP address).

Parameters:

rootLoginHostsFile - location of the roothosts file.

localHosts - filled by this method with hostnames from the config file.

Returns: