network.detectors
Class IllegitimateRootPresenceEventDetector

java.lang.Object
  network.detectors.EventDetector
      network.detectors.IllegitimateRootPresenceEventDetector

All Implemented Interfaces:

java.lang.Runnable, java.io.Serializable

public class IllegitimateRootPresenceEventDetector

extends EventDetector

implements java.io.Serializable

The IllegitimateRootPresenceEvent Detector is notified of NewRootProcessEvents, and then checks to see if the root user appears in the output of the 'who -q' command. If the root user does appear, we consider that to be an IllegitimateRootPresenceEvent.

See Also:

Serialized Form

Field Summary

Fields inherited from class network.detectors.EventDetector

agentURN, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, remoteTriggeringEvents, reportTable

Constructor Summary

IllegitimateRootPresenceEventDetector(ConfigObject configObj)
The default constructor.

Method Summary

java.util.Vector	executeSystemCommand(java.lang.String command) Executes the specified command in a new process.
java.util.Vector	generateEvent(Event triggeringEvent) If the triggeringEvent matches the default triggering event (NewRootProcessEvent), we check and see if the output from the 'who -q' command contains a root entry.
java.lang.String	getGeneratingEventClassName() Returns the event classname that this detector may generate.
boolean	parseCommandResults(java.util.Vector results) This function checks the output from the 'who -q' command and returns true if root is one of the users; otherwise, false.
java.util.Vector	processIllegitimateRootPresenceEvent(NewRootProcessEvent event) This contains the logic for generateEvent.

Methods inherited from class network.detectors.EventDetector

getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, modifyDetector, populatePatterns, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

IllegitimateRootPresenceEventDetector

public IllegitimateRootPresenceEventDetector(ConfigObject configObj)

The default constructor. Sets up the default triggering events.

Method Detail

getGeneratingEventClassName

public java.lang.String getGeneratingEventClassName()

Returns the event classname that this detector may generate.

Specified by:

getGeneratingEventClassName in class EventDetector

Returns:

the fully-qualified classname of the event that this detector may generate.

processIllegitimateRootPresenceEvent

public java.util.Vector processIllegitimateRootPresenceEvent(NewRootProcessEvent event)

This contains the logic for generateEvent.

Parameters:

event - the event that triggered this detector.

Returns:

a vector of IllegitimateRootPresenceEvents.

executeSystemCommand

public java.util.Vector executeSystemCommand(java.lang.String command)

Executes the specified command in a new process.

Parameters:

command - command to be run

Returns:

a vector containing the lines of the resulting output.

parseCommandResults

public boolean parseCommandResults(java.util.Vector results)

This function checks the output from the 'who -q' command and returns true if root is one of the users; otherwise, false.

Parameters:

results - output lines from a command.

Returns:

a boolean specifying if root was one of the users on the system.

generateEvent

public java.util.Vector generateEvent(Event triggeringEvent)

If the triggeringEvent matches the default triggering event (NewRootProcessEvent), we check and see if the output from the 'who -q' command contains a root entry. If it does, we generate the IllegitimateRootPresenceEvent.

Specified by:

generateEvent in class EventDetector

Parameters:

triggeringEvent - the event that triggered this detector.

Returns:

the vector of generated events.