network.detectors
Class InvalidUserAlarmEventDetector

java.lang.Object
  network.detectors.EventDetector
      network.detectors.InvalidUserAlarmEventDetector

All Implemented Interfaces:

java.lang.Runnable, java.io.Serializable

public class InvalidUserAlarmEventDetector

extends EventDetector

implements java.io.Serializable

This detector analyzes ConnectEvents to see if their initiating user's username is on the validUsers list. If it is not, an InvalidUserAlarmEvent is generated. An example validUsers file is:

root user1 user2 userX

See Also:

Serialized Form

Field Summary

Fields inherited from class network.detectors.EventDetector

agentURN, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, remoteTriggeringEvents, reportTable

Constructor Summary

InvalidUserAlarmEventDetector(ConfigObject configObj)
The default constructor.

InvalidUserAlarmEventDetector(java.lang.String validUsersFile, ConfigObject configObj)
This constructor takes as argument a validUsers file (normally, $NETMON/network/config/validUsers.

Method Summary

java.util.Vector	generateEvent(Event triggeredEvent) This method is triggered by a ConnectEvent.
java.lang.String	getGeneratingEventClassName() Returns the fully-qualified classname of the event that this detector may generate.
static java.lang.String[]	getParamList() Returns array of strings containing all the parameters that can be used as input to modify this detector.
void	modifyDetector(java.lang.Object object) Allows modification of the detector policy.
static void	parseValidUsersFile(java.lang.String validUsersFile, java.util.Vector validUsersList) Parses a validUsers file, and stores the individual lines in a vector that the user supplies.
static java.lang.Object[]	translateParameters(java.lang.String[] inputarray) This function takes an array of strings from GUI which contains input and converts them to array of objects and returns.

Methods inherited from class network.detectors.EventDetector

getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, modifyDetector, populatePatterns, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

InvalidUserAlarmEventDetector

public InvalidUserAlarmEventDetector(ConfigObject configObj)

The default constructor. Uses the default policy file from network.AdminClient.

See Also:

network.AdminClient.

InvalidUserAlarmEventDetector

public InvalidUserAlarmEventDetector(java.lang.String validUsersFile,
                                     ConfigObject configObj)

This constructor takes as argument a validUsers file (normally, $NETMON/network/config/validUsers. An example is shown above.

Parameters:

validUsersFile - path to a validUsers file

Method Detail

getGeneratingEventClassName

public java.lang.String getGeneratingEventClassName()

Returns the fully-qualified classname of the event that this detector may generate.

Specified by:

getGeneratingEventClassName in class EventDetector

Returns:

the fully-qualified classname of the event that this detector may generate.

generateEvent

public java.util.Vector generateEvent(Event triggeredEvent)

This method is triggered by a ConnectEvent. It checks to see if the iniatiating user (the username of whomever initiated the ConnectEvent) is not on the validUser list, and if it is not on the list, we generate an InvalidUserAlarmEvent.

Specified by:

generateEvent in class EventDetector

Parameters:

triggeredEvent - the event that triggered the detector.

Returns:

a vector of InvalidUserAlarmEvents.

getParamList

public static java.lang.String[] getParamList()

Returns array of strings containing all the parameters that can be used as input to modify this detector. Each entry in the array corresponds to one parameter with structure " : ".

Returns:

parameterList, an array of Strings indicating parameters and their types

translateParameters

public static java.lang.Object[] translateParameters(java.lang.String[] inputarray)
                                              throws java.lang.Exception

This function takes an array of strings from GUI which contains input and converts them to array of objects and returns.

Parameters:

inputarray - an array of strings that contains user inputs.

Returns:

objArray an array of objects converted from the array of strings got from user.

Throws:

java.lang.Exception

modifyDetector

public void modifyDetector(java.lang.Object object)

Allows modification of the detector policy. The Object passed must be a Pattern Object, which contains a action and a vector of items on which the action will operate. If the action is 1, the elements in the vector will be added to the validUsers policy. If the action is 2, the elements in the vector will be deleted from the validUsers policy. If the action is 3, all the usernames in the validUsers policy will be deleted. If the action is 4, the elements in the vector will replace the rules in the validUsers policy.

Parameters:

object - a network.PatternObject containing data and action.

Returns:

See Also:

network.PatternObject

parseValidUsersFile

public static void parseValidUsersFile(java.lang.String validUsersFile,
                                       java.util.Vector validUsersList)

Parses a validUsers file, and stores the individual lines in a vector that the user supplies.

Parameters:

validUsersFile - path to validUsers file.

validUsersList - a vector to be filled with usernames from the file.

Returns: