network.detectors
Class RootPresenceEventDetector

java.lang.Object
  network.detectors.EventDetector
      network.detectors.RootPresenceEventDetector

All Implemented Interfaces:

java.lang.Runnable, java.io.Serializable

public class RootPresenceEventDetector

extends EventDetector

implements java.io.Serializable

Check for RootPresence, through either legitimate logins (xdm, or SU), or through new processes being started as root. Once found, new event will be generated, and the event handler will take appropriate action, eg: launching further agents to monitor critical resources.

See Also:

Serialized Form

Field Summary

Fields inherited from class network.detectors.EventDetector

agentURN, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, remoteTriggeringEvents, reportTable

Constructor Summary

RootPresenceEventDetector(ConfigObject configObj)
Instantiates the detector with the default triggering events

Method Summary

java.util.Vector	generateEvent(Event triggeringEvent) Determines if the triggering event is an XDMEvent, SUEvent, or ProcessMonitorEvent and calls the correct processing method.
java.lang.String	getGeneratingEventClassName() Returns the name of the event that this detector generates
java.util.Vector	processProcessMonitoringEvent(ProcessMonitoringEvent event)
java.util.Vector	processSUEvent(SUEvent event) Generates an event if the su is trying to switch to root and if the su command succeeded
java.util.Vector	processXDMEvent(XDMEvent event) Determines if the username logging into xdm is root and if the event is an xdmOn event
java.util.Vector	testProcessMonitoringEvent(ProcessMonitoringEvent event) Determines if a new process has been created by the root user

Methods inherited from class network.detectors.EventDetector

getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, modifyDetector, populatePatterns, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RootPresenceEventDetector

public RootPresenceEventDetector(ConfigObject configObj)

Instantiates the detector with the default triggering events

Method Detail

getGeneratingEventClassName

public java.lang.String getGeneratingEventClassName()

Returns the name of the event that this detector generates

Specified by:

getGeneratingEventClassName in class EventDetector

Returns:

A String containing the name of the event that this detector triggers

processXDMEvent

public java.util.Vector processXDMEvent(XDMEvent event)

Determines if the username logging into xdm is root and if the event is an xdmOn event

Parameters:

event - The XDMEvent to analyze

Returns:

A vector of events. Will contain one RootPresenceEvent if root is logging on, empty otherwise

testProcessMonitoringEvent

public java.util.Vector testProcessMonitoringEvent(ProcessMonitoringEvent event)

Determines if a new process has been created by the root user

Parameters:

event - The event to analyze

Returns:

A vector of events. Each entry corresponds to a process owned by root.

processProcessMonitoringEvent

public java.util.Vector processProcessMonitoringEvent(ProcessMonitoringEvent event)

Parameters:

event -

Returns:

processSUEvent

public java.util.Vector processSUEvent(SUEvent event)

Generates an event if the su is trying to switch to root and if the su command succeeded

Parameters:

event - The SUEvent to analyze.

Returns:

A vector of events. Will contain one RootPresenceEvent if the su succeeded, empty otherwise

generateEvent

public java.util.Vector generateEvent(Event triggeringEvent)

Determines if the triggering event is an XDMEvent, SUEvent, or ProcessMonitorEvent and calls the correct processing method.

Specified by:

generateEvent in class EventDetector

Parameters:

triggeringEvent - The event triggering this detector

Returns:

A vector of events. Each element corresponds to a detected root presence