Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

network.detectors
Class IllegitimateRootPresenceEventDetector

java.lang.Object
  |
  +--network.detectors.EventDetector
        |
        +--network.detectors.IllegitimateRootPresenceEventDetector
All Implemented Interfaces:
java.lang.Runnable, java.io.Serializable
public class IllegitimateRootPresenceEventDetector
extends EventDetector
implements java.io.Serializable

The IllegitimateRootPresenceEvent Detector is notified of NewRootProcessEvents, and then checks to see if the root user appears in the output of the 'who -q' command. If the root user does appear, we consider that to be an IllegitimateRootPresenceEvent.

See Also:
Serialized Form

Field Summary
private  java.lang.String[] defaultLocalTriggeringEvents
           
 
Fields inherited from class network.detectors.EventDetector
agentURN, attempts, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, printRunningThreadsFlag, remoteTriggeringEvents, reportTable
 
Constructor Summary
IllegitimateRootPresenceEventDetector(ConfigObject configObj)
          The default constructor.
 
Method Summary
 java.util.Vector executeSystemCommand(java.lang.String command)
          Executes the specified command in a new process.
 java.util.Vector generateEvent(network.events.Event triggeringEvent)
          If the triggeringEvent matches the default triggering event (NewRootProcessEvent), we check and see if the output from the 'who -q' command contains a root entry.
 java.lang.String getGeneratingEventClassName()
          Returns the event classname that this detector may generate.
 boolean parseCommandResults(java.util.Vector results)
          This function checks the output from the 'who -q' command and returns true if root is one of the users; otherwise, false.
 java.util.Vector processIllegitimateRootPresenceEvent(network.events.NewRootProcessEvent event)
          This contains the logic for generateEvent.
 
Methods inherited from class network.detectors.EventDetector
getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, modifyDetector, populatePatterns, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

defaultLocalTriggeringEvents

private java.lang.String[] defaultLocalTriggeringEvents
Constructor Detail

IllegitimateRootPresenceEventDetector

public IllegitimateRootPresenceEventDetector(ConfigObject configObj)
The default constructor. Sets up the default triggering events.

Method Detail

getGeneratingEventClassName

public java.lang.String getGeneratingEventClassName()
Returns the event classname that this detector may generate.

Specified by:
getGeneratingEventClassName in class EventDetector
Returns:
the fully-qualified classname of the event that this detector may generate.

processIllegitimateRootPresenceEvent

public java.util.Vector processIllegitimateRootPresenceEvent(network.events.NewRootProcessEvent event)
This contains the logic for generateEvent.

Parameters:
event - the event that triggered this detector.
Returns:
a vector of IllegitimateRootPresenceEvents.

executeSystemCommand

public java.util.Vector executeSystemCommand(java.lang.String command)
Executes the specified command in a new process.

Parameters:
command - command to be run
Returns:
a vector containing the lines of the resulting output.

parseCommandResults

public boolean parseCommandResults(java.util.Vector results)
This function checks the output from the 'who -q' command and returns true if root is one of the users; otherwise, false.

Parameters:
results - output lines from a command.
Returns:
a boolean specifying if root was one of the users on the system.

generateEvent

public java.util.Vector generateEvent(network.events.Event triggeringEvent)
If the triggeringEvent matches the default triggering event (NewRootProcessEvent), we check and see if the output from the 'who -q' command contains a root entry. If it does, we generate the IllegitimateRootPresenceEvent.

Specified by:
generateEvent in class EventDetector
Parameters:
triggeringEvent - the event that triggered this detector.
Returns:
the vector of generated events.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD