Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

network.detectors
Class NewRootProcessEventDetector

java.lang.Object
  |
  +--network.detectors.EventDetector
        |
        +--network.detectors.NewRootProcessEventDetector
All Implemented Interfaces:
java.lang.Runnable, java.io.Serializable
public class NewRootProcessEventDetector
extends EventDetector
implements java.io.Serializable

Checks for processes running as 'root' If found, new event will be generated, and the event handler will take appropriate action, eg: launching further agents to monitor critical resources.

See Also:
Serialized Form

Field Summary
private  java.lang.String[] defaultLocalTriggeringEvents
           
private  java.util.Vector rootProcesses
           
 
Fields inherited from class network.detectors.EventDetector
agentURN, attempts, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, printRunningThreadsFlag, remoteTriggeringEvents, reportTable
 
Constructor Summary
NewRootProcessEventDetector(ConfigObject configObj)
           
 
Method Summary
 java.util.Vector generateEvent(network.events.Event triggeringEvent)
          Checks to see if the given event is one of the default triggering events of this detector, then calls processNewRootProcessEvent with the event.
 java.lang.String getGeneratingEventClassName()
          Returns the event that this detector creates
 java.util.Vector processNewRootProcessEvent(network.events.NewProcessEvent event)
          Determines if a new process is being run by root.
 
Methods inherited from class network.detectors.EventDetector
getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, modifyDetector, populatePatterns, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

rootProcesses

private java.util.Vector rootProcesses

defaultLocalTriggeringEvents

private java.lang.String[] defaultLocalTriggeringEvents
Constructor Detail

NewRootProcessEventDetector

public NewRootProcessEventDetector(ConfigObject configObj)
Method Detail

getGeneratingEventClassName

public java.lang.String getGeneratingEventClassName()
Returns the event that this detector creates

Specified by:
getGeneratingEventClassName in class EventDetector
Returns:
A String containing the name of the event that this detector creates

processNewRootProcessEvent

public java.util.Vector processNewRootProcessEvent(network.events.NewProcessEvent event)
Determines if a new process is being run by root. Checks to see if the UID or GID of the new process is equal to 0

Parameters:
event - The event to check
Returns:
A Vector of events. If the new process is being run by root, the vector will have one element of type NewRootProcessEvent. If not, an empty vector is returned

generateEvent

public java.util.Vector generateEvent(network.events.Event triggeringEvent)
Checks to see if the given event is one of the default triggering events of this detector, then calls processNewRootProcessEvent with the event.

Specified by:
generateEvent in class EventDetector
Parameters:
triggeringEvent - The event that triggers this detector
Returns:
If triggering event is not an instance of the defaultTrggeringEvent, returns null. Otherwise returns the value of processNewRootProcessEvent
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD