network.detectors
Class SUDOEventDetector

java.lang.Object
  |
  +--network.detectors.EventDetector
        |
        +--network.detectors.SyslogEventDetector
              |
              +--network.detectors.SUDOEventDetector

All Implemented Interfaces:

java.lang.Runnable, java.io.Serializable

public class SUDOEventDetector

extends SyslogEventDetector

implements java.io.Serializable

Detects the execution of sudo - a program that allows a user to run a program as another user. Matches lines from the syslog containing messages about the execution of sudo.

See Also:

Serialized Form

Field Summary

private java.lang.String[]

defaultLocalTriggeringEvents

Fields inherited from class network.detectors.SyslogEventDetector

compiler, currentYear, dis, eventInfoTable, eventName, file, LIMIT, logFilename, matcher, monthLookup, newLen, paramInstr, paramProcInstr, pattern, prevLen, ptr, run_mode, toolsCreated

Fields inherited from class network.detectors.EventDetector

agentURN, attempts, cred, dbModule, eventIDGenerator, eventTable, host, localTriggeringEvents, printRunningThreadsFlag, remoteTriggeringEvents, reportTable

Constructor Summary

SUDOEventDetector(ConfigObject configObj)
Instantiates the detector with the default triggering events.

SUDOEventDetector(java.util.Vector localtriggeringEventClassNames, java.util.Vector remotetriggeringEventClassNames, ConfigObject configObj)
Instantiates the detector with the given triggering events

Method Summary

java.util.Vector	generateEvent(network.events.Event triggeredEvent) Detects if a syslog event contains information regarding the execution of sudo.
java.lang.String	getGeneratingEventClassName() Returns the name of the event that this detector triggers

Methods inherited from class network.detectors.SyslogEventDetector

match, modifyDetector, parsePatternFile, populatePatterns, setLastReadTime

Methods inherited from class network.detectors.EventDetector

getAlarmLevel, getAlertLevel, getLocalTriggeringEventClassNames, getRemoteTriggeringEventClassNames, getSynchronizer, InitializeFields, printRunningThreads, run, setAgentURN, setAlarmLevel, setAlertLevel, setDB, setEventIDGenerator, setEventTable, setLocalTriggeringEvents, setRemoteTriggeringEvents, setReportTable, stopDetector, switchOffPrintRunningThreads

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

defaultLocalTriggeringEvents

private java.lang.String[] defaultLocalTriggeringEvents

Constructor Detail

SUDOEventDetector

public SUDOEventDetector(ConfigObject configObj)
                  throws java.lang.Exception

Instantiates the detector with the default triggering events.

SUDOEventDetector

public SUDOEventDetector(java.util.Vector localtriggeringEventClassNames,
                         java.util.Vector remotetriggeringEventClassNames,
                         ConfigObject configObj)
                  throws java.lang.Exception

Instantiates the detector with the given triggering events

Method Detail

getGeneratingEventClassName

public java.lang.String getGeneratingEventClassName()

Returns the name of the event that this detector triggers

Overrides:

getGeneratingEventClassName in class SyslogEventDetector

Returns:

A string containing the name of the event that this detector triggers

generateEvent

public java.util.Vector generateEvent(network.events.Event triggeredEvent)

Detects if a syslog event contains information regarding the execution of sudo. Uses regular expressions to match lines regarding sudo.

Overrides:

generateEvent in class SyslogEventDetector

Parameters:

triggeredEvent -

Returns:

A vector containing events. Each entry corresponds to a detected execution of sudo