class ProcessMonitorThread(threading.Thread):
def __init__(self, process_id):
self.process_id = process_id
self.debugger = None
super(ProcessMonitorThread, self).__init__(name='ProcessMonitor')
def run(self):
logging.info('Monitoring process ID: %s' % self.process_id)
self.debugger = SyscallTracer(
options=optparse.Values({
'fork': False,
'enter': False,
'show_ip': False,
'trace_exec': True,
'no_stdout': False,
'pid': self.process_id,
'show_pid': True,
}),
program=None,
ignore_syscall_callback=self.ignore_syscall_callback,
syscall_callback=self.syscall_callback,
event_callback=self.event_callback,
quit_callback=self.quit_callback)
self.debugger.main()
def syscall_callback(self, syscall):
queue_syscall(syscall)
def ignore_syscall_callback(self, *args):
# TODO: Smarter decision here, we only want some of the syscalls
# sent to the queue/anomaly detection engine
return False
def event_callback(self, *args):
pass
def quit_callback(self):
try:
PROCESS_MONITORS.remove(self)
except ValueError:
pass
else:
logging.info('Finished monitoring process ID: %s' %
self.process_id)
class ProcessMonitorThread(threading.Thread):
def __init__(self, process_id):
self.process_id = process_id
self.debugger = None
super(ProcessMonitorThread, self).__init__(name='ProcessMonitor')
def run(self):
logging.info('Monitoring process ID: %s' % self.process_id)
self.debugger = SyscallTracer(options=optparse.Values({
'fork': False,
'enter': False,
'show_ip': False,
'trace_exec': True,
'no_stdout': False,
'pid': self.process_id,
'show_pid': True,
}),
program=None,
ignore_syscall_callback=self.ignore_syscall_callback,
syscall_callback=self.syscall_callback,
event_callback=self.event_callback,
quit_callback=self.quit_callback)
self.debugger.main()
def syscall_callback(self, syscall):
queue_syscall(syscall)
def ignore_syscall_callback(self, *args):
# TODO: Smarter decision here, we only want some of the syscalls
# sent to the queue/anomaly detection engine
return False
def event_callback(self, *args):
pass
def quit_callback(self):
try:
PROCESS_MONITORS.remove(self)
except ValueError:
pass
else:
logging.info('Finished monitoring process ID: %s' % self.process_id)
def run(self):
logging.info('Monitoring process ID: %s' % self.process_id)
self.debugger = SyscallTracer(
options=optparse.Values({
'fork': False,
'enter': False,
'show_ip': False,
'trace_exec': True,
'no_stdout': False,
'pid': self.process_id,
'show_pid': True,
}),
program=None,
ignore_syscall_callback=self.ignore_syscall_callback,
syscall_callback=self.syscall_callback,
event_callback=self.event_callback,
quit_callback=self.quit_callback)
self.debugger.main()
def run(self):
logging.info('Monitoring process ID: %s' % self.process_id)
self.debugger = SyscallTracer(options=optparse.Values({
'fork': False,
'enter': False,
'show_ip': False,
'trace_exec': True,
'no_stdout': False,
'pid': self.process_id,
'show_pid': True,
}),
program=None,
ignore_syscall_callback=self.ignore_syscall_callback,
syscall_callback=self.syscall_callback,
event_callback=self.event_callback,
quit_callback=self.quit_callback)
self.debugger.main()
