def set_fields_from_text(self, body_text): self.fields_ord = [] self.fields = {} for match in AuditRecord.key_value_pair_re.finditer(body_text): key = match.group(1) value = match.group(2) value = value.strip('"') try: if key == "arch": i = audit.audit_elf_to_machine(int(value, 16)) value = audit.audit_machine_to_name(i) if key == "path": value = '"%s"' % self.translate_path(value) if key == "exit": try: value = errno.errorcode[abs(int(value))] except: pass if key == "syscall": syscall_name = audit.audit_syscall_to_name(int(value), audit.audit_detect_machine()) if syscall_name: value = syscall_name except ValueError: pass self.fields[key] = value self.fields_ord.append(key)
def set_fields_from_text(self, body_text): self.fields_ord = [] self.fields = {} for match in AuditRecord.key_value_pair_re.finditer(body_text): key = match.group(1) value = match.group(2) value = value.strip('"') try: if key == "arch": i = audit.audit_elf_to_machine(int(value, 16)) value = audit.audit_machine_to_name(i) if key == "path": value = '"%s"' % self.translate_path(value) if key == "exit": try: value = errno.errorcode[abs(int(value))] except: pass if key == "syscall": syscall_name = audit.audit_syscall_to_name( int(value), audit.audit_detect_machine()) if syscall_name: value = syscall_name except ValueError: pass self.fields[key] = value self.fields_ord.append(key)
def set_fields_from_text(self, body_text): self.fields_ord = [] self.fields = {} for match in AuditRecord.key_value_pair_re.finditer(body_text): key = match.group(1) value = match.group(2) value = value.strip('"') try: if key == "arch": i = audit.audit_elf_to_machine(int(value, 16)) value = audit.audit_machine_to_name(i) if key in ["name", "path", "comm", "cmd", "exe", "cwd"]: # audit uses " to distinguish plain text from hex in listed keys if not match.group(2).startswith('"'): value = self.translate_hex(value) if key == "exit": try: value = errno.errorcode[abs(int(value))] except: pass if key == "syscall": syscall_name = audit.audit_syscall_to_name(int(value), audit.audit_detect_machine()) if syscall_name: value = syscall_name except ValueError: pass self.fields[key] = value self.fields_ord.append(key)
def syscall_name(id): try: return audit.audit_syscall_to_name(id, machine_id) except: return str(id)
def sc_to_name(sc): return audit.audit_syscall_to_name(sc, machine)
def syscall_string(syscall, machine): '''Return a string representing syscall on machine.''' s = audit.audit_syscall_to_name(syscall, machine) if s is None: s = str(syscall) return s