예제 #1
0
def dumpFileInfo(logger, file_obj):
    try:
        fileno = file_obj.fileno()
    except AttributeError:
        logger.info("File object class: %s" % file_obj.__class__.__name__)
        return
    logger.info("File descriptor: %s" % fileno)
    if RUNNING_LINUX:
        logger.info("File name: %r" % readProcessLink(getpid(), 'fd/%s' % fileno))
예제 #2
0
def dumpFileInfo(logger, file_obj):
    try:
        fileno = file_obj.fileno()
    except AttributeError:
        logger.info("File object class: %s" % file_obj.__class__.__name__)
        return
    logger.info("File descriptor: %s" % fileno)
    if RUNNING_LINUX:
        logger.info("File name: %r" %
                    readProcessLink(getpid(), 'fd/%s' % fileno))
예제 #3
0
 def handle_event(self, event):
   """Handle external events like new process execution or child close"""
   if isinstance(event, NewProcessEvent):
     # Under Linux the new process phase first fork a new process with the same
     # command line of the starting process then changes its command line
     # Therefore here I skip the NewProcessEvent event and after I add a new
     # process during the ProcessExecution event
     status = None
   elif isinstance(event, ProcessExecution):
     status = _('Process execution')
   elif isinstance(event, ProcessExit):
     status = _('Process exit')
   elif isinstance(event, ProcessSignal):
     status = _('Process signal: %s') % event
   elif isinstance(event, ChildError):
     status = None
     print event
   else:
     status = _('Event: %s') % event
   
   if status:
     pid = event.process.pid
     if RUNNING_LINUX and isinstance(event, ProcessExecution):
       self.event_callback(pid, _('Command line'),
         ' '.join(readProcessCmdline(event.process.pid)))
       self.event_callback(pid, _('Current working directory'),
         readProcessLink(event.process.pid, 'cwd'))
       # If the process has a parent PID include it in the details
       if event.process.parent:
         self.event_callback(pid, _('Parent PID'), str(event.process.parent.pid))
       # Add process details
       details = self._get_process_status_details(event.process.pid)
       if details.has_key(UID):
         self.event_callback(pid, _('User ID'), details[UID].pw_uid)
         self.event_callback(pid, _('User name'), details[UID].pw_name)
         self.event_callback(pid, _('User real name'), details[UID].pw_gecos)
       if details.has_key(EUID):
         self.event_callback(pid, _('Effective user ID'), details[EUID].pw_uid)
         self.event_callback(pid, _('Effective user name'), details[EUID].pw_name)
         self.event_callback(pid, _('Effective user real name'), details[EUID].pw_gecos)
       if details.has_key(GID):
         self.event_callback(pid, _('Group ID'), details[GID].gr_gid)
         self.event_callback(pid, _('Group name'), details[GID].gr_name)
       if details.has_key(EGID):
         self.event_callback(pid, _('Effective group ID'), details[EGID].gr_gid)
         self.event_callback(pid, _('Effective group name'), details[EGID].gr_name)
       self.event_callback(pid, information=_('Status'), value=status)
예제 #4
0
def dumpFileInfo(logger, file_obj):
    try:
        fileno = file_obj.fileno()
    except AttributeError:
        logger.info("File object class: %s" % file_obj.__class__.__name__)
        return
    if RUNNING_LINUX:
        filename = readProcessLink(getpid(), 'fd/%s' % fileno)
        logger.info("File name: %r" % filename)
    logger.info("File descriptor: %s" % fileno)

    stat = fstat(fileno)
    logger.info("File user/group: %s/%s" % (stat.st_uid, stat.st_gid))
    logger.info("File size: %s bytes" % stat.st_size)
    logger.info("File mode: %04o" % stat.st_mode)
    mtime = datetime.fromtimestamp(stat.st_mtime)
    logger.info("File modification: %s" % mtime)
예제 #5
0
def dumpProcessInfo(log, pid, max_length=None):
    """
    Dump all information about a process:
     - log: callback to write display one line
     - pid: process identifier
     - max_length (default: None): maximum number of environment variables
    """
    if not RUNNING_LINUX:
        log("Process ID: %s" % pid)
        return
    try:
        stat = readProcessStat(pid)
    except ProcError:
        # Permission denied
        stat = None
    text = "Process ID: %s" % pid
    if stat:
        text += " (parent: %s)" % stat.ppid
    log(text)
    if stat:
        state = stat.state
        try:
            state = "%s (%s)" % (state, stat.STATE_NAMES[state])
        except KeyError:
            pass
        log("Process state: %s" % state)
    try:
        log("Process command line: %r" % readProcessProcList(pid, 'cmdline'))
    except ProcError:
        # Permission denied
        pass
    try:
        env = readProcessProcList(pid, 'environ')
        if max_length:
            # Truncate environment if it's too long
            length = 0
            removed = 0
            index = 0
            while index < len(env):
                var = env[index]
                if max_length < length + len(var):
                    del env[index]
                    removed += 1
                else:
                    length += len(var)
                    index += 1
            env = ', '.join("%s=%r" % tuple(item.split("=", 1))
                            for item in env)
            if removed:
                env += ', ... (skip %s vars)' % removed
        log("Process environment: %s" % env)
    except ProcError:
        # Permission denied
        pass
    try:
        log("Process working directory: %s" % readProcessLink(pid, 'cwd'))
    except ProcError:
        # Permission denied
        pass

    try:
        user = None
        group = None
        status_file = openProc("%s/status" % pid)
        for line in status_file:
            if line.startswith("Uid:"):
                user = [int(id) for id in line[5:].split("\t")]
            if line.startswith("Gid:"):
                group = [int(id) for id in line[5:].split("\t")]
        status_file.close()
        if user:
            text = "User identifier: %s" % user[0]
            if user[0] != user[1]:
                text += " (effective: %s)" % user[1]
            log(text)
        if group:
            text = "Group identifier: %s" % group[0]
            if group[0] != group[1]:
                text += " (effective: %s)" % group[1]
            log(text)
    except ProcError:
        # Permission denied
        pass
예제 #6
0
def dumpProcessInfo(log, pid, max_length=None):
    if not RUNNING_LINUX:
        log("Process ID: %s" % pid)
        return
    try:
        stat = readProcessStat(pid)
    except ProcError:
        # Permission denied
        stat = None
    text = "Process ID: %s" % pid
    if stat:
        text += " (parent: %s)" % stat.ppid
    log(text)
    if stat:
        state = stat.state
        try:
            state = "%s (%s)" % (state, stat.STATE_NAMES[state])
        except KeyError:
            pass
        log("Process state: %s" % state)
    try:
        log("Process command line: %r" % readProcessProcList(pid, 'cmdline'))
    except ProcError:
        # Permission denied
        pass
    try:
        env = readProcessProcList(pid, 'environ')
        if max_length:
            # Truncate environment if it's too long
            length = 0
            removed = 0
            index = 0
            while index < len(env):
                var = env[index]
                if max_length < length+len(var):
                    del env[index]
                    removed += 1
                else:
                    length += len(var)
                    index += 1
            env = ', '.join( "%s=%r" % tuple(item.split("=", 1)) for item in env )
            if removed:
                env += ', ... (skip %s vars)' % removed
        log("Process environment: %s" % env)
    except ProcError:
        # Permission denied
        pass
    try:
        log("Process working directory: %s" % readProcessLink(pid, 'cwd'))
    except ProcError:
        # Permission denied
        pass

    try:
        user = None
        group = None
        for line in iterProc("%s/status" % pid):
            if line.startswith("Uid:"):
                user = [ int(id) for id in line[5:].split("\t") ]
            if line.startswith("Gid:"):
                group = [ int(id) for id in line[5:].split("\t") ]
        if user:
            text = "User identifier: %s" % user[0]
            if user[0] != user[1]:
                text += " (effective: %s)" % user[1]
            log(text)
        if group:
            text = "Group identifier: %s" % group[0]
            if group[0] != group[1]:
                text += " (effective: %s)" % group[1]
            log(text)
    except ProcError:
        # Permission denied
        pass