Monitor department - TomLatin/Defense_Lab_Cyber_Ex1_MonitorServices GitHub Wiki

In this class for the X time set by the user, the program samples every X time all the services running on the computer, and shows whether a change is observed from the previous sample. That is, is there a service that is no longer running, or is there a new service running in the system. Any change that has taken place should alert the user to the interface.

In this mode we write to 2 different log files: serviceList - For this file we will print the samples of the services that are currently running (each time the last sample). Each time this file will be filled in each of our samples, and will keep all the samples we made during monitor mode by date and time. Status_Log.txt - This log file is for tracking purposes. We will print to the file any change that has been shown to us in the monitor mode. For example, a new service created, a service that has stopped working, etc. In other words: everything printed to the user interface in the terminal in monitor mode will be printed to this log. Note that since the system was designed to be a cross platform in this class there are functions that are adapted to the Windows platform and functions that are adapted to the Linux platform.

The class contains the following functions:

monitor: Is a shell function whose function is to check on which platform our customer is working and send the parameters to the appropriate function according to the platform. There are 2 functions to which the data can be sent:

  1. monitorWin
  2. monitorLinux If the system detects another platform, the customer is notified that the system only supports Windows and Linux platforms.

Functions that support Windows platforms:

monitorWin:

The function receives the data from the monitor function and performs one sampling of the services then pauses for the number of seconds the customer has set and then samples the services on the computer again. All samples are recorded in a serviceList file. After the two samples the system compares the 2 samples and if there were changes it prints the changes on the screen and records them in the statusLog file.

  • input:
  1. Seconds between samples
  2. The serviceList file name
  3. The status name of the statusLog file
  • Output: None

sampleToServiceListWin: Auxiliary function to the monitorWin function, whose function is to write to the serviceList file and return a dictionary containing the current sample so that we can more easily compare the samples.

  • Input: Open file name
  • Output: Dictionary

sampleToSLogFileWin: An auxiliary function to the monitorWin function, whose function is to record to the statusLog file all the changes that were and also prints them to the screen.

  • Input: statusLog file name
  • Output: None

Functions that support Linux platforms:

monitorLinux: Receives the data from the monitor function and performs one sampling of the services then pauses for the number of seconds the customer has set and then samples the services on the computer again. All samples are recorded in a serviceList file. After the two samples the system compares the 2 samples and if there were changes it prints the changes on the screen and records them in the statusLog file.

  • input:
  1. Seconds between samples
  2. The serviceList file name
  3. The status name of the statusLog file
  • Output: None

sampleToServiceListLinux: An auxiliary function to the monitorLinux function, whose function is to write to the serviceList file and return a dictionary that contains the current sample so that it will be easier for us to compare the samples.

  • Input: Open file name
  • Output: Dictionary

sampleToSLogFileLinux: An auxiliary function to the monitorLinux function, whose function is to record to the statusLog file all the changes that were and also prints them to the screen.

  • Input: statusLog file name
  • Output: None