1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
Initially the running mode is INTEGRITY_SCAN. Options may change the
initial mode.
If the --daemon option was not requested, stealth runs as a forgeground
process. Unless --repeat is specified there is just one integrity scan after
which Stealth::processRequests terminates
Flow control is handled through IPC signals, in combination with information
written to the pid-file.
The first line of the PID file contains the pid of the daemon process.
A second line may be written by a stealth process requesting an action of the
daemon, followed by the pid of the process issuing the request. Requests are:
suspend,
resume,
rerun - rerun the full itegrity scan
reload - after the current scan has completed (it may already have
completed) load a new policy- and possibly skip-file
and perform another integrity scan.
terminate
A request is written to the PID file, followed by sending the daemon a SIGUSR1
signal. When the daemon has completed the request it sends the requesting
process a SIGUSR1 signal;
Stealth uses a RunMode object to keep track of its current mode of operation
and an IPC object to handle the inter process communication.
The flow of control handling requests is defined in processRequests,
called from doChores. ProcessRequests defines a loop basically processing a
request and waiting for the next request ((waitForRequest)
The file integrity scan itself is handled by an IntegrityScanner object.
Communications with the daemon use the run-file and signals SIGUSR1 (and
SIGTERM). The run-file by default contains the pid of the daemon process. The
signalling stealth process adds a request to the
file. The daemon reads the request and honors it if possible.
|
