A comprehensive process monitoring tool designed to track and enforce security policies for research infrastructure. This tool monitors process activities, resource usage, file operations, and network connections in real-time.
- Marwan Alharbi
- Dr. Yanyan Zhuang
-
Real-time Process Monitoring
- Live dashboard updates every 5 seconds
- Process list with detailed metrics:
- PID, Process Name, CPU Usage
- Memory Consumption, Username
- Process Duration, Status
- Advanced filtering & multi-column sorting
- User authentication system
-
Core Monitoring Capabilities
- Process activity tracking
- System resource utilization
- File system operations
- Network connection monitoring
-
Policy Management Interface
- Multi-process selection with criteria matching
- Visual policy configuration dashboard
- Batch policy monitoring application
-
Advanced Security Enforcement
- Resource threshold alerts (CPU/Memory/Disk/Network)
- Suspicious activity detection:
- Restricted directory access
- Blacklisted file extensions
- Unauthorized network connections
- Automated response system:
- Configurable severity levels
- Process termination capabilities
- Comprehensive audit logging
-
Enhanced UI
- [ Dashboard ] Page
- Store search result (browser storage)
- Store selected sorted selection (browser storage)
- Select multiple processes based on search criteria to be monitored
- [ Policy Monitor ] Page
- Start/Stop all monitoring at once
- [ Setting ] Page
- Adjusting the automatic refresh interval
- [ Dashboard ] Page
-
Future Works
- Multiuser and Policy App's user privilege managements
Frontend
Vue 3, TypeScript
Backend
Python 3.12, Flask, SQLite, psutil
Infrastructure
Gunicorn, Conda
ui-manager/
├── backend/
│ ├── migrations # Auto-generated by Flask-Migrate (for database migrations)
│ ├── instance # Stores instance-specific configurations (e.g., SQLite DB)
│ ├── .env # Environment variables (SECRET_KEY, DB_URI, etc.)
│ ├── .flaskenv # Flask environment settings (FLASK_APP, FLASK_ENV)
│ ├── requirements.txt # Dependencies
│ ├── gunicorn.conf.py # Gunicorn configuration
│ ├── wsgi.py # Entry point for production (Gunicorn)
│ ├── cert.pem # Certificate for production usage (Gunicorn)
│ ├── key.pem # Key for production usage (Gunicorn)
│ ├── .gitignore # ignored files from repo
│ ├── README.md # Project documentation
│ ├── public # Auto-generated from frontend folder use command (npm run build)
│ └── app # Main application package
│ ├── __init__.py # Initializes the Flask app
│ ├── config.py # Flask Configuration settings
│ ├── models # Database models
│ │ ├── __init__.py # Initializes SQLAlchemy
│ │ ├── user.py # User model
│ │ ├── configuration.py # Monitor analysis configration data model
│ │ ├── monitor.py # Monitor related data model
│ │ ├── process.py # Processes stored data model
│ │ └── session.py # Session model
│ ├── routes # API route blueprints
│ │ ├── __init__.py # Initializes blueprints
│ │ ├── auth.py # Authentication routes
│ │ ├── configuration.py # Configuration routes
│ │ ├── monitor.py # Monitoring routes
│ │ ├── process.py # Process routes
│ │ └── public.py # Public routes
│ ├── utils # Helper functions and utilities
│ │ ├── __init__.py # Initializes utils
│ │ ├── policy.py # process management methods (Policy API)
│ │ └── session_helper.py # Helper functions for session management
│ └── external # All monitoring logs files will be within this directory
│ ├── monitor.py # Monitor app that get execute to moniter a process
│ ├── config # auto generated configs directory
│ │ └── <un>-config.json # <un>: username auto generated Config file per Policy Monitor App's user to be used by monitor.py
│ └── logs # auto generated logs directory
│ └── user # each user will have its folder created
│ └── app # app name
│ ├── <pid>-<timestamp>.log # log file auto generated during monitoring process
│ └── <pid>-<timestamp>-violations.json # violations details if there any violations get catched by monitor.py
└── frontend
├── cypress.config.ts
├── env.d.ts
├── index.html
├── package.json
├── postcss.config.js
├── tsconfig.app.json
├── tsconfig.json
├── tsconfig.node.json
├── tsconfig.vitest.json
├── vite.config.ts
├── vitest.config.ts
├── README.md
└── src/
├── App.vue
├── main.ts
├── assets/
│ ├── logo-sample.svg
│ ├── logo.png
│ ├── logo.svg
│ ├── my-logo.png
│ ├── my-logo.svg
│ ├── policy-monitor-logo.png
│ └── tailwind.css
├── components/
│ ├── CardComponent.vue
│ ├── CollapsibleCard.vue
│ ├── CollapsibleCardV2.vue
│ ├── DataViewComponent.vue
│ ├── EditPolicesComponent.vue
│ ├── HorizontalRadioButtons.vue
│ ├── NumberCompare.vue
│ ├── PopularTags.vue
│ ├── SingleChart.vue
│ ├── SwitchField.vue
│ ├── TestComponent.vue
│ ├── TextFieldButtonComponent.vue
│ └── VerticalRadioButtons.vue
├── modules/
│ ├── configuration.ts
│ └── policies.ts
├── router/
│ └── index.ts
├── stores/
│ ├── auth.ts
│ └── processes.ts
├── types/
│ └── config.ts
├── utils/
│ ├── axios.ts
│ └── helper.ts
└── views/
├── DashboardView.vue
├── LoginView.vue
├── PoliciesView.vue
├── ProfileView.vue
└── SettingsView.vue
- Python 3.12
-
Load Anaconda Module
module avail anaconda/3 module load anaconda/3
-
Create Python Environment
conda create -n uim python=3.12 conda activate uim
-
Backend Setup
git clone git@github.com:marwankau/abnormal-policy-research.git cd abnormal-policy-research/ui-manager/backend pip install -r requirements.txt flask db init flask db upgrade -
Generate SSL Self-Signed Certificate
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes- Launch Application Server
gunicorn -c gunicorn.conf.py
https://<your-server-ip>:8000
ssh -L 8000:localhost:8000 username@<incline-ip>Then access: https://localhost:8000
Default Credentials
Username: admin
Password: admin
-
Dashboard Overview
- Real-time system health metrics
- Interactive process list with sorting/filtering
- Auto-refreshing data visualization
-
Process Management
- Sort by multiple columns
- Filter using process attributes
-
Policy Configuration
- Define resource thresholds
- Configure security policies
- Set automated response rules
-
Policy Monitoring
- Select one or more process to monitor from dashboard
- From Policy Monitoring page
- Start/Stop monitoring all selected processes
- Monitoring rules can be changed from Setting page
- Several Monitoring rules can be defined and switch between them
- Core Monitoring System (Completed)
- Policy Management CLI (Completed)
- Policy Management UI (Completed)
- Enhance UI experince (Completed)