def check_init_status(self):
message = {}
message['status'] = 0
message['data'] = {}
ID = 1
init_path = self.config_content['Init']['files'].split(':')
for path in init_path:
if not os.path.exists(path): continue
if os.path.isfile(path):
content = analysis_file(path)
if content:
message['status'] = 1
message['data'][ID] = {'file': path, 'content': content}
ID += 1
else:
for file in get_current_directory_files(path):
content = analysis_file(file)
if content:
message['status'] = 1
message['data'][ID] = {
'file': path,
'content': content
}
ID += 1
return message
def check_conf(self, name, file):
if not os.path.exists(file): return
if os.path.isdir(file): return
with open(file) as f:
for line in f:
if len(line) < 3: continue
if line[0] == '#': continue
if 'export ' + name in line:
return line
info = analysis_file(file)
if info:
return info
return
def check_user_file_status(self):
''' 检测临时目录文件状态 '''
message = {}
message['evil_file'] = []
message['wrong_file'] = []
for drt in self.user_directory:
if not os.path.exists(drt):
continue
for file in get_current_directory_files(drt):
content = analysis_file(file)
if content:
message['evil_file'].append(file + ". 内容为 : " + content)
else:
continue
else:
continue
return message
def analysis_string(content):
content = content.replace('\n', '')
if check_shell(content):
return content # 有反弹Shell特征
# IP操作类
data = check_ip(content)
if data:
return data
# 文件操作
for file in content.split(' '):
if not os.path.exists(file):
continue
elif os.path.isdir(file):
continue
else:
if analysis_file(file):
return content
return False
def check_hide_files_status(self):
''' 检测是否存在可疑隐藏文件 '''
message = {}
message['evil_file'] = []
message['wrong_file'] = []
command = f'find {self.hidden_directory} ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/private/*" -name ".*" 2>/dev/null'
files = runCommand(command).decode('utf-8').splitlines()
for file in files:
if file == '/usr/share/man/man1/..1.gz':
continue
else:
content = analysis_file(file)
if content:
message['evil_file'].append(file + ". 内容为 : " + content)
else:
continue
return message
def check_system_integrity(self):
message = {}
message['evil_file'] = []
message['wrong_file'] = []
for drt in self.binarry_files:
if not os.path.exists(drt):
continue
for file in get_current_directory_files(drt):
if os.path.basename(file) in self.check_files: # 只检测重要文件
content = analysis_file(file)
if content:
message['evil_file'].append(file + ". 内容为 : " +
content)
else:
continue
else:
continue
return message