def find_from_keywords(self, keywords, root_dir): found = {} for keyword in keywords: file = open(config.bash().findfilefolders(), "w+") command = "find {} -iname *{}* > {}\n".format(root_dir, keyword, config.output().findfilefolders()) file.writelines(["#!/bin/bash\n", command]) file.close() call(config.bash().findfilefolders()) file = open(config.output().findfilefolders(), "r") found[keyword] = file.readlines() file.close() for keyword in found.keys(): organized_dict = {} found_items = "" for item in found[keyword]: found_items += str(item.rstrip("\n") + ", ") found_items = found_items.rstrip(", ") organized_dict["keyword"], organized_dict["found"] = keyword, found_items disabled = str dbr.ok("found_files_folders") dbr.fill("found_files_folders", organized_dict) return found.values()
def bashscript_processor(self): file = open("./bash/output/cronlist.output", "r") lines = [line.split() for line in file.readlines()] file.close() lines = [line for line in lines if line != ""] formatted_lines = [] for int in range(0, len(lines)): # for every line in cron dump command = " ".join(lines[int][6:]) # select every item from six and beyond, meaning select the whole command (ncat or ncat -p) pre = lines[int][:6] # select everything before the command pre.append(command) # join the whole command to the whole list, avoiding issues with cases like "nmap -A -T5 10.0.1.1" formatted_lines.append(pre) organized_dict = tools.make_organized_dict(formatted_lines, ["minute", "hour", "day", "month", "week", "user", "command"]) for item in organized_dict: dbr.ok("cron_script") dbr.fill("cron_script", item)
def abnormal_installed(self): '''returns progams that are installed on this system, but not in a clean 12.04''' file = open("./resources/12.04-clean-installed", "r") clean = [line.split("\n")[0] for line in file.readlines()] list_installed() file = open("./bash/output/list-installed.output", "r") installed = [line.split("\t")[0] for line in file.readlines()] file.close() uhoh = [line for line in installed if line not in clean] for application in uhoh: dbr.ok("abnormal_installed_apps") application_entry = tools.make_organized_dict([[application]], ["apps"])[0] dbr.fill("abnormal_installed_apps", application_entry) return uhoh
def group_membership(self): file = open(config.file().group_file(), "r") groups_lines = [line.split(":") for line in file.readlines()] file.close() groups = [group[0] for group in groups_lines] members = [group[3] for group in groups_lines] groups_list = [] for int in range(0, len(groups)): membership_dict = {} membership_dict[groups[int]] = members[int].rstrip("\n") groups_list.append(membership_dict) for item in groups_list: organized_dict = {} dbr.ok("group_membership") if item.values()[0] == "\n": item[item.keys()[0]] = "" organized_dict["group"] = item.keys()[0] organized_dict["members"] = item.values()[0] dbr.fill("group_membership", organized_dict) log("dbd", "grp", "membership")
def abnormal_users(self, allowed_users): """takes in list of allowed users, dbs users not in list and not in default list.""" normal = [ "daemon", "bin", "sys", "sync", "games", "man", "lp", "mail", "news", "uucp", "proxy", "www-data", "backup", "list", "irc", "gnats", "nobody", "libuuid", "statd", "shd", "root", ] file = open(config.file().shadow_file(), "r") current_users = [line.split(":")[0] for line in file.readlines()] file.close() nonnormal = [user for user in current_users if user not in normal] abnormal = [user for user in nonnormal if user not in allowed_users] for int in range(0, len(abnormal)): organized_dict = {} organized_dict["user"] = abnormal[int] dbr.ok("abnormal_users") dbr.fill("abnormal_users", organized_dict) log("dbd", "usr", ", ".join(abnormal), "abnormal") return abnormal