def process_event(self, event, *args, **kwargs):
_input = self.get_input(event)
splitted_input = _input.split()
splitted_input.append(get_command_name_from_path(_input))
if 'passwd' in splitted_input:
self.logger.msg(
eventid='cowrie.command.passwd_command_entered',
input=_input,
format='"passwd" command detected on input "%(input)s".')
def process_event(self, event, *args, **kwargs):
found_list = []
_input = self.get_input(event)
splitted_input = _input.split()
splitted_input.append(get_command_name_from_path(_input))
for input_part in splitted_input:
if input_part in map(lambda x: x['command'], self.command_list):
found_list.append(input_part)
if found_list:
self.logger.msg(eventid='cowrie.command.network_detection_command', input=_input, found_list=found_list,
format='Found network detection commands in command "%(input)s": %(found_list)s')
def process_event(self, event, *args, **kwargs):
deleted_directories = []
_input = self.get_input(event)
splitted_input = _input.split()
splitted_input.append(get_command_name_from_path(_input))
if self.deletion_exists(splitted_input):
for directory in self.risky_directories:
if directory in _input:
deleted_directories.append(directory)
if deleted_directories:
self.logger.msg(
eventid='cowrie.command.deleting_track',
input=_input,
found_list=deleted_directories,
format=
'Found deleting track commands in command "%(input)s": %(found_directories)s'
)