def UrlCheck(uid, sub_pid, obj_pid, sub_proc, obj_src, obj_dst, sip_dip): global GMUTEX_URL global GURLDIC global GURLWHITESTAT global GURLBLACKSTAT host = obj_src uri = obj_dst url_all = host + '/*' url = host + uri if GMUTEX_URL.acquire(1): if GURLWHITESTAT == 1: # 白名单开启 if GURLDIC.has_key(url_all): # 包含hots/* if GURLDIC[url_all] == 0: # 类型是白名单(0)全部放行 GMUTEX_URL.release() return 0 if GURLDIC.has_key(url): # 包含hots/uri的放行 if GURLDIC[url] == 0: # 类型是白名单(0)全部放行 GMUTEX_URL.release() return 0 # 其他禁止 GMUTEX_URL.release() sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \ 'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('URL-白名单', \ pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_proc, obj_src, obj_dst, sip_dip, '开启', '拦截') logdb.LogAddOne(sql) return 1 if GURLBLACKSTAT == 1: # 黑名单开启 if GURLDIC.has_key(url_all): # 包含hots/* if GURLDIC[url_all] == 1: # 类型是黑名单(1)全部禁止 GMUTEX_URL.release() sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \ 'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('URL-黑名单', \ pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_proc, obj_src, obj_dst, sip_dip, '开启', '拦截') logdb.LogAddOne(sql) return 1 if GURLDIC.has_key(url): # 包含hots/uri的禁止 if GURLDIC[url] == 1: # 类型是黑名单(1)全部禁止 GMUTEX_URL.release() sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \ 'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('URL-黑名单', \ pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_proc, obj_src, obj_dst, sip_dip, '开启', '拦截') logdb.LogAddOne(sql) return 1 # 其他放行 GMUTEX_URL.release() return 0 GMUTEX_URL.release() return ret
def SpecrcCheckSetTime(uid, sub_pid, obj_pid, sub_pro, obj_src, obj_dst, sip_dip): global GSPECRCSETTIMESTAT global GMUTEX_SPECRC ret = 0 if GMUTEX_SPECRC.acquire(1): if GSPECRCSETTIMESTAT == 1: # 时间保护开启 ret = 1 try: tm1 = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(int(obj_src))) tm2 = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(int(obj_dst))) tm = "%s -> %s" % (tm1, tm2) sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \ 'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('特殊资源-时间', \ pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_pro, tm, '', sip_dip, '开启', '拦截') logdb.LogAddOne(sql) except: pass else: ret = 0 GMUTEX_SPECRC.release() return ret
def UrlCheckUsb(uid, sub_pid, obj_pid, sub_pro, obj_src, obj_dst, sip_dip): global GDEVICEUSBSTAT global GMUTEX_DEVICE ret= 0 if GMUTEX_DEVICE.acquire(1): if GDEVICEUSBSTAT == 1: # USB保护开启 sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \ 'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('外设管理-USB', \ pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_pro, obj_src, obj_dst, sip_dip, '开启', '拦截') logdb.LogAddOne(sql) ret = 1 else: ret = 0 GMUTEX_DEVICE.release() return ret
def SpecrcCheckShutDown(uid, sub_pid, obj_pid, sub_pro, obj_src, obj_dst, sip_dip): global GSPECRCSHUTDOWNSTAT global GMUTEX_SPECRC ret = 0 if GMUTEX_SPECRC.acquire(1): if GSPECRCSHUTDOWNSTAT == 1: # 关机保护开启 sql = 'insert into log (id, type, user, subpid, objpid, subproc, objsrcpath, objdstpath, sipdip, status, perm, time) ' + \ 'values(null, "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", datetime())' % ('特殊资源-关机', \ pwd.getpwuid(uid).pw_name, sub_pid, obj_pid, sub_pro, obj_src, obj_dst, sip_dip, '开启', '拦截') logdb.LogAddOne(sql) ret = 1 else: ret = 0 GMUTEX_SPECRC.release() return ret