def check_init_status(self): message = {} message['status'] = 0 message['data'] = {} ID = 1 init_path = self.config_content['Init']['files'].split(':') for path in init_path: if not os.path.exists(path): continue if os.path.isfile(path): content = analysis_file(path) if content: message['status'] = 1 message['data'][ID] = {'file': path, 'content': content} ID += 1 else: for file in get_current_directory_files(path): content = analysis_file(file) if content: message['status'] = 1 message['data'][ID] = { 'file': path, 'content': content } ID += 1 return message
def check_conf(self, name, file): if not os.path.exists(file): return if os.path.isdir(file): return with open(file) as f: for line in f: if len(line) < 3: continue if line[0] == '#': continue if 'export ' + name in line: return line info = analysis_file(file) if info: return info return
def check_user_file_status(self): ''' 检测临时目录文件状态 ''' message = {} message['evil_file'] = [] message['wrong_file'] = [] for drt in self.user_directory: if not os.path.exists(drt): continue for file in get_current_directory_files(drt): content = analysis_file(file) if content: message['evil_file'].append(file + ". 内容为 : " + content) else: continue else: continue return message
def analysis_string(content): content = content.replace('\n', '') if check_shell(content): return content # 有反弹Shell特征 # IP操作类 data = check_ip(content) if data: return data # 文件操作 for file in content.split(' '): if not os.path.exists(file): continue elif os.path.isdir(file): continue else: if analysis_file(file): return content return False
def check_hide_files_status(self): ''' 检测是否存在可疑隐藏文件 ''' message = {} message['evil_file'] = [] message['wrong_file'] = [] command = f'find {self.hidden_directory} ! -path "/proc/*" ! -path "/sys/*" ! -path "/run/*" ! -path "/private/*" -name ".*" 2>/dev/null' files = runCommand(command).decode('utf-8').splitlines() for file in files: if file == '/usr/share/man/man1/..1.gz': continue else: content = analysis_file(file) if content: message['evil_file'].append(file + ". 内容为 : " + content) else: continue return message
def check_system_integrity(self): message = {} message['evil_file'] = [] message['wrong_file'] = [] for drt in self.binarry_files: if not os.path.exists(drt): continue for file in get_current_directory_files(drt): if os.path.basename(file) in self.check_files: # 只检测重要文件 content = analysis_file(file) if content: message['evil_file'].append(file + ". 内容为 : " + content) else: continue else: continue return message