Exemplo n.º 1
0
 def _csv_hash_running_process(self, list_running):
     self.logger.info("Health : Hashing running processes")
     with open(self.output_dir + '_hash_processes' + self.rand_ext,
               'ab') as fw:
         csv_writer = get_csv_writer(fw)
         write_to_csv([
             "COMPUTER_NAME", "TYPE", "PID", "PROCESS_NAME", "EXEC_PATH",
             "MD5", "SHA1", "CTIME", "MTIME", "ATIME"
         ], csv_writer)
         for p in list_running:
             pid = p[0]
             name = p[1]
             cmd = p[2]
             exe_path = p[3]
             if exe_path:
                 ctime = datetime.datetime.fromtimestamp(
                     os.path.getctime(exe_path))
                 mtime = datetime.datetime.fromtimestamp(
                     os.path.getmtime(exe_path))
                 atime = datetime.datetime.fromtimestamp(
                     os.path.getatime(exe_path))
                 md5 = process_md5(unicode(exe_path))
                 sha1 = process_sha1(unicode(exe_path))
                 write_to_csv([
                     self.computer_name, 'processes',
                     unicode(pid), name,
                     unicode(exe_path), md5, sha1, ctime, mtime, atime
                 ], csv_writer)
     record_sha256_logs(self.output_dir + '_hash_processes' + self.rand_ext,
                        self.output_dir + '_sha256.log')
Exemplo n.º 2
0
    def _json_hash_running_process(self, list_running):
        self.logger.info("Health : Hashing running processes")
        if self.destination == 'local':
            with open(
                    os.path.join(self.output_dir +
                                 '%s_list_share.json' % self.computer_name),
                    'ab') as fw:
                json_writer = get_json_writer(fw)

                headers = [
                    "COMPUTER_NAME", "TYPE", "PID", "PROCESS_NAME",
                    "EXEC_PATH", "MD5", "SHA1", "CTIME", "MTIME", "ATIME"
                ]
                for p in list_running:
                    pid = p[0]
                    name = p[1]
                    cmd = p[2]
                    exe_path = p[3]
                    if exe_path and os.path.isfile(exe_path):
                        ctime = datetime.datetime.fromtimestamp(
                            os.path.getctime(exe_path))
                        mtime = datetime.datetime.fromtimestamp(
                            os.path.getmtime(exe_path))
                        atime = datetime.datetime.fromtimestamp(
                            os.path.getatime(exe_path))
                        md5 = process_md5(unicode(exe_path))
                        sha1 = process_sha1(unicode(exe_path))

                        write_to_json(headers, [
                            self.computer_name, 'processes',
                            unicode(pid), name,
                            unicode(exe_path), md5, sha1, ctime, mtime, atime
                        ], json_writer)
Exemplo n.º 3
0
 def _csv_hash_running_process(self, list_running):
     with open(self.output_dir + '_hash_processes.csv', 'ab') as fw:
         csv_writer = get_csv_writer(fw)
         write_to_csv(["COMPUTER_NAME", "TYPE", "PID", "PROCESS_NAME", "EXEC_PATH", "MD5", "SHA1", "CTIME", "MTIME", "ATIME"], csv_writer)
         for p in list_running:
             pid = p[0]
             name = p[1]
             cmd = p[2]
             exe_path = p[3]
             if exe_path <> None:
                 ctime = datetime.datetime.fromtimestamp(os.path.getctime(exe_path))
                 mtime = datetime.datetime.fromtimestamp(os.path.getmtime(exe_path))
                 atime = datetime.datetime.fromtimestamp(os.path.getatime(exe_path))
                 md5 = process_md5(unicode(exe_path))
                 sha1 = process_sha1(unicode(exe_path))
                 write_to_csv(
                     [self.computer_name, 'processes', unicode(pid), name, unicode(exe_path), md5, sha1, ctime, mtime, atime],
                     csv_writer)
     record_sha256_logs(self.output_dir + '_hash_processes.csv', self.output_dir + '_sha256.log')
Exemplo n.º 4
0
    def _json_hash_running_process(self, list_running):
        self.logger.info("Health : Hashing running processes")
        if self.destination == 'local':
            with open(os.path.join(self.output_dir + '%s_list_share.json' % self.computer_name), 'ab') as fw:
                json_writer = get_json_writer(fw)

                headers = ["COMPUTER_NAME", "TYPE", "PID", "PROCESS_NAME", "EXEC_PATH", "MD5", "SHA1", "CTIME", "MTIME", "ATIME"]
                for p in list_running:
                    pid = p[0]
                    name = p[1]
                    cmd = p[2]
                    exe_path = p[3]
                    if exe_path and os.path.isfile(exe_path):
                        ctime = datetime.datetime.fromtimestamp(os.path.getctime(exe_path))
                        mtime = datetime.datetime.fromtimestamp(os.path.getmtime(exe_path))
                        atime = datetime.datetime.fromtimestamp(os.path.getatime(exe_path))
                        md5 = process_md5(unicode(exe_path))
                        sha1 = process_sha1(unicode(exe_path))

                        write_to_json(headers,
                                      [self.computer_name, 'processes', unicode(pid), name, unicode(exe_path), md5, sha1,
                                       ctime, mtime, atime],
                                      json_writer)
Exemplo n.º 5
0
 def _json_hash_running_process(self, list_running):
     self.logger.info("Health : Hashing running processes")
     if self.destination == 'local':
         with open(
                 self.output_dir +
                 '%s_hash_processes' % self.computer_name + self.rand_ext,
                 'ab') as fw:
             json_writer = get_json_writer(fw)
             to_write = [[
                 "COMPUTER_NAME", "TYPE", "PID", "PROCESS_NAME",
                 "EXEC_PATH", "MD5", "SHA1", "CTIME", "MTIME", "ATIME"
             ]]
             for p in list_running:
                 pid = p[0]
                 name = p[1]
                 # cmd = p[2]
                 exe_path = p[3]
                 if exe_path and os.path.isfile(exe_path):
                     ctime = datetime.datetime.fromtimestamp(
                         os.path.getctime(exe_path))
                     mtime = datetime.datetime.fromtimestamp(
                         os.path.getmtime(exe_path))
                     atime = datetime.datetime.fromtimestamp(
                         os.path.getatime(exe_path))
                     md5 = process_md5(unicode(exe_path))
                     sha1 = process_sha1(unicode(exe_path))
                     to_write += [[
                         self.computer_name, 'hash processes',
                         unicode(pid), name,
                         unicode(exe_path), md5, sha1, ctime, mtime, atime
                     ]]
             write_list_to_json(to_write, json_writer)
         record_sha256_logs(
             self.output_dir + self.computer_name + '_hash_processes' +
             self.rand_ext,
             self.output_dir + self.computer_name + '_sha256.log')