def run(payload, socket):
if common.is_linux():
vuls = Kdatabase().get_obj("vuls")
while True:
if Kevent().is_terminate():
print("vulscan thread terminate")
break
now = time_op.now()
settings = Kdatabase().get_obj('strategy')
if settings:
if now > vuls["lasttime"] + settings["vuls"]["period"]:
with Kvuls().get_lock():
Kvuls().vulscan()
vuls["lasttime"] = now
if settings["vuls"]["auto_repair"]:
if common.is_program_running(
"apt-get") or common.is_program_running(
"yum"):
pass
else:
if lib.check_root():
for package in list(vuls["items"]):
Kvuls().repair(package)
Kdatabase().dump("vuls")
time.sleep(5)
def run(payload, socket):
cleaner = Kdatabase().get_obj("cleaner")
Kcleaner().load_jsons()
while True:
if Kevent().is_terminate():
print("cleaner thread terminate")
break
now = time_op.now()
settings = Kdatabase().get_obj('strategy')
if settings:
if now > cleaner["lasttime"] + settings["garbage"]["period"]:
with Kcleaner().get_lock():
cleaner["kinds"] = Kcleaner().scan()
cleaner["lasttime"] = now
if settings["garbage"]["auto_clean"]:
for kind, info in cleaner["kinds"].items():
if "autoclean" in info and info["autoclean"]:
for i in list(info["items"].keys()):
Kcleaner().clean_option(
info, i, cleaner["record"])
Kdatabase().dump("cleaner")
time.sleep(5)
def start(self):
while True:
try:
username = Kdatabase().get_obj("setting")["username"]
host, port = Khttp().get_connection(constant.SERVER_URL,
username)
if host and port:
Kevent().do_unpack()
self.socket = Ksocket(host, port, username)
self.socket.start()
self.socket.loop()
else:
Klogger().info(
"Reconnect to {} after 5s".format(marsnake_server))
time.sleep(5)
continue
except Exception as e:
Klogger().exception()
if self.socket:
self.socket.close()
self.socket = None
time.sleep(10)
def python_main(child_end):
try:
common.set_work_dir()
common.setdefaultencoding("utf8")
Kevent().init_signal()
if not Kevent().do_initializing():
sys.exit(1)
if child_end:
Kthreads().apply_async(KPipe().start, (child_end, ))
Kthreads().apply_async(Kevent().do_start, ())
Kthreads().join()
except Exception as e:
traceback.print_exc(file=sys.stdout)
def loop(self): while True: request = self.sock.recv(constant.SOCKET_RECV_SIZE) if not len(request): Kevent().do_disconnected() break; self.input.write(request) #self.print2hex(self.input.get_data(0, self.input.get_len())) while self.handle_package(): pass
def run(payload, socket):
if common.is_linux():
data = {
"kernel": [],
"authentication": [],
"feature": [],
}
audit = Kdatabase().get_obj('audit')
while True:
if Kevent().is_terminate():
print("security audit thread terminate")
break
# reset data
data['kernel'] = []
data['authentication'] = []
data['feature'] = []
data['statistic'] = {"critical": 0, "warning": 0}
now = time_op.now()
if now > audit["lasttime"] + constant.AUDIT_SCAN_PERIOD:
#check_upgradable_packages(data)
audit_implement.kernel_available_version(data)
audit_implement.enum_kernel_modules(data)
audit_implement.check_magickey_configuration(data)
audit_implement.check_need_reboot(data)
audit_implement.check_coredump_config(data)
#check_kdump_config(data)
#kernel_default_limits(data)
audit_implement.security_info(data)
audit_implement.get_useradd_list(data)
audit_implement.logged_user(data)
audit_implement.check_sudoers_file(data)
audit_implement.login_defs_policy(data)
audit['feature'] = data['feature']
audit['authentication'] = data['authentication']
audit['kernel'] = data['kernel']
audit['statistic'] = data['statistic']
audit["lasttime"] = now
Kdatabase().dump('audit')
time.sleep(5)
def run(payload, socket):
from core.fingerprint import Kfingerprint
fingerprint = Kdatabase().get_obj("fingerprint")
while True:
if Kevent().is_terminate():
print("fingerprint thread terminate")
break
now = time_op.now()
settings = Kdatabase().get_obj('strategy')
if settings:
if now > fingerprint["port"]["lasttime"] + settings["asset"]["port_scan"]:
Kfingerprint().record_listening_port()
if now > fingerprint["account"]["lasttime"] + settings["asset"]["account_scan"]:
Kfingerprint().record_account()
time.sleep(5)
def start(self):
while True:
try:
host, port, en_mods = Khttp().get_connection(
Kconfig().server,
Kconfig().credential)
Kmodules().unpacker(en_mods)
self.socket = Ksocket(host, port, Kconfig().credential)
self.socket.start()
self.socket.loop()
except Exception as e:
Klogger().error(str(e))
traceback.print_exc()
Kevent().do_disconnected()
if self.socket:
self.socket.close()
self.socket = None
time.sleep(10)
def run(payload, socket):
monitor = Kdatabase().get_obj("monitor")
monitor_second = Kdatabase().get_monitor_second()
monitor_warnings = {
"cpu": {
"start_time": 0,
"end_time": 0,
"percent": 0.0,
"percent_count": 0,
"db": None
},
"memory": {
"start_time": 0,
"end_time": 0,
"percent": 0.0,
"percent_count": 0,
"db": None
}
}
counters_ts = 0
while True:
if Kevent().is_terminate():
print("resource thread terminate")
break
if not counters_ts:
psutil.cpu_percent()
disk_counters = psutil.disk_io_counters()
net_counters = psutil.net_io_counters()
counters_ts = datetime.now()
time.sleep(1)
continue
#update counters
now = datetime.now()
interval = (now - counters_ts).total_seconds()
counters_ts = now
if interval > 15.0:
Kdatabase().reset_monitor_second()
monitor_second = Kdatabase().get_monitor_second()
counters_ts = 0
continue
#calculate
net = psutil.net_io_counters()
tx_bytes = (net.bytes_sent - net_counters.bytes_sent) / interval
rx_bytes = (net.bytes_recv - net_counters.bytes_recv) / interval
net_counters = net
disk = psutil.disk_io_counters()
dru = (disk.read_bytes - disk_counters.read_bytes) / interval
dwu = (disk.write_bytes - disk_counters.write_bytes) / interval
disk_counters = disk
monitor_second["cpu"].append(psutil.cpu_percent())
monitor_second["memory"].append(psutil.virtual_memory()[2])
monitor_second["net_io"]["tx"].append(tx_bytes)
monitor_second["net_io"]["rx"].append(rx_bytes)
monitor_second["disk_io"]["read"].append(dru)
monitor_second["disk_io"]["write"].append(dwu)
if not "start_record" in monitor_second or not monitor_second["start_record"]:
monitor_second["start_record"] = now
for proc in psutil.process_iter():
try:
proc.cpu_percent()
except:
pass
if now > monitor_second["start_record"] + timedelta(seconds = RECORD_INTERVAL):
procs = {}
for proc in psutil.process_iter():
try:
if common.is_kernel_thread(proc):
continue
pid = proc.pid
username = "******"
status = "unknown"
beginat = int(time.time())
name = "unknown"
proc_read_bytes = 0
proc_write_bytes = 0
cpu_percent = 0.0
memory_percent = 0.0
thread_num = 0
fds_num = 0
with proc.oneshot():
try:
username = proc.username()
status = proc.status()
beginat = int(proc.create_time())
except:
continue
try:
cmdline = proc.cmdline()
exe = proc.exe()
if exe:
cmdline[0] = exe
name = " ".join(cmdline[:3])
except:
try:
name = proc.name()
except:
continue
try:
io = proc.io_counters()
proc_read_bytes = io[2]
proc_write_bytes = io[3]
except:
pass
try:
cpu_percent = proc.cpu_percent()
memory_percent = proc.memory_percent()
except:
pass
try:
thread_num = proc.num_threads()
if common.is_linux():
fds_num = proc.num_fds()
elif common.is_windows():
fds_num = proc.num_handles()
except:
pass
procs[pid] = {
"name" : name,
"username" : username,
"io_rb": proc_read_bytes,
"io_wb": proc_write_bytes,
"beginat" : beginat,
"status" : status,
"fd" : fds_num,
"thread" : thread_num,
"data" : (cpu_percent, memory_percent)
}
except Exception as e:
#print("pid : {} name : {} error : {}".format(pid, name, str(e)))
pass
upgrade_proc_status(monitor_second, monitor, procs, monitor_warnings)
monitor_second["start_record"] = monitor_second["start_record"] + timedelta(seconds = RECORD_INTERVAL)
if len(monitor_second["cpu"]) > 120:
pop_status(monitor_second)
if interval >= 1:
sleep = 1 - (interval - 1)
if sleep < 0:
sleep = 1
else:
sleep = 1
time.sleep(sleep)