def project_init():
if not maltrail_config.DISABLE_CHECK_SUDO and not check_sudo():
exit("[!] please run '%s' with sudo/Administrator privileges" %
__file__)
try: # 进入初始化模块
init()
get_error_log_handle()
msg = "[i] using '%s' for trail storage" % maltrail_config.TRAILS_FILE
if os.path.isfile(maltrail_config.TRAILS_FILE):
mtime = time.gmtime(os.path.getmtime(maltrail_config.TRAILS_FILE))
msg += " (last modification: '%s')" % time.strftime(
HTTP_TIME_FORMAT, mtime)
log_error(msg, "INFO")
except KeyboardInterrupt:
print("\r[x] stopping (Ctrl-C pressed)")
def init():
"""
Performs sensor initialization
"""
global _multiprocessing
try:
import multiprocessing
if config.PROCESS_COUNT > 1:
_multiprocessing = multiprocessing
except (ImportError, OSError, NotImplementedError):
pass
def update_timer():
first = True
while not check_connection():
sys.stdout.write("[!] can't update because of lack of network connection (waiting..." if first else '.')
sys.stdout.flush()
time.sleep(60)
first = False
if not first:
print(")")
_ = update_trails(server=config.UPDATE_SERVER)
update_ipcat()
if _:
trails.clear()
trails.update(_)
elif not trails:
trails.update(load_trails())
thread = threading.Timer(config.UPDATE_PERIOD, update_timer)
thread.daemon = True
thread.start()
create_log_directory()
get_error_log_handle()
check_memory()
update_timer()
if check_sudo() is False:
exit("[!] please run '%s' with sudo/Administrator privileges" % __file__)
if config.plugins:
config.plugin_functions = []
for plugin in re.split(r"[,;]", config.plugins):
plugin = plugin.strip()
found = False
for _ in (plugin, os.path.join("plugins", plugin), os.path.join("plugins", "%s.py" % plugin)):
if os.path.isfile(_):
plugin = _
found = True
break
if not found:
exit("[!] plugin script '%s' not found" % plugin)
else:
dirname, filename = os.path.split(plugin)
dirname = os.path.abspath(dirname)
if not os.path.exists(os.path.join(dirname, '__init__.py')):
exit("[!] empty file '__init__.py' required inside directory '%s'" % dirname)
if not filename.endswith(".py"):
exit("[!] plugin script '%s' should have an extension '.py'" % filename)
if dirname not in sys.path:
sys.path.insert(0, dirname)
try:
module = __import__(filename[:-3].encode(sys.getfilesystemencoding()))
except (ImportError, SyntaxError), msg:
exit("[!] unable to import plugin script '%s' (%s)" % (filename, msg))
found = False
for name, function in inspect.getmembers(module, inspect.isfunction):
if name == "plugin" and not set(inspect.getargspec(function).args) & set(("event_tuple', 'packet")):
found = True
config.plugin_functions.append(function)
function.func_name = module.__name__
if not found:
exit("[!] missing function 'plugin(event_tuple, packet)' in plugin script '%s'" % filename)
def init():
"""
Performs sensor initialization
"""
global _multiprocessing
if config.USE_MULTIPROCESSING:
try:
import multiprocessing
if multiprocessing.cpu_count() > 1:
_multiprocessing = multiprocessing
except (ImportError, OSError, NotImplementedError):
pass
def update_timer():
_ = update_trails(server=config.UPDATE_SERVER)
update_ipcat()
if _:
trails.clear()
trails.update(_)
elif not trails:
trails.update(load_trails())
thread = threading.Timer(config.UPDATE_PERIOD, update_timer)
thread.daemon = True
thread.start()
create_log_directory()
get_error_log_handle()
check_memory()
update_timer()
if check_sudo() is False:
exit("[!] please run '%s' with sudo/Administrator privileges" %
__file__)
interfaces = set(_.strip() for _ in config.MONITOR_INTERFACE.split(','))
if (config.MONITOR_INTERFACE or "").lower() == "any":
if subprocess.mswindows or "any" not in pcapy.findalldevs():
print(
"[x] virtual interface 'any' missing. Replacing it with all interface names"
)
interfaces = pcapy.findalldevs()
else:
print(
"[?] in case of any problems with packet capture on virtual interface 'any', please put all monitoring interfaces to promiscuous mode manually (e.g. 'sudo ifconfig eth0 promisc')"
)
for interface in interfaces:
if interface.lower() != "any" and interface not in pcapy.findalldevs():
hint = "[?] available interfaces: '%s'" % ",".join(
pcapy.findalldevs())
exit("[!] interface '%s' not found\n%s" % (interface, hint))
print("[i] opening interface '%s'" % interface)
try:
_caps.append(
pcapy.open_live(interface, SNAP_LEN, True, CAPTURE_TIMEOUT))
except (socket.error, pcapy.PcapError):
if "permitted" in str(sys.exc_info()[1]):
exit("[!] please run '%s' with sudo/Administrator privileges" %
__file__)
elif "No such device" in str(sys.exc_info()[1]):
exit("[!] no such device '%s'" % interface)
else:
raise
if config.LOG_SERVER and not len(config.LOG_SERVER.split(':')) == 2:
exit("[!] invalid configuration value for 'LOG_SERVER' ('%s')" %
config.LOG_SERVER)
if config.CAPTURE_FILTER:
print("[i] setting filter '%s'" % config.CAPTURE_FILTER)
for _cap in _caps:
_cap.setfilter(config.CAPTURE_FILTER)
if _multiprocessing:
_init_multiprocessing()
if not subprocess.mswindows:
try:
try:
mod = int(
subprocess.check_output("grep -c ^processor /proc/cpuinfo",
stderr=subprocess.STDOUT,
shell=True).strip())
used = subprocess.check_output(
"for pid in $(ps aux | grep python | grep sensor.py | grep -E -o 'root[ ]*[0-9]*' | tr -d '[:alpha:] '); do schedtool $pid; done | grep -E -o 'AFFINITY .*' | cut -d ' ' -f 2 | grep -v 0xf",
stderr=subprocess.STDOUT,
shell=True).strip().split('\n')
max_used = max(int(_, 16) for _ in used)
affinity = max(1, (max_used << 1) % 2**mod)
except:
affinity = 1
p = subprocess.Popen("schedtool -n -2 -M 2 -p 10 -a 0x%02x %d" %
(affinity, os.getpid()),
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
_, stderr = p.communicate()
if "not found" in stderr:
msg, _ = "[?] please install 'schedtool' for better CPU scheduling", platform.linux_distribution(
)[0].lower()
for distro, install in {
("fedora", "centos"): "sudo yum install schedtool",
("debian", "ubuntu"): "sudo apt-get install schedtool"
}.items():
if _ in distro:
msg += " (e.g. '%s')" % install
break
print(msg)
except:
pass
def init():
"""
Performs sensor initialization
"""
global _multiprocessing
if config.USE_MULTIPROCESSING:
try:
import multiprocessing
if multiprocessing.cpu_count() > 1:
_multiprocessing = multiprocessing
except (ImportError, OSError, NotImplementedError):
pass
def update_timer():
_ = update_trails(server=config.UPDATE_SERVER)
update_ipcat()
if _:
trails.clear()
trails.update(_)
elif not trails:
trails.update(load_trails())
thread = threading.Timer(config.UPDATE_PERIOD, update_timer)
thread.daemon = True
thread.start()
create_log_directory()
get_error_log_handle()
check_memory()
update_timer()
if check_sudo() is False:
exit("[!] please run '%s' with sudo/Administrator privileges" % __file__)
interfaces = set(_.strip() for _ in config.MONITOR_INTERFACE.split(","))
if (config.MONITOR_INTERFACE or "").lower() == "any":
if subprocess.mswindows or "any" not in pcapy.findalldevs():
print("[x] virtual interface 'any' missing. Replacing it with all interface names")
interfaces = pcapy.findalldevs()
else:
print(
"[?] in case of any problems with packet capture on virtual interface 'any', please put all monitoring interfaces to promiscuous mode manually (e.g. 'sudo ifconfig eth0 promisc')"
)
for interface in interfaces:
if interface.lower() != "any" and interface not in pcapy.findalldevs():
hint = "[?] available interfaces: '%s'" % ",".join(pcapy.findalldevs())
exit("[!] interface '%s' not found\n%s" % (interface, hint))
print("[i] opening interface '%s'" % interface)
try:
_caps.append(pcapy.open_live(interface, SNAP_LEN, True, CAPTURE_TIMEOUT))
except (socket.error, pcapy.PcapError):
if "permitted" in str(sys.exc_info()[1]):
exit("[!] please run '%s' with sudo/Administrator privileges" % __file__)
elif "No such device" in str(sys.exc_info()[1]):
exit("[!] no such device '%s'" % interface)
else:
raise
if config.LOG_SERVER and not len(config.LOG_SERVER.split(":")) == 2:
exit("[!] invalid configuration value for 'LOG_SERVER' ('%s')" % config.LOG_SERVER)
if config.CAPTURE_FILTER:
print("[i] setting filter '%s'" % config.CAPTURE_FILTER)
for _cap in _caps:
_cap.setfilter(config.CAPTURE_FILTER)
if _multiprocessing:
_init_multiprocessing()
if not subprocess.mswindows:
try:
try:
mod = int(
subprocess.check_output(
"grep -c ^processor /proc/cpuinfo", stderr=subprocess.STDOUT, shell=True
).strip()
)
used = (
subprocess.check_output(
"for pid in $(ps aux | grep python | grep sensor.py | grep -E -o 'root[ ]*[0-9]*' | tr -d '[:alpha:] '); do schedtool $pid; done | grep -E -o 'AFFINITY .*' | cut -d ' ' -f 2 | grep -v 0xf",
stderr=subprocess.STDOUT,
shell=True,
)
.strip()
.split("\n")
)
max_used = max(int(_, 16) for _ in used)
affinity = max(1, (max_used << 1) % 2 ** mod)
except:
affinity = 1
p = subprocess.Popen(
"schedtool -n -2 -M 2 -p 10 -a 0x%02x %d" % (affinity, os.getpid()),
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
_, stderr = p.communicate()
if "not found" in stderr:
msg, _ = (
"[?] please install 'schedtool' for better CPU scheduling",
platform.linux_distribution()[0].lower(),
)
for distro, install in {
("fedora", "centos"): "sudo yum install schedtool",
("debian", "ubuntu"): "sudo apt-get install schedtool",
}.items():
if _ in distro:
msg += " (e.g. '%s')" % install
break
print(msg)
except:
pass
def init():
"""
Performs sensor initialization
"""
global _multiprocessing
try:
import multiprocessing
if config.PROCESS_COUNT > 1:
_multiprocessing = multiprocessing
except (ImportError, OSError, NotImplementedError):
pass
def update_timer():
retries = 0
while retries < CHECK_CONNECTION_MAX_RETRIES and not check_connection():
sys.stdout.write("[!] can't update because of lack of network connection (waiting..." if not retries else '.')
sys.stdout.flush()
time.sleep(10)
retries += 1
if retries:
print(")")
if retries == CHECK_CONNECTION_MAX_RETRIES:
print("[x] going to continue without update")
_ = {}
else:
_ = update_trails(server=config.UPDATE_SERVER)
update_ipcat()
if _:
trails.clear()
trails.update(_)
elif not trails:
trails.update(load_trails())
thread = threading.Timer(config.UPDATE_PERIOD, update_timer)
thread.daemon = True
thread.start()
create_log_directory()
get_error_log_handle()
check_memory()
update_timer()
if check_sudo() is False:
exit("[!] please run '%s' with sudo/Administrator privileges" % __file__)
if config.plugins:
config.plugin_functions = []
for plugin in re.split(r"[,;]", config.plugins):
plugin = plugin.strip()
found = False
for _ in (plugin, os.path.join("plugins", plugin), os.path.join("plugins", "%s.py" % plugin)):
if os.path.isfile(_):
plugin = _
found = True
break
if not found:
exit("[!] plugin script '%s' not found" % plugin)
else:
dirname, filename = os.path.split(plugin)
dirname = os.path.abspath(dirname)
if not os.path.exists(os.path.join(dirname, '__init__.py')):
exit("[!] empty file '__init__.py' required inside directory '%s'" % dirname)
if not filename.endswith(".py"):
exit("[!] plugin script '%s' should have an extension '.py'" % filename)
if dirname not in sys.path:
sys.path.insert(0, dirname)
try:
module = __import__(filename[:-3].encode(sys.getfilesystemencoding()))
except (ImportError, SyntaxError), msg:
exit("[!] unable to import plugin script '%s' (%s)" % (filename, msg))
found = False
for name, function in inspect.getmembers(module, inspect.isfunction):
if name == "plugin" and not set(inspect.getargspec(function).args) & set(("event_tuple', 'packet")):
found = True
config.plugin_functions.append(function)
function.func_name = module.__name__
if not found:
exit("[!] missing function 'plugin(event_tuple, packet)' in plugin script '%s'" % filename)
