def find_from_keywords(self, keywords, root_dir):
found = {}
for keyword in keywords:
file = open(config.bash().findfilefolders(), "w+")
command = "find {} -iname *{}* > {}\n".format(root_dir, keyword, config.output().findfilefolders())
file.writelines(["#!/bin/bash\n", command])
file.close()
call(config.bash().findfilefolders())
file = open(config.output().findfilefolders(), "r")
found[keyword] = file.readlines()
file.close()
for keyword in found.keys():
organized_dict = {}
found_items = ""
for item in found[keyword]:
found_items += str(item.rstrip("\n") + ", ")
found_items = found_items.rstrip(", ")
organized_dict["keyword"], organized_dict["found"] = keyword, found_items
disabled = str
dbr.ok("found_files_folders")
dbr.fill("found_files_folders", organized_dict)
return found.values()
def bashscript_processor(self):
file = open("./bash/output/cronlist.output", "r")
lines = [line.split() for line in file.readlines()]
file.close()
lines = [line for line in lines if line != ""]
formatted_lines = []
for int in range(0, len(lines)): # for every line in cron dump
command = " ".join(lines[int][6:]) # select every item from six and beyond, meaning select the whole command (ncat or ncat -p)
pre = lines[int][:6] # select everything before the command
pre.append(command) # join the whole command to the whole list, avoiding issues with cases like "nmap -A -T5 10.0.1.1"
formatted_lines.append(pre)
organized_dict = tools.make_organized_dict(formatted_lines, ["minute", "hour", "day", "month", "week", "user", "command"])
for item in organized_dict:
dbr.ok("cron_script")
dbr.fill("cron_script", item)
def abnormal_installed(self):
'''returns progams that are installed on this system, but not in a clean 12.04'''
file = open("./resources/12.04-clean-installed", "r")
clean = [line.split("\n")[0] for line in file.readlines()]
list_installed()
file = open("./bash/output/list-installed.output", "r")
installed = [line.split("\t")[0] for line in file.readlines()]
file.close()
uhoh = [line for line in installed if line not in clean]
for application in uhoh:
dbr.ok("abnormal_installed_apps")
application_entry = tools.make_organized_dict([[application]], ["apps"])[0]
dbr.fill("abnormal_installed_apps", application_entry)
return uhoh
def group_membership(self):
file = open(config.file().group_file(), "r")
groups_lines = [line.split(":") for line in file.readlines()]
file.close()
groups = [group[0] for group in groups_lines]
members = [group[3] for group in groups_lines]
groups_list = []
for int in range(0, len(groups)):
membership_dict = {}
membership_dict[groups[int]] = members[int].rstrip("\n")
groups_list.append(membership_dict)
for item in groups_list:
organized_dict = {}
dbr.ok("group_membership")
if item.values()[0] == "\n":
item[item.keys()[0]] = ""
organized_dict["group"] = item.keys()[0]
organized_dict["members"] = item.values()[0]
dbr.fill("group_membership", organized_dict)
log("dbd", "grp", "membership")
def abnormal_users(self, allowed_users):
"""takes in list of allowed users, dbs users not in list and not in default list."""
normal = [
"daemon",
"bin",
"sys",
"sync",
"games",
"man",
"lp",
"mail",
"news",
"uucp",
"proxy",
"www-data",
"backup",
"list",
"irc",
"gnats",
"nobody",
"libuuid",
"statd",
"shd",
"root",
]
file = open(config.file().shadow_file(), "r")
current_users = [line.split(":")[0] for line in file.readlines()]
file.close()
nonnormal = [user for user in current_users if user not in normal]
abnormal = [user for user in nonnormal if user not in allowed_users]
for int in range(0, len(abnormal)):
organized_dict = {}
organized_dict["user"] = abnormal[int]
dbr.ok("abnormal_users")
dbr.fill("abnormal_users", organized_dict)
log("dbd", "usr", ", ".join(abnormal), "abnormal")
return abnormal
