def process_event(self, event, *args, **kwargs): _input = self.get_input(event) splitted_input = _input.split() splitted_input.append(get_command_name_from_path(_input)) if 'passwd' in splitted_input: self.logger.msg( eventid='cowrie.command.passwd_command_entered', input=_input, format='"passwd" command detected on input "%(input)s".')
def process_event(self, event, *args, **kwargs): found_list = [] _input = self.get_input(event) splitted_input = _input.split() splitted_input.append(get_command_name_from_path(_input)) for input_part in splitted_input: if input_part in map(lambda x: x['command'], self.command_list): found_list.append(input_part) if found_list: self.logger.msg(eventid='cowrie.command.network_detection_command', input=_input, found_list=found_list, format='Found network detection commands in command "%(input)s": %(found_list)s')
def process_event(self, event, *args, **kwargs): deleted_directories = [] _input = self.get_input(event) splitted_input = _input.split() splitted_input.append(get_command_name_from_path(_input)) if self.deletion_exists(splitted_input): for directory in self.risky_directories: if directory in _input: deleted_directories.append(directory) if deleted_directories: self.logger.msg( eventid='cowrie.command.deleting_track', input=_input, found_list=deleted_directories, format= 'Found deleting track commands in command "%(input)s": %(found_directories)s' )