You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 lines
1.6 KiB
Python
65 lines
1.6 KiB
Python
"""
|
|
This class is designed to be an actor class i.e it will undertake certain actions given an event detected
|
|
The platform has 2 main sections (detection & analysis).
|
|
Action Types (Actors):
|
|
- Alert : Sends an email or Webhook
|
|
- Apps : Kill, Start
|
|
- Folder: Archive, Delete (all, age, size)
|
|
|
|
@TODO:
|
|
- upgrade to python 3.x
|
|
"""
|
|
import json
|
|
from threading import Thread
|
|
import os
|
|
import subprocess
|
|
from monitor import ProcessCounter
|
|
class Actor(Thread):
|
|
def __init__(self,config):
|
|
Thread.__init__(self)
|
|
self.items = []
|
|
def init(self,litems):
|
|
self.items = litems
|
|
def process(self,item):
|
|
pass
|
|
def execute(self,cmd):
|
|
stream = None
|
|
try:
|
|
handler = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE)
|
|
stream = handler.communicate()[0]
|
|
except Exception,e:
|
|
pass
|
|
return stream
|
|
def callback(self,channel,method,header,stream):
|
|
print stream
|
|
|
|
def run(self):
|
|
info = {}
|
|
info['exchange'] = self.config['organization']
|
|
info['uid'] = self.config['id']
|
|
info['qid'] = ['action']
|
|
|
|
qlistener = QueueListener(info)
|
|
qlistener.read()
|
|
r = [self.process(item) for item in self.litems]
|
|
class Kill(Actor):
|
|
def __init__(self,config):
|
|
Actor.__init__(self,config)
|
|
def process(self,item):
|
|
cmd = "".join(["ps -eo pid,command|grep ",item,'|grep -E"^ {0,1}[0-9]+" -o|xargs kill -9'])
|
|
self.execute(cmd)
|
|
#
|
|
# We need to make sure we can get assess the process on this server
|
|
#
|
|
class Start(Actor):
|
|
def __init__(self,config):
|
|
Actor.__init__(self,config)
|
|
def process(self,item):
|
|
path = item['path']
|
|
args = item['args'] if 'args' in item else ''
|
|
cmd = " ".join([path,args])
|
|
self.execute(cmd)
|
|
|
|
class Alert(Actor):
|
|
pass
|