Mirror
/
LSMS
mirror of https://github.com/sqall01/LSMS.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sync internal repo

This commit is contained in:
Andre Pawlowski 2023-08-15 08:47:47 +02:00
parent 3c05463d94
commit a4add863a4
2 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/monitor_systemd_units.py
View File

@ -50,7 +50,7 @@ except:
"/usr/lib/systemd/user",
"/usr/lib/systemd/network",
"/usr/local/lib/systemd/system",
"/usr/local/lib/systemd/user"
"/usr/local/lib/systemd/user",
"/usr/local/lib/systemd/network",
"/lib/systemd/system",
"/lib/systemd/user",

13
scripts/search_deleted_exe.py
View File

@ -16,6 +16,7 @@ None
"""
import os
import re
import sys
from lib.util import output_finding
@ -54,7 +55,17 @@ def search_deleted_exe_files():
if suspicious_exes:
message = "Deleted executable file(s) found:\n\n"
message += "\n".join(suspicious_exes)
for suspicious_exe in suspicious_exes:
match = re.search(r" (/proc/(\d+)/exe -> .*)$", suspicious_exe)
exe = match.group(1)
pid = match.group(2)
message += "\n%s" % exe
with open("/proc/%s/cmdline" % pid, "rb") as fp:
cmdline = fp.read()
# Replace 0-bytes with whitespaces for readability
cmdline = cmdline.replace(b"\x00", b" ")
message += "\n/proc/%s/cmdline -> %s" % (pid, cmdline.decode("utf-8"))
message += "\n"
output_finding(__file__, message)