blob: 515e3660679e886387083ecf41aa6d9ddbc7fd77 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
#!/usr/local/bin/python3
# Checks the process list for anything that could be potentially worrisome.
# If something is found, emails the admins@tilde.institute account.
from shlex import quote
import subprocess
import time
def getBadProcs(procsList):
procsFound = []
procsRunning = list(
subprocess.check_output("/bin/ps aux", stderr=subprocess.STDOUT, shell=True)
.decode()
.split("\n")
)
for proc in procsRunning:
lilproc = proc.lower()
for badproc in procsList:
if badproc in lilproc:
procsFound.append("Found {0} :: {1}".format(badproc, proc))
return procsFound
def mailAdmins(procsFound):
msg = "WARNING: Check the following processes manually\n\n"
msg += "\n".join(procsFound)
msg += "\noutput from badprocs.py\n"
cmd = "echo {0} | mail -s 'WARNING: Found potential bad processes' admins@tilde.institute".format(
quote(msg)
)
subprocess.run(cmd, shell=True)
if __name__ == "__main__":
procsList = [
"eggdrop",
"miner", # lots of btc miners have this in the name
"nmap",
"torrent",
"transmission",
"tshark",
"xmr", # lots of monero miners have this in the name
"znc",
]
procsFound = getBadProcs(procsList)
if len(procsFound) > 0:
mailAdmins(procsFound)
|