Server IP : 184.154.167.98 / Your IP : 3.15.198.69 Web Server : Apache System : Linux pink.dnsnetservice.com 4.18.0-553.22.1.lve.1.el8.x86_64 #1 SMP Tue Oct 8 15:52:54 UTC 2024 x86_64 User : puertode ( 1767) PHP Version : 7.2.34 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/bin/ |
Upload File : |
#!/opt/imunify360/venv/bin/python # # i360-storage-new Python script to compile rules for appropriate # proactive module version. # import argparse import os from os import path import logging import time import shutil import subprocess import sys import tempfile VERSION = '8.2' SRC = "/var/imunify360/files/proactive/rules/%s" % VERSION DEST = "/usr/share/i360-php-opts/sigs/%s" % VERSION TOOL = "/usr/bin/i360-storage.v2" MUST_HAVE_ITEMS = ('rules.yaml', 'params_pattern_list', 'rce_patterns_list') RESULT = [ '.rules.v2', '.rules', '.rulesdump' ] TOOL_OLD = "/usr/bin/i360-storage.immunity" def must_have_items_check(silently_skip): if not path.exists(SRC): sys.exit(0 if silently_skip else "ERROR: directory '%s' does not EXIST" % SRC) for item in MUST_HAVE_ITEMS: if not path.exists(path.join(SRC, item)): sys.exit(0 if silently_skip else "ERROR: file '%s' is NOT FOUND in '%s' directory" % (item, SRC)) if __name__ == '__main__': ts_begin = time.time() logging.basicConfig(filename='/var/log/proactive_defense_compiler.log', filemode='w', level=logging.DEBUG, format='%(asctime)s %(levelname)-8s %(message)s', datefmt='%Y-%m-%d %H:%M:%S') parser = argparse.ArgumentParser(description="compile PA rules [%s -> %s]" % (SRC, DEST)) parser.add_argument("--silent-on-noop", action="store_true", help="do nothing if %s does not exist" % SRC) args = parser.parse_args() must_have_items_check(args.silent_on_noop) tempdir = tempfile.mktemp(prefix='%s_tmpdir_' % path.basename(DEST), dir=path.dirname(DEST)) shutil.copytree(SRC, tempdir) os.chdir(tempdir) os.umask(0o022) try: output = subprocess.check_output([TOOL, tempdir + '/.rules.v2', tempdir], stderr=subprocess.STDOUT, universal_newlines=True) except subprocess.CalledProcessError as e: # full backtrace is not needed for tool call error logging.critical('%s\n==================================' % e.output) if e.returncode == 2: print("ERROR: %s" % e) else: sys.exit("ERROR: %s" % e) try: output = subprocess.check_output([TOOL_OLD, 'mkbin'], stderr=subprocess.STDOUT, universal_newlines=True) output = subprocess.check_output([TOOL_OLD, 'mkdump', '.rules', '.rulesdump'], stderr=subprocess.STDOUT, universal_newlines=True) except subprocess.CalledProcessError as e: # full backtrace is not needed for tool call error logging.critical('%s\n==================================' % e.output) sys.exit("ERROR: %s" % e) os.makedirs(DEST, mode=0o755, exist_ok=True) for item in RESULT: # get ready for atomic rewrite (copy + rename) tmpfn = tempfile.mktemp(suffix='_i360tmp', prefix=item, dir=DEST) # copy data and mode bits if os.path.exists(path.join(tempdir, item)): shutil.copy(path.join(tempdir, item), tmpfn) # that is Ok for .rulesdump + .rules to be handled not as a single step, # as far so far .rules is a fallback when we fail to mmap() .rulesdump os.rename(tmpfn, path.join(DEST, item)) os.chdir(tempfile.gettempdir()) # chdir away from tempdir shutil.rmtree(tempdir) ts_end = time.time() logging.info("Success. Execution time %d s" % (ts_end - ts_begin)) print("Success.")