| Server IP : 123.56.80.60 / Your IP : 216.73.216.217 Web Server : Apache/2.4.54 (Win32) OpenSSL/1.1.1s PHP/7.4.33 mod_fcgid/2.3.10-dev System : Windows NT iZhx3sob14hnz7Z 10.0 build 14393 (Windows Server 2016) i586 User : SYSTEM ( 0) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Program Files (x86)/Alibaba/Aegis/PythonLoader/third_party/aegis_checker/info/ |
Upload File : |
# -*- coding: utf-8 -*-
import os
import platform
import shutil
import sys
import time
import psutil
import logging
from aegis_checker.common.platform_info import is_windows
from aegis_checker.common.print_log import *
from aegis_checker.common.file_util import read_from_file
from aegis_checker.common.common_path import get_log_dir
def _copy_hosts():
if is_windows():
host_path = os.path.join(r"C:\Windows\System32\drivers\etc\hosts")
else:
host_path = os.path.join("/etc/hosts")
if not os.path.exists(host_path):
logging.warning("%s is not exists", host_path)
aegis_log_dir = get_log_dir()
shutil.copy(host_path, aegis_log_dir)
def _copy_dmsg_log():
syslog_paths = [
"/var/log/syslog",
"/var/log/messages"
]
aegis_log_dir = get_log_dir()
for syslog_path in syslog_paths:
if os.path.exists(syslog_path) and os.path.getsize(syslog_path) < 30 * 1024 * 1024:
shutil.copy(syslog_path, aegis_log_dir)
else:
logging.warning("%s is not exists or file size is more than 30M", syslog_path)
def _check_os_info():
log_info("os is %s, architecture is %s" % (platform.platform(), platform.machine()))
def _get_linux_kernel_ver():
"""
read kernel version from /proc/version
:return: string
"""
lines = read_from_file("/proc/version")
log_info("linux kernel version info : %s" % lines[0])
return lines[0]
def _get_linux_distribution():
"""
read linux distribution info from /etc/issue or /etc/os-release
CentOS7 there is no distribution info in /etc/issue
CentOS7 there is no /etc/os-release
:return: string
"""
linux_distribution = ""
os_release_path = "/etc/os-release"
issue_path = "/etc/issue"
if os.path.exists(os_release_path):
with open(os_release_path) as f:
for line in f:
if 0 == line.find("PRETTY_NAME="):
linux_distribution = line[len("PRETTY_NAME="):]
linux_distribution = linux_distribution.strip('"')
break
elif os.path.exists(issue_path):
lines = read_from_file(issue_path)
linux_distribution = lines[0]
if linux_distribution:
log_info("linux distribution is %s" % linux_distribution)
else:
logging.warning("get linux distribution fail")
def _get_process_info():
"""
get all process path, cmd, pid, ppid, cpu time info, and save into log/process_info.log
:return:
"""
process_log_path = os.path.join(get_log_dir(), "process_info.log")
with open(process_log_path, "w") as f:
for pid in psutil.pids():
try:
p = psutil.Process(pid)
ppid = p.ppid()
start_time = p.create_time()
start_time = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(start_time))
proc_name = p.name()
# p.exe and p.cmdline may cause exception in windows for system process
try:
user = p.username()
proc_path = p.exe()
cmdline = p.cmdline()
cmdline = ' '.join(cmdline)
cmdline = cmdline.strip()
except:
proc_path = "N/A"
cmdline = "N/A"
user = "N/A"
pass
cpu_time_user = p.cpu_times().user
cpu_time_sys = p.cpu_times().system
f.write(
"pid : %d, ppid : %d, name : %s, user name : %s, start time : %s, cpu user time: %f, cpu system time : %f, proc path : %s, cmd : %s\r\n" % (
pid, ppid, proc_name, user, start_time, cpu_time_user, cpu_time_sys, proc_path, cmdline))
except psutil.NoSuchProcess:
continue
except :
pass
# logging.exception("catch error for process %d" % pid)
def check():
_check_os_info()
if not is_windows():
_get_linux_distribution()
_get_linux_kernel_ver()
_copy_dmsg_log()
_get_process_info()
_copy_hosts()
if __name__ == '__main__':
check()