56 lines
1.4 KiB
Python
Executable File
56 lines
1.4 KiB
Python
Executable File
#!/usr/local/bin/python3
|
|
|
|
# Checks the process list for anything that could be potentially worrisome.
|
|
# If something is found, emails the admins@tilde.institute account.
|
|
# gbmor <ben@gbmor.dev>
|
|
|
|
from shlex import quote
|
|
import subprocess
|
|
import time
|
|
|
|
|
|
def getBadProcs(procsList):
|
|
procsFound = []
|
|
procsRunning = list(
|
|
subprocess.check_output("/bin/ps aux", stderr=subprocess.STDOUT, shell=True)
|
|
.decode()
|
|
.split("\n")
|
|
)
|
|
|
|
for proc in procsRunning:
|
|
lilproc = proc.lower()
|
|
for badproc in procsList:
|
|
if badproc in lilproc:
|
|
procsFound.append("Found {0} :: {1}".format(badproc, proc))
|
|
|
|
return procsFound
|
|
|
|
|
|
def mailAdmins(procsFound):
|
|
msg = "WARNING: Check the following processes manually\n\n"
|
|
msg += "\n".join(procsFound)
|
|
msg += "\noutput from badprocs.py\n"
|
|
|
|
cmd = "echo {0} | mail -s 'WARNING: Found potential bad processes' admins@tilde.institute".format(
|
|
quote(msg)
|
|
)
|
|
|
|
subprocess.run(cmd, shell=True)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
procsList = [
|
|
"eggdrop",
|
|
"miner", # lots of btc miners have this in the name
|
|
"nmap",
|
|
"torrent",
|
|
"transmission",
|
|
"tshark",
|
|
"xmr", # lots of monero miners have this in the name
|
|
]
|
|
|
|
procsFound = getBadProcs(procsList)
|
|
|
|
if len(procsFound) > 0:
|
|
mailAdmins(procsFound)
|