go*dZddlZddlZddlZddlZddlZddlmZddlm Z ddl m Z m Z ddl mZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZeeeecZZGddej Z GddeZ!dS)u This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see Generic Sensor plugin - Creates listening unix domain socket on config.GenericSensor.SOCKET_PATH - Expects alert data formatted as N) getLogger)MSGS_WITHOUT_IP) SimpleRpcGENERIC_SENSOR_SOCKET_PATH)files) MessageType)Sensor)g)getNetworkLogger) RpcServerAV)Scope) LineBufferc eZdZejejejejejej ej ej dZ dZ dZdZdZdZdZdS) Protocol)NOOP MALWARE_SCANMALWARE_SCAN_TASKMALWARE_SCAN_COMPLETEMALWARE_CLEAN_COMPLETEMALWARE_RESTORE_COMPLETEMALWARE_CHECK_DETACHED_SCANSMALWARE_SEND_FILEScV||_||_t|_d|_dSN)_loop_sinkr _line_buffer transport)selfloopsink_s P/opt/imunify360/venv/lib/python3.11/site-packages/imav/plugins/generic_sensor.py__init__zProtocol.__init__Bs'  &LLcH||_tddS)NzConnection madernetwork_loggerdebugrrs r#connection_madezProtocol.connection_madeHs$"./////r%c|}|std|dS|j||jD]s}|rot d|| |}|r+tj |d<| |tdS)NzEmpty message received <%s>zdata_received: {!r} timestamp) decodestriploggererrorrappendr(r)format _parse_msgtime _process_msg)rdatamsgsmsgtokenss r# data_receivedzProtocol.data_receivedLs{{}}zz||  LL6 = = = F   &&&$ . .C .$$%:%A%A#%F%FGGG--.*.)++F;'%%f---  . .r%c tj|S#tj$r,tdt |YdSwxYw)Nz#data_received(%s): unable to decode)jsonloadsJSONDecodeErrorr0 exceptionrepr)rr9s r#r4zProtocol._parse_msg[s^ O:c?? "# O O O   BDII N N N N N N Os7AAcV |d}|j|}nN#t$rA}tdt |t |Yd}~dSd}~wwxYw|dkrd|dD|d<nk|dkrtdnI|dvr)|j|d <td |n|d vrtd |n|d kr tj|d }|j |j ||d |nE#tj $r3}td|t|Yd}~nd}~wwxYwdS|ds:|t vr1td|d|dS|j |j ||dS)Nmethodz1data_received(%s): Wrong or missing 'method' [%s]rcZg|](}tjtj|)S)osfsdecodebase64 b64decode).0fs r# z)Protocol._process_msg..os:"""56 F,Q//00"""r%filelistSYNCLISTzReceived test SynclistResponse)IP_LISTS_UPDATEBLOCKED_PORT_UPDATEBLOCKED_PORT_IP_UPDATEHEALTHrz Received )WHITELIST_CACHE_UPDATE IPSET_UPDATE UPDATE_RULESUPDATE_CUSTOM_LISTS FILES_UPDATE files_typezError during processing %s: %s attackers_ipz@Method type is %s but empty or no in message <%s>)METHOD2MSGTYPEKeyErrorr0r1rAinforrIndexr create_taskrprocess_messageIntegrityErrorstrgetr)rr:rCmsgtypeeindexr1s r#r6zProtocol._process_msgas H%F)&1GG    LLCV Q    FFFFF   ( ( ("":@:L"""F:  z ! ! KK8 9 9 9 9    #'.F;  KK,F,, - - - -    KK,F,, - - - - ~ % %  F<$899  &&J..| 4e<< '    4fc%jj  FN++ o0M0M LL" 8$$     F tz99''&//JJKKKKKs, A#6AA#;EF')FFcHd|_tddS)N Disconnectedr'r*s r#connection_lostzProtocol.connection_losts#^,,,,,r%N)__name__ __module__ __qualname__rNoop MalwareScanMalwareScanTaskMalwareScanCompleteMalwareCleanCompleteMalwareRestoreCompleteCheckDetachedScansMalwareSendFilesrZr$r+r;r4r6rhrEr%r#rr6s #/(8!,!@"-"B$/$F(3(F):  N 000 . . .OOO 8L8L8Lt-----r%rc*eZdZeZeZejZ dZ dS) GenericSensorcKtjrGGfddt}|d{Vt_tjSt jt j j dt j j rt j j  fdj d{Vt_tjS)Nc,eZdZjZjZdS)8GenericSensor.create_sensor..GenericSensorSocketN)rirjrk SOCKET_PATHPROTOCOL_CLASS)rsr#GenericSensorSocketrxs". !%!4r%r{T)exist_okc0Sr)rz)r rr!sr#z-GenericSensor.create_sensor..s++D$77r%)rSOCKET_ACTIVATIONr creater sensor_serverrFmakedirspathdirnameryexistsunlinkcreate_unix_server)rr r!r{s``` r# create_sensorzGenericSensor.create_sensors%  & # 5 5 5 5 5 5 5k 5 5 5%8$>$>tT$J$JJJJJJJAO? " K(899D I I I Iw~~d.// , $*+++$($;$;7777779I%%AO? "r%N) rirjrkrryrrzr AVSCOPErrEr%r#rurus4,KN HE#####r%ru)"__doc__asynciorHr=rFr5loggingrimav.contracts.messagesr defence360agent.contracts.configrrdefence360agentr"defence360agent.contracts.messagesr!defence360agent.contracts.pluginsr &defence360agent.internals.global_scoper defence360agent.internals.loggerr defence360agent.simple_rpcr defence360agent.utilsr defence360agent.utils.bufferrrir0r(rrurEr%r#rs: 333333"!!!!!::::::444444444444======222222''''''333333"8,,.>.>x.H.Hg-g-g-g-g-wg-g-g-T#####F#####r%