gS- *dZddlZddlZddlZddlZddlZddlZddlmZddl m Z m Z m Z m Z mZddlmZmZddlmZddlmZddlmZdd lmZejeZed Zed Zed z Zd Z dZ!dZ"dZ#dZ$dZ%dZ&dZ'Gdde(Z)dede e*ddfdZ+de e*dee e*e e*ffdZ,dede e*fdZ-Gdd e.Z/Gd!d"e*Z0d#e*d$e*dee e*e e*ffd%Z1Gd&d'Z2d(e*de e*d)e e*de2fd*Z3Gd+d,Z4d(e*de e*de4fd-Z5deddfd.Z6d/ed0ede7fd1Z8ded2e e egdfde7fd3Z9d8d4Z:de7fd5Z;d8d6Z. Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N)Path)CallableIterableListSetTuple)ANTIVIRUS_MODEMalware) HostingPanel) check_run)MalwareIgnorePath) crontab_pathz4/etc/sysconfig/imunify360/malware-filters-admin-confz)/var/imunify360/files/realtime-av-conf/v1 processedzpd-combined.txtzav-internal.txtz av-admin.txtzav-admin-paths.txtignoredizimunify-realtime-avz/usr/bin/i360-exclcompceZdZdZdS)PatternLengthErrorz(Raised when pattern's length is too big.N)__name__ __module__ __qualname____doc__L/opt/imunify360/venv/lib/python3.11/site-packages/imav/subsys/realtime_av.pyrr9s22Drrdirbasedirsreturnc|dz d5}t|D]7}|tj|dz8 ddddS#1swxYwYdS)z+Save list of basedirs in a file inside dir.zbasedirs-list.txtw N)opensortedwriteospathrealpath)rrfbasedirs r_save_basedirsr(?s # # ) )# . .6!h'' 6 6G GGBG$$W--4 5 5 5 5 6666666666666666666sAA//A36A3pathscgg}}|D]J}|dr||dd5||K||fS)zSplit paths into two lists: absolute and relative. Relative paths start with +. This + sign is removed from resulting path.+N) startswithappend)r)absoluterelativer$s r _split_pathsr1FsmRhH"" ??3   " OODH % % % % OOD ! ! ! ! X rr$c |5}d|D}d|DcdddS#1swxYwYdS#t$rgcYSwxYw)zRead file at path and return its lines as a list. Empty lines or lines starting with '#' symbol are skipped. Lines are stripped of leading and trailing whitespace. If the file does not exist, empty list is returned.c6g|]}|Sr)strip).0lines r z_read_list..[s 000dTZZ\\000rcbg|],}t|dk|d*|-S)r#)lenr-)r5xs rr7z_read_list..\s3MMM!A 1<<;L;L A rN)r FileNotFoundError)r$r&liness r _read_listr>Ss  YY[[ NA00a000EMMuMMM N N N N N N N N N N N N N N N N N N  s.A; A?A?A AAceZdZdZdeedeeddffd Zedede fdZ ed eedeedeefd Z d e ddfd Z xZS) _Watchedz8Holds a list of watched glob patterns ready to be saved.rrrNctt|\}}fd|||zDdS)Nc3K|]8}|tj|V9dSN) _is_validr#r$r%)r5pselfs r z$_Watched.__init__..gsY  ~~a   G  Q        r)super__init__r1extend_extend_relative)rFrrr/r0 __class__s` rrIz_Watched.__init__ds )!__(      5 5h I II        rpatterncj|dstd|dSdS)z(Return True if watched pattern is valid./z+skipping watched path %s: not starts with /FTr-loggerwarningrMs rrDz_Watched._is_validmsA!!#&&  NN=w   5trr)cg}|D]:}|D]5}|tj||6;|S)z7Join basedirs with all paths and return resulting list.)r.r#r$join)r)rextendedr$r's rrKz_Watched._extend_relativewsV = =D# = = Wd ; ;<<<< =rr$c|d5}|d|ddddS#1swxYwYdS)z$Save watched list at specified path.rrN)r r"rUrFr$r&s rsavez _Watched.saves YYs^^ %q GGDIIdOO $ $ $ % % % % % % % % % % % % % % % % % %s)A  AA)rrrrrstrrrI staticmethodboolrDrKrrY __classcell__)rLs@rr@r@asBB $s) s3x D      34\S SX$s)\%%$%%%%%%%%rr@ceZdZdZededefdZededefdZededefdZ e de ede eddfd Z d efd Zd S) _Ignoredz:Holds a list of ignored regexp patterns ready to be saved.rMrcj|drtd|dSdS)z1Return True if relative ignored pattern is valid.^z0skipping relative ignored path %s: starts with ^FTrPrSs r_is_valid_relativez_Ignored._is_valid_relativesA   c " "  NNBG   5trcD|dr |ddS|S)z.Remove leading slash from pattern, if present.rOr,N)r-rSs r_remove_leading_slashz_Ignored._remove_leading_slashs-   c " " 122; rc tj|dS#t$rtd|YdSwxYw)z7Return True if pattern successfully compiles as regexp.Tz*skipping ignored pattern %s: invalid regexF)recompile ExceptionrQrRrSs r _compilesz_Ignored._compiless[  Jw   4    NNg|]}||Sr)rir5rEclss rr7z*_Ignored.from_patterns..s*<<.sa   %%a(( .1]]1-=-=  % %a ( (   rrz^(?:{})/(?:{})|z^$)r1r:formatrUr.r_)rnrjrr/r0relative_patternpats` r from_patternsz_Ignored.from_patternss *(33(<<<lowerexistsrJ _ADMIN_PATH)ryrz common_dirinternal panel_paths r _read_configsrs{(*J*t+,,H%++--/J7 :#455666 Z d 233 33rc2eZdZdededdfdZdeddfdZdS) _WatchedCtxradminrNc"||_||_dSrC)rr)rFrrs rrIz_WatchedCtx.__init__s   rrc|dz }|d|j|tz |j|t z dS)NwatchedTexist_ok)mkdirrrY_INTERNAL_NAMEr _ADMIN_NAMErFrrs rrYz_WatchedCtx.savesX )O  1~-... K(((((r)rrrr@rIrrYrrrrrs_(t))))))))rr panel_nameextract|d\}}||tt||t||S)Nz watched.txt)rrJrr@)rrrinternal_watched admin_watcheds r_watched_contextrsY'4J &N&N#mE""" !8,,h}h.O.O  rc6eZdZdedededdfdZdeddfdZdS) _IgnoredCtxrrpdrNc0||_||_||_dSrC)rrr)rFrrrs rrIz_IgnoredCtx.__init__s!  rrc|tz }|d|j|tz |j|t z |j|tz dS)NTr) _IGNORED_SUB_DIRrrrYrrrr_PD_NAMErs rrYz_IgnoredCtx.savesr " "  1~-... K(((  Q\"""""r)rrrr_rIrrYrrrrrsj )17? ########rrct|d\}}tt||t||t||z|S)Nz ignored.txt)rrr_ru)rrinternal_ignored admin_ignoreds r_ignored_contextrsi&3J &N&N#m /::}h77/-?JJ  rctj}dd|D}|tz tz }||dS)Nrc3hK|]-}tjtj|dzV.dS) N)base64 b64encoder#fsencode)r5r$s rrGz'_admin_ignored_paths..sM$$8<T**++e3$$$$$$r)r path_listrUr_ADMIN_PATHS_NAME write_bytes)r ignored_pathsignored_paths_base64targets r_admin_ignored_pathsrsn%/11M88$$@M$$$# #&7 7F +,,,,,rdir1dir2cX|D]}|rt|||jz rdS|sF||jz }|sdS||krdSdS)zXCompare content of two folders if files in this directory are the same return False.TF)iterdiris_dir_contain_changesrzis_filer read_bytes)rrfileothers rrr s    ;;== dTY&677 tt||~~  ty ||~~ 44 ??   0 0 2 2 2 244 3 5rsaversc|d}|r!tjt |||D] }|||r|d}|r!tjt ||| ||n$#t$r||wxYwt||S||dS)zySave configs in directory dir using saves callable. Each function in savers will be called with single dir argument.z.tmpz.backupT) with_suffixrshutilrmtreerZr with_namerenamerhr)rrtemprYbackups r _save_configsrs2 ??6 " "D {{}}! c$ii   JJLLL T  zz|| y)) ==?? ' M#f++ & & & 6  KK        MM#      V,,, Cts #C99!Dcttz tz }ttz } |}|r2t jt|t|ks+| | |dSdS#t$r| |YdSwxYwrC) _PROCESSED_PATHrrrlstat is_symlinkr#readlinkrZunlink symlink_tor<)rsource_s r_update_pd_symlinkr8s / /( :F 8 #F & LLNN      &$&KF $<$<F $K$K MMOOO   f % % % % %%L$K """&!!!!!!"sB//CCc t}|ttjr.t tttfdt|j j t|j j tg}t|S)z*Generate new malware paths filters config.c,t|hSrC)r()rr extra_watcheds rz"generate_configs..Uss,Gh,G,GHHr)r)r rsetr CRONTABS_SCAN_ENABLEDaddrZrrrrNAMErYrrr)rychangedrrs @@rgenerate_configsrIs NNE~~HEEM$/#lnn--... H H H H H UZ G G G L UZ 2 2 7  G NrcKtdtdgttgg}|D]L} |d{V #tj$rt $r%}t d|Yd}~Ed}~wwxYwdS)Nservicerestartz)realtime_av.reload_services exception: %s)r _SERVICE _PD_PREPAREasyncioCancelledErrorrhrQrR)taskstes rreload_servicesr_s9h 233;-   EKK KGGGGGGGG%     K K K NNF J J J J J J J J K KKs=A;A66A;c*t o tjSrC)r r INOTIFY_ENABLEDrrrshould_be_runningrms  9'"99r)rN)>rrrloggingr#rfrpathlibrtypingrrrrr defence360agent.contracts.configr r +defence360agent.subsys.panels.hosting_panelr defence360agent.utilsr imav.malwarelib.modelr imav.malwarelib.scan.crontabr getLoggerrrQrr}rrrrrrrwrrrhrrZr(r1r>listr@r_rrrrrrr\rrrrrrrrrrs;*  77777777777777DDDDDDDDDDDDDD++++++333333555555  8 $ $dIJJ ABB + " ( &         66C6T6666 S eDItCy,@&A     T d3i    "%"%"%"%"%t"%"%"%J=====s===@ 4 4C 4E$s)T#Y2F,G 4 4 4 4 ) ) ) ) ) ) ) )"3x3;C= # # # # # # # # C[-d-t----4t"tT(D64<*@%Ad8&&&&"$, K K K K:4::::::r