Gecko [ www.omxrelocation.in ]

Name	Size	Permission
check-detached.py	1.11 KB	-rwxr-xr-x
check_recurrent.py	1.85 KB	-rwxr-xr-x
create_default_config	1.23 KB	-rwxr-xr-x
csf_tool	2.75 KB	-rwxr--r--
delay_on_cron_call.py	1.12 KB	-rwxr-xr-x
disable_3rd_party_ids	1.01 KB	-rwxr--r--
imunify-disable-cpu-accounting...	792 B	-rwxr--r--
imunify-doctor.sh	17.1 KB	-rwxr--r--
imunify-force-update.sh	3.16 KB	-rwxr--r--
lfd_block.py	2.96 KB	-rwxr--r--
mk_apache_conf_digest.pl	3.55 KB	-rwxr--r--
purge-clamav	535 B	-rwxr-xr-x
remove_hardened_php.py	3.59 KB	-rwxr-xr-x
rules_checker.py	10.8 KB	-rwxr-xr-x
send-notifications	7.01 KB	-rwsrwx---
setup_cagefs.py	3.72 KB	-rwx------
track-fpfn-submissions.sh	3.8 KB	-rwxr-xr-x
update_components_versions.py	4.46 KB	-rwxr-xr-x
whitelist_cache.py	1.46 KB	-rwxr-xr-x

Code Editor : lfd_block.py

#!/opt/imunify360/venv/bin/python3 -u
"""BLOCK_REPORT script invoked by Login Failure Daemon (CSF) for a blocked ip.

- report the incident to imunify360
- run the replaced user BLOCK_REPORT script (block_report_user)
"""
import json
import logging
import os
import socket
import subprocess
import sys
from collections import namedtuple

import defence360agent.internals.logger

BLOCK_REPORT_TIMEOUT = 10  # seconds
SOCKET = "/var/run/defence360agent/generic_sensor.sock.2"

Event = namedtuple(
    "Event",
    (
        "ip",
        "ports",
        "permanent",
        "inout",
        "timeout",
        "message",
        "logs",
        "trigger",
    ),
)

def run_user_script(
    args,
    *,
    logger=None,
    timeout=None,
    # see defence360/src/asyncclient/defence360agent/plugins/sensor/lfd.py
    script=os.path.join(os.path.dirname(__file__), "block_report_user"),
):
    if os.path.isfile(script):
        if os.path.realpath(script) == os.path.abspath(__file__):
            # If for whatever reason script tries to call itself, ignore it
            logger.error("Not running %s since it is a loop", script)
            return
        try:  # NOTE: ignore user script errors
            subprocess.run([script] + args, timeout=timeout)
        except subprocess.TimeoutExpired:
            raise TimeoutError("imunify lfd_block user script timeout")

def main(logger):
    if len(sys.argv) != (len(Event._fields) + 1):
        # logger.warning is to find evidence of call without arguments
        # in logs (to find a possible automation call mistake)
        logger.warning(
            "This script is intended to be used as "
            "BLOCK_REPORT script for CSF"
        )
        sys.exit(1)

e = Event(*sys.argv[1:])
    with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as sock:
        sock.settimeout(BLOCK_REPORT_TIMEOUT)
        try:
            sock.connect(SOCKET)
            msg = {
                "method": "INCIDENT",
                "attackers_ip": e.ip,
                "plugin_id": "lfd",
                "ttl": e.timeout,
                "rule": e.trigger,
                "name": e.trigger,
                "message": e.message,
            }
            sock.sendall(json.dumps(msg).encode() + b"\n")
        except (
            ConnectionRefusedError,
            FileNotFoundError,
        ):  # allow other errors to propagate
            # agent appears to be turned off or hanged
            pass  # do nothing
        except socket.timeout:  # also do nothing
            logger.debug("failed to send incident report in time")
        finally:
            run_user_script(
                sys.argv[1:], timeout=BLOCK_REPORT_TIMEOUT, logger=logger
            )

if __name__ == "__main__":
    defence360agent.internals.logger.reconfigure()
    logger = logging.getLogger(sys.argv[0])
    try:
        main(logger)
    except Exception:  # <-- ignore SystemExit
        # do not left unreported
        logger.exception("imunify lfd_block script error")

${this.title}

Code Editor : lfd_block.py