Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
HaiSoft (public)
Wrong Listener Killer
Commits
1162e3e4
Commit
1162e3e4
authored
May 29, 2017
by
UltimateByte
Committed by
GitHub
May 29, 2017
Browse files
actionbefore & after + mail alert if ok
parent
a660da62
Changes
1
Hide whitespace changes
Inline
Side-by-side
wlk.sh
View file @
1162e3e4
...
...
@@ -12,11 +12,14 @@ allowedname="httpd" # Which process should we get on speccified port
allowedpath
=
"/usr/sbin/httpd"
# Which is the correct path to run it
allowedusers
=
"root;"
# Which is the correct user to run it (separate with ; )
actionbefore
=
"service
${
allowedname
}
restart"
# Run a custom action if a problem is found
actionafter
=
"service
${
allowedname
}
restart"
# Run a custom action after a problem was found and processes killed
logdir
=
"/root"
# Log directory (don't end with /)
mailalert
=
"yes"
# Wether to send a mail alert or not (yes/no)
mailaddress
=
"root@localhost"
# Mail to send an alert to if a threat is detected
sleeptime
=
"0"
# Sleep between kills
sleeptime
=
"0
.1
"
# Sleep between kills
maxruns
=
"30"
# How many PID this script can kill
## Misc vars
...
...
@@ -127,6 +130,22 @@ fn_evaluate(){
fi
}
# Execute an action before proceeding
fn_actionbefore
(){
if
[
-n
"
${
actionbefore
}
"
]
;
then
fn_logecho
"[ACTION] Applying actionbefore:
${
actionbefore
}
"
${
actionbefore
}
fi
}
# Execute an action after proceeding
fn_actionafter
(){
if
[
-n
"
${
actionafter
}
"
]
;
then
fn_logecho
"[ACTION] Applying actionafter:
${
actionafter
}
"
${
actionafter
}
fi
}
## Take action
fn_action
(){
## Problematic process was found
...
...
@@ -134,6 +153,9 @@ fn_action(){
fn_logecho
"[ALERT] Process on port
${
portcheck
}
does not meet requirements"
fn_logecho
"[INFO] Expected: Name:
${
allowedname
}
\t
User:
${
allowedusers
}
\t
Path:
${
allowedpath
}
"
fn_logecho
"[INFO] Actual : Name:
${
pidname
}
\t
User:
${
piduser
}
\t
Path:
${
pidcommand
}
"
# Take the "before" action
fn_actionbefore
# Kill the app
fn_logecho
"[ACTION] Killing PID
${
pid
}
"
kill
-9
"
${
pid
}
"
# Reset harm for future tests
...
...
@@ -153,7 +175,7 @@ fn_action(){
fi
elif
[
"
${
actiontaken
}
"
==
"1"
]
;
then
fn_logecho
"[OK] The process on port
${
portcheck
}
now meets requirements"
exi
t
fn_mail_aler
t
else
fn_logecho
"[OK] The process on port
${
portcheck
}
meets requirements"
exit
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment