зеркало из https://github.com/mozilla/MozDef.git
Remove redundant backslach between brackets
This commit is contained in:
Brandon Myers
Родитель
733a02c35d
Коммит
6dfd213f17
1
.flake8
1
.flake8
|
|
@ -33,7 +33,6 @@ ignore =
|
|||
E305 # expected 2 blank lines after class or function definition
|
||||
E402 # module level import not at top of file
|
||||
E501 # line too long
|
||||
E502 # the backslash is redundant between brackets
|
||||
E711 # comparison to None should be 'if cond is not None
|
||||
E712 # comparison to True should be 'if cond is True
|
||||
E713 # test for membership should be 'not in'
|
||||
|
|
|
|||
|
|
@ -74,14 +74,14 @@ if __name__ == '__main__':
|
|||
for i in range(0,10):
|
||||
|
||||
print(i)
|
||||
alog=dict(eventtime=pytz.timezone('UTC').localize(datetime.now()).isoformat(),\
|
||||
hostname=socket.gethostname(),\
|
||||
processid=os.getpid(),\
|
||||
processname=sys.argv[0],\
|
||||
severity='INFO',\
|
||||
summary='joe login failed',\
|
||||
category='authentication',\
|
||||
tags=[],\
|
||||
alog=dict(eventtime=pytz.timezone('UTC').localize(datetime.now()).isoformat(),
|
||||
hostname=socket.gethostname(),
|
||||
processid=os.getpid(),
|
||||
processname=sys.argv[0],
|
||||
severity='INFO',
|
||||
summary='joe login failed',
|
||||
category='authentication',
|
||||
tags=[],
|
||||
details=[])
|
||||
alog['details']=dict(success=True,username='mozdef')
|
||||
alog['tags']=['mozdef','stresstest']
|
||||
|
|
|
|||
|
|
@ -35,16 +35,16 @@ class message(object):
|
|||
return(None, metadata)
|
||||
|
||||
# rabbitmq
|
||||
if ('details' in message \
|
||||
and 'parentprocess' in message['details'] \
|
||||
and message['details']['parentprocess'] == 'beam.smp' \
|
||||
and 'duser' in message['details'] \
|
||||
and message['details']['duser'] == 'rabbitmq' \
|
||||
if ('details' in message
|
||||
and 'parentprocess' in message['details']
|
||||
and message['details']['parentprocess'] == 'beam.smp'
|
||||
and 'duser' in message['details']
|
||||
and message['details']['duser'] == 'rabbitmq'
|
||||
and 'command' in message['details']) \
|
||||
and (message['details']['command'] == '/usr/lib64/erlang/erts-5.8.5/bin/epmd -daemon' \
|
||||
or message['details']['command'].startswith('inet_gethost 4') \
|
||||
or message['details']['command'].startswith('sh -c exec inet_gethost 4') \
|
||||
or message['details']['command'].startswith('/bin/sh -s unix:cmd') \
|
||||
and (message['details']['command'] == '/usr/lib64/erlang/erts-5.8.5/bin/epmd -daemon'
|
||||
or message['details']['command'].startswith('inet_gethost 4')
|
||||
or message['details']['command'].startswith('sh -c exec inet_gethost 4')
|
||||
or message['details']['command'].startswith('/bin/sh -s unix:cmd')
|
||||
or message['details']['command'].startswith('sh -c exec /bin/sh -s unix:cmd')):
|
||||
return(None, metadata)
|
||||
|
||||
|
|
@ -59,24 +59,24 @@ class message(object):
|
|||
return(None, metadata)
|
||||
|
||||
# chkconfig
|
||||
if ('details' in message \
|
||||
and 'parentprocess' in message['details'] \
|
||||
and message['details']['parentprocess'] == 'chkconfig' \
|
||||
and 'suser' in message['details'] \
|
||||
and message['details']['suser'] == 'root' \
|
||||
if ('details' in message
|
||||
and 'parentprocess' in message['details']
|
||||
and message['details']['parentprocess'] == 'chkconfig'
|
||||
and 'suser' in message['details']
|
||||
and message['details']['suser'] == 'root'
|
||||
and 'command' in message['details']) \
|
||||
and (message['details']['command'].startswith('/sbin/runlevel') \
|
||||
and (message['details']['command'].startswith('/sbin/runlevel')
|
||||
or message['details']['command'].startswith('sh -c /sbin/runlevel')):
|
||||
return(None, metadata)
|
||||
|
||||
# nagios
|
||||
if ('details' in message \
|
||||
and 'duser' in message['details'] \
|
||||
and message['details']['duser'] == 'nagios' \
|
||||
and 'suser' in message['details'] \
|
||||
and message['details']['suser'] == 'root' \
|
||||
if ('details' in message
|
||||
and 'duser' in message['details']
|
||||
and message['details']['duser'] == 'nagios'
|
||||
and 'suser' in message['details']
|
||||
and message['details']['suser'] == 'root'
|
||||
and 'command' in message['details']) \
|
||||
and (message['details']['command'].startswith('/usr/lib64/nagios/plugins') \
|
||||
and (message['details']['command'].startswith('/usr/lib64/nagios/plugins')
|
||||
or message['details']['command'].startswith('sh -c /usr/lib64/nagios/plugins')):
|
||||
return(None, metadata)
|
||||
|
||||
|
|
|
|||
|
|
@ -28,16 +28,16 @@ class message(object):
|
|||
message['_ttl'] = '3d'
|
||||
|
||||
# rabbitmq -> 3d
|
||||
if ('details' in message \
|
||||
and 'parentprocess' in message['details'] \
|
||||
and message['details']['parentprocess'] == 'beam.smp' \
|
||||
and 'duser' in message['details'] \
|
||||
and message['details']['duser'] == 'rabbitmq' \
|
||||
if ('details' in message
|
||||
and 'parentprocess' in message['details']
|
||||
and message['details']['parentprocess'] == 'beam.smp'
|
||||
and 'duser' in message['details']
|
||||
and message['details']['duser'] == 'rabbitmq'
|
||||
and 'command' in message['details']) \
|
||||
and (message['details']['command'] == '/usr/lib64/erlang/erts-5.8.5/bin/epmd -daemon' \
|
||||
or message['details']['command'].startswith('inet_gethost 4') \
|
||||
or message['details']['command'].startswith('sh -c exec inet_gethost 4') \
|
||||
or message['details']['command'].startswith('/bin/sh -s unix:cmd') \
|
||||
and (message['details']['command'] == '/usr/lib64/erlang/erts-5.8.5/bin/epmd -daemon'
|
||||
or message['details']['command'].startswith('inet_gethost 4')
|
||||
or message['details']['command'].startswith('sh -c exec inet_gethost 4')
|
||||
or message['details']['command'].startswith('/bin/sh -s unix:cmd')
|
||||
or message['details']['command'].startswith('sh -c exec /bin/sh -s unix:cmd')):
|
||||
message['_ttl'] = '3d'
|
||||
|
||||
|
|
@ -52,24 +52,24 @@ class message(object):
|
|||
message['_ttl'] = '3d'
|
||||
|
||||
# chkconfig -> 3d
|
||||
if ('details' in message \
|
||||
and 'parentprocess' in message['details'] \
|
||||
and message['details']['parentprocess'] == 'chkconfig' \
|
||||
and 'suser' in message['details'] \
|
||||
and message['details']['suser'] == 'root' \
|
||||
if ('details' in message
|
||||
and 'parentprocess' in message['details']
|
||||
and message['details']['parentprocess'] == 'chkconfig'
|
||||
and 'suser' in message['details']
|
||||
and message['details']['suser'] == 'root'
|
||||
and 'command' in message['details']) \
|
||||
and (message['details']['command'].startswith('/sbin/runlevel') \
|
||||
and (message['details']['command'].startswith('/sbin/runlevel')
|
||||
or message['details']['command'].startswith('sh -c /sbin/runlevel')):
|
||||
message['_ttl'] = '3d'
|
||||
|
||||
# nagios -> 3d
|
||||
if ('details' in message \
|
||||
and 'duser' in message['details'] \
|
||||
and message['details']['duser'] == 'nagios' \
|
||||
and 'suser' in message['details'] \
|
||||
and message['details']['suser'] == 'root' \
|
||||
if ('details' in message
|
||||
and 'duser' in message['details']
|
||||
and message['details']['duser'] == 'nagios'
|
||||
and 'suser' in message['details']
|
||||
and message['details']['suser'] == 'root'
|
||||
and 'command' in message['details']) \
|
||||
and (message['details']['command'].startswith('/usr/lib64/nagios/plugins') \
|
||||
and (message['details']['command'].startswith('/usr/lib64/nagios/plugins')
|
||||
or message['details']['command'].startswith('sh -c /usr/lib64/nagios/plugins')):
|
||||
message['_ttl'] = '3d'
|
||||
|
||||
|
|
|
|||
|
|
@ -315,7 +315,7 @@ def createIncident():
|
|||
except KeyError:
|
||||
response.status = 500
|
||||
response.body = json.dumps(dict(status='failed',
|
||||
error='Missing required keys'\
|
||||
error='Missing required keys'
|
||||
'(summary, phase, creator)'))
|
||||
return response
|
||||
|
||||
|
|
@ -354,7 +354,7 @@ def createIncident():
|
|||
if False in dates:
|
||||
response.status = 500
|
||||
response.body = json.dumps(dict(status='failed',
|
||||
error='Wrong format of date. Please '\
|
||||
error='Wrong format of date. Please '
|
||||
'use yyyy-mm-dd hh:mm am/pm'))
|
||||
return response
|
||||
|
||||
|
|
|
|||
|
|
@ -72,13 +72,13 @@ class TestVulnerabilityMessageV2():
|
|||
'kernel-firmware-2.6.32-642.4.2.el6',
|
||||
'kernel-headers-2.6.32-642.4.2.el6'
|
||||
],
|
||||
'output': '\nRemote package installed : kernel-2.6.32-642.4.2.el6\n' + \
|
||||
'Should be : kernel-2.6.32-642.6.1.el6\n\n' + \
|
||||
'Remote package installed : kernel-devel-2.6.32-642.4.2.el6\n' + \
|
||||
'Should be : kernel-devel-2.6.32-642.6.1.el6\n' + \
|
||||
'\nRemote package installed : kernel-firmware-2.6.32-642.4.2.el6\n' + \
|
||||
'Should be : kernel-firmware-2.6.32-642.6.1.el6\n\n' + \
|
||||
'Remote package installed : kernel-headers-2.6.32-642.4.2.el6\n' + \
|
||||
'output': '\nRemote package installed : kernel-2.6.32-642.4.2.el6\n' +
|
||||
'Should be : kernel-2.6.32-642.6.1.el6\n\n' +
|
||||
'Remote package installed : kernel-devel-2.6.32-642.4.2.el6\n' +
|
||||
'Should be : kernel-devel-2.6.32-642.6.1.el6\n' +
|
||||
'\nRemote package installed : kernel-firmware-2.6.32-642.4.2.el6\n' +
|
||||
'Should be : kernel-firmware-2.6.32-642.6.1.el6\n\n' +
|
||||
'Remote package installed : kernel-headers-2.6.32-642.4.2.el6\n' +
|
||||
'Should be : kernel-headers-2.6.32-642.6.1.el6\n\n',
|
||||
'cve': 'CVE-2016-4470',
|
||||
'cvss': 7.2,
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче