forked from bojone/antiminer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathantiminer.py
55 lines (46 loc) · 1.2 KB
/
antiminer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#! -*- coding: utf-8 -8-
# 监控查杀挖矿病毒
# 更新日期:2022-04-04
import os
import psutil
import datetime
import time
import sys
import logging
filename = os.path.split(os.path.realpath(__file__))[0] + '/scan.log'
logging.basicConfig(
filename=filename,
filemode='a+',
level=logging.INFO,
format='%(asctime)s - %(levelname)s - %(message)s'
)
def check(p):
path, _ = os.path.split(p.exe())
if os.path.exists(path + '/lolMiner.cfg'):
return 1
if os.path.exists(p.cwd() + '/lolMiner.cfg'):
if p.exe().startswith('/tmp'):
return 1
else:
return 2
if p.exe().startswith('/tmp') and 'ssh' in p.exe():
return 1
if p.exe().startswith('/tmp') and 'socat' in p.exe():
return 1
return 0
def do(p):
code = check(p)
if code == 0:
return None
logging.warning('cwd: %s, exe: %s' % (p.cwd(), p.exe()))
p.kill()
if code == 1:
os.system('sudo rm -rf %s' % log['exe'])
os.system('sudo touch %s' % log['exe'])
os.system('sudo chattr +i %s' % log['exe'])
for p in psutil.process_iter():
try:
do(p)
except:
pass
logging.info('scan has completed')