youhua

GiDunPar · May 11, 2019 · 3ba13e0 · 3ba13e0
1 parent ca07675
commit 3ba13e0
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/lib/core/data_aggregation.py b/lib/core/data_aggregation.py
@@ -32,7 +32,7 @@ def agregation(self):
         say_info, i = u'-' * 30 + u'\n', 1
         say_info += u'根据系统分析的情况，溯源后的攻击行动轨迹为：\n'
 
-        programme_info = u'\n初步处理方案如下：\n'
+        programme_info = u'\n初步处理方案如下(注：请在信息核实后操作)：\n'
 
         self.result_infos.sort(cmp=self.cmp_datetime, key=operator.itemgetter(u'异常时间'))
         for result_info in self.result_infos:

diff --git a/lib/plugins/Log_Analysis.py b/lib/plugins/Log_Analysis.py
@@ -35,7 +35,7 @@ def check_wtmp(self):
                     if check_ip(ip):
                         malice_result(self.name, u'wtmp登陆历史排查', u'/var/log/wtmp', '', u'境外IP使用%s登陆主机：%s' % (user, ip),
                                       u'[1]who /var/log/wtmp', u'可疑', time, user,
-                                      programme=u'passwd %s #更改某用户密码' % user)
+                                      programme=u'passwd %s #更改%s用户密码' % (user, user))
                         suspicious = True
             return suspicious, malice
         except:
@@ -58,7 +58,7 @@ def check_utmp(self):
                     ip = ips.replace('(', '').replace(')', '').replace('\n', '')
                     if check_ip(ip):
                         malice_result(self.name, u'utmp登陆历史排查', u'/run/utmp', '', u'境外IP使用%s登陆主机：%s' % (user, ip),
-                                      u'[1]who', u'可疑', time, user, programme=u'passwd %s #更改某用户密码' % user)
+                                      u'[1]who', u'可疑', time, user, programme=u'passwd %s #更改%s用户密码' % (user, user))
                         suspicious = True
             return suspicious, malice
         except:
@@ -80,7 +80,7 @@ def check_lastlog(self):
                     if check_ip(ip):
                         malice_result(self.name, u'lastlog登陆历史排查', u'/var/log/lastlog', '',
                                       u'境外IP使用%s登陆主机：%s' % (user, ip), u'[1]who', u'可疑', "", user,
-                                      programme=u'passwd %s #更改某用户密码' % user)
+                                      programme=u'passwd %s #更改%s用户密码' % (user, user))
                         suspicious = True
             return suspicious, malice
         except:
@@ -99,7 +99,7 @@ def check_sshlog(self):
                     ip = correct_baopo_infos['ip']
                     malice_result(self.name, u'secure日志排查', u'/var/log/secure', '',
                                   u'主机SSH被外部爆破且成功登陆，时间：%s，ip：%s，用户：%s' % (time, ip, user), u'[1]cat /var/secure', u'风险',
-                                  time, user, programme=u'passwd %s #更改某用户密码' % user)
+                                  time, user, programme=u'passwd %s #更改%s用户密码' % (user, user))
                     malice = True
             return suspicious, malice
         except:

diff --git a/lib/plugins/User_Analysis.py b/lib/plugins/User_Analysis.py
@@ -59,7 +59,7 @@ def check_sudo(self):
                     if user.replace("\n", "") != 'root' and user[0] != '%':
                         malice_result(self.name, u'sudoers权限安全扫描', '/etc/sudoers', '',
                                       u'用户 %s 可通过sudo命令获取特权' % user.replace("\n", ""), u'[1]cat /etc/sudoers', u'风险',
-                                      programme=u'vi /etc/sudoers #删除sudo设置')
+                                      programme=u'vi /etc/sudoers #更改sudo设置')
                         suspicious = True
             return suspicious, malice
         except: