added disk ministry
parent
09134eaba4
commit
b2f630e4f9
|
@ -40,6 +40,8 @@ def sys_hook_entrypoint(event, info):
|
||||||
ministry.ofexec.block_exec(event, info)
|
ministry.ofexec.block_exec(event, info)
|
||||||
elif event == 'system':
|
elif event == 'system':
|
||||||
ministry.ofexec.block_system(info)
|
ministry.ofexec.block_system(info)
|
||||||
|
elif event == 'open':
|
||||||
|
ministry.ofdisk.detect_disk_access(info)
|
||||||
|
|
||||||
|
|
||||||
def enable_ministries(disable_hooks: Iterable = None):
|
def enable_ministries(disable_hooks: Iterable = None):
|
||||||
|
|
|
@ -1,2 +1,3 @@
|
||||||
from . import ofcommunication # noqa
|
from . import ofcommunication # noqa
|
||||||
from . import ofexec # noqa
|
from . import ofexec # noqa
|
||||||
|
from . import ofdisk # noqa
|
|
@ -0,0 +1,21 @@
|
||||||
|
from utils.identifyhome import identify_home
|
||||||
|
import logger
|
||||||
|
|
||||||
|
|
||||||
|
def detect_disk_access(info):
|
||||||
|
if type(info[0]) is int: return
|
||||||
|
|
||||||
|
if '/dev/null' == info[0]: return
|
||||||
|
|
||||||
|
whitelist = [identify_home(), 'onionr/src/', '/site-packages/', '/usr/lib64/']
|
||||||
|
|
||||||
|
|
||||||
|
for item in whitelist:
|
||||||
|
if item in info[0]:
|
||||||
|
return
|
||||||
|
|
||||||
|
if identify_home() not in info[0]:
|
||||||
|
if 'proc' in info[0]:
|
||||||
|
logger.warn(f'[DISK MINISTRY] {info} - probably built in Onionr stats')
|
||||||
|
else:
|
||||||
|
logger.warn(f'[DISK MINISTRY] {info}')
|
Loading…
Reference in New Issue