ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: usr / local / lib / python3.9 / site-packages / agent360 / plugins

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import psutil
import plugins
import sys
import re

class Plugin(plugins.BasePlugin):
    __name__ = 'process'

def sanitize_command_line(self, cmdline):
        # Check if cmdline starts with a file path and separate it
        match = re.match(r'^(\S+)(\s+.*)?$', cmdline)
        if match:
            initial_path = match.group(1)
            remaining_cmdline = match.group(2) or ""
        else:
            initial_path = ""
            remaining_cmdline = cmdline

# Redact sensitive information in the remaining command line (case-insensitive)
        remaining_cmdline = re.sub(r'(/[^ ]+)+', '/***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'(--(?:password|pass|pwd|token|secret|key|api-key|access-key|secret-key|client-secret|auth-key|auth-token)\s+\S+)', '--***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'(-p\s+\S+)', '-p ***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'\b(?:password|pass|pwd|token|secret|key|api_key|access_key|client_secret|auth_key|auth_token)=\S+', '***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b', '***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'\b(?:[a-fA-F0-9:]+:+)+[a-fA-F0-9]+\b', '***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'(--port\s+\d+)', '--port ***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'\b(?:DB_PASS|DB_USER|AWS_SECRET_ACCESS_KEY|AWS_ACCESS_KEY_ID|SECRET_KEY|TOKEN|PASSWORD|USERNAME|API_KEY|PRIVATE_KEY|SSH_KEY|SSL_CERTIFICATE|SSL_KEY)\b=\S+', '***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'\b(root|admin|cpanelsolr|user\d*)\b', '***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'(\S+\.(pem|crt|key|cert|csr|pfx|p12|ovpn|enc|asc|gpg))', '***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'\b(?:id_rsa|id_dsa|id_ecdsa|id_ed25519|known_hosts|authorized_keys|credentials|.env|docker-compose.yml)\b', '***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'\b(?:jdbc|mysql|postgres|mongodb|redis|amqp|http|https|ftp|sftp|s3):\/\/\S+', '***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'\b(?:https?|ftp):\/\/(?:\S+\:\S+@)?(?:[a-zA-Z0-9.-]+\.\S+)', '***', remaining_cmdline, flags=re.IGNORECASE)
        remaining_cmdline = re.sub(r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b', '***', remaining_cmdline, flags=re.IGNORECASE)

# Combine the initial path and the sanitized command line, then limit length
        sanitized_cmdline = (initial_path + remaining_cmdline).strip()
        if len(sanitized_cmdline) > 256:
            sanitized_cmdline = sanitized_cmdline[:253] + '...'

return sanitized_cmdline

def run(self, *unused):
        process = []
        for proc in psutil.process_iter():
            try:
                pinfo = proc.as_dict(attrs=[
                    'pid', 'name', 'ppid', 'exe', 'cmdline', 'username',
                    'cpu_percent', 'memory_percent', 'io_counters'
                ])

try:
                    # Sanitize and format the command line
                    pinfo['cmdline'] = self.sanitize_command_line(' '.join(pinfo['cmdline']).strip())
                except:
                    pass
                if sys.version_info < (3,):
                    pinfo['cmdline'] = unicode(pinfo['cmdline'], sys.getdefaultencoding(), errors="replace").strip()
                    pinfo['name'] = unicode(pinfo['name'], sys.getdefaultencoding(), errors="replace")
                    pinfo['username'] = unicode(pinfo['username'], sys.getdefaultencoding(), errors="replace")
                try:
                    pinfo['exe'] = unicode(pinfo['exe'], sys.getdefaultencoding(), errors="replace")
                except:
                    pass
            except psutil.NoSuchProcess:
                pass
            except psutil.AccessDenied:
                pass
            except:
                pass
            else:
                process.append(pinfo)
        return process

if __name__ == '__main__':
    Plugin().execute()

[-] wp-toolkit.py [open]
[+] ..
[-] plugins.py [open]
[-] yum-updates.py [open]
[-] proftpd.py [open]
[-] sleeper.py [open]
[-] network.py [open]
[+] __pycache__
[-] bird.py [open]
[-] diskusage.py [open]
[-] exim.py [open]
[-] cpanel.py [open]
[-] loggedin.py [open]
[-] memory.py [open]
[-] megacli.py [open]
[-] phpfpm.py [open]
[-] rabbitmq.py [open]
[-] elasticsearch.py [open]
[-] mysql.py [open]
[-] iostat.py [open]
[-] plesk-cgroups.py [open]
[-] fail2ban.py [open]
[-] loadavg.py [open]
[-] dirsize.py [open]
[-] openvpn.py [open]
[-] apt-updates.py [open]
[-] postfix.py [open]
[-] diskstatus.py [open]
[-] tcpports.py [open]
[-] haproxy.py [open]
[-] ping.py [open]
[-] unbound.py [open]
[-] dovecot.py [open]
[-] memcached.py [open]
[-] bitninja.py [open]
[-] powerdns.py [open]
[-] mailq.py [open]
[-] gpu.py [open]
[-] system.py [open]
[-] cloudlinux.py [open]
[-] cpu_freq.py [open]
[-] janus.py [open]
[-] nginx.py [open]
[-] bind.py [open]
[-] cpu.py [open]
[-] litespeed.py [open]
[-] swap.py [open]
[-] temp.py [open]
[-] kamailio.py [open]
[-] httpd.py [open]
[-] diskstatus-nvme.py [open]
[-] process.py [open]
[-] mongodb.py [open]
[-] __init__.py [open]
[-] minecraft.py [open]
[-] docker.py [open]
[-] vms.py [open]
[-] asterisk.py [open]
[-] redis_stat.py [open]
[-] mdstat.py [open]
[-] cloudlinux-dbgov.py [open]
[-] diskinodes.py [open]