CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

add suricata to socore group

Browse Source
This commit is contained in:
Jason Ertel
2022-12-05 10:27:42 -05:00
parent 483a9d477f
commit 86c31c129a
1 changed files with 12 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
salt/strelka/filecheck/filecheck
View File

@@ -36,26 +36,27 @@ recycle_secs = cfg["filecheck"].get("recycle_secs", 300)
logging.basicConfig(filename=logfile, filemode='w', format='%(asctime)s - %(message)s', datefmt='%d-%b-%y %H:%M:%S', level=logging.INFO) logging.basicConfig(filename=logfile, filemode='w', format='%(asctime)s - %(message)s', datefmt='%d-%b-%y %H:%M:%S', level=logging.INFO)
def checkexisting(): def checkexisting():
logging.info("Checking for existing files");
for root, dirs, files in os.walk(extract_path): for root, dirs, files in os.walk(extract_path):
for file in files: for file in files:
try: try:
path = os.path.join(root, file) path = os.path.join(root, file)
filename = os.path.join(extract_path, path) filename = os.path.join(extract_path, path)
if os.path.isfile(filename): checksum(filename)
logging.info("Processing existing file: " + filename)
checksum(filename)
except Exception as err: except Exception as err:
logging.error("Failed to process file: " + file) logging.error("Failed to process file: " + file)
def checksum(filename): def checksum(filename):
with open(filename, 'rb') as afile: if os.path.isfile(filename) && "/tmp/" not in filename:
shawnuff = hashlib.sha1() with open(filename, 'rb') as afile:
buf = afile.read(8192) logging.info("Processing file: " + filename)
while len(buf) > 0: shawnuff = hashlib.sha1()
shawnuff.update(buf)
buf = afile.read(8192) buf = afile.read(8192)
hizash=shawnuff.hexdigest() while len(buf) > 0:
process(filename, hizash) shawnuff.update(buf)
buf = afile.read(8192)
hizash=shawnuff.hexdigest()
process(filename, hizash)
def process(filename, hizash): def process(filename, hizash):
if os.path.exists(historypath + hizash): if os.path.exists(historypath + hizash):
@@ -73,10 +74,7 @@ def process(filename, hizash):
class CreatedEventHandler(FileSystemEventHandler): class CreatedEventHandler(FileSystemEventHandler):
def on_created(self, event): def on_created(self, event):
filename = event.src_path checksum(event.src_path)
if os.path.isfile(filename):
logging.info("Found new file: " + filename)
checksum(filename)
if __name__ == "__main__": if __name__ == "__main__":
logging.info("Starting filecheck") logging.info("Starting filecheck")