#TJ XdZddlZddlZddlZddlZddlZddlZddlmZddl m Z m Z m Z m Z mZmZddlmZmZddlmZddlmZddlmZdd lmZejeZed Zed Zed z Z d Z!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)dZ*edZ+Gdde,Z-dedee.ddfdZ/de e.dee e.e e.ffdZ0dede e.fd Z1Gd!d"e2Z3Gd#d$e.Z4d%e.d&e.dee e.e e.ffd'Z5Gd(d)Z6d*e.dee.d+e e.de6fd,Z7Gd-d.Z8d*e.dee.de8fd/Z9deddfd0Z:d1ed2ede;fd3Zde;fd7Z?de;fd8Z@d;d9ZAde;fd:ZBdS). Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N)Path)CallableIterableListOptionalSetTuple)ANTIVIRUS_MODEMalware) HostingPanel) check_run)MalwareIgnorePath) crontab_pathz4/etc/sysconfig/imunify360/malware-filters-admin-confz)/var/imunify360/files/realtime-av-conf/v1 processedzpd-combined.txtzav-internal.txtzav-internal-optimized.txtz av-admin.txtzav-admin-paths.txtignoredizimunify-realtime-avz/usr/bin/i360-exclcompz/usr/sbin/imunify-realtime-avceZdZdZdS)PatternLengthErrorz(Raised when pattern's length is too big.N)__name__ __module__ __qualname____doc__L/opt/imunify360/venv/lib/python3.11/site-packages/imav/subsys/realtime_av.pyrr<s22Drrdirbasedirsreturnc|dz d5}t|D]7}|tj|dz8 ddddS#1swxYwYdS)z+Save list of basedirs in a file inside dir.zbasedirs-list.txtw N)opensortedwriteospathrealpath)rrfbasedirs r_save_basedirsr)Bs # # ) )# . .6!h'' 6 6G GGBG$$W--4 5 5 5 5 6666666666666666666sAA//A36A3pathscgg}}|D]J}|dr||dd5||K||fS)zSplit paths into two lists: absolute and relative. Relative paths start with +. This + sign is removed from resulting path.+N) startswithappend)r*absoluterelativer%s r _split_pathsr2IsmRhH"" ??3   " OODH % % % % OOD ! ! ! ! X rr%c |5}d|D}d|DcdddS#1swxYwYdS#t$rgcYSwxYw)zRead file at path and return its lines as a list. Empty lines or lines starting with '#' symbol are skipped. Lines are stripped of leading and trailing whitespace. If the file does not exist, empty list is returned.c6g|]}|Sr)strip).0lines r z_read_list..^s 000dTZZ\\000rcbg|],}t|dk|d*|-S)r#)lenr.)r6xs rr8z_read_list.._s3MMM!A 1<<;L;L A rN)r!FileNotFoundError)r%r'liness r _read_listr?Vs  YY[[ NA00a000EMMuMMM N N N N N N N N N N N N N N N N N N  s.A; A?A?A AAceZdZdZdeedeeddffd Zedede fdZ ed eedeedeefd Z d e ddfd Z xZS) _Watchedz8Holds a list of watched glob patterns ready to be saved.rrrNctt|\}}fd|||zDdS)Nc3K|]8}|tj|V9dSN) _is_validr$r%r&)r6pselfs r z$_Watched.__init__..jsY  ~~a   G  Q        r)super__init__r2extend_extend_relative)rGrrr0r1 __class__s` rrJz_Watched.__init__gs )!__(      5 5h I II        rpatterncj|dstd|dSdS)z(Return True if watched pattern is valid./z+skipping watched path %s: not starts with /FTr.loggerwarningrNs rrEz_Watched._is_validpsA!!#&&  NN=w   5trr*cg}|D]:}|D]5}|tj||6;|S)z7Join basedirs with all paths and return resulting list.)r/r$r%join)r*rextendedr%r(s rrLz_Watched._extend_relativezsV = =D# = = Wd ; ;<<<< =rr%c|d5}|d|ddddS#1swxYwYdS)z$Save watched list at specified path.rr N)r!r#rVrGr%r's rsavez _Watched.saves YYs^^ %q GGDIIdOO $ $ $ % % % % % % % % % % % % % % % % % %s)A  AA)rrrrrstrrrJ staticmethodboolrErLrrZ __classcell__)rMs@rrArAdsBB $s) s3x D      34\S SX$s)\%%$%%%%%%%%rrAceZdZdZededefdZededefdZededefdZ e de ede eddfd Z d efd Zd S) _Ignoredz:Holds a list of ignored regexp patterns ready to be saved.rNrcj|drtd|dSdS)z1Return True if relative ignored pattern is valid.^z0skipping relative ignored path %s: starts with ^FTrQrTs r_is_valid_relativez_Ignored._is_valid_relativesA   c " "  NNBG   5trcD|dr |ddS|S)z.Remove leading slash from pattern, if present.rPr-N)r.rTs r_remove_leading_slashz_Ignored._remove_leading_slashs-   c " " 122; rc tj|dS#t$rtd|YdSwxYw)z7Return True if pattern successfully compiles as regexp.Tz*skipping ignored pattern %s: invalid regexF)recompile ExceptionrRrSrTs r _compilesz_Ignored._compiless[  Jw   4    NNg|]}||Sr)rjr6rFclss rr8z*_Ignored.from_patterns..s*<<.sa   %%a(( .1]]1-=-=  % %a ( (   rrz^(?:{})/(?:{})|z^$)r2r;formatrVr/r`)rorkrr0r1relative_patternpats` r from_patternsz_Ignored.from_patternss *(33(<<<||_||_||_||_dSrD)rrrr)rGrrrrs rrJz_IgnoredCtx.__init__s'!  "4rrch|tz }|d|j|tz |j|t z |j|tz |j $|j |tz dSdS)NTr) _IGNORED_SUB_DIRrrrZrrrr_PD_NAMEr_INTERNAL_OPTIMIZED_NAMErs rrZz_IgnoredCtx.saves " "  1~-... K(((  Q\"""  " .  # ( (-E)E F F F F F / .rrD)rrrr`rrJrrZrrrrrs 26 5 5 5 5  5 %X. 5  5 5 5 5GGGGGGGGrrcLt|d\}}t|d\}}d}|rt||}tt||t||t||z||S)Nz ignored.txtzignored-optimized.txt)rr`rvr)rrinternal_ignored admin_ignoredoptimized_ignored_rs r_ignored_contextrs&3J &N&N#m )5LMMq %33 x   /::}h77/-?JJ   rctj}dd|D}|tz tz }||dS)Nrc3hK|]-}tjtj|dzV.dS) N)base64 b64encoder$fsencode)r6r%s rrHz'_admin_ignored_paths..sM$$8<T**++e3$$$$$$r)r path_listrVr_ADMIN_PATHS_NAME write_bytes)r ignored_pathsignored_paths_base64targets r_admin_ignored_pathsrsn%/11M88$$@M$$$# #&7 7F +,,,,,rdir1dir2cX|D]}|rt|||jz rdS|sF||jz }|sdS||krdSdS)zXCompare content of two folders if files in this directory are the same return False.TF)iterdiris_dir_contain_changesr{is_filer read_bytes)rrfileothers rrr!s    ;;== dTY&677 tt||~~  ty ||~~ 44 ??   0 0 2 2 2 244 3 5rsaversc|d}|r!tjt |||D] }|||r|d}|r!tjt ||| ||n$#t$r||wxYwt||S||dS)zySave configs in directory dir using saves callable. Each function in savers will be called with single dir argument.z.tmpz.backupT) with_suffixrshutilrmtreer[r with_namerenamerir)rrtemprZbackups r _save_configsr2s2 ??6 " "D {{}}! c$ii   JJLLL T  zz|| y)) ==?? ' M#f++ & & & 6  KK        MM#      V,,, Cts #C99!Dcttz tz }ttz } |}|r2t jt|t|ks+| | |dSdS#t$r| |YdSwxYwrD) _PROCESSED_PATHrrrlstat is_symlinkr$readlinkr[unlink symlink_tor=)rsourcers r_update_pd_symlinkrNs / /( :F 8 #F & LLNN      &$&KF $<$<F $K$K MMOOO   f % % % % %%L$K """&!!!!!!"sB//CCc t}|ttjr.t tttfdt|j j t|j j tg}t|S)z*Generate new malware paths filters config.c,t|hSrD)r))rr extra_watcheds rz"generate_configs..kss,Gh,G,GHHr)r)r rsetr CRONTABS_SCAN_ENABLEDaddr[rrrrNAMErZrrr)rzchangedrrs @@rgenerate_configsr_s NNE~~HEEM$/#lnn--... H H H H H UZ G G G L UZ 2 2 7  G Nrc4tSrD) _BIN_PATHrrrr is_installedrus     rcKtdtdgttgg}|D]L} |d{V #tj$rt $r%}t d|Yd}~Ed}~wwxYwdS)Nservicerestartz)realtime_av.reload_services exception: %s)r REALTIME_SERVICE_NAME _PD_PREPAREasyncioCancelledErrorrirRrS)taskstes rreload_servicesrys93Y?@@;-   EKK KGGGGGGGG%     K K K NNF J J J J J J J J K KKs=A;A66A;c*t o tjSrD)r r INOTIFY_ENABLEDrrrshould_be_runningrs  9'"99r)rN)Crrrloggingr$rgrpathlibrtypingrrrrrr defence360agent.contracts.configr r +defence360agent.subsys.panels.hosting_panelr defence360agent.utilsr imav.malwarelib.modelrimav.malwarelib.scan.crontabr getLoggerrrRrr~rrrrrrrrxREALTIME_PACKAGErrrrirr[r)r2r?listrAr`rrrrrrr]rrrrrrrrrrrs*  AAAAAAAAAAAAAAAADDDDDDDDDDDDDD++++++333333555555  8 $ $dIJJ ABB + "6 ((-& D0 1 1         66C6T6666 S eDItCy,@&A     T d3i    "%"%"%"%"%t"%"%"%J=====s===@ 4 4C 4E$s)T#Y2F,G 4 4 4 4 ) ) ) ) ) ) ) )"3x3;C=GGGGGGGG.C[,-d-t----4t"tT(D64<*@%Ad8&&&&"$,d K K K K:4::::::r