2021SC@SDUSC
Watchdog.py
OSSIM-agent源代码分析(六)
简述
OSSIM Agent的主要职责是收集网络上存在的各种设备发送的所有数据,然后按照一种标准方式(standardized way)有序的发送给OSSIM Server,Agent收集到数据后在发送给Server之前要对这些数据进行标准化处理,这样Server就可以依一种统一的方式来处理这些信息,并且也简化了Server的处理过程
其中对于各种进程插件的保护监控处理就非常关键,watchdog则是负责这部分的函数代码
相关代码
初始导包
import commands
import threading
from pytz import timezone, all_timezones
from datetime import datetime
import time
from time import mktime
import re
from Output import Output
from Logger import *
from Task import Task
from Stats import Stats
from command import AgentDateCommand, \
PluginUnknownState, \
PluginStartState, \
PluginStopState, \
PluginEnableState, \
PluginDisableState
全局变量引入
logger = Logger.logger
watchdog类声明及变量声明
class Watchdog(threading.Thread):
__shutdown_running = False
__pluginID_stoppedByServer = []
初始化函数,初始化相关配置文件及线程
def __init__(self, conf, plugins):
self.conf = conf
self.plugins = plugins
self.interval = self.conf.getfloat("watchdog", "interval") or 3600.0
self.patternlocalized = re.compile('(?P<tzone_symbol>[-|+])(?P<tzone_hour>\d{2})(?P<tzone_min>\d{2})')
threading.Thread.__init__(self)
关闭相关进程的看门狗函数
def setShutdownRunning(value):
Watchdog.__shutdown_running = value
setShutdownRunning = staticmethod(setShutdownRunning)
通过cmd和正则表达式获取正在运行的程序的进程ID
def pidof(program, program_aux=""):
cmd = "pidof %s" % program
process = os.popen(cmd)
data = process.read().strip()
status = process.close()
if status is not None or data == "":
if program_aux != "":
cmd = "ps aux | grep %s | grep -v grep | awk '{print $2}'" % program_aux
process = os.popen(cmd)
data = process.read().strip()
status = process.close()
if status is not None:
return None
if data == "":
logger.debug(cmd)
return None
else:
return None
return data.split("\n")[0]
pidof = staticmethod(pidof)
启动进程函数
def start_process(plugin, notify=True):
id = plugin.get("config", "plugin_id")
process = plugin.get("config", "process")