From fe69282d89efa643a4d9512d18d5e25796185cff Mon Sep 17 00:00:00 2001
From: huoji <root@key08.com>
Date: Fri, 2 Sep 2022 15:23:34 +0800
Subject: [PATCH] =?UTF-8?q?=E7=99=BD=E5=90=8D=E5=8D=95=E7=8E=B0=E5=9C=A8?=
 =?UTF-8?q?=E7=9C=8B=E7=88=B6=E8=BF=9B=E7=A8=8B,=E5=A6=82=E6=9E=9C?=
 =?UTF-8?q?=E7=88=B6=E8=BF=9B=E7=A8=8B=E6=98=AF=E7=99=BD=E5=90=8D=E5=8D=95?=
 =?UTF-8?q?=E7=9A=84=E5=AD=90=E8=BF=9B=E7=A8=8B=E4=BA=A7=E7=94=9F=E7=9A=84?=
 =?UTF-8?q?=E8=A1=8C=E4=B8=BA=E9=83=BD=E5=8A=A0=E7=99=BD(=E4=B8=8D?=
 =?UTF-8?q?=E7=A1=AE=E5=AE=9A=E6=98=AF=E5=90=A6=E5=8F=AF=E9=9D=A0,?=
 =?UTF-8?q?=E6=9C=89=E5=BE=85=E8=A7=82=E5=AF=9F).?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

白名单现在看父进程,如果父进程是白名单的子进程产生的行为都加白(不确定是否可靠,有待观察).
---
 Server/config.py  | 2 +-
 Server/log.py     | 3 +++
 Server/process.py | 3 ++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Server/config.py b/Server/config.py
index 1e43f02..5efcb30 100644
--- a/Server/config.py
+++ b/Server/config.py
@@ -1,4 +1,4 @@
 # 检出阈值,越高越难检出但是也会越准确
 MAX_THREAT_SCORE = 170
 # 授权访问主站的IP列表.如果不在后台里面则不能访问后台
-ALLOW_ACCESS_IP = ['127.0.0.1']
+ALLOW_ACCESS_IP = ['127.0.0.1', '192.168.111.189', '192.168.111.187']
diff --git a/Server/log.py b/Server/log.py
index a0ab24d..1cfd59d 100644
--- a/Server/log.py
+++ b/Server/log.py
@@ -58,6 +58,8 @@ def process_log(host, json_log, raw_log):
             child = process.Process(
                 pid, ppid, path, params, create_time, hash, parent_user, host, is_white_list
             )
+            parent_process.parent_process = parent_process
+            child.parent_process = parent_process
             chain = process.create_chain(parent_process)
             chain.add_process(child, parent_pid)
             current_process = child
@@ -69,6 +71,7 @@ def process_log(host, json_log, raw_log):
             child = process.Process(
                 pid, ppid, path, params, create_time, hash, user, host, is_white_list
             )
+            child.parent_process = parent_process
             parent_process.chain.add_process(child, ppid)
             current_process = child
             if score > 0:
diff --git a/Server/process.py b/Server/process.py
index 2e8932a..28023b7 100644
--- a/Server/process.py
+++ b/Server/process.py
@@ -87,6 +87,7 @@ g_ProcessChainList = []
 class Process:
     def __init__(self, pid, ppid, path, params, time, md5, user, host, is_white=False):
         self.pid = pid
+        self.parent_process = None
         self.ppid = ppid
         self.path = path
         self.params = params
@@ -120,7 +121,7 @@ class Process:
         self.rmppid = rmppid
 
     def set_score(self, new_score, opertion):
-        if self.is_white:
+        if self.is_white or self.chain.root_process.is_white or self.parent_process.is_white:
             return
         if opertion not in self.operationlist:
             self.risk_score += new_score