admin/RmEye
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

白名单现在看父进程,如果父进程是白名单的子进程产生的行为都加白(不确定是否可靠,有待观察).

Browse Source 
白名单现在看父进程,如果父进程是白名单的子进程产生的行为都加白(不确定是否可靠,有待观察).
This commit is contained in:
huoji
2022-09-02 15:23:34 +08:00
parent e3ae734150
commit fe69282d89
3 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Server/log.py
View File

@@ -58,6 +58,8 @@ def process_log(host, json_log, raw_log):
child = process.Process(
pid, ppid, path, params, create_time, hash, parent_user, host, is_white_list
)
parent_process.parent_process = parent_process
child.parent_process = parent_process
chain = process.create_chain(parent_process)
chain.add_process(child, parent_pid)
current_process = child
@@ -69,6 +71,7 @@ def process_log(host, json_log, raw_log):
child = process.Process(
pid, ppid, path, params, create_time, hash, user, host, is_white_list
)
child.parent_process = parent_process
parent_process.chain.add_process(child, ppid)
current_process = child
if score > 0: