403WebShell

h( )($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms��Sb�,;R''6c2I�!\��kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K��x)1�6@r*2�89ma��&��'ti��{~#��t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1��w�r��l&-t*3�<<�u��#��j&.u��J68\8?"#$%&'()*+,-./0 !
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell403Webshell

Server IP : 10.254.12.21 / Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON
Directory : /var/opt/eset/efs/eventd/eset_rtp/

Upload File :

[ Back ]

Current File : /var/opt/eset/efs/eventd/eset_rtp/ertp_excludes.c

/*
 * eset_rtp (ESET Real-time file system protection module)
 * Copyright (C) 1992-2021 ESET, spol. s r.o.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 * In case of any questions, you can contact us at ESET, spol. s r.o., Einsteinova 24, 851 01 Bratislava, Slovakia.
 */

#include "ertp.h"

#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,8,0)
#include <linux/mmap_lock.h>
#endif

/* excluded processes */
static LIST_HEAD(ertp_excl_proc_list);
DECLARE_RWSEM(ertp_excl_proc_sem);

/* excluded files/directories */
static LIST_HEAD(ertp_excl_file_list);
DECLARE_RWSEM(ertp_excl_file_sem);

static struct ertp_path *ertp_excl_find(const char *path_name, struct list_head *excl_list)
{
	struct ertp_path *excl = NULL;
	struct ertp_path *found = NULL;

	list_for_each_entry(excl, excl_list, list) {
		if (strcmp(excl->path_name, path_name))
			continue;

		found = ertp_path_get(excl);
		break;
	}

	return found;
}

static void ertp_excl_list_add(struct ertp_path *path, struct list_head *excl_list)
{
	list_add_tail(&path->list, excl_list);
	ertp_path_get(path);
}

static void ertp_excl_list_rem(struct ertp_path *path)
{
	list_del_init(&path->list);
	ertp_path_put(path);
}

static struct ertp_path *ertp_excl_add(const char *path_name, struct list_head *excl_list)
{
	struct ertp_path *path = ertp_excl_find(path_name, excl_list);

	if (path)
		return path;

	path = ertp_path_alloc(path_name);
	if (IS_ERR(path))
		return path;

	ertp_excl_list_add(path, excl_list);

	ertp_pr_debug("Path %s added to excludes.", path_name);

	return path;
}

static int ertp_excluded_show(char *buf, int size, struct list_head *excl_list, struct rw_semaphore *rw_lock)
{
	struct ertp_path *excl;
	int len = 0;

	down_read(rw_lock);

	list_for_each_entry(excl, excl_list, list) {
		len += snprintf(buf + len, size - len,"%s\n", excl->path_name) + 1;

		if (len >= size) {
			len = size;
			break;
		}
	}

	up_read(rw_lock);

	return len;
}

int ertp_excluded_proc_show(char *buf, int size)
{
	return ertp_excluded_show(buf, size, &ertp_excl_proc_list, &ertp_excl_proc_sem);
}

int ertp_excluded_files_show(char *buf, int size)
{
	return ertp_excluded_show(buf, size, &ertp_excl_file_list, &ertp_excl_file_sem);
}

static int ertp_excl_add_path(const char *buf, int size, struct list_head *excl_list, struct rw_semaphore *rw_lock)
{
	struct ertp_path *path;

	if (strncmp(buf, "a:", 2) || size < 3)
		return -EINVAL;

	down_write(rw_lock);
	path = ertp_excl_add(buf + 2, excl_list);
	up_write(rw_lock);

	if (IS_ERR(path))
		return PTR_ERR(path);

	ertp_path_put(path);
	return strlen(buf);
}

static void ertp_excl_clean(struct list_head *excl_list, struct rw_semaphore *rw_lock)
{
	struct ertp_path *excl;
	struct ertp_path *tmp;

	down_write(rw_lock);

	list_for_each_entry_safe(excl, tmp, excl_list, list) {
		ertp_excl_list_rem(excl);
	}

	up_write(rw_lock);
}

void ertp_excluded_proc_clear(void)
{
	ertp_excl_clean(&ertp_excl_proc_list, &ertp_excl_proc_sem);
}

void ertp_excluded_files_clear(void)
{
	ertp_excl_clean(&ertp_excl_file_list, &ertp_excl_file_sem);
}

void ertp_excludes_clear(void)
{
	ertp_excluded_proc_clear();
	ertp_excluded_files_clear();
}

static int ertp_excluded_store(const char *buf, int size, struct list_head *excl_list, struct rw_semaphore *rw_lock)
{
	if (size < 2)
		return -EINVAL;

	switch(*buf) {
		case 'a':
			return ertp_excl_add_path(buf, size, excl_list, rw_lock);
		case 'c':
			ertp_excl_clean(excl_list, rw_lock);
			break;
		default:
			return -EINVAL;
	}

	return size;
}

int ertp_excluded_proc_store(const char *buf, int size)
{
	return ertp_excluded_store(buf, size, &ertp_excl_proc_list, &ertp_excl_proc_sem);
}

int ertp_excluded_files_store(const char *buf, int size)
{
	return ertp_excluded_store(buf, size, &ertp_excl_file_list, &ertp_excl_file_sem);
}

static bool ertp_path_excluded(const char *path_name, struct list_head *excl_list, struct rw_semaphore *rw_lock)
{
	struct ertp_path *excl = NULL;
	bool found = false;

	down_read(rw_lock);
	list_for_each_entry(excl, excl_list, list) {
		if (!excl->path_len)
			continue;

		if (excl->path_name[excl->path_len - 1] == '/') {
			// full directory exclusion
			if (!strncmp(excl->path_name, path_name, excl->path_len)) {
				found = true;
				break;
			}
		} else if (!strcmp(excl->path_name, path_name)) {
			// excluded regular file, only full path matches
			found = true;
			break;
		}
	}
	up_read(rw_lock);

	return found;
}

bool ertp_proc_excluded(const char *process_path)
{
	if (unlikely(!process_path)) {
		BUG();
	}

	return ertp_path_excluded(process_path, &ertp_excl_proc_list, &ertp_excl_proc_sem); // excluded in process exclusions list
}

bool ertp_file_excluded(const struct file *file)
{
	char *tmp = (char *)__get_free_page(GFP_KERNEL);
	char *pathname = NULL;
	bool ret = false;

	if (!tmp)
		return ret;

	pathname = d_path(&file->f_path, tmp, PAGE_SIZE);
	if (!ZERO_OR_NULL_PTR(pathname) && !IS_ERR(pathname))
		ret = ertp_path_excluded(pathname, &ertp_excl_file_list, &ertp_excl_file_sem); // excluded in file exclusions list

	free_page((unsigned long)tmp);
	return ret;
}

Youez - 2016 - github.com/yon3zu
LinuXploit