403WebShell

h( )($6;EbBLkfu�_l� ''8;DUFKV3Dd#,?ANk&5G$/(5M\^�ms��Sb�,;R''6c2I�!\��kx�Ve�[i��Me�IYO7:nOL~�Kr�qrv�I:�BM�y��s}r��K��x)1�6@r*2�89ma��&��'ti��{~#��t)1�2<�0:^5�W.uFzQ/u}�v��vv�u��U37yDJeEJo(/�5Ds'1�:Jlu�iy�iy�hw�1;:S`^BMLOQQn,4�7C�8C�>Lfe�]k�[i�Zg��IW�LZ�EP;,.��Tc�q(0) G,/]/1��w�r��l&-t*3�<<�u��#��j&.u��J68\8?"#$%&'()*+,-./0 !
Notice: Undefined index: dl in /var/www/html/web/simple.mini.php on line 1
403WebShell403Webshell

Server IP : 10.254.12.21 / Your IP : 10.254.12.21
Web Server : Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40
System : Linux arit.skru.ac.th 3.10.0-1160.76.1.el7.x86_64 #1 SMP Wed Aug 10 16:21:17 UTC 2022 x86_64
User : apache ( 48)
PHP Version : 5.6.40
Disable Function : NONE
MySQL : ON | cURL : ON | WGET : OFF | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON
Directory : /var/opt/eset/efs/eventd/eset_rtp/

Upload File :

[ Back ]

Current File : /var/opt/eset/efs/eventd/eset_rtp/ertp_sysfs.c

/*
 * eset_rtp (ESET Real-time file system protection module)
 * Copyright (C) 1992-2021 ESET, spol. s r.o.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 *
 * In case of any questions, you can contact us at ESET, spol. s r.o., Einsteinova 24, 851 01 Bratislava, Slovakia.
 */

#include "ertp.h"
#include "ertp_scan_mask.h"

static ssize_t ertp_proc_excludes_show(struct kobject *s, struct kobj_attribute *attr, char *buf)
{
	return ertp_excluded_proc_show(buf, PAGE_SIZE);
}

static ssize_t ertp_file_excludes_show(struct kobject *s, struct kobj_attribute *attr, char *buf)
{
	return ertp_excluded_files_show(buf, PAGE_SIZE);
}

static ssize_t ertp_proc_excludes_store(struct kobject *s, struct kobj_attribute *attr, const char *buf, size_t count)
{
	ssize_t len = 0;

	// firstly remove previous exclusions
	ertp_excluded_proc_clear();

	while (len < count) {
		ssize_t ret = ertp_excluded_proc_store(buf + len, count);
		if (IS_ERR_VALUE(ret))
			return ret;

		len += ret + 1; /* + 1 for skip '\0' */
	}

	return count;
}

static ssize_t ertp_file_excludes_store(struct kobject *s, struct kobj_attribute *attr, const char *buf, size_t count)
{
	ssize_t len = 0;

	// firstly remove previous exclusions
	ertp_excluded_files_clear();

	while (len < count) {
		ssize_t ret = ertp_excluded_files_store(buf + len, count);
		if (IS_ERR_VALUE(ret))
			return ret;

		len += ret + 1; /* + 1 for skip '\0' */
	}

	return count;
}

static ssize_t ertp_control_cache(struct kobject *s, struct kobj_attribute *attr, const char *buf, size_t count)
{
	if (strcmp(buf, "reset") == 0) {
		ertp_cache_clear();
		ertp_pr_debug("cache of scanned files has been reset");
		return count;
	} else {
		size_t size;
		if (sscanf(buf, "size=%zu", &size) == 1) {
			ertp_cache_set_size(size);
			ertp_pr_info("cache size has been changed to %zu", size);
			return count;
		}
	}

	ertp_pr_warning("unknown cache control command: %s", buf);
	return -EINVAL;
}

static ssize_t ertp_enabler_show(struct kobject *s, struct kobj_attribute *attr, char *buf)
{
	return sprintf(buf, "%d\n", !ertp_is_stopped());
}

static ssize_t ertp_enabler_store(struct kobject *s, struct kobj_attribute *attr, const char *buf, size_t count)
{
	int enable = 0;
	int err = kstrtoint(buf, 10, &enable);

	if (err) {
		ertp_pr_warning("Invalid value: %s", buf);
		return err;
	}

	if (enable) {
		ertp_start_accept();
		ertp_pr_debug("Scanning enabled");
	} else {
		ertp_stop_accept();
		ertp_pr_debug("Scanning disabled");
	}

	return strlen(buf);
}

static ssize_t ertp_open_scan_mask(struct kobject *s, struct kobj_attribute *attr, const char *buf, size_t count)
{
	uint32_t mask;
	if (sscanf(buf, "%u", &mask) == 1) {
		ertp_pr_debug("Open scan mask set to %u", mask);
		ertp_scan_mask_set(mask, ERTP_OPEN);
		return sizeof(mask);
	}

	ertp_pr_warning("Invalid mask: %s", buf);
	return -EINVAL;
}

static ssize_t ertp_close_scan_mask(struct kobject *s, struct kobj_attribute *attr, const char *buf, size_t count)
{
	uint32_t mask;
	if (sscanf(buf, "%u", &mask) == 1) {
		ertp_pr_debug("Close scan mask set to %u", mask);
		ertp_scan_mask_set(mask, ERTP_CLOSE);
		return sizeof(mask);
	}

	ertp_pr_warning("Invalid mask: %s", buf);
	return -EINVAL;
}

static ssize_t ertp_exec_scan_mask(struct kobject *s, struct kobj_attribute *attr, const char *buf, size_t count)
{
	uint32_t mask;
	if (sscanf(buf, "%u", &mask) == 1) {
		ertp_pr_debug("Exec scan mask set to %u", mask);
		ertp_scan_mask_set(mask, ERTP_EXEC);
		return sizeof(mask);
	}

	ertp_pr_warning("Invalid mask: %s", buf);
	return -EINVAL;
}

static struct kobject *ertp_kobj;
static const struct kobj_attribute enabler_attr =
	__ATTR(enable, 0600, ertp_enabler_show, ertp_enabler_store);

static struct kobject *ertp_excludes_kobj;
static const struct kobj_attribute proc_excl_attr =
	__ATTR(procs, 0600, ertp_proc_excludes_show, ertp_proc_excludes_store);
static const struct kobj_attribute file_excl_attr =
	__ATTR(files, 0600, ertp_file_excludes_show, ertp_file_excludes_store);

static struct kobject *ertp_cache_kobj;
static const struct kobj_attribute control_cache_attr =
	__ATTR(control, 0600, NULL, ertp_control_cache);

static struct kobject *ertp_scan_masks_kobj;
static const struct kobj_attribute set_open_mask_attr =
	__ATTR(open, 0600, NULL, ertp_open_scan_mask);
static const struct kobj_attribute set_close_mask_attr =
	__ATTR(close, 0600, NULL, ertp_close_scan_mask);
static const struct kobj_attribute set_exec_mask_attr =
	__ATTR(exec, 0600, NULL, ertp_exec_scan_mask);

int ertp_sysfs_init(void)
{
	int ret;

	ertp_kobj = kobject_create_and_add("settings", &THIS_MODULE->mkobj.kobj);
	if (!ertp_kobj) {
		ret = -ENOMEM;
		goto error;
	}

	ertp_excludes_kobj = kobject_create_and_add("excludes", ertp_kobj);
	if (!ertp_excludes_kobj) {
		ret = -ENOMEM;
		goto error;
	}

	ertp_cache_kobj = kobject_create_and_add("cache", ertp_kobj);
	if (!ertp_cache_kobj) {
		ret = -ENOMEM;
		goto error;
	}

	ertp_scan_masks_kobj = kobject_create_and_add("scan_masks", ertp_kobj);
	if (!ertp_cache_kobj) {
		ret = -ENOMEM;
		goto error;
	}

	ret = sysfs_create_file(ertp_kobj, &enabler_attr.attr);
	if (ret)
		goto error;

	ret = sysfs_create_file(ertp_excludes_kobj, &proc_excl_attr.attr);
	if (ret)
		goto err_proc_excl;

	ret = sysfs_create_file(ertp_excludes_kobj, &file_excl_attr.attr);
	if (ret)
		goto err_file_excl;

	ret = sysfs_create_file(ertp_cache_kobj, &control_cache_attr.attr);
	if (ret)
		goto err_cache;

	ret = sysfs_create_file(ertp_scan_masks_kobj, &set_open_mask_attr.attr);
	if (ret)
		goto err_open_mask;

	ret = sysfs_create_file(ertp_scan_masks_kobj, &set_close_mask_attr.attr);
	if (ret)
		goto err_close_mask;

	ret = sysfs_create_file(ertp_scan_masks_kobj, &set_exec_mask_attr.attr);
	if (ret)
		goto err_exec_mask;

	return 0;

err_exec_mask:
	sysfs_remove_file(ertp_scan_masks_kobj, &set_close_mask_attr.attr);
err_close_mask:
	sysfs_remove_file(ertp_scan_masks_kobj, &set_open_mask_attr.attr);
err_open_mask:
	sysfs_remove_file(ertp_cache_kobj, &control_cache_attr.attr);
err_cache:
	sysfs_remove_file(ertp_excludes_kobj, &file_excl_attr.attr);
err_file_excl:
	sysfs_remove_file(ertp_excludes_kobj, &proc_excl_attr.attr);
err_proc_excl:
	sysfs_remove_file(ertp_kobj, &enabler_attr.attr);
error:
	if (ertp_scan_masks_kobj)
		kobject_put(ertp_scan_masks_kobj);

	if (ertp_cache_kobj)
		kobject_put(ertp_cache_kobj);

	if (ertp_excludes_kobj)
		kobject_put(ertp_excludes_kobj);

	if (ertp_kobj)
		kobject_put(ertp_kobj);

	return ret;
}

void ertp_sysfs_exit(void)
{
	sysfs_remove_file(ertp_scan_masks_kobj, &set_exec_mask_attr.attr);
	sysfs_remove_file(ertp_scan_masks_kobj, &set_close_mask_attr.attr);
	sysfs_remove_file(ertp_scan_masks_kobj, &set_open_mask_attr.attr);
	kobject_put(ertp_scan_masks_kobj);
	sysfs_remove_file(ertp_cache_kobj, &control_cache_attr.attr);
	kobject_put(ertp_cache_kobj);
	sysfs_remove_file(ertp_excludes_kobj, &file_excl_attr.attr);
	sysfs_remove_file(ertp_excludes_kobj, &proc_excl_attr.attr);
	kobject_put(ertp_excludes_kobj);
	sysfs_remove_file(ertp_kobj, &enabler_attr.attr);
	kobject_put(ertp_kobj);

	ertp_excludes_clear();
}

Youez - 2016 - github.com/yon3zu
LinuXploit