.

grayddq · Nov 29, 2019 · 98c3b05 · 98c3b05
1 parent 737c7e1
commit 98c3b05
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 307 deletions.
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
diff --git a/lib/core/data_aggregation.py b/lib/core/data_aggregation.py
@@ -26,7 +26,8 @@ def result_db_filter(self):
             for line in f:
                 old_db.append(line.strip())
         for info in self.result_infos:
-            hash_txt = info[u'检测项'] + info[u'风险名称'] + info[u'异常文件'] + info[u'进程PID'] + info[u'异常时间'] + info[u'异常信息']
+            hash_txt = "%s%s%s%s%s%s" % (info[u'检测项'],info[u'风险名称'],info[u'异常文件'] ,info[u'进程PID'] , info[u'异常时间'] , info[u'异常信息'])
+            #hash_txt = info[u'检测项'] + info[u'风险名称'] + info[u'异常文件'] + info[u'进程PID'] + info[u'异常时间'] + info[u'异常信息']
             md5obj = hashlib.md5()
             md5obj.update(hash_txt.encode("utf8"))
             hashinfo = md5obj.hexdigest()
@@ -41,7 +42,8 @@ def write_result_to_db(self):
         # 写结果文件到db
         with open(DB_PATH, 'w') as f:
             for info in self.result_infos:
-                hash_txt = info[u'检测项'] + info[u'风险名称'] + info[u'异常文件'] + info[u'进程PID'] + info[u'异常时间'] + info[u'异常信息']
+                hash_txt = "%s%s%s%s%s%s" % (info[u'检测项'], info[u'风险名称'], info[u'异常文件'], info[u'进程PID'] , info[u'异常时间'] , info[u'异常信息'])
+                #hash_txt = info[u'检测项'] + info[u'风险名称'] + info[u'异常文件'] + info[u'进程PID'] + info[u'异常时间'] + info[u'异常信息']
                 md5obj = hashlib.md5()
                 md5obj.update(hash_txt.encode("utf8"))
                 hashinfo = md5obj.hexdigest()

diff --git a/lib/plugins/Log_Analysis.py b/lib/plugins/Log_Analysis.py
@@ -94,7 +94,7 @@ def check_sshlog(self):
             if len(correct_baopo_infos) > 0:
                 for info in correct_baopo_infos:
                     user = info['user']
-                    time = os.popen("date -d '" + info['time'] + "' '+%Y-%m-%d %H:%M:%S' 2>/dev/null").read().splitlines()
+                    time = os.popen("date -d '" + info['time'] + "' '+%Y-%m-%d %H:%M:%S' 2>/dev/null").read().splitlines()[0]
                     ip = info['ip']
                     malice_result(self.name, u'secure日志排查', u'/var/log/secure', '',
                                   u'主机SSH被外部爆破且成功登陆，时间：%s，ip：%s，用户：%s' % (time, ip, user), u'[1]cat /var/secure', u'风险',