#!/usr/bin/perl # ps -aux parser aka scream's + unreal's "TVA" █ print "*** w1nt3rmut3's ps parser ***\n\n"; while (true) { sleep(10); $file="logt3mp.txt"; $commandline="ps -auxww > logt3mp.txt"; system($commandline); #print @block_general; #print "\n"; #print @block_exact; open (FILE,"$file"); while ($line = ) { chop ($line); @wordtemp = split(/ /, $line); @pieces; $b=0; for($a=0;$a<=@wordtemp;$a++) { if (@wordtemp[$a] ne "") { @pieces[$b]=@wordtemp[$a]; $b++; } } $user=$pieces[0]; $pid=$pieces[1]; $cpu=$pieces[2]; $mem=$pieces[3]; $stat=$pieces[7]; $started=$pieces[8]; $time=$pieces[9]; $command1=$pieces[10]; $command2=$pieces[11]; $command3=$pieces[12]; $command4=$pieces[13]; $skip=0; # print "$user $pid $command\n\n"; for ($g=0;$g<=@block_exact-1;$g++) { if ($command1 eq "$block_exact[$g]") { print "INTRUSION EXACT!\n"; print "$user : $command1 $command2 $command3 $command4\n\n"; $skip=1; } } if($skip==0) { for ($f=0;$f<=@block_general-1;$f++) { $general=$block_general[$f]; if ($command1 =~ /$general/) { print "INTRUSION GENERAL!\n"; print "$user : $command1 $command2 $command3 $command4\n\n"; } } } } } sub block { open (BLOCK,"rules.txt"); $c1=0; $c2=0; while ($line = ) { chop ($line); @block_list = split(/ /, $line); for($d=0;$d<=@block_list;$d++) { if (@block_list[$d] eq "block_exact:") { @block_exact[$c1]=@block_list[$d+1]; $c1++; } if (@block_list[$d] eq "block_general:") { @block_general[$c2]=@block_list[$d+1]; $c2++; } } } }