From b2f630e4f90f2a9e7c7018395c5e9ee873bdf1f4 Mon Sep 17 00:00:00 2001 From: Kevin Froman Date: Tue, 31 Mar 2020 00:15:24 -0500 Subject: [PATCH] added disk ministry --- src/bigbrother/__init__.py | 2 ++ src/bigbrother/ministry/__init__.py | 1 + src/bigbrother/ministry/ofdisk.py | 21 +++++++++++++++++++++ 3 files changed, 24 insertions(+) create mode 100644 src/bigbrother/ministry/ofdisk.py diff --git a/src/bigbrother/__init__.py b/src/bigbrother/__init__.py index 1ffb7036..751cfe85 100644 --- a/src/bigbrother/__init__.py +++ b/src/bigbrother/__init__.py @@ -40,6 +40,8 @@ def sys_hook_entrypoint(event, info): ministry.ofexec.block_exec(event, info) elif event == 'system': ministry.ofexec.block_system(info) + elif event == 'open': + ministry.ofdisk.detect_disk_access(info) def enable_ministries(disable_hooks: Iterable = None): diff --git a/src/bigbrother/ministry/__init__.py b/src/bigbrother/ministry/__init__.py index 24799bbf..71908f0f 100644 --- a/src/bigbrother/ministry/__init__.py +++ b/src/bigbrother/ministry/__init__.py @@ -1,2 +1,3 @@ from . import ofcommunication # noqa from . import ofexec # noqa +from . import ofdisk # noqa \ No newline at end of file diff --git a/src/bigbrother/ministry/ofdisk.py b/src/bigbrother/ministry/ofdisk.py new file mode 100644 index 00000000..957e4a69 --- /dev/null +++ b/src/bigbrother/ministry/ofdisk.py @@ -0,0 +1,21 @@ +from utils.identifyhome import identify_home +import logger + + +def detect_disk_access(info): + if type(info[0]) is int: return + + if '/dev/null' == info[0]: return + + whitelist = [identify_home(), 'onionr/src/', '/site-packages/', '/usr/lib64/'] + + + for item in whitelist: + if item in info[0]: + return + + if identify_home() not in info[0]: + if 'proc' in info[0]: + logger.warn(f'[DISK MINISTRY] {info} - probably built in Onionr stats') + else: + logger.warn(f'[DISK MINISTRY] {info}')