我有几个功能。 dictionaryValues()只会返回两个词典 - sshd和System。两者的值都是某个范围内的某些数字。
def dictionaryValues():
sshd = {"sshd": (),
"UDP": list(itertools.chain(range(593,594), range(1024,5001), range(123,124))),
"TCP" : list(itertools.chain(range(593,594), range(1024,5001), range(135,136)))
}
System = {"System": (),
"TCP": list(itertools.chain(range(445,446), range(139,140),
range(17778,17779), range(3755,3756), range(80, 81), range(5405, 5406))),
"UDP": list(itertools.chain(range(137,139), range(445, 446)))
}
return (sshd, System)
我的inrange()函数在文本文件中查找特定字符串。例如 -
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1320 System
它将在文本文件中查找TCP或UDP,然后检查processID是{{1}中某个词典中的一个键(在本例中为System) }}。如果匹配,则检查dictionaryValues()是否在字典值的范围内。
num最后,def inrange(file,character, num):
with open(file, 'r') as r:
for lines in r:
newline = lines.strip()
proto = newline[:3] #TCP or UDP
processID = newline[74:85] #System or sshd
for x in dictionaryValues():
for key, value in x.items():
if processID in [key]:
if character.strip() == "UDP":
if num in x.get(character):
return True
else:
return False
if character.strip() == "TCP":
if num in x.get(character):
return True
else:
return False
取符号后面的数字(在文本示例中,这将是本地地址下面的数字80,并检查该数字是否在范围内。
filt()我的问题是,只有文本文件在文件中有一行时,这才有效。如果它有多行像
def filt(file):
with open(file, 'r') as r:
for i, line in enumerate(r):
for x in dictionaryValues():
for key, value in x.items():
newline = line.strip()
processID = newline[74:85]
if processID in [key]:
plusOne = i + 1
newline = line.strip()
splitIt = line[7:22] #gets the number after the : symbol
my_string = splitIt.split(":",1)[1]
proto = newline[:3]
if (proto in ['UDP', 'TCP']) and inrange(file, proto, int(my_string)):
print("Line " + str(plusOne) + " is in range" + " " + my_string)
else:
print(processID + " " + proto + " is not in range " + str(my_string))
第一行返回True,接下来三行返回False,即使数字1230,5000和139都在范围内。我想我可能会错过一些小事,只是不确定。