403Webshell
Server IP : 103.119.228.120  /  Your IP : 3.12.146.100
Web Server : Apache
System : Linux v8.techscape8.com 3.10.0-1160.119.1.el7.tuxcare.els2.x86_64 #1 SMP Mon Jul 15 12:09:18 UTC 2024 x86_64
User : nobody ( 99)
PHP Version : 5.6.40
Disable Function : shell_exec,symlink,system,exec,proc_get_status,proc_nice,proc_terminate,define_syslog_variables,syslog,openlog,closelog,escapeshellcmd,passthru,ocinum cols,ini_alter,leak,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dl,dll,myshellexec,proc_open,socket_bind,proc_close,escapeshellarg,parse_ini_filepopen,fpassthru,exec,passthru,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,popen,show_source,proc_nice,proc_terminate,proc_get_status,proc_close,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setpgid,posix_setsid,posix_setuid,dl,symlink,shell_exec,system,dl,passthru,escapeshellarg,escapeshellcmd,myshellexec,c99_buff_prepare,c99_sess_put,fpassthru,getdisfunc,fx29exec,fx29exec2,is_windows,disp_freespace,fx29sh_getupdate,fx29_buff_prepare,fx29_sess_put,fx29shexit,fx29fsearch,fx29ftpbrutecheck,fx29sh_tools,fx29sh_about,milw0rm,imagez,sh_name,myshellexec,checkproxyhost,dosyayicek,c99_buff_prepare,c99_sess_put,c99getsource,c99sh_getupdate,c99fsearch,c99shexit,view_perms,posix_getpwuid,posix_getgrgid,posix_kill,parse_perms,parsesort,view_perms_color,set_encoder_input,ls_setcheckboxall,ls_reverse_all,rsg_read,rsg_glob,selfURL,dispsecinfo,unix2DosTime,addFile,system,get_users,view_size,DirFiles,DirFilesWide,DirPrintHTMLHeaders,GetFilesTotal,GetTitles,GetTimeTotal,GetMatchesCount,GetFileMatchesCount,GetResultFiles,fs_copy_dir,fs_copy_obj,fs_move_dir,fs_move_obj,fs_rmdir,SearchText,getmicrotime
MySQL : ON |  cURL : ON |  WGET : ON |  Perl : ON |  Python : ON |  Sudo : ON |  Pkexec : ON
Directory :  /scripts/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : /scripts/find_pids_with_inotify_watch_on_path
#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/find_pids_with_inotify_watch_on_path
#                                                  Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

package scripts::find_pids_with_inotify_watch_on_path;

use strict;
use warnings;

use parent qw( Cpanel::HelpfulScript );

use Cpanel::Version::Compare ();
use Cpanel::OSSys            ();
use Cpanel::LoadFile         ();
use Cpanel::ProcessInfo      ();

my $PROC_PATH = '/proc';

=encoding utf-8

=head1 NAME

scripts::find_pids_with_inotify_watch_on_path

=head1 SYNOPSIS

    find_pids_with_inotify_watch_on_path <path>

=head1 DESCRIPTION

This command will look at /proc to find which process has an inotify
watch on a specific path (inode)

=cut

__PACKAGE__->new(@ARGV)->script() unless caller();

sub _ACCEPT_UNNAMED { return 1; }
sub _OPTIONS        { }

sub script {
    my ($self) = @_;

    my ($release) = ( Cpanel::OSSys::uname() )[2];

    if ( !Cpanel::Version::Compare::compare( $release, '>=', '3.10' ) ) {
        die "Kernel version “$release” is too old to find inotify watches. Please upgrade to “3.10” or newer.";
    }

    my ($path) = $self->getopt_unnamed();
    my ( $dev, $inode ) = ( stat($path) )[ 0, 1 ];

    if ( !$inode ) {
        die "The system could not determine the inode for “$path”: $!";
    }

    my $hexdev   = sprintf( "%x", $dev );
    my $hexinode = sprintf( "%x", $inode );

    my %procs_holding_inotify;
    opendir( my $proc_dh, $PROC_PATH ) or die "opendir($PROC_PATH): $!";
    my $binary_path;
    foreach my $proc ( grep { $_ !~ tr{0-9}{}c } readdir($proc_dh) ) {    # Only has numbers so its a pid
        $binary_path = readlink("$PROC_PATH/$proc/exe") or next;

        # no file means it a kernel process that we always want to exclude
        # stat name is here.  we don't want to ever kill kernel process so not used
        opendir( my $fd_dh, "$PROC_PATH/$proc/fd" ) or next;

        if ( my @inotify_fds = grep { $_ !~ tr{0-9}{}c && readlink("$PROC_PATH/$proc/fd/$_") =~ m{inotify}i } readdir($fd_dh) ) {
            foreach my $inotify_fd (@inotify_fds) {

                # use Cpanel::LoadFile::loadfile since it will not exception if the pid goes away while we
                # are reading
                my @lines = ( split( m{\n}, Cpanel::LoadFile::loadfile("$PROC_PATH/$proc/fdinfo/$inotify_fd") ) );
                splice( @lines, 0, 3 );
                my @data = map {
                    {
                        map { ( split( m{:}, $_ ) )[ 0, 1 ] } split( m{ }, $_ )    ## no critic qw(BuiltinFunctions::ProhibitVoidMap)
                    }
                } @lines;
                foreach my $watch (@data) {
                    if ( index( $watch->{'sdev'}, $hexdev ) == 0 && $watch->{'ino'} eq $hexinode ) {
                        $procs_holding_inotify{$proc} = $watch->{'wd'};
                        last;
                    }
                }
            }
        }

        next;
    }

    foreach my $proc ( sort keys %procs_holding_inotify ) {

        my $name = Cpanel::ProcessInfo::get_pid_cmdline($proc);

        my $exe;
        local $@;
        warn if !eval { $exe = Cpanel::ProcessInfo::get_pid_exe($proc); 1 };

        my $watch_decimal = hex $procs_holding_inotify{$proc};
        print "$name ($exe) is holding a inotify on $path (watch #$watch_decimal)\n";

    }

    if ( !%procs_holding_inotify ) {
        print "No processes holding an inotify watch on $path\n";
    }

    return;
}
1;

Youez - 2016 - github.com/yon3zu
LinuXploit