/
usr
/
local
/
lp
/
apps
/
malre
/
texts
/
File Upload :
llllll
Current File: //usr/local/lp/apps/malre/texts/help_jobs.txt
JOBS This section describes the structure of malware remediation jobs, the relevant files to each job, and the workflow for jobs as a whole Files for malware remediation jobs are located within the directory ./.malre/jobs/[IDENTIFIER] ./.malre/jobs/[IDENTIFIER]/account - - Contains the name of the account that this job is associated with ./.malre/jobs/[IDENTIFIER]/actions - - A directory containing logs of user actions. The logs are in the following format: - Timestamp of when the file was disabled, ctime of the file previous to being disabled (in human readable and epoch format), permissions of the file previous to being disabled, escaped name of the file - See `malre --help dis` for details ./.malre/jobs/[IDENTIFIER]/actions/files_backedup.txt - - A log of files that were backed up using the 'bak' command. ./.malre/jobs/[IDENTIFIER]/actions/files_backedup_count.txt - - Contains the number of files that 'bak' has been run on for this job ./.malre/jobs/[IDENTIFIER]/actions/files_disabled.txt - - A log of files that were disabled using the 'dis' command. ./.malre/jobs/[IDENTIFIER]/actions/files_disabled_count.txt - - Contains the number of files that 'dis' has been run on for this job ./.malre/jobs/[IDENTIFIER]/actions/files_noted.txt - - A log of files that were backed up using the 'note' command. ./.malre/jobs/[IDENTIFIER]/actions/files_noted_count.txt - - Contains the number of files that 'note' has been run on for this job ./.malre/jobs/[IDENTIFIER]/actions/files_loop_edited.txt - - A log of files that were backed up using the 'led' command. ./.malre/jobs/[IDENTIFIER]/actions/files_loop_edited_count.txt - - Contains the number of files that 'led' has been run on (and were actually edited) for this job ./.malre/jobs/[IDENTIFIER]/actions/lines_[TYPE] - - Files to keep track of when "--list --flush" was ran for 'dis', 'bak', 'note', or 'led' ./.malre/jobs/[IDENTIFIER]/directories - - A list of new-line separated directories associated with this job, referenced by their full path, and followed by a colon, and then the epoch time stamp that they were added to the job - By default, any directories within the user's home directory that do not start with a period and are not "etc", "logs", "mail", "perl5". "var", or "ssl" will be treated as part of the job, even if they are not listed within this file - Because of the way that this file is parsed, directories that have whitespace anywhere in their path will not work here. As such, they will be rejected - the "--add-dir" and "--rm-dir" flags can be used to add and remove directories as needed ./.malre/jobs/[IDENTIFIER]/files_found - - Files found from the scan and various bits of data on them, separated by null characters ./.malre/jobs/[IDENTIFIER]/homedir - - Contains the home directory of the account ./.malre/jobs/[IDENTIFIER]/init - - Contains the timestamp of when the job was initialized ./.malre/jobs/[IDENTIFIER]/paid - - If the file contains the word "SINGLE", the customer has paid for one instance of the malware remediation product - If the file contains the word "SUBSCRIBE, the customer has subscribed to the malware remediation product - Anything else indicates that the customer has not paid ./.malre/jobs/[IDENTIFIER]/phase - - Contains the current phase of malware remediation. If this file is missing the "Initial" phase is assumed ./.malre/jobs/[IDENTIFIER]/scan/000 - - During a scan, this file will contain all files found with 000 permissions ./.malre/jobs/[IDENTIFIER]/scan/characters - - During a scan, this file will contain all files found with the new line character or non-printable characters in their filenames ./.malre/jobs/[IDENTIFIER]/scan/checkers_wp - - During a scan, this is the file where Checkers will store its wordpress results ./.malre/jobs/[IDENTIFIER]/scan/checkers_p - - During a scan, for each directory scanned by checkers as well as for the checkers wordpress scan, the results previous to starting scanning that directory will be stored here - After each directory is complete, a diff of this file and the new version of the file is done in order to determine what files we need to get stats for ./.malre/jobs/[IDENTIFIER]/scan/checkers_scan - - During a scan, this file will contain the Checkers scan results. ./.malre/jobs/[IDENTIFIER]/scan/csx - - During a scan, this file will contain the output from csx, if csx is present on the server ./.malre/jobs/[IDENTIFIER]/scan/current - - Contains the current item that the scan is working on ./.malre/jobs/[IDENTIFIER]/scan/find_all - - During a scan, this file will contain all of the information regarding synlinks, permissions, and odd filenames - The contents of this file will not be incorporated into the report, rather it it present simply so that we can follow its output ./.malre/jobs/[IDENTIFIER]/scan/maldet - - During a scan, this is where the hits from Maldet will be stored ./.malre/jobs/[IDENTIFIER]/scan/maldet_id - - Captures the ID of the maldet scan in order to read the results ./.malre/jobs/[IDENTIFIER]/scan/maldet_p - - During a scan, for each directory scanned by Maldet, the results previous to starting scanning that directory will be stored here - After each directory is complete, a diff of ./.malre/jobs/[IDENTIFIER]/scan/maldet and this file is done in order to determine what files we need to get stats for ./.malre/jobs/[IDENTIFIER]/scan/pause - - The presence of this file tells the scan to exit out at the next breaking point ./.malre/jobs/[IDENTIFIER]/scan/progress - - Contains a list of items from the scan that have been completed and the timestamps of when they were started ./.malre/jobs/[IDENTIFIER]/scan/symlinks - - During a scan, this file will contain the names of all directories that contain symlinks, and how many symlinks they contain ./.malre/jobs/[IDENTIFIER]/scan/versionfinder - - During a scan, this file will contain the output from versionfinder ./.malre/jobs/[IDENTIFIER]/scan/world - - During a scan, this file will contain all of the files that are both world writable and world executable ./.malre/jobs/[IDENTIFIER]/scan_latest.txt - - The results from the latest scan that has been performed for this job ./.malre/jobs/[IDENTIFIER]/scan_pid - - If there is an ongoing scan, this file will contain the PID of that scan ./.malre/jobs/[IDENTIFIER]/scan_results - - This directory will contain the full results of all scans that have been run ./.malre/jobs/[IDENTIFIER]/tickets - - Contains a list of ticket numbers associated with the job, followed by a colon, and then the epoch timestamp of when that ticket was added - The first ticket is the primary ticket - The "--add-ticket" flag can be used to add tickets to this list as needed ./.malre/jobs/[IDENTIFIER]/touch - - Contains the timestamp of the last time that work was performed on the job ./.malre/jobs/[IDENTIFIER]/touch2 - - Contains the timestamp of the last time that 'dis', 'bak', 'note', or 'led' was run for this job AGENTS ./.malre/agents/[IDENTIFIER]/address - - Contains the IP address of the agent ./.malre/agents/[IDENTIFIER]/job - - Contains the job identifier of the job that the agent is working on ./.malre/agents/[IDENTIFIER]/jobs - - Contains a list of all of the jobs that this agent has worked on ./.malre/agents/[IDENTIFIER]/lines_[TYPE]_[JOB IDENTIFIER] - - Files to keep track of when "--list --flush" was ran for 'dis', 'bak', 'note', or 'led' - See `malre --help dis` for details ./.malre/agents/[IDENTIFIER]/touch - - Contains the timestamp of the most recent time the agent took an action
Copyright ©2k19 -
Hexid
|
Tex7ure