blackmail
1.获取存储状态信息:
Post:{"name":"statinfo","time":"2022-03-03 21:33"}
Return:{
"code":0,
"data":{
"encfilenumber":12,
"secretnumber":2,
"filesize":3686019072,
"filenumber":1277952,
"dbfilesize":0,
"dbfilenumber":0,
"writenumber":0,
"readnumber":0,
"illegalaccess":0,
"sillegalaccess":0,
"abnormalnum":0,
"dbwritenumber":0,
"dbreadnumber":0,
"dbillegalaccess":0
}}
// enable = illegalaccess = 拦截数,
// verify = sillegalaccess = 应拦截数,
// abnormal = abnormalnum = 异常行为数
2.拦截详情:
Post:{"name":"illegalaccess","delete":false}
Return content-type: application/octet-stream (字节流)
3.应拦截详情:
Post:{"name":"sillegalaccess","delete":false}
Return content-type: application/octet-stream (字节流)
4.异常行为详情:
Post:{"name":"abnormal","delete":false}
Return content-type: application/octet-stream (字节流)
5.下载学习日志:
Post:{"name":"loadlog","delete":false}
Return content-type: application/octet-stream (字节流)
6.设置异常统计规则:()
Post:{"name":"setabnormalthreshold", "threshold":1000,"interval":60}
//threshold:异常统计筏值,默认1000,在(统计间隔interval)内访问文件个数超过了n个,每多访问一个文件,异常数就加1
Return:{"code":0}
7.获取异常统计规则:()
Post:{"name":"getabnormalthreshold"}
Return:{"code":0,"data":{"threshold":1000,"interval":60}}
8.添加规则设置:(每次添加一条规则)
Post:{
"name":"saveconf2",
"id":3,
"path":[{"path":"/user3/","crypt":false}],
"pubkey":"6oBVJXZLbXKY4XWdRKCMimmqRuUwXAWGp14gRMyN5wWzQC1zfK"
}
Return:{"code":0}
9.更新规则设置:(覆盖更新所有规则)
Post:{
"name":"saverules",
"data":[{
"id":3,
"path":[{"path":"/user3/","crypt":false}],
"pubkey":"6oBVJXZLbXKY4XWdRKCMimmqRuUwXAWGp14gRMyN5wWzQC1zfK"
},
{
"id":4,
"path":[{"path":"/user4/","crypt":false}],
"pubkey":"6oBVJXZLbXKY4XWdRKCMimmqRuUwXAWGp14gRMyN5wWzQC1zfK"
}]
}
Return:{"code":0}
10.授权进程:(可授权多个进程,不更新授权列表)
Post:{
"name":"authproc",
"data":[
{"procName":"notpad.exe","inherit":false,"keyID":10},
{"procName":"foxmail.exe","inherit":false,"keyID":101}
]}
Return:{"code":0}
11.更新授权列表:
Post:{
"name":"saveauths",
"data":[
{"procName":"notpad.exe","inherit":false,"keyID":10},
{"procName":"foxmail.exe","inherit":false,"keyID":101}
]}
Return:{"code":0}
12.设置状态:(learn,verify,enable,disable-->开始学习,验证,启用拦截,禁用拦截)
Post:{"name":"setstate", "state":"learn"}
Return:{"code":0}
13.获取状态:返回(learn,verify,enable,disable-->学习,验证,启用拦截,禁用拦截)
Post:{"name":"getstate"}
Return:{"code":0,"state":"learn"}
14.Kill指定进程:
Post:{"name":"killproc","procname":"mysql" }
Return:{"code":0}
15.获取全部规则设置:
Post:{"name":"loadconf2"}
Return:{
"code":0,
"data":[
{"id":1,"pubkey":"","path":[{"path":"/anyone/","crypt":false}]},
{"id":207,"pubkey":"6oBVJXZLbXKY4XWdRKCMimmqRuUwXAWGp14gRMyN5wWzQC1zfK","path":[{"path":"/user2/","crypt":true},{"path":"/user/user2/","crypt":false}]}
]}
16.添加数据库路径:
Post:{"name":"savedbconf","id":3,"path":"/user3"}
Return:{"code":0}
17.获取全部数据库路径:
Post:{"name":"loaddbconf"}
Return:{
"code":0,
"data":[{"id":2,"path":"/mysql2/"},{"id":1,"path":"/mysql/"}]
}
18.指定文件属性:
Post:{"name":"file","filename":"/test"}
Return:{
"code":0,
"data":{"filename":"test","
fileattributes":{
"filesize":10,
"modifydate":"2021-03-24 11:43:34",
"authority":20,
"historyversion":2
}
}
}
19.指定文件历史版本:
Post:{"name":"history","filename":"test"}
Return:{
"code":0,
"data":{
"historyversionid":2,
"filesize":10,
"modifydate":"2021-03-24 11:43:34"
}
}
20.获取登录进程列表:
Post:{"name":"loginprocs"}
Return:[{"Pid": 3581,"Time": "0:00","Pname": "bash"}]
21.创建启动器:
Post: {
"name": "savedaemonconf",
"url":"http://127.0.0.1:8088",
"exeName": "/root/surgate/surgate iotest 8080",
"daemonName": "/bin/iotest",
"keyID": 101,
"autostartup":true
}
Return:{"code":0,"data":{"msg":"success"}}
22.KMS配置:
Post:{"name":"kms","url":"http://127.0.0.1:8088"}
Return:{"code":0,"data":{"msg":"success"}}
23.用户退出登陆:
Post:{"name":"logout","id":"100"}
Return:{"code":0}
24.通知内核输出StatInfo:
Post:{"name":"printstart"}
Return:{"code":0}
日志说明
日志说明
learn 有日志 不拦截
verify 有日志 不拦截
enable 有日志 拦截
disable 无日志 不拦截
learn是学习状态,需要通过所有的拦截记录生成规则,verify是验证配置的规则有没有生效,learn时规则都是无效的,verify时规则生效
默认是disable,不拦截 无日志
Learn : 1
Verify: 0
Disable: 3
Enable:2