generated from skills/copilot-codespaces-vscode
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsystem_lockdown.py
More file actions
62 lines (54 loc) · 1.94 KB
/
system_lockdown.py
File metadata and controls
62 lines (54 loc) · 1.94 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
import psutil
import os
import stat
from typing import List, Dict, Tuple
def audit_open_ports() -> List[Dict[str, str]]:
"""
Lists all currently open ports on the system.
Returns:
List[Dict[str, str]]: A list of dictionaries containing port info.
"""
open_ports = []
# Loop over all connections
for conn in psutil.net_connections(kind='inet'):
if conn.status == psutil.CONN_LISTEN:
# We found a listening port
port_info = {
"ip": conn.laddr.ip,
"port": str(conn.laddr.port),
"pid": str(conn.pid) if conn.pid else "Unknown",
"process": "Unknown"
}
# Try to get process name
if conn.pid:
try:
proc = psutil.Process(conn.pid)
port_info["process"] = proc.name()
except (psutil.NoSuchProcess, psutil.AccessDenied):
pass
open_ports.append(port_info)
return open_ports
def check_insecure_permissions(directory: str = ".") -> List[str]:
"""
Scans a directory for world-writable files (security risk).
Args:
directory (str): The directory to scan.
Returns:
List[str]: A list of file paths that are world-writable.
"""
insecure_files = []
for root, dirs, files in os.walk(directory):
# Skip virtual environment and git directories to reduce noise
if ".venv" in root or ".git" in root or "__pycache__" in root:
continue
for name in files:
filepath = os.path.join(root, name)
try:
st = os.stat(filepath)
# Check if other (world) has write permission (S_IWOTH)
if st.st_mode & stat.S_IWOTH:
insecure_files.append(filepath)
except OSError:
# Could not stat file, skip
continue
return insecure_files