监控计算机上指定的程序是否运行,如果运行则将其关闭并出现图形化弹窗提示
可用于公司信息安全监控程序
# 程序监控程序
# 监控到特定程序后会向平台发送告警
import os
import psutil
import time
import requests
import sys
import threading
from PyQt5.QtWidgets import *
from PyQt5.QtCore import Qt
from PyQt5.QtGui import QIcon,QFont
# 全局变量,提供窗口状态
class window():
showed = False
class MainWidget(QWidget):
def __init__(self,parent=None):
super(MainWidget,self).__init__(parent)
# 设置主窗体标签
self.setWindowTitle("信息安全提示信息")
self.resize(300, 120)
self.setFixedSize(300, 120)
label = QLabel(self)
label.setFont(QFont("Microsoft YaHei",12))
label.setText("您的此次操作已生成日志")
label.move(20, 70)
label.show()
def closeEvent(self,event):
print("窗口已关闭")
window.showed = False
def show_info(process):
app = QApplication(sys.argv)
app.setWindowIcon(QIcon('favicon'))
main = MainWidget()
label = QLabel(main)
label.setFont(QFont("Microsoft YaHei",16))
label.setText("请勿运行"+process)
label.move(20, 20)
main.setWindowFlags(Qt.WindowStaysOnTopHint)
main.show()
sys.exit(app.exec_())
def send_info(pro,msg):
if pro.pid in psutil.pids():
# 以下提供两种杀死程序的方法
# 第一种方法
pro.terminate()
pro.wait(timeout=3)
# 第二种方法
# command = 'taskkill /F /IM qq.exe'
# os.system(command)
# 发送信息到指定平台
requests.get("http://secops.com/info/listn?tag=查询机安全事件&con=某人在查询机上使用"+msg+"程序&token=TOKEN")
if not window.showed:
window.showed = True
show_info(msg)
else:
print("同名进程")
# 禁止的程序
forbidden_process = {"baidunetdisk.exe":"百度网盘","wechat.exe":"微信","wxwork.exe":"企业微信","qq.exe":"QQ",}
while True:
time.sleep(2)
pids = psutil.pids()
for item in pids:
try:
p = psutil.Process(item)
for key in forbidden_process.keys():
if key == p.name().lower():
th = threading.Thread(target=send_info,args=(p,forbidden_process[key]))
th.start()
except Exception as e:
print(str(e))
