Linux安全审计功能

Posted 风子陈

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux安全审计功能相关的知识,希望对你有一定的参考价值。

Client:

OMAudit_agent.py

#!/usr/bin/env python
#coding:utf-8
import sys
import socket
import fcntl
import struct
import logging
from config import *
import urllib,httplib
socket.setdefaulttimeout(Connect_TimeOut)
logging.basicConfig(level=logging.DEBUG,
            format=%(asctime)s [%(levelname)s] %(message)s,
            filename=sys.path[0]+/omsys.log,
            filemode=a)

if len(sys.argv)<6:
    logging.error(history not configured in /etc/profile!)
    sys.exit()

def get_local_ip(ethname):
    try:
        sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
        addr = fcntl.ioctl(sock.fileno(),0x8915,struct.pack(256s,ethname))
        return socket.inet_ntoa( addr[20:24] )
    except Exception,e:
        logging.error(get localhost IP address error:+str(e))
        return "127.0.0.1"

def pull_history(http_get_param=""):
  try:
    http_client = httplib.HTTPConnection(OMServer_address,80,timeout=Connect_TimeOut)
    http_client.request("GET",http_get_param)
    response = http_client.getresponse()

    if response.status != 200:
        logging.error(response http status error:+str(response.status))
        sys.exit()

    http_content = response.read().strip()
    if http_content != "OK":
        logging.error(response http content error:+str(http_content))
        sys.exit()

  except Exception,e:
    logging.error(connection django-cgi server error:+str(e))
    sys.exit()

  finally:
    if http_client:
        http_client.close()
    else:
        logging.error(connection django-cgi server unknown error.)
        sys.exit()

Sysip = get_local_ip(Net_driver)
SysUser = sys.argv[2]
History_Id = sys.argv[1]
History_date = sys.argv[3]
History_time = sys.argv[4]
History_command = ""
#print(Sysip)
#print(History_Id)
#print(SysUser)
#print(History_date)
#print(History_time)
#print(test+sys.argv[0])
#print(sys.argv[5])
for i in range(5,len(sys.argv)):
    History_command+=sys.argv[i]+" "

#s = "/omaudit_pull/?history_id="+History_Id+"&history_ip="+Sysip+"&history_user="+SysUser+"&history_command="+urllib.quote(History_command.strip())
s = "/omaudit_pull/?history_id="+History_Id+"&history_ip="+Sysip+"&history_user="+SysUser+ "&history_datetime="+History_date+urllib.quote(" ")+History_time+"&history_command="+urllib.quote(History_command.strip())
pull_history(s)

 

config.py:

# -*- coding: utf-8 -*-
#!/user/bin/env python
Net_driver = "eth0"
OMServer_address = "omaudit.quark.com"
Connect_TimeOut = 3

  

安装脚本:OMAudit_agent_install.sh

#!/bin/bash
# -*- coding: utf-8 -*-
yum -y install unzip zip
mkdir -p /opt/platform/OMAudit/
touch /opt/platform/OMAudit/omsys.log
unzip OMAudit_agent.zip -d /opt/platform/OMAudit
chmod 777 -R /opt/platform/OMAudit/

cat >> /etc/profile << eof
export HISTFILE=\$HOME/.bash_history
export HISTSIZE=1000
export HISTFILESIZE=1000
export HISTCONTROL=ignoredups
export HISTTIMEFORMAT="\`whoami\` %F %T "
export PROMPT_COMMAND="history -a; history -c; history -r;"‘/opt/platform/OMAudit/OMAudit_agent.py \$(history 1)
shopt -s histappend
typeset -r PROMPT_COMMAND
typeset -r HISTTIMEFORMAT
eof
sleep 3
source /etc/profile

 

Server:

 

以上是关于Linux安全审计功能的主要内容,如果未能解决你的问题,请参考以下文章

linux主机安全审计追溯分析脚本

二进制安全:ELF文件深度分析Linux二进制代码审计

Linux下安全审计audit 系统审计 记录root操作

让数据大白于天下:GCC插件实现代码分析和安全审计

当前市面上的代码审计工具哪个比较好?

linux系统安全审计脚本