python的paramiko源码修改了一下,写了个操作命令的日志审计 bug修改

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了python的paramiko源码修改了一下,写了个操作命令的日志审计 bug修改相关的知识,希望对你有一定的参考价值。

python的paramiko源码修改了一下,写了个操作命令的日志审计,但是记录的日志中也将backspace删除键记录成^H这个了,于是改了一下代码,用字符串的特性。

技术分享

字符串具有列表的特性

>>> a="hello world"
>>> a[:-1]         
hello worl

转义符

转义字符
\(在行尾时)    续行符    

\\    反斜杠符号    
\    单引号    
\"    双引号    
\a    响铃    
\b    退格(Backspace)    
\e    转义    
\000    空    
\n    换行    
\v    纵向制表符    
\t    横向制表符    
\r    回车    
\f    换页    
\oyy    八进制数yy代表的字符,例如:\o12代表换行    
\xyy    十进制数yy代表的字符,例如:\x0a代表换行    
\other    其它的字符以普通格式输出

代码部分

            if sys.stdin in r:
                x = sys.stdin.read(1)
                if x == ‘\b‘:
                   cmd=cmd[:-1]
                else:
                    cmd+=x
                #records.append(x)
                if x == ‘\r‘:
                    #print "your input is:",cmd
                    log_line = "-login_user:%s\t|host_addr:%s\t|%s|HISTORY_CMD: %s \n" % (username,hostname,time.strftime("%Y_%m_%d %H:%M:%S"),cmd)
                    cmd = ‘‘
                    log_file.write(log_line)

 

操作演示 123456789 删除3 6 9键入三个键  如下标红

[email protected]:~/baolei# sh remote.sh 
########################################################
1:      [haproxy]       w1.dev.haproxy.org  192.168.0.105
########################################################

 before choose items will be sleep a monent

Please choose ip of top:1
Please input your username:root
root 192.168.0.105
192.168.0.105 root
username:root
*** WARNING: Unknown host key!
Auth by (p)assword, (r)sa key, or (d)ss key? [p] 
Password for [email protected]192.168.0.105: 
*** Here we go!

Last login: Thu Feb 25 15:44:25 2016 from 192.168.0.106
/data/x/tools/team/env/alias.env
fatal: Not a git repository (or any of the parent directories): .git
/data/x/tools/team/env/git-completion.env
ansible-direc:~ #  124578
-bash: 124578: command not found
ansible-direc:~ #  exit
logout

*** EOF
[email protected]:~/baolei# vim /tmp/root/192.168.0.105_audit_log_2016_02_27.log 
[email protected]:~/baolei# vim /tmp/root/192.168.0.105_audit_log_2016_02_27.log 
[email protected]:~/baolei# vim /tmp/liujianzuo/192.168.0.102_audit_log_2016_02_27.log 
[email protected]:~/baolei# vim interactive.py
[email protected]:~/baolei# tail /tmp/root/192.168.0.105_audit_log_2016_02_27.log 
 login_user:root        |host_addr:192.168.0.105        |2016_02_27 13:24:51|HISTORY_CMD: ls
 login_user:root        |host_addr:192.168.0.105        |2016_02_27 13:24:53|HISTORY_CMD: exit
 login_user:root        |host_addr:192.168.0.105        |2016_02_27 13:40:27|HISTORY_CMD: ls
 login_user:root        |host_addr:192.168.0.105        |2016_02_27 13:40:29|HISTORY_CMD: lll
 login_user:root        |host_addr:192.168.0.105        |2016_02_27 13:40:38|HISTORY_CMD: sd
 login_user:root        |host_addr:192.168.0.105        |2016_02_27 13:40:44|HISTORY_CMD: exit
 login_user:root        |host_addr:192.168.0.105        |2016_02_27 13:57:16|HISTORY_CMD: 9 
 login_user:root        |host_addr:192.168.0.105        |2016_02_27 13:57:19|HISTORY_CMD: exit
 login_user:root        |host_addr:192.168.0.105        |2016_02_27 14:02:53|HISTORY_CMD: 124578
 login_user:root        |host_addr:192.168.0.105        |2016_02_27 14:02:54|HISTORY_CMD: exit

 

 shell 变量传入python脚本,修改后的源码脚本就不粘贴了。

[email protected]:~/baolei# cat remote.sh 
#!/bin/sh
#created by liujianzuo
list(){
        #cd /home/liujianzuo/server/scripts
        echo  "\033[33;1m########################################################\033[0m"
        awk {printf "\033[35;1m%s:\t[%-4s]\t%20s\t%s\033[0m\n",NR,$2,$1,$NF} remote_ip.log
        echo  "\033[33;1m########################################################\033[0m\n"
}
wai_t(){
        echo  "\033[32;1m before choose items will be sleep a monent\033[0m\n"
       # for i in {1..3};do sleep 0.6 && echo -e "\033[35;1m..........................\033[0m";done
        #read -p "Please choose ip of top:" num
        while true
        do
                if [ -z $num ] && [ -z $username ];then
                        read -p "Please choose ip of top:" num
                        read -p "Please input your username:" username
                        continue
                else
                        break
                fi
        done
        IP=`awk -v ip=$num NR == ip{printf "%s:\t[%10s]\t%-20s\t%s\n",NR,$2,$1,$NF} remote_ip.log|awk {print $NF}`
}
list
wai_t
python=`which python`
echo $username $IP
python demo.py $IP $username

还有几个bug要修改:

  终端内切换ip,审计日志的ip要相应变化。

  登陆服务器密码失败一次不退出。

 

以上是关于python的paramiko源码修改了一下,写了个操作命令的日志审计 bug修改的主要内容,如果未能解决你的问题,请参考以下文章

paramiko修改本分源码

python之ftp与paramiko与hasattr与getattr

源码安装python paramiko module

Python:跳板机审计服务器

PYTHON模块paramiko模块与主机SSH连接

day9--paramiko模块