python的paramiko源码修改了一下,写了个操作命令的日志审计 bug修改
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了python的paramiko源码修改了一下,写了个操作命令的日志审计 bug修改相关的知识,希望对你有一定的参考价值。
python的paramiko源码修改了一下,写了个操作命令的日志审计,但是记录的日志中也将backspace删除键记录成^H这个了,于是改了一下代码,用字符串的特性。
字符串具有列表的特性
>>> a="hello world" >>> a[:-1] ‘hello worl‘
转义符
转义字符 \(在行尾时) 续行符 \\ 反斜杠符号 \‘ 单引号 \" 双引号 \a 响铃 \b 退格(Backspace) \e 转义 \000 空 \n 换行 \v 纵向制表符 \t 横向制表符 \r 回车 \f 换页 \oyy 八进制数yy代表的字符,例如:\o12代表换行 \xyy 十进制数yy代表的字符,例如:\x0a代表换行 \other 其它的字符以普通格式输出
代码部分
if sys.stdin in r: x = sys.stdin.read(1) if x == ‘\b‘: cmd=cmd[:-1] else: cmd+=x #records.append(x) if x == ‘\r‘: #print "your input is:",cmd log_line = "-login_user:%s\t|host_addr:%s\t|%s|HISTORY_CMD: %s \n" % (username,hostname,time.strftime("%Y_%m_%d %H:%M:%S"),cmd) cmd = ‘‘ log_file.write(log_line)
操作演示 123456789 删除3 6 9键入三个键 如下标红
[email protected]:~/baolei# sh remote.sh ######################################################## 1: [haproxy] w1.dev.haproxy.org 192.168.0.105 ######################################################## before choose items will be sleep a monent Please choose ip of top:1 Please input your username:root root 192.168.0.105 192.168.0.105 root username:root *** WARNING: Unknown host key! Auth by (p)assword, (r)sa key, or (d)ss key? [p] Password for [email protected]192.168.0.105: *** Here we go! Last login: Thu Feb 25 15:44:25 2016 from 192.168.0.106 /data/x/tools/team/env/alias.env fatal: Not a git repository (or any of the parent directories): .git /data/x/tools/team/env/git-completion.env ansible-direc:~ # 124578 -bash: 124578: command not found ansible-direc:~ # exit logout *** EOF [email protected]:~/baolei# vim /tmp/root/192.168.0.105_audit_log_2016_02_27.log [email protected]:~/baolei# vim /tmp/root/192.168.0.105_audit_log_2016_02_27.log [email protected]:~/baolei# vim /tmp/liujianzuo/192.168.0.102_audit_log_2016_02_27.log [email protected]:~/baolei# vim interactive.py [email protected]:~/baolei# tail /tmp/root/192.168.0.105_audit_log_2016_02_27.log login_user:root |host_addr:192.168.0.105 |2016_02_27 13:24:51|HISTORY_CMD: ls login_user:root |host_addr:192.168.0.105 |2016_02_27 13:24:53|HISTORY_CMD: exit login_user:root |host_addr:192.168.0.105 |2016_02_27 13:40:27|HISTORY_CMD: ls login_user:root |host_addr:192.168.0.105 |2016_02_27 13:40:29|HISTORY_CMD: lll login_user:root |host_addr:192.168.0.105 |2016_02_27 13:40:38|HISTORY_CMD: sd login_user:root |host_addr:192.168.0.105 |2016_02_27 13:40:44|HISTORY_CMD: exit login_user:root |host_addr:192.168.0.105 |2016_02_27 13:57:16|HISTORY_CMD: 9 login_user:root |host_addr:192.168.0.105 |2016_02_27 13:57:19|HISTORY_CMD: exit login_user:root |host_addr:192.168.0.105 |2016_02_27 14:02:53|HISTORY_CMD: 124578 login_user:root |host_addr:192.168.0.105 |2016_02_27 14:02:54|HISTORY_CMD: exit
shell 变量传入python脚本,修改后的源码脚本就不粘贴了。
[email protected]:~/baolei# cat remote.sh #!/bin/sh #created by liujianzuo list(){ #cd /home/liujianzuo/server/scripts echo "\033[33;1m########################################################\033[0m" awk ‘{printf "\033[35;1m%s:\t[%-4s]\t%20s\t%s\033[0m\n",NR,$2,$1,$NF}‘ remote_ip.log echo "\033[33;1m########################################################\033[0m\n" } wai_t(){ echo "\033[32;1m before choose items will be sleep a monent\033[0m\n" # for i in {1..3};do sleep 0.6 && echo -e "\033[35;1m..........................\033[0m";done #read -p "Please choose ip of top:" num while true do if [ -z $num ] && [ -z $username ];then read -p "Please choose ip of top:" num read -p "Please input your username:" username continue else break fi done IP=`awk -v ip=$num ‘NR == ip{printf "%s:\t[%10s]\t%-20s\t%s\n",NR,$2,$1,$NF}‘ remote_ip.log|awk ‘{print $NF}‘` } list wai_t python=`which python` echo $username $IP python demo.py $IP $username
还有几个bug要修改:
终端内切换ip,审计日志的ip要相应变化。
登陆服务器密码失败一次不退出。