运维审计系统

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了运维审计系统相关的知识,希望对你有一定的参考价值。

安装paramiko模块

wget http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.tar.gz

tar zxvf pycrypto-2.6.tar.gz

cd pycrypto-2.6

python setup.py build && python setup.py install

wget https://pypi.python.org/packages/source/p/paramiko/paramiko-1.12.1.tar.gz

tar zxvf paramiko-1.12.1.tar.gz

cd paramiko-1.12.1

python setup.py build && python setup.py install

创建一个用户

useradd abc


cd /home/abc

cp demo.py /home/abc/

cp interactive.py /home/abc/


chown abc:abc demo.py interactive.py


vim demo.py  ##更改部分内容

import base64

from binascii import hexlify

import getpass

import os

import select

import socket

import sys

import time

import traceback

import tab


import paramiko

import interactive



def agent_auth(transport, username):

    """

    Attempt to authenticate to the given transport using any of the private

    keys available from an SSH agent.

    """


    agent = paramiko.Agent()

    agent_keys = agent.get_keys()

    if len(agent_keys) == 0:

        return


    for key in agent_keys:

        print ‘Trying ssh-agent key %s‘ % hexlify(key.get_fingerprint()),

        try:

            transport.auth_publickey(username, key)

            print ‘... success!‘

            return

        except paramiko.SSHException:

            print ‘... nope.‘



def manual_auth(username, hostname):

    default_auth = ‘p‘

    auth = raw_input(‘Auth by (p)assword, (r)sa key, or (d)ss key? [%s] ‘ % default_auth)

    if len(auth) == 0:

        auth = default_auth


    if auth == ‘r‘:

        default_path = os.path.join(os.environ[‘HOME‘], ‘.ssh‘, ‘id_rsa‘)

        path = raw_input(‘RSA key [%s]: ‘ % default_path)

        if len(path) == 0:

            path = default_path

        try:

            key = paramiko.RSAKey.from_private_key_file(path)

        except paramiko.PasswordRequiredException:

            password = getpass.getpass(‘RSA key password: ‘)

            key = paramiko.RSAKey.from_private_key_file(path, password)

        t.auth_publickey(username, key)

    elif auth == ‘d‘:

        default_path = os.path.join(os.environ[‘HOME‘], ‘.ssh‘, ‘id_dsa‘)

        path = raw_input(‘DSS key [%s]: ‘ % default_path)

        if len(path) == 0:

            path = default_path

        try:

            key = paramiko.DSSKey.from_private_key_file(path)

        except paramiko.PasswordRequiredException:

            password = getpass.getpass(‘DSS key password: ‘)

            key = paramiko.DSSKey.from_private_key_file(path, password)

        t.auth_publickey(username, key)

    else:

        pw = getpass.getpass(‘Password for %[email protected]%s: ‘ % (username, hostname))

        t.auth_password(username, pw)



# setup logging

paramiko.util.log_to_file(‘demo.log‘)


username = ‘‘

if len(sys.argv) > 1:

    hostname = sys.argv[1]

    if hostname.find(‘@‘) >= 0:

        username, hostname = hostname.split(‘@‘)

else:

    hostname = raw_input(‘Hostname: ‘)

if len(hostname) == 0:

    print ‘*** Hostname required.‘

    sys.exit(1)

port = 22

if hostname.find(‘:‘) >= 0:

    hostname, portstr = hostname.split(‘:‘)

    port = int(portstr)


# now connect

try:

    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    sock.connect((hostname, port))

except Exception, e:

    print ‘*** Connect failed: ‘ + str(e)

    traceback.print_exc()

    sys.exit(1)


try:

    t = paramiko.Transport(sock)

    try:

        t.start_client()

    except paramiko.SSHException:

        print ‘*** SSH negotiation failed.‘

        sys.exit(1)


    try:

        keys = paramiko.util.load_host_keys(os.path.expanduser(‘~/.ssh/known_hosts‘))

    except IOError:

        try:

            keys = paramiko.util.load_host_keys(os.path.expanduser(‘~/ssh/known_hosts‘))

        except IOError:

            print ‘*** Unable to open host keys file‘

            keys = {}


    # check server‘s host key -- this is important.

    key = t.get_remote_server_key()

    if not keys.has_key(hostname):

        print ‘*** WARNING: Unknown host key!‘

    elif not keys[hostname].has_key(key.get_name()):

        print ‘*** WARNING: Unknown host key!‘

    elif keys[hostname][key.get_name()] != key:

        print ‘*** WARNING: Host key has changed!!!‘

        sys.exit(1)

    else:

        print ‘*** Host key OK.‘


    # get username

    if username == ‘‘:

        default_username = getpass.getuser()

        username = raw_input(‘Username [%s]: ‘ % default_username)

        if len(username) == 0:

            username = default_username


    agent_auth(t, username)

    if not t.is_authenticated():

        manual_auth(username, hostname)

    if not t.is_authenticated():

        print ‘*** Authentication failed. :(‘

        t.close()

        sys.exit(1)


    chan = t.open_session()

    chan.get_pty()

    chan.invoke_shell()

    print ‘*** Here we go!‘

    print

    interactive.interactive_shell(chan,username,hostname)

    chan.close()

    t.close()


except Exception, e:

    print ‘*** Caught exception: ‘ + str(e.__class__) + ‘: ‘ + str(e)

    traceback.print_exc()

    try:

        t.close()

    except:

        pass

    sys.exit(1)


vim interactive.py  ##更改部分内容

import base64

from binascii import hexlify

import getpass

import os

import select

import socket

import sys

import time

import traceback

import tab


import paramiko

import interactive



def agent_auth(transport, username):

    """

    Attempt to authenticate to the given transport using any of the private

    keys available from an SSH agent.

    """


    agent = paramiko.Agent()

    agent_keys = agent.get_keys()

    if len(agent_keys) == 0:

        return


    for key in agent_keys:

        print ‘Trying ssh-agent key %s‘ % hexlify(key.get_fingerprint()),

        try:

            transport.auth_publickey(username, key)

            print ‘... success!‘

            return

        except paramiko.SSHException:

            print ‘... nope.‘



def manual_auth(username, hostname):

    default_auth = ‘p‘

    auth = raw_input(‘Auth by (p)assword, (r)sa key, or (d)ss key? [%s] ‘ % defa

    if len(auth) == 0:

        auth = default_auth


    if auth == ‘r‘:

        default_path = os.path.join(os.environ[‘HOME‘], ‘.ssh‘, ‘id_rsa‘)

        path = raw_input(‘RSA key [%s]: ‘ % default_path)

        if len(path) == 0:

            path = default_path

        try:

            key = paramiko.RSAKey.from_private_key_file(path)

        except paramiko.PasswordRequiredException:

            password = getpass.getpass(‘RSA key password: ‘)

            key = paramiko.RSAKey.from_private_key_file(path, password)

        t.auth_publickey(username, key)

    elif auth == ‘d‘:

        default_path = os.path.join(os.environ[‘HOME‘], ‘.ssh‘, ‘id_dsa‘)

        path = raw_input(‘DSS key [%s]: ‘ % default_path)

        if len(path) == 0:

            path = default_path

        try:

            key = paramiko.DSSKey.from_private_key_file(path)

        except paramiko.PasswordRequiredException:

            password = getpass.getpass(‘DSS key password: ‘)

            key = paramiko.DSSKey.from_private_key_file(path, password)

        t.auth_publickey(username, key)

    else:

        pw = getpass.getpass(‘Password for %[email protected]%s: ‘ % (username, hostname))

        t.auth_password(username, pw)



# setup logging

paramiko.util.log_to_file(‘demo.log‘)


username = ‘‘

if len(sys.argv) > 1:

    hostname = sys.argv[1]

    if hostname.find(‘@‘) >= 0:

        username, hostname = hostname.split(‘@‘)

else:

    hostname = raw_input(‘Hostname: ‘)

if len(hostname) == 0:

    print ‘*** Hostname required.‘

    sys.exit(1)

port = 22

if hostname.find(‘:‘) >= 0:

    hostname, portstr = hostname.split(‘:‘)

    port = int(portstr)


# now connect

try:

    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

    sock.connect((hostname, port))

except Exception, e:

    print ‘*** Connect failed: ‘ + str(e)

    traceback.print_exc()

    sys.exit(1)


try:

    t = paramiko.Transport(sock)

    try:

        t.start_client()

    except paramiko.SSHException:

        print ‘*** SSH negotiation failed.‘

        sys.exit(1)


    try:

        keys = paramiko.util.load_host_keys(os.path.expanduser(‘~/.ssh/known_hos

    except IOError:

        try:

            keys = paramiko.util.load_host_keys(os.path.expanduser(‘~/ssh/known_

        except IOError:

            print ‘*** Unable to open host keys file‘

            keys = {}


    # check server‘s host key -- this is important.

    key = t.get_remote_server_key()

    if not keys.has_key(hostname):

        print ‘*** WARNING: Unknown host key!‘

    elif not keys[hostname].has_key(key.get_name()):

        print ‘*** WARNING: Unknown host key!‘

    elif keys[hostname][key.get_name()] != key:

        print ‘*** WARNING: Host key has changed!!!‘

        sys.exit(1)

    else:

        print ‘*** Host key OK.‘


    # get username

    if username == ‘‘:

        default_username = getpass.getuser()

        username = raw_input(‘Username [%s]: ‘ % default_username)

        if len(username) == 0:

            username = default_username


    agent_auth(t, username)

    if not t.is_authenticated():

        manual_auth(username, hostname)

    if not t.is_authenticated():

        print ‘*** Authentication failed. :(‘

        t.close()

        sys.exit(1)


    chan = t.open_session()

    chan.get_pty()

    chan.invoke_shell()

    print ‘*** Here we go!‘

    print

    interactive.interactive_shell(chan,username,hostname)

    chan.close()

    t.close()


except Exception, e:

    print ‘*** Caught exception: ‘ + str(e.__class__) + ‘: ‘ + str(e)

    traceback.print_exc()

    try:

        t.close()

    except:

        pass

    sys.exit(1)



[[email protected] audit_agent]# cat interactive.py

# Copyright (C) 2003-2007  Robey Pointer <[email protected]>

#

# This file is part of paramiko.

#

# Paramiko is free software; you can redistribute it and/or modify it under the

# terms of the GNU Lesser General Public License as published by the Free

# Software Foundation; either version 2.1 of the License, or (at your option)

# any later version.

#

# Paramiko is distributed in the hope that it will be useful, but WITHOUT ANY

# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR

# A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more

# details.

#

# You should have received a copy of the GNU Lesser General Public License

# along with Paramiko; if not, write to the Free Software Foundation, Inc.,

# 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA.



import socket

import sys,os,datetime,time,tab


# windows does not have termios...

try:

    import termios

    import tty

    has_termios = True

except ImportError:

    has_termios = False



def interactive_shell(chan,remoteuser,hostname):

    if has_termios:

        posix_shell(chan,remoteuser,hostname)

    else:

        windows_shell(chan)



def posix_shell(chan,remoteuser,hostname):

    import select


    oldtty = termios.tcgetattr(sys.stdin)

    try:

        tty.setraw(sys.stdin.fileno())

        tty.setcbreak(sys.stdin.fileno())

        chan.settimeout(0.0)


        record = []

        record_dic = {}


        day_time = time.strftime(‘%Y_%m_%d‘)

        #triaquae_path = tri_config.Working_dir

        f = open(‘/home/audit_agent/audit_%s_%s.log‘ % (day_time,remoteuser), ‘a‘)

        while True:

            data = time.strftime(‘%Y_%m_%d %H:%M:%S‘)

            r, w, e = select.select([chan, sys.stdin], [], [])

            if chan in r:

                try:

                    x = chan.recv(1024)

                    if len(x) == 0:

                        print ‘\r\n*** EOF\r\n‘,

                        break

                    sys.stdout.write(x)

                    sys.stdout.flush()

                except socket.timeout:

                    pass

            if sys.stdin in r:

                x = sys.stdin.read(1)

                if len(x) == 0:

                    break

                record.append(x)

                chan.send(x)


            if x == ‘\r‘:

               cmd = ‘‘.join(record).split(‘\r‘)[-2]

               log = "%s | %s | %s | %s\n" % (hostname,data,remoteuser,cmd)

               f.write(log)

               f.flush()

        f.close()



    finally:

        termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)



# thanks to Mike Looijmans for this code

def windows_shell(chan):

    import threading


    sys.stdout.write("Line-buffered terminal emulation. Press F6 or ^Z to send EOF.\r\n\r\n")


    def writeall(sock):

        while True:

            data = sock.recv(256)

            if not data:

                sys.stdout.write(‘\r\n*** EOF ***\r\n\r\n‘)

                sys.stdout.flush()

                break

            sys.stdout.write(data)

            sys.stdout.flush()


    writer = threading.Thread(target=writeall, args=(chan,))

    writer.start()


    try:

        while True:

            d = sys.stdin.read(1)

            if not d:

                break

            chan.send(d)

    except EOFError:

        # user hit ^Z or F6

        pass


从其他用户目录下拷贝.bashrc文件

vim .bachrc  ##在最护添加两行

python demo.py

logout


以上是关于运维审计系统的主要内容,如果未能解决你的问题,请参考以下文章

运维审计系统

运维审计系统是堡垒机么?跟堡垒机有啥区别?

运维审计系统是堡垒机么?跟堡垒机有啥区别?

IT运维审计系统是什么?有推荐的吗?

IT运维审计系统是什么?有推荐的吗?

运维日志审计是什么意思?用什么工具好?