zoukankan      html  css  js  c++  java

  • Linux安全审计

    Client:

    OMAudit_agent.py

    #!/usr/bin/env python
#coding:utf-8
import sys
import socket
import fcntl
import struct
import logging
from config import *
import urllib,httplib
socket.setdefaulttimeout(Connect_TimeOut)
logging.basicConfig(level=logging.DEBUG,
            format='%(asctime)s [%(levelname)s] %(message)s',
            filename=sys.path[0]+'/omsys.log',
            filemode='a')

if len(sys.argv)<6:
    logging.error('history not configured in /etc/profile!')
    sys.exit()

def get_local_ip(ethname):
    try:
        sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
        addr = fcntl.ioctl(sock.fileno(),0x8915,struct.pack('256s',ethname))
        return socket.inet_ntoa( addr[20:24] )
    except Exception,e:
        logging.error('get localhost IP address error:'+str(e))
        return "127.0.0.1"

def pull_history(http_get_param=""):
  try:
    http_client = httplib.HTTPConnection(OMServer_address,80,timeout=Connect_TimeOut)
    http_client.request("GET",http_get_param)
    response = http_client.getresponse()

    if response.status != 200:
        logging.error('response http status error:'+str(response.status))
        sys.exit()

    http_content = response.read().strip()
    if http_content != "OK":
        logging.error('response http content error:'+str(http_content))
        sys.exit()

  except Exception,e:
    logging.error('connection django-cgi server error:'+str(e))
    sys.exit()

  finally:
    if http_client:
        http_client.close()
    else:
        logging.error('connection django-cgi server unknown error.')
        sys.exit()

Sysip = get_local_ip(Net_driver)
SysUser = sys.argv[2]
History_Id = sys.argv[1]
History_date = sys.argv[3]
History_time = sys.argv[4]
History_command = ""
#print(Sysip)
#print(History_Id)
#print(SysUser)
#print(History_date)
#print(History_time)
#print('test'+sys.argv[0])
#print(sys.argv[5])
for i in range(5,len(sys.argv)):
    History_command+=sys.argv[i]+" "

#s = "/omaudit_pull/?history_id="+History_Id+"&history_ip="+Sysip+"&history_user="+SysUser+"&history_command="+urllib.quote(History_command.strip())
s = "/omaudit_pull/?history_id="+History_Id+"&history_ip="+Sysip+"&history_user="+SysUser+ 
"&history_datetime="+History_date+urllib.quote(" ")+History_time+"&history_command="+urllib.quote(History_command.strip())
pull_history(s)

    config.py:

    # -*- coding: utf-8 -*-
#!/user/bin/env python
Net_driver = "eth0"
OMServer_address = "*.*.*.*"
Connect_TimeOut = 3

      

    安装脚本:OMAudit_agent_install.sh

    #!/bin/bash
# -*- coding: utf-8 -*-
yum -y install unzip zip
mkdir -p /opt/platform/OMAudit/
touch /opt/platform/OMAudit/omsys.log
unzip OMAudit_agent.zip -d /opt/platform/OMAudit
chmod 777 -R /opt/platform/OMAudit/

cat >> /etc/profile << eof
export HISTFILE=$HOME/.bash_history
export HISTSIZE=1000
export HISTFILESIZE=1000
export HISTCONTROL=ignoredups
export HISTTIMEFORMAT="\`whoami\` %F %T "
export PROMPT_COMMAND="history -a; history -c; history -r;"'/opt/platform/OMAudit/OMAudit_agent.py $(history 1)'
shopt -s histappend
typeset -r PROMPT_COMMAND
typeset -r HISTTIMEFORMAT
eof
sleep 3
source /etc/profile

    Server:
  • 相关阅读:
    angularjs学习笔记—事件指令
    JS编写点击页面弹出被点击的标签名
    对数据进行排序
    springBoot集成seata
    maven打包时根据不同的环境生成不同的jar包名称
    单列模式-双重锁校验解析
    hashmap原理简述
    Linux搭建disconf(二)
    Linux搭建dubbo-admin 分布式服务监控中心
    Linux安装zookeeper
  • 原文地址:https://www.cnblogs.com/cjsblogs/p/8276745.html
Copyright © 2011-2022 走看看