zoukankan      html  css  js  c++  java
  • Linux安全审计

    Client:

    OMAudit_agent.py

    #!/usr/bin/env python
    #coding:utf-8
    import sys
    import socket
    import fcntl
    import struct
    import logging
    from config import *
    import urllib,httplib
    socket.setdefaulttimeout(Connect_TimeOut)
    logging.basicConfig(level=logging.DEBUG,
                format='%(asctime)s [%(levelname)s] %(message)s',
                filename=sys.path[0]+'/omsys.log',
                filemode='a')
    
    if len(sys.argv)<6:
        logging.error('history not configured in /etc/profile!')
        sys.exit()
    
    def get_local_ip(ethname):
        try:
            sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
            addr = fcntl.ioctl(sock.fileno(),0x8915,struct.pack('256s',ethname))
            return socket.inet_ntoa( addr[20:24] )
        except Exception,e:
            logging.error('get localhost IP address error:'+str(e))
            return "127.0.0.1"
    
    def pull_history(http_get_param=""):
      try:
        http_client = httplib.HTTPConnection(OMServer_address,80,timeout=Connect_TimeOut)
        http_client.request("GET",http_get_param)
        response = http_client.getresponse()
    
        if response.status != 200:
            logging.error('response http status error:'+str(response.status))
            sys.exit()
    
        http_content = response.read().strip()
        if http_content != "OK":
            logging.error('response http content error:'+str(http_content))
            sys.exit()
    
      except Exception,e:
        logging.error('connection django-cgi server error:'+str(e))
        sys.exit()
    
      finally:
        if http_client:
            http_client.close()
        else:
            logging.error('connection django-cgi server unknown error.')
            sys.exit()
    
    Sysip = get_local_ip(Net_driver)
    SysUser = sys.argv[2]
    History_Id = sys.argv[1]
    History_date = sys.argv[3]
    History_time = sys.argv[4]
    History_command = ""
    #print(Sysip)
    #print(History_Id)
    #print(SysUser)
    #print(History_date)
    #print(History_time)
    #print('test'+sys.argv[0])
    #print(sys.argv[5])
    for i in range(5,len(sys.argv)):
        History_command+=sys.argv[i]+" "
    
    #s = "/omaudit_pull/?history_id="+History_Id+"&history_ip="+Sysip+"&history_user="+SysUser+"&history_command="+urllib.quote(History_command.strip())
    s = "/omaudit_pull/?history_id="+History_Id+"&history_ip="+Sysip+"&history_user="+SysUser+ 
    "&history_datetime="+History_date+urllib.quote(" ")+History_time+"&history_command="+urllib.quote(History_command.strip())
    pull_history(s)

    config.py:

    # -*- coding: utf-8 -*-
    #!/user/bin/env python
    Net_driver = "eth0"
    OMServer_address = "*.*.*.*"
    Connect_TimeOut = 3
    

      

    安装脚本:OMAudit_agent_install.sh

    #!/bin/bash
    # -*- coding: utf-8 -*-
    yum -y install unzip zip
    mkdir -p /opt/platform/OMAudit/
    touch /opt/platform/OMAudit/omsys.log
    unzip OMAudit_agent.zip -d /opt/platform/OMAudit
    chmod 777 -R /opt/platform/OMAudit/
    
    cat >> /etc/profile << eof
    export HISTFILE=$HOME/.bash_history
    export HISTSIZE=1000
    export HISTFILESIZE=1000
    export HISTCONTROL=ignoredups
    export HISTTIMEFORMAT="\`whoami\` %F %T "
    export PROMPT_COMMAND="history -a; history -c; history -r;"'/opt/platform/OMAudit/OMAudit_agent.py $(history 1)'
    shopt -s histappend
    typeset -r PROMPT_COMMAND
    typeset -r HISTTIMEFORMAT
    eof
    sleep 3
    source /etc/profile

    Server:

  • 相关阅读:
    云栖大会|盛宴之下,共赴一场视频云的进化论
    云栖大会|感受万物数字化,体验千行视频化
    浅谈语音质量保障:如何测试 RTC 中的音频质量?
    一朵云、一张网、一体化 ——GRTN 打造最佳流媒体场景实践
    穿越时空,跟我一起探索云栖数字谷(2021云栖大会免费送票)
    如何实现 iOS 短视频跨页面的无痕续播?
    如何实现 Android 短视频跨页面的流畅续播?
    揭秘盒马鲜生 Android 短视频秒播优化方案
    SQLServer2012SP1-FullSlipstream-CHS-x64标准版.iso
    mes系统是做什么的?MES是什么全称是什么?
  • 原文地址:https://www.cnblogs.com/cjsblogs/p/8276745.html
Copyright © 2011-2022 走看看