CityHunter/backend/session_trackor.sh
#!/bin/bash
md5_str=$1
for i in $(seq 1 30);do
ssh_pid=`ps -ef |grep $md5_str |grep -v grep |grep -v session_tracker.sh|grep -v sshpass |awk '{print $2}'|sed -n '1p'`
echo "ssh session pid:$ssh_pid"
if [ "$ssh_pid" = "" ];then
sleep 1
continue
else
today=`date "+%Y_%m_%d"`
today_audit_dir="logs/audit/$today"
echo "today_audit_dir: $today_audit_dir"
if [ -d $today_audit_dir ]
then
echo " ----start tracking log---- "
else
echo "dir not exist"
echo " today dir: $today_audit_dir"
sudo mkdir -p $today_audit_dir
fi;
echo "FTL600@HH" | sudo -S /usr/bin/strace -ttt -p $ssh_pid -o "$today_audit_dir/$md5_str.log" # Ubuntu下直接执行sudo权限>不需要输入密码
break
fi;
done;
修改文件添加执行权限
chmod 755 session_trackor.sh sudo chown cityhunter:cityhunter session_trackor.sh
注: 脚本有执行权限才能执行,又因为我们在cityhunter用户的bashrc文件里写了执行user_enterpoint.py这个Py文件,该文件会调用 session_trackor.sh文件,所以需要我们更改属组
添加脚本到配置文件settings.py中
SESSION_TRACKER_SCRIPT = "%s/backend/session_trackor.sh" %BASE_DIR AUDIT_LOG_PATH = "%s/logs/audit" % BASE_DIR