码迷,mamicode.com
首页 > 系统相关 > 详细

Linux安全审计功能

时间:2018-02-07 15:08:39      阅读:219      评论:0      收藏:0      [点我收藏+]

标签:cti   bug   try   form   agent   .com   div   bin   arp   

Client:

OMAudit_agent.py

#!/usr/bin/env python
#coding:utf-8
import sys
import socket
import fcntl
import struct
import logging
from config import *
import urllib,httplib
socket.setdefaulttimeout(Connect_TimeOut)
logging.basicConfig(level=logging.DEBUG,
            format=%(asctime)s [%(levelname)s] %(message)s,
            filename=sys.path[0]+/omsys.log,
            filemode=a)

if len(sys.argv)<6:
    logging.error(history not configured in /etc/profile!)
    sys.exit()

def get_local_ip(ethname):
    try:
        sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
        addr = fcntl.ioctl(sock.fileno(),0x8915,struct.pack(256s,ethname))
        return socket.inet_ntoa( addr[20:24] )
    except Exception,e:
        logging.error(get localhost IP address error:+str(e))
        return "127.0.0.1"

def pull_history(http_get_param=""):
  try:
    http_client = httplib.HTTPConnection(OMServer_address,80,timeout=Connect_TimeOut)
    http_client.request("GET",http_get_param)
    response = http_client.getresponse()

    if response.status != 200:
        logging.error(response http status error:+str(response.status))
        sys.exit()

    http_content = response.read().strip()
    if http_content != "OK":
        logging.error(response http content error:+str(http_content))
        sys.exit()

  except Exception,e:
    logging.error(connection django-cgi server error:+str(e))
    sys.exit()

  finally:
    if http_client:
        http_client.close()
    else:
        logging.error(connection django-cgi server unknown error.)
        sys.exit()

Sysip = get_local_ip(Net_driver)
SysUser = sys.argv[2]
History_Id = sys.argv[1]
History_date = sys.argv[3]
History_time = sys.argv[4]
History_command = ""
#print(Sysip)
#print(History_Id)
#print(SysUser)
#print(History_date)
#print(History_time)
#print(test+sys.argv[0])
#print(sys.argv[5])
for i in range(5,len(sys.argv)):
    History_command+=sys.argv[i]+" "

#s = "/omaudit_pull/?history_id="+History_Id+"&history_ip="+Sysip+"&history_user="+SysUser+"&history_command="+urllib.quote(History_command.strip())
s = "/omaudit_pull/?history_id="+History_Id+"&history_ip="+Sysip+"&history_user="+SysUser+ "&history_datetime="+History_date+urllib.quote(" ")+History_time+"&history_command="+urllib.quote(History_command.strip())
pull_history(s)

 

config.py:

# -*- coding: utf-8 -*-
#!/user/bin/env python
Net_driver = "eth0"
OMServer_address = "omaudit.quark.com"
Connect_TimeOut = 3

  

安装脚本:OMAudit_agent_install.sh

#!/bin/bash
# -*- coding: utf-8 -*-
yum -y install unzip zip
mkdir -p /opt/platform/OMAudit/
touch /opt/platform/OMAudit/omsys.log
unzip OMAudit_agent.zip -d /opt/platform/OMAudit
chmod 777 -R /opt/platform/OMAudit/

cat >> /etc/profile << eof
export HISTFILE=\$HOME/.bash_history
export HISTSIZE=1000
export HISTFILESIZE=1000
export HISTCONTROL=ignoredups
export HISTTIMEFORMAT="\`whoami\` %F %T "
export PROMPT_COMMAND="history -a; history -c; history -r;"‘/opt/platform/OMAudit/OMAudit_agent.py \$(history 1)
shopt -s histappend
typeset -r PROMPT_COMMAND
typeset -r HISTTIMEFORMAT
eof
sleep 3
source /etc/profile

 

Server:

 

Linux安全审计功能

标签:cti   bug   try   form   agent   .com   div   bin   arp   

原文地址:https://www.cnblogs.com/cjsblogs/p/8276745.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!