Linux安全审计
Client:
OMAudit_agent.py
#!/usr/bin/env python #coding:utf-8 import sys import socket import fcntl import struct import logging from config import * import urllib,httplib socket.setdefaulttimeout(Connect_TimeOut) logging.basicConfig(level=logging.DEBUG, format='%(asctime)s [%(levelname)s] %(message)s', filename=sys.path[0]+'/omsys.log', filemode='a') if len(sys.argv)<6: logging.error('history not configured in /etc/profile!') sys.exit() def get_local_ip(ethname): try: sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM) addr = fcntl.ioctl(sock.fileno(),0x8915,struct.pack('256s',ethname)) return socket.inet_ntoa( addr[20:24] ) except Exception,e: logging.error('get localhost IP address error:'+str(e)) return "127.0.0.1" def pull_history(http_get_param=""): try: http_client = httplib.HTTPConnection(OMServer_address,80,timeout=Connect_TimeOut) http_client.request("GET",http_get_param) response = http_client.getresponse() if response.status != 200: logging.error('response http status error:'+str(response.status)) sys.exit() http_content = response.read().strip() if http_content != "OK": logging.error('response http content error:'+str(http_content)) sys.exit() except Exception,e: logging.error('connection django-cgi server error:'+str(e)) sys.exit() finally: if http_client: http_client.close() else: logging.error('connection django-cgi server unknown error.') sys.exit() Sysip = get_local_ip(Net_driver) SysUser = sys.argv[2] History_Id = sys.argv[1] History_date = sys.argv[3] History_time = sys.argv[4] History_command = "" #print(Sysip) #print(History_Id) #print(SysUser) #print(History_date) #print(History_time) #print('test'+sys.argv[0]) #print(sys.argv[5]) for i in range(5,len(sys.argv)): History_command+=sys.argv[i]+" " #s = "/omaudit_pull/?history_id="+History_Id+"&history_ip="+Sysip+"&history_user="+SysUser+"&history_command="+urllib.quote(History_command.strip()) s = "/omaudit_pull/?history_id="+History_Id+"&history_ip="+Sysip+"&history_user="+SysUser+ \ "&history_datetime="+History_date+urllib.quote(" ")+History_time+"&history_command="+urllib.quote(History_command.strip()) pull_history(s)
config.py:
# -*- coding: utf-8 -*- #!/user/bin/env python Net_driver = "eth0" OMServer_address = "*.*.*.*" Connect_TimeOut = 3
安装脚本:OMAudit_agent_install.sh
#!/bin/bash # -*- coding: utf-8 -*- yum -y install unzip zip mkdir -p /opt/platform/OMAudit/ touch /opt/platform/OMAudit/omsys.log unzip OMAudit_agent.zip -d /opt/platform/OMAudit chmod 777 -R /opt/platform/OMAudit/ cat >> /etc/profile << eof export HISTFILE=\$HOME/.bash_history export HISTSIZE=1000 export HISTFILESIZE=1000 export HISTCONTROL=ignoredups export HISTTIMEFORMAT="\`whoami\` %F %T " export PROMPT_COMMAND="history -a; history -c; history -r;"'/opt/platform/OMAudit/OMAudit_agent.py \$(history 1)' shopt -s histappend typeset -r PROMPT_COMMAND typeset -r HISTTIMEFORMAT eof sleep 3 source /etc/profile
Server: