审计系统---堡垒机项目之监测进程脚本

CityHunter/backend/session_trackor.sh

#!/bin/bash

md5_str=$1
for i in $(seq 1 30);do
   ssh_pid=`ps -ef |grep $md5_str |grep -v grep |grep -v session_tracker.sh|grep -v sshpass |awk '{print $2}'|sed -n '1p'`
   echo "ssh session pid:$ssh_pid"
   if [ "$ssh_pid" = "" ];then
      sleep 1
      continue
   else
        today=`date  "+%Y_%m_%d"`
        today_audit_dir="logs/audit/$today"
        echo "today_audit_dir: $today_audit_dir"
        if [ -d $today_audit_dir ]
        then
            echo " ----start tracking log---- "
        else
            echo "dir not exist"
            echo " today dir: $today_audit_dir"
            sudo mkdir -p $today_audit_dir
        fi;
        echo "FTL600@HH" | sudo -S /usr/bin/strace -ttt -p $ssh_pid -o "$today_audit_dir/$md5_str.log"    # Ubuntu下直接执行sudo权限>不需要输入密码
      break
   fi;
done;

修改文件添加执行权限

chmod 755 session_trackor.sh
sudo chown cityhunter:cityhunter session_trackor.sh 

注： 脚本有执行权限才能执行，又因为我们在cityhunter用户的bashrc文件里写了执行user_enterpoint.py这个Py文件，该文件会调用 session_trackor.sh文件，所以需要我们更改属组

添加脚本到配置文件settings.py中

SESSION_TRACKER_SCRIPT = "%s/backend/session_trackor.sh" %BASE_DIR 
AUDIT_LOG_PATH = "%s/logs/audit" % BASE_DIR