堡垒机
实现流程:
【登录堡垒机】--> 【选择服务器】 --> 【操作服务器,并记录操作】
实现:
1、创建堡垒机用户
adduser baolei
2、用户登录堡垒机后,自动执行脚本
配置 .bashrc
添加:
/usr/bin/python /home/baolei/baolei/bin/menu.py
logout #防止menu.py退出
3、堡垒机提示与用户对应的服务器
4、记录操作日志
用paramiko自带的demo模块实现ssh远程登录交换,二次修改后使其记录操作
修改:
demo.py登陆后调用interactive.py中的interactive_shell
interactive_shell会执行函数posix_shell(chan)
所以这里只需要修改posix_shell(chan)
默认端口为22,修改为可以手动选择端口,修改demo.py文件
再次执行demo.py远程输入退出后,可以查看日志文件已经成功记录
#################传参#################
#python demo.py 10.10.50.31 root
执行命令传入参数,去掉交互输入
host默认已经传入
传入参数user:
注释交互输入用户,传入argv[2]
传入参数pwd:
默认使用密码连接:
效果:
################################################################
终极效果:
菜单显示代码:
#!/usr/bin/env python
#encoding: utf-8
import os,sys
Base_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
sys.path.append(Base_DIR)
from modules import mydb
print Base_DIR
msg = """
\033[31;1mWelcome using yangmv auditing system!\033[0m
"""
print msg
host_dic = {
'test': [
'10.10.50.31',
'10.10.50.40',
],
'china': [
'www.china.com',
],
'fb': [
'www.fb1.com',
'www.fb2.com',
],
'ru': [
'www.ru1.com',
'www.ru2.com',
],
}
user_list = ['root','yangmv','bob']
group_list = host_dic.keys()
while True:
print '##########主机组#############'
for index, groups in enumerate(group_list, 1):
print index, groups
s_group = raw_input('please input host groups:')
if len(s_group) == 0:continue
if s_group == 'quit':
print 'GoodBye!'
break
try:
s_group = int(s_group)
host_group = group_list[s_group-1] #选择对应的主机组
host_list = host_dic[host_group] #主机中中的主机列表
while True:
print '##########主机列表#############'
for index,hostname in enumerate(host_list,1):
print '%s: %s'%(index,hostname)
show = raw_input('\033[31;1mpleas input hostname: \033[0m') #选择要连接的主机
if show == 'quit':
print 'quit this host groups!'
break
if len(show) == 0:continue
show = int(show)
try:
hostip = host_list[show-1] #获取选择的主机hostname
while True:
print '##########用户列表#############'
for index,user in enumerate(user_list,1):
print '%s: %s'%(index,user)
default_user = 1
s_user = raw_input('\033[32;1mpleas select login user:[root] \033[0m')
if len(s_user) == 0:
s_user = default_user
s_user = int(s_user)
username = user_list[s_user-1]
#pwd = mydb.db(hostip,username) #调用mysql,获取密码
pwd = mydb.list(hostip,username) #调用userlist,获取密码
if pwd == False:
print 'not found user pwd!'
break
print '\033[32;1mGoing to connect: %s@%s \033[0m'%(username,hostip)
print os.getcwd()
#os.chdir("/home/baolei/baolei/bin")
os.system("python demo.py %s %s %s"%(hostip,username,pwd)) #执行远程ssh交互模块
except IndexError,e:
print 'not found this number!,please again input'
except Exception,e:
print 'Error!!!',e
except Exception,e:
print 'Error!!!,please again input:',e
db存储/文本存储 代码:
#!/usr/bin/env python
#encoding: utf-8
import MySQLdb
def db(host,username):
conn = MySQLdb.connect(host='10.10.50.30',user='root',passwd='123456',db='yangmv')
cur = conn.cursor()
sql = "select * from user where hostname=%s and user=%s"
args = (host,username)
recount = cur.execute(sql,args)
data = cur.fetchall()
cur.close()
conn.close()
if data:
return data[0][3]
else:
return False
def list(host,username):
dic = {
'root':{'10.10.50.31':'123456',
'www.china.com':'111111',
'www.fb1.com':'222222',
'www.ru1.com':'333333',
'www.fb2'.com:'444444',
'www.ru2.com':'555555',
},
'yangmv':{'10.10.50.31':'123456',
'www.china.com':'123456'},
'bob':[],
}
data = dic[username][host]
if data:
print data
return data
else:
return False
