堡垒机2.0
一、编辑系统环境变量,让用户登录后自动调用脚本
1 vim /etc/profile 2 python /baolei/ssh_login.py 3 # 判断登录用户是否为 root 用户,root用户退出程序不进行logout操作,否则则logout 4 if [ $? != 10 ];then 5 echo "Good Bye!" 6 logout 7 fi
二、定时获取最新数据API && 堡垒机程序
1)、获取最新数据脚本
1 #!/usr/bin/env python 2 #-*- coding: UTF-8 -*- 3 #Author : Derrick.jiang 4 #Date : 2015-3-3 PM 5 import os 6 os.system('rm -rf /baolei/conf/nodes && wget https://xxx/nodes && mv ./nodes /baolei/conf/') 7 fp = open("/baolei/conf/nodes", "r") 8 all = fp.read() 9 fp.close() 10 fp = open("/baolei/conf/nodes", "w") 11 fp.write(all.replace(r'\n', '\n').replace(r'"', ""))
2):堡垒机程序
#!/usr/bin/env/python #-*- coding: UTF-8 -*- #coding = gbk #author : derrick.jiang #Email : derrick.jiang@maichuang.net import urllib2 import time import json import re import sys,os import commands USER_PATH = '/etc/passwd' ACURRENT = commands.getoutput('whoami') s = open('/baolei/conf/nodes') q = s.read() files = q.split('\n\n') r = re.compile(r'^\[') s = open('/baolei/conf/nodes') lines = s.readlines() lines = [l for l in lines if r.match(l)] def check_ip(ipaddr): 'Check that the IP is correct' q = ipaddr.split('.') return len(q) == 4 and len(filter(lambda x: x >= 0 and x <= 255,map(int, filter(lambda x: x.isdigit(), q)))) == 4 select = [] def select_area(): '选择登陆省市' global select while True: os.system('clear') print '___'*15 for index, province in enumerate(lines): print "%s. %s" % (index, province.strip()) print '' print '~~~'*15 print "IP: Enter The Ip Adress:" print "q : QUIT" print '___'*15 area = raw_input("Please Select Area: ") if area.isdigit() == True and int(area) < len(files): os.system('clear') break elif check_ip(area) == True: os.system('clear') os.system('/baolei/tilt/bin/ssh -o StrictHostKeyChecking=no -p port root@%s' %area) elif area == 'q': os.system('clear') sys.exit(0) else: pass area = int(area) select = files[area].split('\n') for i in select: print i print '~~~'*15 print "IP: Enter The Ip Adress:" print "q : QUIT" print "b : BACK" print '___'*15 def select_server(): '选择登陆的服务器IP' global select while True: i = raw_input("Please Select Server: ") if i.isdigit() == True and int(i) >= 1 and int(i) < len(select): break elif check_ip(i) == True: os.system('clear') os.system('/baolei/tilt/bin/ssh -o StrictHostKeyChecking=no -p port root@%s' %i) elif i == 'q': os.system('clear') sys.exit(0) elif i == 'b': select_area() else: pass i = int(i) IP = select[i].split()[-1] os.system('/baolei/tilt/bin/ssh -o StrictHostKeyChecking=no -p port root@%s' %IP) def users_name(): try: fn = open(USER_PATH).readlines() users = [user.split(':')[0].strip() for user in fn if len(user.split(':')) == 7 and user.split(':')[-1].strip().endswith('sh')][1:] #过滤出非root用户 except Exception as e: fn = open('/tmp/error_log', 'a') fn.write(str(e)) fn.close() users = [] return users ''' CHOOSE USER LOGIN ''' if ACURRENT in users_name(): while True: select_area() select_server() else: exit(10) #非遍历内容内的用户都返回10 环境变量忽略执行
三、安装tilt交互式日志工具: 详见:http://www.keepbase.com/try-tilt/comment-page-1
四、更改日志保存格式:
1 import os 2 import shutil 3 import time 4 import commands 5 now_time = commands.getoutput('date -d "2 minute ago" +%Y-%m-%d') 6 dir = "/var/log/ssh_log/%s/" %now_time 7 if os.path.isdir(dir): # 判断是否存在路径 8 filelist = [] 9 filelist=os.listdir(dir) 10 for i in filelist: 11 NewFile = i.replace("-baolei-tilt-bin-ssh -o StrictHostKeyChecking=no -p port ","-") 12 shutil.move(dir+i,dir+NewFile) 13 else: 14 print ("Directory is not exit,please check dir...") 15 time.sleep(1) 16 exit()
五、将获取API脚本和更改日志名称脚本加入计划任务,定时执行:
0 4 * * * root python /baolei/wgetnewapi.py &> /dev/null
* * * * * root python /baolei/change_logname.py &> /dev/null
六、将所有程序和日志写入文件夹权限设置为允许所有用户访问。
七、在所有用户 ~/.ssh/目录下面放入可以远程至server端的私钥
==========================================================================
日志记录格式为:%D-%m-%d/username-date-user@IP 如:2015-04-22/Kevin-15:53:24-root@192.168.1.2
==========================================================================
请查看新博客:www.vhosts.cn
