def process_ssh_loginfail(strInfo): #Jun 16 09:10:43 localhost sshd[19679]: Failed password for test from 172.16.140.151 port 53307 ssh2 #Jun 27 05:46:38 localhost sshd[8715]: Failed password for invalid user 234 from 172.16.140.151 port 57583 ssh2 strList=strInfo.split(' ') if strInfo.find('from')<0: PrntLog.error('Failed process_ssh_loginfail: %s'%strInfo) return (usrname,clientIp,clientPort)= ['', '', ''] for i in range(len(strList)): if strList[i] == 'from': usrname=strList[i-1] clientIp=strList[i+1] clientPort=strList[i+3] break linkInfo={} linkInfo['USER_NAME'] = usrname linkInfo['CLIENT_IP'] = clientIp linkInfo['CLIENT_PORT'] = clientPort linkInfo['LOCAL_IP'] = get_host_ip() linkInfo['time'] = get_cuurent_time() (status, output) = commands.getstatusoutput('/usr/local/sagent-3000-ns/netstat -tpn|grep ' + clientIp + ':' + clientPort + '| awk \'{print $4}\'') localPort = output.split(':')[-1] proc_failed_login(clientIp, usrname, time.time(), localPort) #发送登录失败报文 strMsg = MsgWrap( linkInfo ).Msg_SSH_LogFail_Data( ) pf_oper.sendmsg( strMsg ) PrntLog.info('SSH login failed! usrname=%s clientIp=%s clientPort=%s '%(usrname,clientIp,clientPort))
def run(self): #从agent.conf中获取文件监视列表 watchList = [] try: configList = Config_agent.items('echo_cmd_watchlist') except Exception as e: PrntLog.error('inotify_log get watchList Failed. ') raise Exception('inotify_log get watchList Failed.') for info in configList: watchList.append(info[1]) for strPath in watchList: if not os.path.exists(strPath): os.makedirs(strPath) if os.path.exists(strPath): command = "chmod 777 " + strPath os.system(command) command = "chmod a+t " + strPath os.system(command) wm = pyinotify.WatchManager() #mask = pyinotify.IN_CREATE | pyinotify.IN_DELETE | pyinotify.IN_MODIFY | pyinotify.IN_MOVED_FROM mask = pyinotify.IN_MODIFY notifier = pyinotify.ThreadedNotifier(wm, OnIOHandler()) notifier.start() wm.add_watch(watchList, mask, rec=True, auto_add=True) PrntLog.info('cmd and echo: Start monitoring %s' % watchList) while True: #try: notifier.process_events() if notifier.check_events(): notifier.read_events()
def ChangePasswd(self, info): resInfo = {} resInfo['ID'] = info['ID'] resInfo['IP'] = info['IP'] resInfo['USER_NAME'] = info['USER_NAME'] salt = getsalt() passwd = crypt.crypt(info['PASSWD'], salt) cmdline = 'usermod -p %s %s' % (passwd, info['USER_NAME']) ret = os.system(cmdline) ret >>= 8 if ret == 0: resInfo['RESULT'] = 0 PrntLog.info('user %s change passwd successful ' % info['USER_NAME']) elif ret == 6: # 用户不存在 resInfo['RESULT'] = 1 PrntLog.error('user %s dose not exists ' % info['USER_NAME']) else: resInfo['RESULT'] = 2 PrntLog.info('Msg_ChangePasswd_Res_Data %s ' % resInfo) strMsg = opermsgpaser.Msg_ChangePasswd_Res_Data(resInfo) pf_oper.sendmsg(strMsg) return
def read_cmd_from_cmdfile_sendMsg(logPath, logName,linkInfo,itemDict): try: itemDict['ECHO_SIZE']=getEchofileSize(logPath,logName) fullFileName = os.path.join( logPath, logName ) f = open( fullFileName, 'r' ) f.seek(itemDict['CMD_OFFSET']) offset_flag=itemDict['CMD_OFFSET'] for i in range( 1000 ): line = f.readline( ).rstrip('\n') if line == '': break #跳过第一行 if(offset_flag==0): offset_flag = f.tell( ) continue PrntLog.info(line) #获取信息,发送操作报文 strMsg = MsgWrap( linkInfo, itemDict ).Msg_Cmd_DATA( line ) if strMsg!='': pf_oper.sendmsg( strMsg ) offset=f.tell() f.close() return offset except Exception as e: PrntLog.error('Failed read_cmd_from_cmdfile_sendMsg: %s '%e) PrntLog.error( "read_cmd_from_cmdfile_sendMsg fail: %s" % traceback.format_exc( ) ) if 'f' in locals( ): f.close( )
def get_ssh_linkInfo_from_logname(logName): strSplit=logName.split('-') if len(strSplit) != 7: PrntLog.error("Failed:get_ssh_linkInfo_from_logname %s " %logName) return False linkInfo = {} linkInfo['LOGIN_TYPE'] = 'ssh' linkInfo['CLIENT_IP'] = strSplit[0] linkInfo['CLIENT_PORT'] = strSplit[1] linkInfo['USER_NAME'] = strSplit[2] linkInfo['time'] = strSplit[3] linkInfo['TTY'] = strSplit[4] linkInfo['LOCAL_IP'] = strSplit[5] pos=0 for str in linkInfo['TTY']: if str.isdigit( ): break pos=pos+1 tty=linkInfo['TTY'][:pos]+'/'+linkInfo['TTY'][pos:] cmdline="ps -ef |grep -v grep |grep sshd |grep " + linkInfo['USER_NAME'] +" |grep "+tty +" | awk '{print $2}'" fp=os.popen(cmdline) linkInfo['PID_NUM'] = fp.readline( ).rstrip('\n') fp.close() if linkInfo['PID_NUM']== '': return False return linkInfo
def ChangeAccountName(self, info): resInfo = {} resInfo['ID'] = info['ID'] resInfo['IP'] = info['IP'] resInfo['USER_NAME'] = info['NEW_USERNAME'] cmdline = 'usermod -l %s %s' % (info['NEW_USERNAME'], info['USER_NAME']) ret = os.system(cmdline) ret >>= 8 if ret == 0: resInfo['RESULT'] = 0 global gCreateAccountrSet gCreateAccountrSet.remove(info['USER_NAME']) gCreateAccountrSet.add(info['NEW_USERNAME']) userListTofile() PrntLog.info('change account name %s to %s successful ' % (info['USER_NAME'], info['NEW_USERNAME'])) elif ret == 6: # 用户不存在 resInfo['RESULT'] = 1 PrntLog.error('user %s dose not exists ' % info['USER_NAME']) elif ret == 9: # 用户已存在 resInfo['RESULT'] = 2 PrntLog.error('user %s already exists ' % info['NEW_USERNAME']) else: resInfo['RESULT'] = 3 PrntLog.info('Msg_ChangeAccountName_Res_Data %s ' % resInfo) strMsg = opermsgpaser.Msg_ChangeAccountName_Res_Data(resInfo) pf_oper.sendmsg(strMsg) return
def DelAccount(self, info): resInfo = {} resInfo['ID'] = info['ID'] resInfo['IP'] = info['IP'] resInfo['USER_NAME'] = info['USER_NAME'] cmdline = 'userdel %s' % (info['USER_NAME']) ret = os.system(cmdline) ret >>= 8 if ret == 0: resInfo['RESULT'] = 0 global gCreateAccountrSet gCreateAccountrSet.remove(info['USER_NAME']) userListTofile() PrntLog.info('Del account %s successful ' % info['USER_NAME']) elif ret == 6: # 用户不存在 resInfo['RESULT'] = 1 PrntLog.error('Del account :user %s dose not exists ' % info['USER_NAME']) else: resInfo['RESULT'] = 2 PrntLog.info('Msg_DelAccount_Res_Data %s ' % resInfo) strMsg = opermsgpaser.Msg_DelAccount_Res_Data(resInfo) pf_oper.sendmsg(strMsg) return
def liccheckfunc(): global liblic ptr = liblic.lic_check() ret = ctypes.cast(ptr, ctypes.c_char_p).value havelicense = int(ret.split(' ')[0]) outdatetimestamp = int(ret.split(' ')[1]) liblic.freeme(ptr) outdate = datetime.fromtimestamp(outdatetimestamp).strftime( "%Y-%m-%d %H:%M:%S") if havelicense == 0: str = "You have not installed any license file yet!" PrntLog.error(str) print str licsystemnotify('') sys.exit(1) elif havelicense == 1: # 剩余30天开始提醒 if outdatetimestamp < time.time(): str = "Your license file expired in [" + outdate + "]!" licsystemnotify(str) PrntLog.error(str) elif (outdatetimestamp - 30 * 24 * 3600) < time.time(): str = "Your license file will expire in [" + outdate + "]!" licsystemnotify(str) PrntLog.info(str) else: licsystemnotify('') return
def HearBeat(self): try: global gLinkList # 做个链路保活检查 check_linkInfo_isAlive() for i in range( len( gLinkList ) - 1, -1, -1 ): item = gLinkList[i] if item['LOGIN_TYPE'] == 'ssh': #发送心跳报文 strMsg=MsgWrap(item).Msg_SSH_HeartBeat() pf_oper.sendmsg(strMsg) # 测试阻断操作 #strMsg = MsgWrap( item ).Msg_SSH_TestStopLink( ) #pf_oper.sendmsg( strMsg ) PrntLog.info('ssh heart beat: %s' %item) elif item['LOGIN_TYPE'] == 'x11': strMsg = MsgWrap( item ).Msg_X11_HeartBeat( ) pf_oper.sendmsg( strMsg ) #测试阻断操作 #strMsg = MsgWrap( item ).Msg_X11_TestStopLink( ) #pf_oper.sendmsg( strMsg ) PrntLog.info('x11 heart beat: %s' %item) elif item['LOGIN_TYPE'] == 'local': # 发送心跳报文 strMsg = MsgWrap( item ).Msg_LOCAL_HeartBeat( ) pf_oper.sendmsg( strMsg ) PrntLog.info('local heart beat: %s'%item) except Exception as e: PrntLog.error('Failed HearBeat: %s '%e) '''
def process_tty_loginfail(strInfo): #Jun 23 06:35:13 localhost login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty2 ruser= rhost= user=root -kylin #Jul 10 03:48:20 localhost login: FAILED LOGIN 2 FROM (null) FOR root, Authentication failure #Jul 10 04:12:43 localhost login: FAILED LOGIN 2 FROM (null) FOR reeewt, User not known to the underlying authentication module #Jan 31 03:31:43 nari-desktop login[32569]: FAILED LOGIN (1) on '/dev/tty2' FOR 'nari', Authentication failure -----ubuntu10 #Feb 1 21:57:37 debian login[1589]: FAILED LOGIN (1) on '/dev/tty3' FOR 'root', Authentication failure -----debian6.0 strList = strInfo.split( ' ' ) usrname='' if os_version["type"] == "debian" : for i in range( len( strList ) ): if strList[i] =='LOGIN' and strList[i+2] =='on' and strList[i+4] =='FOR' : usrname=strList[i+5].rstrip(',').strip('\'') break else: for i in range( len( strList ) ): if strList[i] =='LOGIN' and strList[i+2] =='FROM' and strList[i+4] =='FOR' : usrname=strList[i+5].rstrip(',') break if usrname=='': PrntLog.error('Failed process_tty_loginfail! strInfo= %s'%strInfo) return linkInfo = {} linkInfo['USER_NAME'] = usrname linkInfo['time'] = get_cuurent_time( ) linkInfo['LOCAL_IP'] = get_host_ip( ) PrntLog.info('tty login failed! usrname= %s '%usrname) # 发送tty登录失败报文 strMsg = MsgWrap( linkInfo ).Msg_LOCAL_LogFail_Data( ) pf_oper.sendmsg( strMsg )
def Parser_Log_Secure(self): global g_POS_LOG_SECURE try: # debian ubuntu if os_version["type"] == "debian": f = open( '/var/log/auth.log', 'r' ) # redhat centos and others else: f = open( '/var/log/secure', 'r' ) f.seek( 0, 2 ) endPos = f.tell( ) # secure日志轮转 if (g_POS_LOG_SECURE > endPos): g_POS_LOG_SECURE = 0 f.seek( g_POS_LOG_SECURE ) for i in range( 1000 ): line = f.readline( ).rstrip( '\n' ) if line == '': break PrntLog.info( line ) if 'session closed for user' in line and 'sshd' not in line: # 图形界面退出 包括本地和x11 process_session_loginout( line ) elif 'session closed for user' in line and 'sshd[' in line: # SSH退出登录流程 process_ssh_logout( line ) elif 'session opened for user' in line and 'sshd' not in line: #图形界面登录 包括本地和x11 process_session_login(line) ''' elif 'Received disconnect from' in line and 'sshd' in line: # SSH退出登录流程 PrntLog.info(line) process_ssh_logout( line ) ''' elif 'Failed password for ' in line and 'sshd[' in line: #SSH登录失败 process_ssh_loginfail(line) elif ('pam: gdm-password:'******'(gdm-password:auth)' in line) \ or ('gdm[' in line and '(gdm:auth)' in line)\ or ('(gdm-password:auth)' in line and 'gdm-password]' in line) \ or ('gdm-session-worker[' in line and ('(gdm:auth)' in line or '(gdm3:auth)' in line)): #x11 本地图形 登录失败 process_session_loginfail(line) elif ('login: FAILED LOGIN' in line) or ('FAILED LOGIN' in line and 'login[' in line) : #tty 登录失败 process_tty_loginfail( line ) g_POS_LOG_SECURE = f.tell( ) except Exception as e: PrntLog.error( 'Failed Parser_Log_Secure: %s' % e ) PrntLog.error( "Parser_Log_Secure fail: %s" % traceback.format_exc( ) ) finally: if 'f' in locals( ): f.close( )
def run(self): while True: try: message = sys_base.consume_data() for str in message: PrntLog.info('sys_base Recv kafka Msg:') operpaser.OperParserMsg(str.value) except Exception as e: PrntLog.error('Failed recvBaseCheckMsgFromKafka %s ' % e) time.sleep(5)
def verifyconfigfile(): if not os.path.exists('.agent.conf'): PrntLog.error('config file has not been protected!') sys.exit(1) output = commands.getoutput('diff agent.conf .agent.conf') if output != '': PrntLog.error( 'config file has been illegal modified! Recover original file!') output = commands.getoutput('rm -rf agent.conf') output = commands.getoutput('cp .agent.conf agent.conf') sys.exit(1)
def Msg_Echo_DATA(self, strLine): try: if self.LinkInfo['LOGIN_TYPE'] == 'ssh': return self.Msg_SSH_Echo_DATA(strLine) elif self.LinkInfo['LOGIN_TYPE'] == 'x11': return self.Msg_X11_Echo_DATA(strLine) elif self.LinkInfo['LOGIN_TYPE'] == 'local': return self.Msg_LOCAL_Echo_DATA(strLine) except Exception as e: PrntLog.error('Failed Msg_Echo_DATA: %s (Error:%s) ' % (strLine, e))
def Init_Log_Secure_Pos(self): global g_POS_LOG_SECURE try: # debian ubuntu if os_version["type"] == "debian": f = open( '/var/log/auth.log', 'r' ) # redhat centos and others else: f = open( '/var/log/secure', 'r' ) f.seek( 0, 2 ) g_POS_LOG_SECURE = f.tell( ) except Exception as e: PrntLog.error('Failed Init_Log_Secure_Pos: %s'%e) finally: if 'f' in locals( ): f.close( )
def dec_lib(libname, outfile): try: f = open(outfile) line = f.readline() f.close() out = xor_decrypt(line, 'WgQv^^!QSk*m') md5 = get_md5(libname) if out == md5: return 0 else: return -1 except Exception as e: PrntLog.error('dec_lib exception[%s]' % e) return -1
def get_local_linkInfo_from_logname(logName ): strSplit = logName.split( '-' ) if len( strSplit ) != 5: PrntLog.error("Failed:get_local_linkInfo_from_logname %s" % logName) return False linkInfo = {} linkInfo['LOGIN_TYPE'] = 'local' linkInfo['USER_NAME'] = strSplit[0] linkInfo['time'] = strSplit[1] linkInfo['TTY'] = strSplit[2] linkInfo['LOCAL_TYPE'] = strSplit[3] linkInfo['LOCAL_IP'] = get_host_ip() if not linkInfo['LOCAL_IP']: PrntLog.error('Failed: get_host_ip. %s ' % logName) return False #print(linkInfo) return linkInfo
def process_session_console_login(usrname): global gLinkList linkInfo = {} linkInfo['LOGIN_TYPE'] = 'local' linkInfo['LOCAL_TYPE'] = 'gdm' linkInfo['USER_NAME'] = usrname linkInfo['time'] = get_cuurent_time() linkInfo['LOCAL_IP'] = get_host_ip( ) if not linkInfo['LOCAL_IP']: PrntLog.error('Failed: get_host_ip. %s ' % usrname) return False gLinkList.append( linkInfo ) PrntLog.info('Add local session :%s'%linkInfo) # 发送本地登录消息报文 strMsg = MsgWrap( linkInfo ).Msg_LOCAL_Login_Data( ) pf_oper.sendmsg( strMsg ) PrntLog.info('local session login : usrname =%s localip=%s'%( usrname ,linkInfo['LOCAL_IP']))
def Msg_StopLink_Res_DATA(self): if self.LinkInfo['LOGIN_TYPE'] == 'ssh': msgType = 0x08 elif self.LinkInfo['LOGIN_TYPE'] == 'x11': msgType = 0x1b else: PrntLog.error('Failed Msg_StopLink_Res_DATA: %s' % self.LinkInfo['LOGIN_TYPE']) return strMsg = struct.pack('<B32s4sH4sQQ', msgType, self.LinkInfo['ID'], covert_ipaddr(self.LinkInfo['CLIENT_IP']), int(self.LinkInfo['CLIENT_PORT']), covert_ipaddr(self.LinkInfo['LOCAL_IP']), int(self.LinkInfo['time'].replace('_', '')[:-3]), int(get_cuurent_time().replace('_', '')[:-3])) PrntLog.info(PrtMsg(strMsg)) return strMsg
def stopLinkAndSendRes(self,operlinkInfo): try: global gLinkList PrntLog.info ('stopLinkAndSendRes: %s '% operlinkInfo) for i in range( len( gLinkList ) - 1, -1, -1 ): linkInfo = gLinkList[i] if operlinkInfo['IP'] == linkInfo['LOCAL_IP'] and operlinkInfo['PID_NUM'] == linkInfo['PID_NUM']: # 杀死指定进程 str = 'kill -16 ' + operlinkInfo['PID_NUM'] PrntLog.info(str) ret = os.system( str ) linkInfo['ID'] = operlinkInfo['ID'] # 发送响应报文 strMsg = MsgWrap( linkInfo ).Msg_StopLink_Res_DATA() pf_oper.sendmsg( strMsg ) gLinkList.remove( linkInfo ) PrntLog.info('Remove Link %s'%linkInfo) except Exception as e: PrntLog.error('Failed stopLinkAndSendRes: %s ' %e)
def Parser_Log(self,action, logPath, logName): try: #非log日志不处理 if logName[0] == '.'or logName.split('.')[-1] != 'log': return linkInfo = get_linkInfo_from_logname( logPath, logName ) if not linkInfo: PrntLog.info('Failed: get_linkInfo_from_logname %s'%logName) return False if (logPath.find( '/ssh' ) >= 0): parser_log_ssh(logPath, logName,linkInfo) elif (logPath.find( '/local' ) >= 0): parser_log_local( logPath, logName, linkInfo ) elif (logPath.find( '/x11' ) >= 0): parser_log_x11( logPath, logName, linkInfo ) except Exception as e: PrntLog.error('Failed Parser_Log: %s %s %s %s'%(action,logPath,logName,e)) PrntLog.error("Parser_Log fail: %s" % traceback.format_exc())
def report(self): try: pf_monitor.sendmsg("<5> " + get_prefix() + " " + self.cpuConfigInfo()) pf_monitor.sendmsg("<5> " + get_prefix() + " " + self.memConfigInfo()) pf_monitor.sendmsg("<5> " + get_prefix() + " " + self.DiskSizeInfo()) pf_monitor.sendmsg("<5> " + get_prefix() + " " + self.ModemInfo()) pf_monitor.sendmsg("<5> " + get_prefix() + " " + self.USBCountInfo()) pf_monitor.sendmsg("<5> " + get_prefix() + " " + self.SerialCount()) #pf_monitor.sendmsg("<5> " + get_prefix() + " " + self.ParaCount()) pf_monitor.sendmsg("<5> " + get_prefix() + " " + self.ethInfo()) pf_monitor.sendmsg("<5> " + get_prefix() + " " + self.OSInfo()) except Exception as e: PrntLog.error('ConfigInfor failed:%s' % e) PrntLog.error("ConfigInfor fail: %s" % traceback.format_exc()) return
def read_echo_from_echofile_sendMsg(logPath, logName,linkInfo,itemDict): try: fullFileName = os.path.join( logPath, logName ) f = open( fullFileName, 'r' ) fsize = os.path.getsize( fullFileName ) #print('ECHO_SIZE %s fsize %s %s'%(itemDict['ECHO_SIZE'],fsize,fullFileName)) if itemDict['ECHO_SIZE'] + 6*1024 < fsize : f.seek( 0, 2 ) offset = f.tell( ) f.close( ) return offset f.seek(itemDict['ECHO_OFFSET'],0) for i in range( 100 ): strLine='' for i in range(10): line = f.readline( ) #print('aa',line) if line == '': break else: strLine = strLine + line if strLine == '': break #PrntLog.info( strLine ) #获取信息,发送操作报文 strMsg = MsgWrap( linkInfo, itemDict).Msg_Echo_DATA(strLine) pf_oper.sendmsg( strMsg ) offset=f.tell() f.close() return offset except Exception as e: PrntLog.error('Failed read_echo_from_echofile_sendMsg: %s '%e) PrntLog.error( "read_echo_from_echofile_sendMsg fail: %s" % traceback.format_exc( ) ) if 'f' in locals( ): f.close( )
def user_perm_change(perf): try: user_info() watchList = ['/etc/'] wm = pyinotify.WatchManager() mask = pyinotify.IN_MODIFY #notifier = pyinotify.ThreadedNotifier(wm, OnIOHandler()) notifier = pyinotify.Notifier(wm, OnIOHandler()) #notifier.start() wm.add_watch(watchList, mask, rec=True, auto_add=True) PrntLog.info('user_perm_change: Start monitoring %s' % watchList) except Exception as e: PrntLog.error('user_perm_change init failed:%s' % e) PrntLog.error("user_perm_change fail: %s" % traceback.format_exc()) while True: try: notifier.process_events() if notifier.check_events(): notifier.read_events() except KeyboardInterrupt: notifier.stop() break
def run(self): global g_EventListSet, mutexEventSet while True: try: if len(g_EventListSet) > 0: if mutexEventSet.acquire(5): eventpathname = g_EventListSet.pop() mutexEventSet.release() filename = os.path.basename(eventpathname) filepath = os.path.dirname(eventpathname) if ('secure' == filename): logparser.Parser_Log_Secure() elif (filepath.find('/tmp/.record') >= 0): #prtstr = ("%s :Action modify file: %s " % (threading.current_thread().name,os.path.join( filepath, filename ))) #print(prtstr) #PrntLog.info( prtstr ) logparser.Parser_Log('modify', filepath, filename) time.sleep(1) except Exception as e: PrntLog.error('Failed ProcessNotifyEvent %s ' % e)
def critical_file_perm_change(perf): try: global AllDirDict global AllFileDict watchList = [] try: configList = Config_agent.items('critical_file_list') except Exception as e: PrntLog.error('critical_file_perm_change get watchList Failed. ') raise Exception('critical_file_perm_change get watchList Failed.') for info in configList: #对监控文件添加审计规则 auditOper.add_audit_to_file(info[1]) watchList.append(info[1]) #add by sunboyan 2017/8/17 (AllDirDict, AllFileDict) = getWatchListDict(watchList) mask = pyinotify.IN_MODIFY | pyinotify.IN_ATTRIB | pyinotify.IN_MOVED_FROM | pyinotify.IN_MOVED_TO | pyinotify.IN_CREATE | pyinotify.IN_DELETE watch_delay_call(watchList, delay_callback, mask) except Exception as e: PrntLog.error('critical_file_perm_change init failed:%s' % e)
def stopnetcard(info): import time time.sleep(5) PrntLog.info('stopnetcard :%s' % info) resInfo = {} resInfo['ID'] = info['ID'] resInfo['IP'] = info['IP'] netcard_info = get_netcard() for netinfo in netcard_info: cmdline = 'ifdown %s' % (netinfo[0]) ret = os.system(cmdline) ret >>= 8 if ret != 0: resInfo['RESULT'] = 0 PrntLog.error('stopnetcard failed! %s %s ' % (netinfo[0], netinfo[1])) strMsg = opermsgpaser.Msg_StopNetcard_Res_Data(resInfo) pf_oper.sendmsg(strMsg) else: PrntLog.info('stopnetcard sucessful! %s %s ' % (netinfo[0], netinfo[1])) return
def BaseLineCheck(self, info): resInfo = {} if '.xml' in info['XML_NAME']: info['XML_NAME'] = info['XML_NAME'].rstrip('.xml') resInfo['XML_NAME'] = info['XML_NAME'] cmdline = 'bash %s %s %s %s' % (info['SHELL_NAME'], info['IP'], info['CHECKLIST'], info['XML_NAME']) PrntLog.info('BaseLineCheck cmdline=%s' % cmdline) ret = os.system(cmdline) ret >>= 8 if ret == 0: resInfo['RESULT'] = 0 PrntLog.info('excute baseline check successful!') elif ret == 127: resInfo['RESULT'] = -1 PrntLog.error('no such shell file') elif ret == 2: resInfo['RESULT'] = -2 PrntLog.error('shell excute failed') else: resInfo['RESULT'] = -3 PrntLog.error('shell excute failed because of other causes ') # 获取xml文件大小 resInfo['XML_FILE'] = '' filename = r'/tmp/%s.xml' % info['XML_NAME'] if ret == 0 and os.path.exists(filename): # 读取文件内容 f = open(filename, 'r') for strline in f.readlines(): resInfo['XML_FILE'] = resInfo['XML_FILE'] + strline f.close() resInfo['XML_LENGTH'] = len(resInfo['XML_FILE']) else: resInfo['XML_LENGTH'] = 0 PrntLog.error('Failed BaseLineCheck') PrntLog.info('BaseLineCheck resInfo: %s' % resInfo) strMsg = opermsgpaser.Msg_Shell_Excute_Result(resInfo) pf_base.sendmsg(strMsg) return
def OperParserMsg(self, str): try: operlinkInfo = opermsgpaser.MsgParser(str) except Exception as e: PrntLog.error('OperParser Failed: %s' % e) return try: #检查消息是否属于本主机 if not operlinkInfo.has_key('IP'): return if not judge_ip_localhost(operlinkInfo['IP']): PrntLog.info('It is not own command.return. operlinkIp=%s' % (operlinkInfo['IP'])) return PrntLog.info('%s' % operlinkInfo) #阻断链路 if operlinkInfo['MsgType'] == 0x00 or operlinkInfo[ 'MsgType'] == 0x1A: logparser.stopLinkAndSendRes(operlinkInfo) #增加用户 elif operlinkInfo['MsgType'] == 0x40: self.AddNewAccount(operlinkInfo) #修改密码 elif operlinkInfo['MsgType'] == 0x42: self.ChangePasswd(operlinkInfo) #修改用户名 elif operlinkInfo['MsgType'] == 0x47: self.ChangeAccountName(operlinkInfo) #删除用户 elif operlinkInfo['MsgType'] == 0x44: self.DelAccount(operlinkInfo) #获取平台创建的用户列表 elif operlinkInfo['MsgType'] == 0x46: self.getCreateAccountList(operlinkInfo) # 基线核查 elif operlinkInfo['MsgType'] == 0x11: self.BaseLineCheck(operlinkInfo) #禁用网卡 elif operlinkInfo['MsgType'] == 0x50: #启动线程阻断网卡,并sleep 5,以保证kafka消费此条消息 threading.Thread(target=stopnetcard, args=(operlinkInfo, )).start() except Exception as e: PrntLog.error('Failed OperParser %s' % e) PrntLog.error("OperParser fail: %s" % traceback.format_exc())
def AddNewAccount(self, info): resInfo = {} resInfo['ID'] = info['ID'] resInfo['IP'] = info['IP'] cmdline = 'useradd %s' % info['USER_NAME'] ret = os.system(cmdline) ret >>= 8 if ret == 9: #用户已存在 resInfo['RESULT'] = 1 strMsg = opermsgpaser.Msg_AddNewCount_Res_Data(resInfo) pf_oper.sendmsg(strMsg) PrntLog.error('user %s already exists' % info['USER_NAME']) return elif ret != 0: #其他错误 resInfo['RESULT'] = 2 strMsg = opermsgpaser.Msg_AddNewCount_Res_Data(resInfo) pf_oper.sendmsg(strMsg) PrntLog.error('useradd %s unkown error!' % info['USER_NAME']) return #设置密码 salt = getsalt() passwd = crypt.crypt(info['PASSWD'], salt) cmdline = 'usermod -p %s %s' % (passwd, info['USER_NAME']) ret = os.system(cmdline) ret >>= 8 if ret == 0: #成功 resInfo['RESULT'] = 0 global gCreateAccountrSet gCreateAccountrSet.add(info['USER_NAME']) userListTofile() PrntLog.info('Msg_AddNewCount_Res_Data %s ' % resInfo) strMsg = opermsgpaser.Msg_AddNewCount_Res_Data(resInfo) pf_oper.sendmsg(strMsg) PrntLog.info('user %s add successful' % info['USER_NAME']) return else: resInfo['RESULT'] = 2 PrntLog.info('Msg_AddNewCount_Res_Data %s ' % resInfo) strMsg = opermsgpaser.Msg_AddNewCount_Res_Data(resInfo) pf_oper.sendmsg(strMsg) PrntLog.error('user %s set passwd failed ' % info['USER_NAME']) return