Exemplo n.º 1
0
    async def post(self, *args, **kwargs):
        # data = json.loads(self.request.body.decode("utf-8"))
        nickname = self.get_current_user()  # 这里使用useame 不用中文
        #if not self.is_superuser: return self.write(dict(code=-1, msg='你不是超级超级管理员,不能使用WebTerminal'))

        connect_server_info = dict()
        connect_server_info['nickname'] = nickname
        # 数据加密给Jimmy
        mc = MyCryptV2()
        # 加密数据
        # encrypt_data = mc.my_encrypt(str(connect_server_info))
        encrypt_data = mc.my_encrypt(str(connect_server_info))
        print(encrypt_data)
        ins_log.read_log('info', '加密后的数据是:{}'.format(encrypt_data))
        try:
            web_terminal_initialssh = '{0}/webterminal/initiallogin/'.format(WEB_TERMINAL)
            the_body = json.dumps(encrypt_data)
            http_client = httpclient.AsyncHTTPClient()
            response = await http_client.fetch(web_terminal_initialssh, method="POST", body=the_body,
                                               raise_error=False)
            response_data = json.loads(response.body.decode('utf-8'))
            if not response_data.get('status'):
                return self.write(dict(code=1, msg=response_data.get('message')))
            # 返回信息
            web_terminal_key = response_data['key']
            web_terminal_url = '{0}/logslist/'.format(WEB_TERMINAL)
            res_data = {
                "web_terminal_url": web_terminal_url,
                "web_terminal_key": web_terminal_key
            }
        except Exception as e:
            ins_log.read_log('error', '请求webterminal接口出错:{err}'.format(err=e))
            return self.write(dict(code=1, msg='请求webterminal接口出错:{err}'.format(err=e)))

        return self.write(dict(code=0, msg='Sucessfully', data=res_data))
Exemplo n.º 2
0
    def get_connect_info(self, asset_id):
        """
        获取连接主机的信息,如:IP , Port , User
        使用推送过去的系统用户+密钥进行链接
        :return:
        """

        system_user_list = self.get_system_user()
        for i in system_user_list:
            system_user = i.get('system_user')
            mc = MyCryptV2()
            _private_key_txt = mc.my_decrypt(i.get('id_rsa'))
            # 这里需要写到本地文件

        with DBContext('r') as session:
            server_info = session.query(Server.ip, Server.port, Server.detail).filter(
                Server.id == asset_id).first()
            ip = server_info[0]
            port = server_info[1]
            detail = server_info[2]

        connect_info = {
            'ip': ip,
            'port': port,
            'system_user': system_user,
            'private_key_txt': _private_key_txt,
            'detail': detail
        }
        return connect_info
Exemplo n.º 3
0
def main():
    """
    从接口获取已经启用的配置
    :return:
    """

    mc = MyCryptV2()
    huawei_configs_list = get_configs()
    if not huawei_configs_list:
        ins_log.read_log('error', '没有获取到华为云资产配置信息,跳过')
        return False
    for config in huawei_configs_list:
        access_id = config.get('access_id')
        access_key = mc.my_decrypt(config.get('access_key'))  # 解密后使用
        region = config.get('region')
        huawei_cloud = config.get('huawei_cloud')
        project_id = config.get('project_id')

        default_admin_user = config.get('default_admin_user')
        obj = HuaweiEcsApi(access_id=access_id,
                           access_key=access_key,
                           region=region,
                           cloud=huawei_cloud,
                           project_id=project_id,
                           default_admin_user=default_admin_user)
        obj.sync_cmdb()
Exemplo n.º 4
0
 def post(self):
     ebs_list = []
     mc = MyCryptV2()
     aws_configs_list = get_configs()
     if not aws_configs_list:
         ins_log.write_log('error', '没有获取到AWS资产配置信息,跳过')
         return False
     for config in aws_configs_list:
         access_id = config.get('access_id')
         access_key = mc.my_decrypt(config.get('access_key'))  # 解密后使用
         region = config.get('region')
         default_admin_user = config.get('default_admin_user')
         client = boto3.client('ec2',
                               region_name=region,
                               aws_access_key_id=access_id,
                               aws_secret_access_key=access_key)
         paginator = client.get_paginator('describe_volumes')
         page_iterator = paginator.paginate()
         filtered_iterator = page_iterator.search("Volumes[]")
         for i in filtered_iterator:
             if i['Attachments'] == []:
                 i['Attachments'] = '磁盘没有被使用'
                 i['CreateTime'] = i['CreateTime'].strftime("%Y-%m-%d")
                 i['Encrypted'] = 'false' if i['Encrypted'] == 0 else 'Trues'
                 print(i)
                 ebs_list.append(i)
     with DBContext('w', None, True) as session:
         session.execute('''TRUNCATE TABLE Unattach_Ebs''')
         session.bulk_insert_mappings(Unattach_Ebs, ebs_list)
         session.commit()
     self.write(dict(code=0, msg='获取并写入成功'))
Exemplo n.º 5
0
    def post(self, *args, **kwargs):
        data = json.loads(self.request.body.decode("utf-8"))
        name = data.get('name', None)  # 名称,也是唯一
        system_user = data.get('system_user', None)  # 系统用户
        platform_users = data.get('platform_users', [])  # 平台用户
        priority = data.get('priority', None)  # 优先级
        sudo_list = data.get('sudo_list', None)  # sudo权限
        bash_shell = data.get('bash_shell', None)  # sudo权限
        remarks = data.get('remarks', None)  # 备注

        if not name or not system_user or not priority or not sudo_list or not bash_shell:
            return self.write(dict(code=-2, msg='关键参数不能为空'))

        if not platform_users:
            return self.write(dict(code=-2, msg='请至少选择一个关联用户'))

        if not is_number(priority):
            return self.write(dict(code=-2, msg='优先级必须是数字'))

        with DBContext('r', None, True) as session:
            exist_id = session.query(SystemUser.id).filter(SystemUser.name == name).first()
            exist_priority = session.query(SystemUser.id).filter(SystemUser.priority == int(priority)).first()

        if exist_id:
            return self.write(dict(code=-2, msg='不要重复记录'))

        if exist_priority:
            return self.write(dict(code=-2, msg='优先级冲突'))

        # 新建一个系统用户用来登陆主机,此用户使用密钥认证登陆主机,密钥是自动生成的,生成后保存到数据库里面
        key_name = shortuuid.uuid()
        init_keygen_cmd = 'ssh-keygen -t rsa -P "" -f /tmp/{}'.format(key_name)
        code, ret = exec_shell(init_keygen_cmd)
        if code == 0:
            # 这个系统用户的公钥和私钥是根据name+system_user生成到/tmp下的
            with open('/tmp/{}'.format(key_name), 'r') as id_rsa, open(
                    '/tmp/{}.pub'.format(key_name), 'r') as id_rsa_pub:
                # 对密钥进行加密再写数据库
                mc = MyCryptV2()  # 实例化
                _private_key = mc.my_encrypt(id_rsa.read())
                _public_key = mc.my_encrypt(id_rsa_pub.read())
                # print('加密后的id_rsa--->',_private_key)
                # print('加密后的id_rsa_pub--->',_public_key)
                # print('解密公钥', mc.my_decrypt(_public_key))
                # 生成密钥对写入数据库
                with DBContext('w', None, True) as session:
                    new_system_user = SystemUser(name=name, system_user=system_user, priority=priority,
                                                 sudo_list=sudo_list,
                                                 bash_shell=bash_shell, id_rsa=_private_key, id_rsa_pub=_public_key,
                                                 platform_users=','.join(platform_users),
                                                 remarks=remarks)
                    session.add(new_system_user)
            return self.write(dict(code=0, msg='添加成功'))
        else:
            return self.write(dict(code=-4, msg=ret))
Exemplo n.º 6
0
    def configure_keyless(self):
        """
        配置系统用户免密钥登陆
        :return:
        """
        # connect_server_list = [('172.16.0.93', 22, 'root'), ('172.16.0.219', 22, 'root'),
        #                        ('2.2.2.2', 22, 'root')]

        connect_server_list = self.get_asset_info()
        system_user_list = self.get_system_user()

        for host in connect_server_list:
            ip = host[0]
            user = host[2]
            for data in system_user_list:
                mc = MyCryptV2()
                system_user = data.get('system_user')
                _public_key = mc.my_decrypt(data.get('id_rsa_pub'))  # 解密
                # print(_public_key)
                # module_args = '[ ! -d /home/{}/.ssh ] &&  mkdir /home/{}/.ssh &&  chmod 700 /home/{}/.ssh ; ' \
                #               '[ ! -f /home/{}/.ssh/authorized_keys ] &&  touch /home/{}/.ssh/authorized_keys;  ' \
                #               ' grep -c "{}" /home/{}/.ssh/authorized_keys >> /dev/null ||  echo "{}" >> /home/{}/.ssh/authorized_keys &&  chmod 600 /home/{}/.ssh/authorized_keys && echo ok'.format(
                #     system_user, system_user, system_user, system_user, system_user, _public_key, system_user,
                #     _public_key, system_user, system_user)

                module_args = '{sudo} [ ! -d /home/{system_user}/.ssh ]&& ' \
                              '{sudo} mkdir /home/{system_user}/.ssh &&' \
                              '{sudo} chmod 700 /home/{system_user}/.ssh ; ' \
                              '{sudo} [ ! -f /home/{system_user}/.ssh/authorized_keys ]&& ' \
                              '{sudo} touch /home/{system_user}/.ssh/authorized_keys; ' \
                              '{sudo} chown -R {system_user}.{system_user} /home/{system_user}/.ssh ; ' \
                              '{sudo} grep -c "{public_key}" /home/{system_user}/.ssh/authorized_keys >> /dev/null && ' \
                              'echo "is exist public_key, auto pass...." || ' \
                              '{sudo} echo "{public_key}" >> /home/{system_user}/.ssh/authorized_keys && ' \
                              '{sudo} chmod 600 /home/{system_user}/.ssh/authorized_keys && ' \
                              'echo ok'.format(sudo=self.sudo, system_user=system_user, public_key=_public_key)
                # print(module_args)

                result = self.run("shell", module_args, ip, user)

                print(result)
                if result['dark']:
                    self.err_msg = {
                        "status": False,
                        "ip": ip,
                        "msg": result['dark'][ip]['msg']
                    }
                    self.err_list.append(self.err_msg)

        if self.err_list:
            self.write_error_log()
Exemplo n.º 7
0
def main():
    """
    从接口获取已经启用的配置
    :return:
    """
    mc = MyCryptV2()
    aliyun_configs_list = get_configs()
    if not aliyun_configs_list:
        ins_log.read_log('error', '没有获取到阿里云资产配置信息,跳过')
        return False
    for config in aliyun_configs_list:
        access_id = config.get('access_id')
        access_key = mc.my_decrypt(config.get('access_key'))  # 解密后使用
        region = config.get('region')
        obj = RedisApi(access_id, access_key, region)
        obj.sync_cmdb()
Exemplo n.º 8
0
def main():
    """
    从接口获取已经启用的配置
    :return:
    """

    mc = MyCryptV2()
    qcloud_configs_list = get_configs()
    if not qcloud_configs_list:
        ins_log.read_log('error', '没有获取到腾讯云资产配置信息,跳过')
        return False
    for config in qcloud_configs_list:
        access_id = config.get('access_id')
        access_key = mc.my_decrypt(config.get('access_key'))  # 解密后使用
        region = config.get('region')
        obj = CDBApi(access_id, access_key, region)
        obj.index()
Exemplo n.º 9
0
Arquivo: ecs.py Projeto: fengjp/cmdb
def main():
    """
    从接口获取已经启用的配置
    :return:
    """
    mc = MyCryptV2()
    aliyun_configs_list = get_configs()
    if not aliyun_configs_list:
        ins_log.read_log('error', '没有获取到阿里云资产配置信息,跳过')
        return False
    for config in aliyun_configs_list:
        access_id = config.get('access_id')
        access_key = mc.my_decrypt(config.get('access_key'))  # 解密后使用
        region = config.get('region')
        default_admin_user = config.get('default_admin_user')

        obj = EcsAPi(access_id, access_key, region, default_admin_user)
        obj.index()
Exemplo n.º 10
0
def main():
    """
    从接口获取已经启用的配置
    :return:
    """

    mc = MyCryptV2()
    aws_configs_list = get_configs()
    if not aws_configs_list:
        ins_log.read_log('error', '没有获取到AWS资产配置信息,跳过')
        return False
    for config in aws_configs_list:
        access_id = config.get('access_id')
        access_key = mc.my_decrypt(config.get('access_key'))  # 解密后使用
        region = config.get('region')
        name = config.get('name')  # 名称
        obj = EventApi(account_name=name, access_id=access_id, access_key=access_key, region=region)
        obj.send_alert()
        obj.sync_cmdb()
Exemplo n.º 11
0
def main():
    mc = MyCryptV2()
    aws_configs_list = get_configs()
    if not aws_configs_list:
        ins_log.write_log('error', '没有获取到AWS资产配置信息,跳过')
        return False
    for config in aws_configs_list:
        access_id = config.get('access_id')
        access_key = mc.my_decrypt(config.get('access_key'))  # 解密后使用
        region = config.get('region')
        default_admin_user = config.get('default_admin_user')

        obj = ForDangersHandler(access_id, access_key, region,
                                default_admin_user)
        result = [i for i in obj.get_tags()]
    with DBContext('w', None) as session:
        session.execute('''TRUNCATE TABLE asset_tag''')
        session.bulk_insert_mappings(Tag, result)
        session.commit()
Exemplo n.º 12
0
def main():
    """
    从接口获取已经启用的配置
    :return:
    """
    mc = MyCryptV2()
    ucloud_configs_list = get_configs()
    if not ucloud_configs_list:
        ins_log.read_log('error', '没有获取到UCloud资产配置信息,跳过')
        return False
    for config in ucloud_configs_list:
        access_id = config.get('access_id')
        access_key = mc.my_decrypt(config.get('access_key'))  # 解密后使用
        region = config.get('region')
        default_admin_user = config.get('default_admin_user')
        project_id = config.get('project_id')
        obj = UHostAPI(access_id=access_id, access_key=access_key, region=region, default_admin_user=default_admin_user,
                       project_id=project_id)
        obj.sync_cmdb()
Exemplo n.º 13
0
from tornado import gen
from concurrent.futures import ThreadPoolExecutor
from tornado.concurrent import run_on_executor
from libs.base_handler import BaseHandler
from models.server import AssetConfigs, model_to_dict
from websdk.db_context import DBContext
from libs.aliyun.ecs import EcsAPi
from libs.qcloud.cvm import CVMApi
from libs.aws.ec2 import Ec2Api
from libs.aliyun.ecs import main as aliyun_update_main
from libs.qcloud.cvm import main as qcloud_update_main
from libs.aws.ec2 import main as aws_update_main
from websdk.web_logs import ins_log
from opssdk.operate import MyCryptV2

mc = MyCryptV2()  # 实例化


class AssetConfigsHandler(BaseHandler):
    def get(self, *args, **kwargs):
        key = self.get_argument('key', default=None, strip=True)
        value = self.get_argument('value', default=None, strip=True)
        asset_configs_list = []
        with DBContext('r') as session:
            if key and value:
                asset_configs_data = session.query(AssetConfigs).filter_by(
                    **{
                        key: value
                    }).all()
            else:
                asset_configs_data = session.query(AssetConfigs).all()
    def post(self):
        host_list = {}
        mc = MyCryptV2()
        aws_configs_list = get_configs()
        if not aws_configs_list:
            ins_log.write_log('error', '没有获取到AWS资产配置信息,跳过')
            self.write(dict(code=0, msg='没有获取到AWS资产配置信息,跳过'))
        for config in aws_configs_list:
            access_id = config.get('access_id')
            access_key = mc.my_decrypt(config.get('access_key'))  # 解密后使用
            region = config.get('region')
            default_admin_user = config.get('default_admin_user')

            obj = ForDangersHandler(access_id, access_key, region,
                                    default_admin_user)
            server_info = obj.get_server_info()
            for msg in server_info:
                if not host_list.get(str(msg)):
                    host_list[str(msg)] = obj  ## 字典去重 可能会有两个相同权限的ak/sk
        if not host_list:
            ins_log.read_log('info', 'Not fount server info...')
            print('Not Fount Server Info')
            self.write(dict(code=0, msg='没有从AWS接口里读到信息,跳过'))
        else:
            with DBContext('r') as session:
                db_record = session.query(Security_Host.server_instance_id,
                                          Security_Host.risk_port)
                all_instance_risk_pair, all_values = yield self.AwsQueryRiskPort(
                    host_list)
                if db_record.count() != 0:
                    for ins in db_record:
                        if ins.server_instance_id in all_instance_risk_pair.keys(
                        ):  ##数据库查到的是否在从aws取到的ID列表里
                            if ins.risk_port != all_instance_risk_pair[
                                    ins.
                                    server_instance_id]:  ##如果查询后发现从aws取到的风险端口和数据库存的不一致,则updates
                                session.query(Security_Host).filter(
                                    Security_Host.server_instance_id ==
                                    ins.server_instance_id).update({
                                        Security_Host.risk_port:
                                        all_instance_risk_pair[
                                            ins.server_instance_id]
                                    })
                                session.commit()
                                del all_instance_risk_pair[
                                    ins.server_instance_id]
                            else:  ##如果一致 则什么都不做
                                del all_instance_risk_pair[
                                    ins.
                                    server_instance_id]  ## 只要在数据库有记录的都删了 只剩下数据里没的机器 给另外一个维度的轮询用
                        else:  ###如果数据库里查到的 不在aws里,证明这个机器已经在aws端被删除,需要在数据库里删除
                            ins_log.write_log(
                                'warning',
                                'no exist server will  Deleted...%s' %
                                ins.server_instance_id)
                            session.query(Security_Host).filter(
                                Security_Host.server_instance_id ==
                                ins.server_instance_id).delete(
                                    synchronize_session=False)
                            session.commit()
                else:  ##数据库里无记录
                    session.bulk_insert_mappings(Security_Host, all_values)
                    session.commit()
                    all_instance_risk_pair.clear()

                if all_instance_risk_pair:  ##如果没被删空
                    miss_instance = [
                        i for i in all_values
                        if i['server_instance_id'] in all_instance_risk_pair
                    ]
                    print(len(miss_instance))
                    session.bulk_insert_mappings(Security_Host, miss_instance)
                    session.commit()  ##AWS云里有 但是数据库里没的部分
        self.write(dict(code=0, msg='获取并写入成功'))
Exemplo n.º 15
0
    async def post(self, *args, **kwargs):
        data = json.loads(self.request.body.decode("utf-8"))
        nickname = self.get_current_user()  # 获取username 不用中文名
        # id = self.get_argument('id', default=None, strip=True)
        server_id = data.get('server_id', None)

        if not server_id:
            return self.write(dict(code=-1, msg='关键参数不能为空'))

        server_list = []
        admin_user_list = []

        with DBContext('r') as session:
            server_info = session.query(Server).filter(
                Server.id == server_id).filter()
            for msg in server_info:
                data_dict = model_to_dict(msg)
                server_list.append(data_dict)
                data_dict['create_time'] = str(data_dict['create_time'])
                data_dict['update_time'] = str(data_dict['update_time'])

            if not server_list:
                return self.write(dict(code=-1, msg='没有发现IP'))

            if not self.is_superuser:
                return self.write(
                    dict(code=-1, msg='你不是超级超级管理员,不能使用WebTerminal'))

            admin_user = server_list[0]['admin_user']
            if not admin_user:
                return self.write(dict(code=-1, msg='此机器没有配置管理用户,请先配置管理用户'))

            admin_user_info = session.query(AdminUser).filter(
                AdminUser.admin_user == admin_user).filter()
            for admin_user_msg in admin_user_info:
                data_dict = model_to_dict(admin_user_msg)

                data_dict['update_time'] = str(data_dict['update_time'])
                admin_user_list.append(data_dict)

            try:
                connect_server_info = dict()
                connect_server_info['nickname'] = nickname
                connect_server_info['ip'] = server_list[0].get('ip')
                connect_server_info['public_ip'] = server_list[0].get(
                    'public_ip')
                connect_server_info['private_ip'] = server_list[0].get(
                    'private_ip')
                connect_server_info['port'] = server_list[0].get('port')
                connect_server_info['admin_user'] = server_list[0].get(
                    'admin_user')
                connect_server_info['system_user'] = admin_user_list[0].get(
                    'system_user')
                connect_server_info['user_key'] = admin_user_list[0].get(
                    'user_key')
            except (IndexError, KeyError) as err:
                ins_log.read_log('error', '解析的时候出错:{err}'.format(err=err))
                return False
            # print(connect_server_info)
            # 数据加密给Jimmy
            mc = MyCryptV2()
            # 加密数据
            encrypt_data = mc.my_encrypt(str(connect_server_info))
            ins_log.read_log('info', '加密后的数据是:{}'.format(encrypt_data))
            # # 解密方法
            # decrypt_data = mc.my_decrypt(encrypt_data)
            # # print(decrypt_data)
            # print('解密后的数据是:{}'.format(json.dumps(str(decrypt_data))))

            try:
                web_terminal_initialssh = '{0}/webterminal/initialssh/'.format(
                    WEB_TERMINAL)
                print(web_terminal_initialssh)
                the_body = json.dumps(encrypt_data)
                # 异步HTTPClient
                http_client = httpclient.AsyncHTTPClient()
                # 异步http_client请求
                response = await http_client.fetch(web_terminal_initialssh,
                                                   method="POST",
                                                   body=the_body,
                                                   raise_error=False)
                # 返回的数据都在body里面
                response_data = json.loads(response.body.decode('utf-8'))
                # print('response_data', response_data)
                if not response_data.get('status'):
                    return self.write(
                        dict(code=1, msg=response_data.get('message')))

                # 返回信息
                web_terminal_key = response_data['key']
                web_terminal_url = '{0}/webterminal/'.format(WEB_TERMINAL)
                # res_list = []
                res_data = {
                    "web_terminal_url": web_terminal_url,
                    "web_terminal_key": web_terminal_key
                }
                # res_list.append(res_data)

            except Exception as e:
                ins_log.read_log('error',
                                 '请求webterminal接口出错:{err}'.format(err=e))
                return self.write(
                    dict(code=1, msg='请求webterminal接口出错:{err}'.format(err=e)))

        return self.write(dict(code=0, msg='Sucessfully', data=res_data))