當(dāng)前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

堡垒机2.0

發(fā)布時(shí)間：2023/12/1 编程问答 35 豆豆

生活随笔收集整理的這篇文章主要介紹了堡垒机2.0 小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.

一、編輯系統(tǒng)環(huán)境變量，讓用戶登錄后自動(dòng)調(diào)用腳本

1 vim /etc/profile 2 python /baolei/ssh_login.py 3 # 判斷登錄用戶是否為 root 用戶，root用戶退出程序不進(jìn)行l(wèi)ogout操作，否則則logout 4 if [ $? != 10 ];then 5 echo "Good Bye!" 6 logout 7 fi

二、定時(shí)獲取最新數(shù)據(jù)API && 堡壘機(jī)程序

　　1)、獲取最新數(shù)據(jù)腳本

1 #!/usr/bin/env python 2 #-*- coding: UTF-8 -*- 3 #Author : Derrick.jiang 4 #Date : 2015-3-3 PM 5 import os 6 os.system('rm -rf /baolei/conf/nodes && wget https://xxx/nodes && mv ./nodes /baolei/conf/') 7 fp = open("/baolei/conf/nodes", "r") 8 all = fp.read() 9 fp.close() 10 fp = open("/baolei/conf/nodes", "w") 11 fp.write(all.replace(r'\n', '\n').replace(r'"', ""))

　　2）：堡壘機(jī)程序

#!/usr/bin/env/python #-*- coding: UTF-8 -*- #coding = gbk #author : derrick.jiang #Email : derrick.jiang@maichuang.net import urllib2 import time import json import re import sys,os import commandsUSER_PATH = '/etc/passwd' ACURRENT = commands.getoutput('whoami') s = open('/baolei/conf/nodes') q = s.read() files = q.split('\n\n')r = re.compile(r'^\[') s = open('/baolei/conf/nodes') lines = s.readlines() lines = [l for l in lines if r.match(l)]def check_ip(ipaddr):'Check that the IP is correct'q = ipaddr.split('.')return len(q) == 4 and len(filter(lambda x: x >= 0 and x <= 255,map(int, filter(lambda x: x.isdigit(), q)))) == 4select = [] def select_area():'選擇登陸省市'global selectwhile True:os.system('clear')print '___'*15for index, province in enumerate(lines):print "%s. %s" % (index, province.strip())print ''print '~~~'*15print "IP: Enter The Ip Adress:"print "q : QUIT"print '___'*15area = raw_input("Please Select Area: ")if area.isdigit() == True and int(area) < len(files):os.system('clear')breakelif check_ip(area) == True:os.system('clear')os.system('/baolei/tilt/bin/ssh -o StrictHostKeyChecking=no -p port root@%s' %area)elif area == 'q':os.system('clear')sys.exit(0)else:passarea = int(area)select = files[area].split('\n')for i in select:print iprint '~~~'*15print "IP: Enter The Ip Adress:"print "q : QUIT"print "b : BACK"print '___'*15def select_server():'選擇登陸的服務(wù)器IP'global selectwhile True:i = raw_input("Please Select Server: ")if i.isdigit() == True and int(i) >= 1 and int(i) < len(select):breakelif check_ip(i) == True:os.system('clear')os.system('/baolei/tilt/bin/ssh -o StrictHostKeyChecking=no -p port root@%s' %i)elif i == 'q':os.system('clear')sys.exit(0)elif i == 'b':select_area()else:passi = int(i)IP = select[i].split()[-1]os.system('/baolei/tilt/bin/ssh -o StrictHostKeyChecking=no -p port root@%s' %IP)def users_name():try:fn = open(USER_PATH).readlines()users = [user.split(':')[0].strip() for user in fn if len(user.split(':')) == 7 and user.split(':')[-1].strip().endswith('sh')][1:] #過濾出非root用戶except Exception as e:fn = open('/tmp/error_log', 'a')fn.write(str(e))fn.close()users = []return users '''CHOOSE USER LOGIN ''' if ACURRENT in users_name():while True:select_area()select_server() else:exit(10) #非遍歷內(nèi)容內(nèi)的用戶都返回10 環(huán)境變量忽略執(zhí)行

三、安裝tilt交互式日志工具：詳見：http://www.keepbase.com/try-tilt/comment-page-1

四、更改日志保存格式：

1 import os 2 import shutil 3 import time 4 import commands 5 now_time = commands.getoutput('date -d "2 minute ago" +%Y-%m-%d') 6 dir = "/var/log/ssh_log/%s/" %now_time 7 if os.path.isdir(dir): # 判斷是否存在路徑 8 filelist = [] 9 filelist=os.listdir(dir) 10 for i in filelist: 11 NewFile = i.replace("-baolei-tilt-bin-ssh -o StrictHostKeyChecking=no -p port ","-") 12 shutil.move(dir+i,dir+NewFile) 13 else: 14 print ("Directory is not exit,please check dir...") 15 time.sleep(1) 16 exit()

五、將獲取API腳本和更改日志名稱腳本加入計(jì)劃任務(wù)，定時(shí)執(zhí)行：

0 4 * * * root python /baolei/wgetnewapi.py &> /dev/null * * * * * root python /baolei/change_logname.py &> /dev/null

六、將所有程序和日志寫入文件夾權(quán)限設(shè)置為允許所有用戶訪問。

七、在所有用戶 ~/.ssh/目錄下面放入可以遠(yuǎn)程至server端的私鑰

==========================================================================

日志記錄格式為：%D-%m-%d/username-date-user@IP ? 如：2015-04-22/Kevin-15:53:24-root@192.168.1.2

==========================================================================

轉(zhuǎn)載于:https://www.cnblogs.com/cpy-devops/p/4447721.html

總結(jié)

以上是生活随笔為你收集整理的堡垒机2.0的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。

堡垒

上一篇：郑少秋和阿兰德龙，俩人颜值几几开？
下一篇： poj 1862 Stripies/优先