堡垒机2.0

 

一、编辑系统环境变量，让用户登录后自动调用脚本

vim /etc/profile
python /baolei/ssh_login.py
# 判断登录用户是否为 root 用户，root用户退出程序不进行logout操作，否则则logout
if [ $? != 10 ];then
        echo "Good Bye!"
        logout
fi

 

二、定时获取最新数据API && 堡垒机程序

　　1)、获取最新数据脚本

#!/usr/bin/env python
#-*- coding: UTF-8 -*-
#Author : Derrick.jiang
#Date   : 2015-3-3 PM
import os
os.system('rm -rf /baolei/conf/nodes && wget https://xxx/nodes && mv ./nodes /baolei/conf/')
fp = open("/baolei/conf/nodes", "r")
all = fp.read()
fp.close()
fp = open("/baolei/conf/nodes", "w")
fp.write(all.replace(r'\n', '\n').replace(r'"', ""))

　　2）：堡垒机程序

#!/usr/bin/env/python
#-*- coding: UTF-8 -*-
#coding = gbk
#author : derrick.jiang
#Email  : derrick.jiang@maichuang.net
import urllib2
import time
import json
import re
import sys,os
import commandsUSER_PATH = '/etc/passwd'
ACURRENT = commands.getoutput('whoami')
s = open('/baolei/conf/nodes')
q = s.read()
files = q.split('\n\n')r = re.compile(r'^\[')
s = open('/baolei/conf/nodes')
lines = s.readlines()
lines = [l for l in lines if r.match(l)]def check_ip(ipaddr):'Check that the IP is correct'q = ipaddr.split('.')return len(q) == 4 and len(filter(lambda x: x >= 0 and x <= 255,map(int, filter(lambda x: x.isdigit(), q)))) == 4select = []
def select_area():'选择登陆省市'global selectwhile True:os.system('clear')print '___'*15for index, province in enumerate(lines):print "%s. %s" % (index, province.strip())print ''print '~~~'*15print "IP: Enter The Ip Adress:"print "q : QUIT"print '___'*15area = raw_input("Please Select Area: ")if area.isdigit() == True and int(area) < len(files):os.system('clear')breakelif check_ip(area) == True:os.system('clear')os.system('/baolei/tilt/bin/ssh -o StrictHostKeyChecking=no -p port root@%s' %area)elif area == 'q':os.system('clear')sys.exit(0)else:passarea = int(area)select = files[area].split('\n')for i in select:print iprint '~~~'*15print "IP: Enter The Ip Adress:"print "q : QUIT"print "b : BACK"print '___'*15def select_server():'选择登陆的服务器IP'global selectwhile True:i = raw_input("Please Select Server: ")if i.isdigit() == True and int(i) >= 1 and int(i) < len(select):breakelif check_ip(i) == True:os.system('clear')os.system('/baolei/tilt/bin/ssh -o StrictHostKeyChecking=no -p port root@%s' %i)elif i == 'q':os.system('clear')sys.exit(0)elif i == 'b':select_area()else:passi = int(i)IP =  select[i].split()[-1]os.system('/baolei/tilt/bin/ssh -o StrictHostKeyChecking=no -p port root@%s' %IP)def users_name():try:fn = open(USER_PATH).readlines()users = [user.split(':')[0].strip() for user in fn if len(user.split(':')) == 7 and user.split(':')[-1].strip().endswith('sh')][1:] #过滤出非root用户except Exception as e:fn = open('/tmp/error_log', 'a')fn.write(str(e))fn.close()users = []return users
'''CHOOSE USER LOGIN
'''
if ACURRENT in users_name():while True:select_area()select_server()
else:exit(10) #非遍历内容内的用户都返回10 环境变量忽略执行

三、安装tilt交互式日志工具： 详见：http://www.keepbase.com/try-tilt/comment-page-1

四、更改日志保存格式：

import os
import shutil
import time
import commands
now_time = commands.getoutput('date -d "2 minute ago" +%Y-%m-%d')
dir = "/var/log/ssh_log/%s/" %now_time
if os.path.isdir(dir):  # 判断是否存在路径
    filelist = []
    filelist=os.listdir(dir)
    for i in filelist:
        NewFile = i.replace("-baolei-tilt-bin-ssh -o StrictHostKeyChecking=no -p port ","-")
        shutil.move(dir+i,dir+NewFile)
else:
    print ("Directory is not exit,please check dir...")
    time.sleep(1)
    exit()

五、将获取API脚本和更改日志名称脚本加入计划任务，定时执行：

0 4 * * * root python /baolei/wgetnewapi.py &> /dev/null
* * * * * root python /baolei/change_logname.py &> /dev/null

六、将所有程序和日志写入文件夹权限设置为允许所有用户访问。

七、在所有用户 ~/.ssh/目录下面放入可以远程至server端的私钥

==========================================================================

日志记录格式为：%D-%m-%d/username-date-user@IP   如：2015-04-22/Kevin-15:53:24-root@192.168.1.2

==========================================================================