#!/usr/local/bin/python3
# coding:utf-8
import string, subprocess, send_mail
from time import strftime, gmtime, sleep, re
import urllib.request, re
def filter_tags(htmlstr):
re_cdata = re.compile('//]*//\]\]>', re.I) # 匹配CDATA
re_script = re.compile(']*>[^', re.I) # Script
re_style = re.compile(']*>[^', re.I) # style
re_br = re.compile('
') # 处理换行
re_h = re.compile('?\w+[^>]*>') # HTML标签
re_comment = re.compile('') # HTML注释
s = re_cdata.sub('', htmlstr) # 去掉CDATA
s = re_script.sub('', s) # 去掉SCRIPT
s = re_style.sub('', s) # 去掉style
s = re_br.sub('\n', s) # 将br转换为换行
s = re_h.sub('', s) # 去掉HTML 标签
s = re_comment.sub('', s)
blank_line = re.compile('\n+')
s = blank_line.sub('\n', s)
return s
def ip_info(ip):
# url = 'http://ip.taobao.com/service/getIpInfo.php?ip=%s' % ip
url = 'http://www.ip.cn/index.php?ip=%s' % ip
f = urllib.request.Request(url)
f.add_header('User-Agent', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0')
response = ((urllib.request.urlopen(f)).read()).decode('utf-8')
ip_information = (filter_tags(response)).split('\n\t')[19]
return ip_information
tcptmpStr = (
((subprocess.Popen("ss -antp |grep -v LISTEN", shell=True, stdout=subprocess.PIPE)).stdout.read()).decode()).strip()
whiteIp = ['127.0.0.1', 'x.x.x.x', 'x.x.x.x']
whitePort = ['80', '22', '3306']
# udptmpStr = ((subprocess.check_output(["netstat", "-nulp"])).decode('utf-8')).strip()
# get tcp connect
#
# def getTCPservice(tcptmpStr):
tmpList = tcptmpStr.split("\n")
del tmpList[0]
# newList = []
for i in tmpList:
val = i.split()
del val[0:3]
valTmpip = (val[1].split(":"))[-2] # remote addr
valTmpprot = (val[0].split(":"))[-1] # local port
if valTmpip not in whiteIp and valTmpprot not in whitePort:
with open('/var/openresty/nginx/logs/suspicious.txt', 'a') as f:
current_time = '#================<< Capture Time : ' + strftime("%Y-%m-%d %H:%M:%S",
gmtime()) + ' >>==============\n'
f.write(current_time)
f.write(val[2] + '\n')
f.write(valTmpip + '\n')
sleep(5)
ipInfo = ip_info(valTmpip)
f.write(ipInfo)
# send_mail.sendMail('/var/openresty/nginx/logs/suspicious.txt')
之双目图像采集显示以及图片保存...)
