Linux Security Audit function

Client:

omaudit_agent.py

#!/usr/bin/Env Python#coding:utf-8import sysimport socketimport fcntlimportstructImport Logging fromConfig Import *Import urllib,httplibsocket.setdefaulttimeout (connect_timeout) logging.basicconfig ( level=logging. DEBUG, Format='% (asctime) s [% (levelname) s]% (message) s', filename=sys.path[0]+'/omsys.log', FileMode='a')ifLen (SYS.ARGV) <6: Logging.error ('History not configured in/etc/profile!') sys.exit () def get_local_ip (ethname):Try: Sock=Socket.socket (Socket.af_inet,socket. SOCK_DGRAM) Addr= Fcntl.ioctl (Sock.fileno (),0x8915,struct. Pack ('256s', Ethname)) returnSocket.inet_ntoa (addr[ -: -]) except Exception,e:logging.error ('get localhost IP address error:'+str (e))return "127.0.0.1"def pull_history (Http_get_param=""):  Try: Http_client= Httplib. Httpconnection (Omserver_address, the, timeout=connect_timeout) http_client.request ("GET", Http_get_param) Response=Http_client.getresponse ()ifResponse.Status! = $: Logging.error ('Response HTTP status error:'+str (response.status)) sys.exit () http_content=Response.read (). Strip ()ifHttp_content! ="OK": Logging.error ('Response HTTP Content error:'+str (http_content)) Sys.exit () except Exception,e:logging.error ('Connection django-cgi Server error:'+str (e)) Sys.exit ()finally:    ifhttp_client:http_client.close ()Else: Logging.error ('Connection django-cgi Server unknown error.') sys.exit () Sysip=get_local_ip (net_driver) Sysuser= sys.argv[2]history_id= sys.argv[1]history_date= sys.argv[3]history_time= sys.argv[4]history_command=""#print (SYSIP) #print (history_id) #print (sysuser) #print (history_date) #print (history_time) #print ('Test'+sys.argv[0]) #print (sys.argv[5]) forIinchRange5, Len (SYS.ARGV)): History_command+=sys.argv[i]+" "#s="/omaudit_pull/?history_id="+history_id+"&history_ip="+sysip+"&history_user="+sysuser+"&history_command="+Urllib.quote (History_command.strip ()) s="/omaudit_pull/?history_id="+history_id+"&history_ip="+sysip+"&history_user="+sysuser+ "&history_datetime="+history_date+urllib.quote (" ") +history_time+"&history_command="+Urllib.quote (History_command.strip ()) pull_history (s)

config.py:

#-*-coding:utf-8-*-#!/user/bin/env pythonnet_driver = "eth0" omserver_address = "omaudit.quark.com" connect_timeout = 3

　　

Installation script: omaudit_agent_install.sh

#!/bin/bash#-*-coding:utf-8-*-Yum-y install unzip Zipmkdir-p/opt/platform/omaudit/Touch/opt/platform/omaudit/Omsys.logunzip Omaudit_agent.zip-d/opt/platform/Omauditchmod777-r/opt/platform/omaudit/Cat>>/etc/profile <<Eofexport Histfile=\ $HOME/. Bash_historyexport histsize= +Export Histfilesize= +Export Histcontrol=Ignoredupsexport Histtimeformat="\ ' whoami\ '%F%T"Export Prompt_command="history-a; history-c; history-r ;"'/opt/platform/omaudit/omaudit_agent.py \$ (history 1)'shopt-s Histappendtypeset-R Prompt_commandtypeset-R Histtimeformateofsleep3Source/etc/profile

Server:

Linux Security Audit function