#!/usr/bin/env python
#-*-Coding:utf-8-*-
‘‘‘
Create DATE:2018-10-17
Last update:
version:1.0
Description: Login Restrictions Required:
X.X network segment does not allow access to the extranet
Root user Login to access the extranet
In the case of root user, the user cannot prohibit access to the extranet, unless the root user does not access the network
Normal User login does not allow access to the extranet
Regular users can apply for a period of time to access the extranet
Usage method: The custom execution interval is put into the crontab, when the parameter is not given, it is not allowed to access the extranet unless the root user logs in.
Can pass 1 parameters, must be a number, can be a floating point, indicating that the average user can access the time of the external network, in units of hours.
Author:yefei
‘‘‘
Import Psutil
Import OS
Import Sys
Import datetime
#网关ip地址设定
gw_ip= "10.0.3.1"
#路由列表为list类型.
Routlist = []
#删除网关函数
Def delgateway ():
CMD = ' route del default GW%s '% (GW_IP)
Os.popen (CMD)
#添加网关函数
Def addgateway ():
CMD = ' route add default GW%s '% (GW_IP)
Os.popen (CMD)
#检查网关是否存在
Def gatewaycheck ():
Flag = False
For line in Routlist:
If gw_ip in line:
Flag = True
Return flag
#检查用户是否是root
Def usercheck ():
Flag = False
For User in userlist:
if User.Name = = "Root":
Print ("User is Root")
Flag = True
Return flag
#网关添加
def useronline (flag):
Print (flag)
If flag:
Print ("Detect gateway already exists, exit program")
Sys.exit ()
Else
Print ("Add Gateway")
Addgateway ()
#网关删除
def useroffline (flag):
If flag:
Print ("Detect gateway already exists, delete gateway")
Delgateway ()
Else
Print ("Detect gateway does not exist, exit program")
Sys.exit ()
#将普通用户访问外网的时间节点写入文件, remove the gateway when this event is reached
def filefortime (Scheme,*args):
If scheme = = "W":
With open ("/root/controltime", "W") as Recordtime:
now = Datetime.datetime.now ()
EndTime = Now + Datetime.timedelta (Hours=args[0])
Endstrtime = Endtime.strftime ('%y-%m-%d%h:%m:%s ')
Recordtime.write (Endstrtime)
If now < endTime:
Return True
Else
Return False
Elif Scheme = = "R":
With open ("/root/controltime", "R") as Recordtime:
Endstrtime = Recordtime.readline ()
Endstrtime = Endstrtime.strip ()
If Len (endstrtime) > 10:
EndTime = Datetime.datetime.strptime (Endstrtime, '%y-%m-%d%h:%m:%s ')
now = Datetime.datetime.now ()
If now < endTime:
Return True
Else
Return False
Else
Return False
if __name__ = = ' __main__ ':
Routlist = Os.popen ("Route-n")
UserList = Psutil.users ()
If Len (sys.argv) = = 2:
Hourslen = float (sys.argv[1])
Print (Hourslen)
If Filefortime (' W ', Hourslen):
Print ("User can surf the internet")
Useronline (Gatewaycheck ())
Else
Print ("User is not allowed to surf the internet")
Useroffline (Gatewaycheck ())
Else
If Len (userlist) > 0 and Usercheck ():
Useronline (Gatewaycheck ())
Elif os.path.exists ("/root/controltime"):
If Filefortime ("R"):
Useronline (Gatewaycheck ())
Else
Useroffline (Gatewaycheck ())
Else
Useroffline (Gatewaycheck ())
Server access Control--based on the front of the network structure of the firewall, the server is inside the firewall, internal use of intranet IP architecture
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
