【更多參考】 https://github.com/317828332/CrazyEye html
缺點: 界面醜陋, python
只能追蹤命令,命令的解析還不是很完善,不能明瞭的展現 git
對於文件的上傳[rz],下載[sz]的內容沒法跟蹤[能夠限制cityhunter用戶不能使用這2個命令]。 vim裏面的文件能夠跟蹤,可是跟蹤並不完善[或者上傳的文件上傳到堡壘機,而後堡壘上傳到指點服務器,此時堡壘機也會有留檔,方便後期排查]。 github
對於跟蹤的用戶,目前只能特定是omc,後面能夠更改Py代碼進行修改,判斷登陸的用戶後傳遞用戶過去,而後根據用戶登陸, sql
暫未完成批量的處理 數據庫
優勢:free django
settings.pyvim
INSTALLED_APPS = [ ... 'app01', # 註冊app ] MIDDLEWARE = [ ... # 'django.middleware.csrf.CsrfViewMiddleware', ... ] ALLOWED_HOSTS = ["*"] # Linux下啓動用0.0.0.0 添加訪問的host便可在Win7下訪問 STATICFILES_DIRS = (os.path.join(BASE_DIR, "statics"),) # 現添加的配置,這裏是元組,注意逗號 TEMPLATES = [ ... 'DIRS': [os.path.join(BASE_DIR, 'templates')], ] # 自定義帳戶生效 AUTH_USER_MODEL = "app01.UserProfile" # app名.表名 # 監測腳本 SESSION_TRACKER_SCRIPT = "%s/backend/session_trackor.sh" %BASE_DIR AUDIT_LOG_PATH = "%s/logs/audit" % BASE_DIR
admin.py服務器
from django.contrib import admin from django import forms from django.contrib.auth.models import Group from django.contrib.auth.admin import UserAdmin as BaseUserAdmin from django.contrib.auth.forms import ReadOnlyPasswordHashField from app01 import models class UserCreationForm(forms.ModelForm): """A form for creating new users. Includes all the required fields, plus a repeated password.""" password1 = forms.CharField(label='Password', widget=forms.PasswordInput) password2 = forms.CharField(label='Password confirmation', widget=forms.PasswordInput) class Meta: model = models.UserProfile fields = ('email', 'name') def clean_password2(self): # Check that the two password entries match password1 = self.cleaned_data.get("password1") password2 = self.cleaned_data.get("password2") if password1 and password2 and password1 != password2: raise forms.ValidationError("Passwords don't match") return password2 def save(self, commit=True): # Save the provided password in hashed format user = super(UserCreationForm, self).save(commit=False) user.set_password(self.cleaned_data["password1"]) if commit: user.save() return user class UserChangeForm(forms.ModelForm): """A form for updating users. Includes all the fields on the user, but replaces the password field with admin's password hash display field. """ password = ReadOnlyPasswordHashField() class Meta: model = models.UserProfile fields = ('email', 'password', 'name', 'is_active', 'is_superuser') def clean_password(self): # Regardless of what the user provides, return the initial value. # This is done here, rather than on the field, because the # field does not have access to the initial value return self.initial["password"] class UserProfileAdmin(BaseUserAdmin): # The forms to add and change user instances form = UserChangeForm add_form = UserCreationForm # The fields to be used in displaying the User model. # These override the definitions on the base UserAdmin # that reference specific fields on auth.User. list_display = ('email', 'name', "is_active", 'is_superuser') list_filter = ('is_superuser',) # 不添加會報錯,由於BaseAdmin裏面有一個list_filter字段,不覆蓋會報錯 fieldsets = ( (None, {'fields': ('email', 'password')}), ('Personal', {'fields': ('name',)}), ('Permissions', {'fields': ('is_superuser',"is_active","bind_hosts","host_groups","user_permissions","groups")}), ) # add_fieldsets is not a standard ModelAdmin attribute. UserAdmin # overrides get_fieldsets to use this attribute when creating a user. add_fieldsets = ( (None, { 'classes': ('wide',), 'fields': ('email', 'name', 'password1', 'password2')} ), ) search_fields = ('email',) ordering = ('email',) filter_horizontal = ("bind_hosts","host_groups","user_permissions","groups") class HostUserAdmin(admin.ModelAdmin): list_display = ('username','auth_type','password') class SessionLogAdmin(admin.ModelAdmin): list_display = ('id','session_tag','user','bind_host','date') admin.site.register(models.UserProfile, UserProfileAdmin) admin.site.register(models.Host) admin.site.register(models.HostGroup) admin.site.register(models.HostUser,HostUserAdmin) admin.site.register(models.BindHost) admin.site.register(models.IDC) admin.site.register(models.SessionLog,SessionLogAdmin)
models.pysession
from django.db import models from django.contrib.auth.models import ( BaseUserManager, AbstractBaseUser,PermissionsMixin ) from django.utils.translation import ugettext_lazy as _ from django.utils.safestring import mark_safe # Create your models here. class Host(models.Model): """主機信息""" hostname = models.CharField(max_length=64) ip_addr = models.GenericIPAddressField(unique=True) port = models.PositiveIntegerField(default=22) idc = models.ForeignKey("IDC", on_delete=True) enabled = models.BooleanField(default=True) def __str__(self): return "%s(%s)"%(self.hostname,self.ip_addr) class IDC(models.Model): """機房信息""" name = models.CharField(max_length=64,unique=True) def __str__(self): return self.name class HostGroup(models.Model): """主機組""" name = models.CharField(max_length=64,unique=True) bind_hosts = models.ManyToManyField("BindHost",blank=True,) def __str__(self): return self.name class UserProfileManager(BaseUserManager): def create_user(self, email, name, password=None): """ Creates and saves a User with the given email, date of birth and password. """ if not email: raise ValueError('Users must have an email address') user = self.model( email=self.normalize_email(email), name=name, ) user.set_password(password) self.is_active = True user.save(using=self._db) return user def create_superuser(self,email, name, password): """ Creates and saves a superuser with the given email, date of birth and password. """ user = self.create_user( email, password=password, name=name, ) user.is_active = True user.is_superuser = True #user.is_admin = True user.save(using=self._db) return user class UserProfile(AbstractBaseUser,PermissionsMixin): """堡壘機帳號""" email = models.EmailField( verbose_name='email address', max_length=255, unique=True, null=True ) password = models.CharField(_('password'), max_length=128, help_text=mark_safe('''<a href='password/'>修改密碼</a>''')) name = models.CharField(max_length=32) is_active = models.BooleanField(default=True) #is_admin = models.BooleanField(default=False) bind_hosts = models.ManyToManyField("BindHost",blank=True) host_groups = models.ManyToManyField("HostGroup",blank=True) objects = UserProfileManager() USERNAME_FIELD = 'email' REQUIRED_FIELDS = ['name'] def get_full_name(self): # The user is identified by their email address return self.email def get_short_name(self): # The user is identified by their email address return self.email def __str__(self): # __unicode__ on Python 2 return self.email @property def is_staff(self): "Is the user a member of staff?" # Simplest possible answer: All admins are staff return self.is_active class HostUser(models.Model): """主機登陸帳戶""" auth_type_choices = ((0,'ssh-password'),(1,'ssh-key')) auth_type = models.SmallIntegerField(choices=auth_type_choices,default=0) username = models.CharField(max_length=64) password = models.CharField(max_length=128,blank=True,null=True) def __str__(self): return "%s:%s" %(self.username,self.password) class Meta: unique_together = ('auth_type','username','password') class BindHost(models.Model): """綁定主機和主機帳號""" host = models.ForeignKey("Host", on_delete=True) host_user = models.ForeignKey("HostUser", on_delete=True) def __str__(self): return "%s@%s"%(self.host,self.host_user) class Meta: unique_together = ('host', 'host_user') class SessionLog(models.Model): """存儲session日誌""" # 堡壘機用戶 主機信息 惟一標示 user = models.ForeignKey("UserProfile", on_delete=True) bind_host = models.ForeignKey("BindHost", on_delete=True) session_tag = models.CharField(max_length=128,unique=True) date = models.DateTimeField(auto_now_add=True) def __str__(self): return self.session_tag
更改db文件的權限,方便sessioni日誌的記錄
omc@omc-virtual-machine:~$ cd CityHunter/ omc@omc-virtual-machine:~$ chmod 777 db.sqlite3 【更改文件屬組爲cityhunber也能夠】
templates/index.html
無
頁面顯示;
初始化數據庫
python manage.py makemigrations python manage.py migrate
建立超級用戶
python manage.py createsuperuser
1. 自定義帳戶生效:
models.py
class UserProfile(AbstractBaseUser,PermissionsMixin):
settings.py
# 自定義帳戶生效
AUTH_USER_MODEL = "app01.UserProfile" # app名.表名
user.is_superuser = True # 在用戶管理界面更改is_superuser=true解決
2. Superuser用戶登錄後無操做權限
class UserProfileManager(BaseUserManager): user.is_active = True user.is_superuser = True
3.
問題現象:
問題解決: