審計系統---堡壘機項目之監測進程腳本

CityHunter/backend/session_trackor.sh

#!/bin/bash

md5_str=$1
for i in $(seq 1 30);do
   ssh_pid=`ps -ef |grep $md5_str |grep -v grep |grep -v session_tracker.sh|grep -v sshpass |awk '{print $2}'|sed -n '1p'`
   echo "ssh session pid:$ssh_pid"
   if [ "$ssh_pid" = "" ];then
      sleep 1
      continue
   else
        today=`date  "+%Y_%m_%d"`
        today_audit_dir="logs/audit/$today"
        echo "today_audit_dir: $today_audit_dir"
        if [ -d $today_audit_dir ]
        then
            echo " ----start tracking log---- "
        else
            echo "dir not exist"
            echo " today dir: $today_audit_dir"
            sudo mkdir -p $today_audit_dir
        fi;
        echo "FTL600@HH" | sudo -S /usr/bin/strace -ttt -p $ssh_pid -o "$today_audit_dir/$md5_str.log"    # Ubuntu下直接執行sudo權限>不須要輸入密碼
      break
   fi;
done;

修改文件添加執行權限

chmod 755 session_trackor.sh
sudo chown cityhunter:cityhunter session_trackor.sh 

注： 腳本有執行權限才能執行，又由於咱們在cityhunter用戶的bashrc文件裏寫了執行user_enterpoint.py這個Py文件，該文件會調用 session_trackor.sh文件，因此須要咱們更改屬組

添加腳本到配置文件settings.py中

SESSION_TRACKER_SCRIPT = "%s/backend/session_trackor.sh" %BASE_DIR 
AUDIT_LOG_PATH = "%s/logs/audit" % BASE_DIR