一、背景
我们的主机被攻击者破解后,ssh登陆,我们不能及时知道。那么开发一个程序,提示所有成功ssh登陆到主机的情况,就十分必要。
二、分析
1、采用python2实现发邮件的程序。
2、Linux设置ssh登陆成功就触发py2的程序。
三、代码实现
centos7上:
1、采用python2实现发邮件的程序。
(1)创建程序存放目录
mkdir -p /usr/local/system_script/ssh_on_email/
(2)创建python2程序
cd /usr/local/system_script/ssh_on_email/
vim ssh_on_notes.py
如下代码中配置要改:
# -*-coding:utf-8-*- import os import smtplib from email.MIMEText import MIMEText from email.Header import Header from email.mime.multipart import MIMEMultipart import base64 import socket # base64 2 str def base642str(pwd_encode_str): base64_decrypt = base64.b64decode(pwd_encode_str.encode('utf-8')) # pwd_decode_str = str(base64_decrypt) return base64_decrypt # get self ip def get_host_ip(): try: s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.connect(('8.8.8.8', 80)) ip = s.getsockname()[0] except Exception, e: ip = False finally: s.close() return ip # send email def send_mail(prepare_list, to_list, info_list, port=465): em_host = prepare_list[0] em_user = prepare_list[1] em_pass = prepare_list[2] em_head = info_list[0] em_content = info_list[1] em_attach_list = info_list[2] # 1.创建邮件。创建一个带附件的实例 msg = MIMEMultipart() me = "andy-seeker" + "<" + em_user + ">" msg['From'] = me msg['To'] = ";".join(to_list) msg['Subject'] = em_head # no attachment if len(em_attach_list) == 0: em_content += str("There is no attachment.\n") # exist attachment else: # 循环添加附件 for attach_path_name in em_attach_list: # 判断附件路径是否有效,无效附件报错 assert os.path.isfile(attach_path_name), 'The path of txt file is not correct' # 构造附件1,传送当前目录下的 test.txt 文件 attach_name = os.path.basename(attach_path_name) att1 = MIMEText(open(attach_path_name, 'rb').read(), 'base64', 'utf-8') att1["Content-Type"] = 'application/octet-stream' # 中文附件(英文也适用) att1.add_header("Content-Disposition", "attachment", filename=("utf-8", "", attach_name)) # 添加一个附件 msg.attach(att1) # 添加邮件正文内容 # msg.attach(MIMEText(em_content, 'html', 'gb2312')) # 邮件正文html格式 msg.attach(MIMEText(em_content, 'plain', 'gb2312')) # 邮件正文纯文本格式 # 打印正文内容 print(em_content) try: # 2.登录账号(加密传输) # sever = smtplib.SMTP(smtp_sever,25) # 明文传输端口号是25 sever = smtplib.SMTP_SSL(em_host, port) # 加密传输端口号是465 sever.login(em_user, em_pass) # 3.发送邮件 sever.sendmail(me, to_list, msg.as_string()) sever.quit() return True except Exception as e: print(str(e)) return False if __name__ == '__main__': # 1 构建参数 prepare_list = [None, None, None] to_list = ["[email protected]"] # 你的收件箱 info_list = [None, None, None] # 1.1 构建连接邮箱的参数 em_host = prepare_list[0] = "smtp.163.com" em_user = prepare_list[1] = "[email protected]" # 你的发件箱 em_pass = prepare_list[2] = "" # 你的发件箱的密码。不是邮箱登陆密码,而是SMTP授权码。登陆你的邮箱,开启SMTP服务获取。 # get your host ip ip_flag = get_host_ip() sender_ip = "" if ip_flag is False: sender_ip = "xxx" else: sender_ip = ip_flag # 1.2 构建邮件的信息 em_head = info_list[0] = "ssh notes from ip %s" % sender_ip em_content = "Hi andy,\n" em_content += " someone has successfully logged in to your host(%s) through SSH.\n " % sender_ip em_content += " If it is not your operation, please change the password in time.\n" info_list[1] = em_content em_attach = info_list[2] = [] # 2 发送邮件 flag = send_mail(prepare_list, to_list, info_list) if flag: print("send_mail run successed") else: print("send_mail run failed")
2、Linux设置ssh登陆成功就触发py2的程序。
参考:https://www.cnblogs.com/stonehe/p/10915279.html
(1)打开centos的相关配置文件
vim /etc/pam.d/sshd
(2)最后一样配置
session optional pam_exec.so debug /usr/bin/python2 /usr/local/system_script/ssh_on_email/ssh_on_notes.py
形如:
........ ........ ........ # Used with polkit to reauthorize users in remote sessions -session optional pam_reauthorize.so prepare session optional pam_exec.so debug /usr/bin/python2 /usr/local/system_script/ssh_on_email/ssh_on_notes.py
3、退出测试
如果不行,就单独运行
/usr/bin/python2 /usr/local/system_script/ssh_on_email/ssh_on_notes.py
这是启动邮件发送的,如果邮件发送都不成功,就是配置有问题。
其他:
目前有一个小bug:退出时也会发送一封邮件。留到以后解决。