一、背景
我们的主机被攻击者破解后,ssh登陆,我们不能及时知道。那么开发一个程序,提示所有成功ssh登陆到主机的情况,就十分必要。
二、分析
1、采用python2实现发邮件的程序。
2、Linux设置ssh登陆成功就触发py2的程序。
三、代码实现
centos7上:
1、采用python2实现发邮件的程序。
(1)创建程序存放目录
mkdir -p /usr/local/system_script/ssh_on_email/
(2)创建python2程序
cd /usr/local/system_script/ssh_on_email/
vim ssh_on_notes.py
如下代码中配置要改:
# -*-coding:utf-8-*-
import os
import smtplib
from email.MIMEText import MIMEText
from email.Header import Header
from email.mime.multipart import MIMEMultipart
import base64
import socket
# base64 2 str
def base642str(pwd_encode_str):
base64_decrypt = base64.b64decode(pwd_encode_str.encode('utf-8'))
# pwd_decode_str = str(base64_decrypt)
return base64_decrypt
# get self ip
def get_host_ip():
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(('8.8.8.8', 80))
ip = s.getsockname()[0]
except Exception, e:
ip = False
finally:
s.close()
return ip
# send email
def send_mail(prepare_list, to_list, info_list, port=465):
em_host = prepare_list[0]
em_user = prepare_list[1]
em_pass = prepare_list[2]
em_head = info_list[0]
em_content = info_list[1]
em_attach_list = info_list[2]
# 1.创建邮件。创建一个带附件的实例
msg = MIMEMultipart()
me = "andy-seeker" + "<" + em_user + ">"
msg['From'] = me
msg['To'] = ";".join(to_list)
msg['Subject'] = em_head
# no attachment
if len(em_attach_list) == 0:
em_content += str("There is no attachment.\n")
# exist attachment
else:
# 循环添加附件
for attach_path_name in em_attach_list:
# 判断附件路径是否有效,无效附件报错
assert os.path.isfile(attach_path_name), 'The path of txt file is not correct'
# 构造附件1,传送当前目录下的 test.txt 文件
attach_name = os.path.basename(attach_path_name)
att1 = MIMEText(open(attach_path_name, 'rb').read(), 'base64', 'utf-8')
att1["Content-Type"] = 'application/octet-stream'
# 中文附件(英文也适用)
att1.add_header("Content-Disposition", "attachment", filename=("utf-8", "", attach_name))
# 添加一个附件
msg.attach(att1)
# 添加邮件正文内容
# msg.attach(MIMEText(em_content, 'html', 'gb2312')) # 邮件正文html格式
msg.attach(MIMEText(em_content, 'plain', 'gb2312')) # 邮件正文纯文本格式
# 打印正文内容
print(em_content)
try:
# 2.登录账号(加密传输)
# sever = smtplib.SMTP(smtp_sever,25) # 明文传输端口号是25
sever = smtplib.SMTP_SSL(em_host, port) # 加密传输端口号是465
sever.login(em_user, em_pass)
# 3.发送邮件
sever.sendmail(me, to_list, msg.as_string())
sever.quit()
return True
except Exception as e:
print(str(e))
return False
if __name__ == '__main__':
# 1 构建参数
prepare_list = [None, None, None]
to_list = ["[email protected]"] # 你的收件箱
info_list = [None, None, None]
# 1.1 构建连接邮箱的参数
em_host = prepare_list[0] = "smtp.163.com"
em_user = prepare_list[1] = "[email protected]" # 你的发件箱
em_pass = prepare_list[2] = "" # 你的发件箱的密码。不是邮箱登陆密码,而是SMTP授权码。登陆你的邮箱,开启SMTP服务获取。
# get your host ip
ip_flag = get_host_ip()
sender_ip = ""
if ip_flag is False:
sender_ip = "xxx"
else:
sender_ip = ip_flag
# 1.2 构建邮件的信息
em_head = info_list[0] = "ssh notes from ip %s" % sender_ip
em_content = "Hi andy,\n"
em_content += " someone has successfully logged in to your host(%s) through SSH.\n " % sender_ip
em_content += " If it is not your operation, please change the password in time.\n"
info_list[1] = em_content
em_attach = info_list[2] = []
# 2 发送邮件
flag = send_mail(prepare_list, to_list, info_list)
if flag:
print("send_mail run successed")
else:
print("send_mail run failed")
2、Linux设置ssh登陆成功就触发py2的程序。
参考:https://www.cnblogs.com/stonehe/p/10915279.html
(1)打开centos的相关配置文件
vim /etc/pam.d/sshd
(2)最后一样配置
session optional pam_exec.so debug /usr/bin/python2 /usr/local/system_script/ssh_on_email/ssh_on_notes.py
形如:
........ ........ ........ # Used with polkit to reauthorize users in remote sessions -session optional pam_reauthorize.so prepare session optional pam_exec.so debug /usr/bin/python2 /usr/local/system_script/ssh_on_email/ssh_on_notes.py
3、退出测试
如果不行,就单独运行
/usr/bin/python2 /usr/local/system_script/ssh_on_email/ssh_on_notes.py
这是启动邮件发送的,如果邮件发送都不成功,就是配置有问题。
其他:
目前有一个小bug:退出时也会发送一封邮件。留到以后解决。