Skip to content
Permalink
Browse files

6.9.25

  • Loading branch information
showpy committed Jul 3, 2019
1 parent af1cbc5 commit b347dc4e56eefeccd10d56af6491ef24ab244ba6
Showing with 154 additions and 57 deletions.
  1. +11 −7 class/abnormal.py
  2. +100 −14 class/monitor.py
  3. +14 −36 class/san_baseline.py
  4. +29 −0 install/public.sh
@@ -23,14 +23,17 @@ def __init__(self):
if not self.__ajax:
self.__ajax=ajax.ajax()

#Mysql 服务是否启动
def mysql_server(self,get):
get.sName='mysql'
mysql=self.__plugin.get_soft_find(get)
if mysql['status']:
return True
# Mysql 服务是否启动
def mysql_server(self, get):
if os.path.exists('/www/server/mysql'):
get.sName = 'mysql'
mysql = self.__plugin.get_soft_find(get)
if mysql['status']:
return True
else:
return False
else:
return False
return True


# 取占用最大cpu的进程
@@ -103,6 +106,7 @@ def php_conn_max(self,get):
php={}
php['version']=i
php['children']=tmp['max children reached']
php['start_time'] = tmp['start time']
ret.append(php)
except:
php={}
@@ -26,6 +26,13 @@ def _get_file_json(self, filename):
except: pass
return data

def __get_file_json(self, filename):
try:
if not os.path.exists(filename): return {}
return json.loads(public.readFile(filename))
except:
return {}

def _get_site_list(self):
sites = public.M('sites').where('status=?', (1,)).field('name').get()
return sites
@@ -78,24 +85,38 @@ def _statuscode_distribute(self, args):
for fname in os.listdir(path):
status_code = fname.split('.')[0]
log_path = os.path.join(path, fname)
log_body = self._get_file_json(log_path)
for item in log_body:
if self._is_today(item[0]):
if status_code == '401':
count_401 += 1
elif status_code == '500':
count_500 += 1
elif status_code == '502':
count_502 += 1
elif status_code == '503':
count_503 += 1
num = 100
log_body = public.GetNumLines(log_path, num).split('\n')
while True:
if not self._is_today(json.loads(log_body[0])[0]):
break
else:
num += 100
log_body = public.GetNumLines(log_path, num).split('\n')
for line in log_body:
try:
item = json.loads(line)
if self._is_today(item[0]):
if status_code == '401':
count_401 += 1
elif status_code == '500':
count_500 += 1
elif status_code == '502':
count_502 += 1
elif status_code == '503':
count_503 += 1
except: continue
return {'401': count_401, '500': count_500, '502': count_502, '503': count_503}

def _get_slow_log_nums(self, args):
import database
# 从配置文件中匹配到慢日志存放路径
if not os.path.exists('/etc/my.cnf'):
return 0

my_obj = database.database()
filename = my_obj.GetMySQLInfo(args)['datadir'] + '/mysql-slow.log'
ret = re.findall(r'datadir\s*=\s*(.+)', public.ReadFile('/etc/my.cnf'))
if not ret:
return 0
filename = ret[0] + '/mysql-slow.log'

if not os.path.exists(filename):
return 0
@@ -254,3 +275,68 @@ def get_attack_nums(self, args):
return int(file_body['total'])
except:
return 0

# 获取蜘蛛数量分布
def get_spider(self, args):
today = time.strftime('%Y-%m-%d', time.localtime())

sites = self._get_site_list()

data = {}
for site in sites:
site_name = site['name']
file_name = '/www/server/total/total/' + site_name + '/spider/' + today + '.json'
if not os.path.exists(file_name): continue

day_data = self.__get_file_json(file_name)

for s_data in day_data.values():
for s_key in s_data.keys():
if s_key not in data:
data[s_key] = s_data[s_key]
else:
data[s_key] += s_data[s_key]

return data

# 取指定站点的请求数
def _get_site_request_count(self, site_name):
today = time.strftime('%Y-%m-%d', time.localtime())
path = '/www/server/total/total/' + site_name + '/request/' + today + '.json'
day_request = 0
if os.path.exists(path):
spdata = self.__get_file_json(path)
for c in spdata.values():
for d in c:
if re.match(r"^\d+$", d): day_request += c[d]
return day_request

# 取服务器的请求数
def _get_request_count(self):
request_count = 0
sites = self._get_site_list()
for site in sites:
site_name = site['name']
request_count += self._get_site_request_count(site_name)
return request_count

# 计算qps
def get_request_count_qps(self, args):
from BTPanel import cache

cache_timeout = 86400

old_total_request = cache.get('old_total_request')
otime = cache.get("old_get_time")
if not old_total_request or not otime:
otime = time.time()
old_total_request = self._get_request_count()
time.sleep(1)
ntime = time.time()
new_total_request = self._get_request_count()

qps = int(round(float(new_total_request - old_total_request) / (ntime - otime)))

cache.set('old_total_request', new_total_request, cache_timeout)
cache.set('old_get_time', ntime, cache_timeout)
return {'qps': qps, 'request_count': new_total_request}
@@ -105,7 +105,7 @@ def ssh_security(self):
# 端口非默认
ssh_port_default = {
"type": "file",
"name": "SSH端口未默认",
"name": "SSH使用默认端口22",
"harm": "高",
"file": "/etc/ssh/sshd_config",
"Suggestions": "加固建议 在/etc/ssh/sshd_config 将Port 设置为6000到65535随意一个, 例如",
@@ -323,7 +323,7 @@ def panel_security(self):
ret1 = {
"harm": "高",
"type": "file",
"name": "面板关键性文件权限错误",
"name": "面板关键性文件权限错误%s" % i['file'],
"Suggestions": "加固建议 : %s 权限改为%s 所属用户为%s" % (i['file'], i['chmod'], i['user']),
"repair": "加固建议 : %s 权限改为%s 所属用户为%s" % (i['file'], i['chmod'], i['user']),
}
@@ -626,11 +626,11 @@ def user_security(self):
if not self.check_san_baseline(set_pass_time_out):
result.append(set_pass_time_out)

# 确保root 是唯一的UID为0 的账户
# 存在非root 的管理员用户(危险)
get_root_0 = {
"type": "shell",
"harm": "紧急",
"name": "确保root 是唯一的UID为0 的账户",
"name": "存在非root 的管理员用户(危险)",
"ps": "除root以为的其他的UID为0的用户的应该删除。或者为其分配新的UID",
"cmd": '''cat /etc/passwd | awk -F: '($3 == 0) { print $1 }'|grep -v '^root$' ''',
"find": {"re": "\w+"}
@@ -818,7 +818,7 @@ def system_dir_security(self):
ret1 = {
"harm": "高",
"type": "file",
"name": "系统关键性文件权限错误",
"name": "系统关键性文件权限错误%s" % i['file'],
"Suggestions": "加固建议 : %s 权限改为%s 所属用户为%s" % (i['file'], i['chmod'], i['user']),
"repair": "加固建议 : %s 权限改为%s 所属用户为%s" % (i['file'], i['chmod'], i['user']),
}
@@ -882,13 +882,13 @@ def site_security(self):
if not os.path.exists(path):
site = {}
site['user_ini'] = False
site['name'] = i['name']
site['name'] = '%s该站点未启用SSL' % i['name']

site['ssl'] = ssl
site['tls'] = tls
if not ssl:
site['harm'] = "低",
site['ps'] = '%s该站点未启动SSL' % i['name']
site['ps'] = '%s该站点未启用SSL' % i['name']
else:
if tls:
site['harm'] = "中",
@@ -897,12 +897,12 @@ def site_security(self):
else:
site = {}
site['user_ini'] = True
site['name'] = i['name']
site['name'] = '%s该站点未启用SSL' % i['name']
site['ssl'] = ssl
site['tls'] = tls
if not ssl:
site['harm'] = "低",
site['ps'] = '%s该站点未启动SSL' % i['name']
site['ps'] = '%s该站点未启用SSL' % i['name']
else:
if tls:
site['harm'] = "中",
@@ -1209,31 +1209,20 @@ def get_ssh_errorlogin(self, get):
while l:
if l.find('Failed password for root') != -1:
if len(data['intrusion']) > limit: del (data['intrusion'][0]);
data['intrusion'].append(l);
#data['intrusion'].append(l);
data['intrusion_total'] += 1;
elif l.find('Accepted') != -1:
if len(data['success']) > limit: del (data['success'][0]);
data['success'].append(l);
data['success_total'] += 1;
elif l.find('refused') != -1:
if len(data['defense']) > limit: del (data['defense'][0]);
data['defense'].append(l);
data['defense_total'] += 1;
# elif l.find('refused') != -1:
# if len(data['defense']) > limit: del (data['defense'][0]);
# data['defense'].append(l);
# data['defense_total'] += 1;
l = fp.readline();

months = {'Jan': '01', 'Feb': '02', 'Mar': '03', 'Apr': '04', 'May': '05', 'Jun': '06', 'Jul': '07', 'Aug': '08', 'Sep': '09', 'Oct': '10', 'Nov': '11', 'Dec': '12'}

intrusion = [];
for g in data['intrusion']:
tmp = {}
tmp1 = g.split();
tmp['date'] = months[tmp1[0]] + '/' + tmp1[1] + ' ' + tmp1[2];
tmp['user'] = tmp1[8];
tmp['address'] = tmp1[10];
intrusion.append(tmp);

data['intrusion'] = intrusion;

success = [];
for g in data['success']:
tmp = {}
@@ -1244,17 +1233,6 @@ def get_ssh_errorlogin(self, get):
success.append(tmp);
data['success'] = success;

defense = []
for g in data['defense']:
tmp = {}
tmp1 = g.split();
tmp['date'] = months[tmp1[0]] + '/' + tmp1[1] + ' ' + tmp1[2];
tmp['user'] = '-';
tmp['address'] = tmp1[8];
defense.append(tmp);
data['defense'] = defense;
import firewalls;
data['ssh'] = firewalls.firewalls().GetSshInfo(get);
return data;


@@ -70,6 +70,34 @@ GetPackManager(){
PM="apt-get"
fi
}

bt_check(){
p_path=/www/server/panel/class/panelPlugin.py
if [ -f $p_path ];then
is_ext=$(cat $p_path|grep btwaf)
if [ "$is_ext" != "" ];then
send_check
fi
fi

p_path=/www/server/panel/BTPanel/templates/default/index.html
if [ -f $p_path ];then
is_ext=$(cat $p_path|grep fbi)
if [ "$is_ext" != "" ];then
send_check
fi
fi
}

send_check(){
p_path2=/www/server/panel/class/common.py
p_version=$(cat $p_path2|grep "version = "|awk '{print $3}'|tr -cd [0-9.])
curl -sS --connect-timeout 3 -m 60 http://www.bt.cn/api/panel/notpro?version=$p_version
NODE_URL=""
echo "您可能是盗版软件受害者,除在宝塔官网购买的以外均为盗版!";
exit 0;
}

cpuInfo=$(getconf _NPROCESSORS_ONLN)
if [ "${cpuInfo}" -ge "4" ];then
GetCpuStat
@@ -80,4 +108,5 @@ GetPackManager
if [ ! $NODE_URL ];then
echo '正在选择下载节点...';
get_node_url
bt_check
fi

0 comments on commit b347dc4

Please sign in to comment.
You can’t perform that action at this time.