溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
本篇內容主要講解“如何實現腳本SSH登錄郵件報警”,感興趣的朋友不妨來看看。本文介紹的方法操作簡單快捷,實用性強。下面就讓小編來帶大家學習“如何實現腳本SSH登錄郵件報警”吧!
登錄保護是一個非常重要的環節,下面通過圖文并茂的方式給大家詳細講解下:
前兩天@cyy 給我發了一個圖
然后我就想到USHQ的ssh登錄app通知功能,然后就像如果把這個部署到自用的服務器就好了。至少多一層安全系數。
首先要感謝@Legion 幫忙搞定了幾個錯誤以及搞定了Geo2IP的JSON轉換。 (P.S.此人為自動化運維大神級人物,現任職于德國一數據統計企業。)
當然,我和他相比我就是戰五渣了...大家一定要多向 @Legion 學習啊~~
說下需要做的準備:
sendmail或者Postfix
php
bash
CentOS/Debian/Ubuntu
若你的生產環境中沒有php sendmail Postfix等組件,請移步:
@Legion: Linux之使用shell腳本實現ssh登錄報警
參考文件
首先是報警腳本文件
Shell
#!/bin/sh ######################################################################### # File Name: Login-alert.sh # Author: Jason # Email: master#deamwork.com # Created Time: Tue Jul 21 2015 21:23:16 PM CST ######################################################################### #require jq #wget http://stedolan.github.io/jq/download/linux64/jq -O /usr/local/bin/jq #chmod +x /usr/local/bin/jq #if error, please # following one #PATH=/usr/local/nginx/sbin:/usr/local/php/bin:/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin #Geo2IP by Legion(http://www.dwhd.org/) eval `curl -s "http://ip.taobao.com/service/getIpInfo.php?ip=${SSH_CLIENT%% *}" | jq . | awk -F':|[ ]+|"' '{if($3~/^(country|area|region|city|isp)$/){print $3"="$7}}'` #html mail content cat >> mail-no-base64.html <<EOF #請自行準備郵件模板,以下為可能用到的變量 #輸出主機名 `hostname` #輸出登錄端口 ${SSH_CLIENT##* } #輸出登錄來源IP ${SSH_CLIENT%% *} #輸出IP地址歸屬地 {country}_${area}_${region}_${city}_${isp} #輸出登錄時間 `date` EOF #Base64 Encoding base64 mail-no-base64.html > mail-base64.html #使用Sendmail #sendmail -t >/dev/null 2>&1 <<EOF #to:example@example.com #from:Example<example@example.com> #subject:[`hostname`]服務器登錄告警 #`cat mail-no-base64.html` #EOF #使用postfix #cat >> mail.php <<EOF #<?php #\$to = "example@example.com"; #\$subject = "[`hostname`]服務器登錄告警"; #\$message = "`cat mail-base64.html`"; #\$headers = "MIME-Version: 1.0" . "\r\n"; #\$headers .= "Content-Type: text/html; charset=\"utf-8\"" . "\r\n"; #\$headers .= "Content-Transfer-Encoding: base64" . "\r\n"; #\$headers .= 'From: Example<example@example.com>' . "\r\n"; #\$send = mail(\$to,\$subject,\$message,\$headers); #if(\$send){echo 'Mail Send Successful.';}else{echo 'Failed.';} #?> #EOF #使用 SMTP (require smtp-class.php) cat >> mail.php <<EOF <?php require("smtp-class.php"); \$smtpserver = "smtp.example.com"; \$smtpserverport = 25; \$smtpusermail = "example@example.com"; \$smtpemailto = "example@example.com"; \$smtpuser = "example"; \$smtppass = "password"; \$mailsubject = "[`hostname`]服務器登錄告警"; \$mailbody = "`cat mail-base64.html`"; \$mailtype = "HTML"; \$smtp = new smtp(\$smtpserver,\$smtpserverport,true,\$smtpuser,\$smtppass); \$smtp->debug = TRUE; \$smtp->sendmail(\$smtpemailto, \$smtpusermail, \$mailsubject, \$mailbody, \$mailtype); ?> EOF php mail.php yes y | rm mail-no-base64.html mail-base64.html mail.php
然后是如何觸發這個腳本:
Shell
代碼如下:
echo "screen -fa -d -m -S WL /etc/Login-alert.sh" >> /etc/profile
用這種方法, 新開終端或者復制終端都會觸發報警
如果使用smtp方式,請保存以下文件為smtp-class.php
PHP
<?php
class smtp
{
/* Public Variables */
var $smtp_port;
var $time_out;
var $host_name;
var $log_file;
var $relay_host;
var $debug;
var $auth;
var $user;
var $pass;
/* Private Variables */
var $sock;
/* Constractor */
function smtp($relay_host = "", $smtp_port = 25,$auth = false,$user,$pass)
{
$this->debug = FALSE;
$this->smtp_port = $smtp_port;
$this->relay_host = $relay_host;
$this->time_out = 30; //is used in fsockopen()
$this->auth = $auth;//auth
$this->user = $user;
$this->pass = $pass;
$this->host_name = "localhost"; //is used in HELO command
$this->log_file = "";
$this->sock = FALSE;
}
/* Main Function */
function sendmail($to, $from, $subject = "", $body = "", $mailtype, $cc = "", $bcc = "", $additional_headers = "")
{
$mail_from = $this->get_address($this->strip_comment($from));
$body = ereg_replace("(^|(\r\n))(\.)", "\1.\3", $body);
$header .= "MIME-Version:1.0\r\n";
if($mailtype=="HTML")
{
$header .= "Content-Type: text/html; charset=\"utf-8\"" . "\r\n";
$header .= "Content-Transfer-Encoding: base64" . "\r\n";
}
$header .= "To: ".$to."\r\n";
if ($cc != "")
{
$header .= "Cc: ".$cc."\r\n";
}
$header .= "From: $from<".$from.">\r\n";
$header .= "Subject: ".$subject."\r\n";
$header .= $additional_headers;
$header .= "Date: ".date("r")."\r\n";
$header .= "X-Mailer:By TianhaiTech (PHP/".phpversion().")\r\n";
list($msec, $sec) = explode(" ", microtime());
$header .= "Message-ID: <".date("YmdHis", $sec).".".($msec*1000000).".".$mail_from.">\r\n";
$TO = explode(",", $this->strip_comment($to));
if ($cc != "")
{
$TO = array_merge($TO, explode(",", $this->strip_comment($cc)));
}
if ($bcc != "")
{
$TO = array_merge($TO, explode(",", $this->strip_comment($bcc)));
}
$sent = TRUE;
foreach ($TO as $rcpt_to)
{
$rcpt_to = $this->get_address($rcpt_to);
if (!$this->smtp_sockopen($rcpt_to))
{
$this->log_write("Error: Cannot send email to ".$rcpt_to."\n");
$sent = FALSE;
continue;
}
if ($this->smtp_send($this->host_name, $mail_from, $rcpt_to, $header, $body))
{
$this->log_write("E-mail has been sent to <".$rcpt_to.">\n");
}
else
{
$this->log_write("Error: Cannot send email to <".$rcpt_to.">\n");
$sent = FALSE;
}
fclose($this->sock);
$this->log_write("Disconnected from remote host\n");
}
return $sent;
}
/* Private Functions */
function smtp_send($helo, $from, $to, $header, $body = "")
{
if (!$this->smtp_putcmd("HELO", $helo))
{
return $this->smtp_error("sending HELO command");
}
#auth
if($this->auth)
{
if (!$this->smtp_putcmd("AUTH LOGIN", base64_encode($this->user)))
{
return $this->smtp_error("sending HELO command");
}
if (!$this->smtp_putcmd("", base64_encode($this->pass)))
{
return $this->smtp_error("sending HELO command");
}
}
if (!$this->smtp_putcmd("MAIL", "FROM:<".$from.">"))
{
return $this->smtp_error("sending MAIL FROM command");
}
if (!$this->smtp_putcmd("RCPT", "TO:<".$to.">"))
{
return $this->smtp_error("sending RCPT TO command");
}
if (!$this->smtp_putcmd("DATA"))
{
return $this->smtp_error("sending DATA command");
}
if (!$this->smtp_message($header, $body))
{
return $this->smtp_error("sending message");
}
if (!$this->smtp_eom())
{
return $this->smtp_error("sending <CR><LF>.<CR><LF> [EOM]");
}
if (!$this->smtp_putcmd("QUIT"))
{
return $this->smtp_error("sending QUIT command");
}
return TRUE;
}
function smtp_sockopen($address)
{
if ($this->relay_host == "")
{
return $this->smtp_sockopen_mx($address);
}
else
{
return $this->smtp_sockopen_relay();
}
}
function smtp_sockopen_relay()
{
$this->log_write("Trying to ".$this->relay_host.":".$this->smtp_port."\n");
$this->sock = @fsockopen($this->relay_host, $this->smtp_port, $errno, $errstr, $this->time_out);
if (!($this->sock && $this->smtp_ok()))
{
$this->log_write("Error: Cannot connenct to relay host ".$this->relay_host."\n");
$this->log_write("Error: ".$errstr." (".$errno.")\n");
return FALSE;
}
$this->log_write("Connected to relay host ".$this->relay_host."\n");
return TRUE;;
}
function smtp_sockopen_mx($address)
{
$domain = ereg_replace("^.+@([^@]+)$", "\1", $address);
if (!@getmxrr($domain, $MXHOSTS))
{
$this->log_write("Error: Cannot resolve MX \"".$domain."\"\n");
return FALSE;
}
foreach ($MXHOSTS as $host)
{
$this->log_write("Trying to ".$host.":".$this->smtp_port."\n");
$this->sock = @fsockopen($host, $this->smtp_port, $errno, $errstr, $this->time_out);
if (!($this->sock && $this->smtp_ok()))
{
$this->log_write("Warning: Cannot connect to mx host ".$host."\n");
$this->log_write("Error: ".$errstr." (".$errno.")\n");
continue;
}
$this->log_write("Connected to mx host ".$host."\n");
return TRUE;
}
$this->log_write("Error: Cannot connect to any mx hosts (".implode(", ", $MXHOSTS).")\n");
return FALSE;
}
function smtp_message($header, $body)
{
fputs($this->sock, $header."\r\n".$body);
$this->smtp_debug("> ".str_replace("\r\n", "\n"."> ", $header."\n> ".$body."\n> "));
return TRUE;
}
function smtp_eom()
{
fputs($this->sock, "\r\n.\r\n");
$this->smtp_debug(". [EOM]\n");
return $this->smtp_ok();
}
function smtp_ok()
{
$response = str_replace("\r\n", "", fgets($this->sock, 512));
$this->smtp_debug($response."\n");
if (!ereg("^[23]", $response))
{
fputs($this->sock, "QUIT\r\n");
fgets($this->sock, 512);
$this->log_write("Error: Remote host returned \"".$response."\"\n");
return FALSE;
}
return TRUE;
}
function smtp_putcmd($cmd, $arg = "")
{
if ($arg != "")
{
if($cmd=="")
{
$cmd = $arg;
}
else
{
$cmd = $cmd." ".$arg;
}
}
fputs($this->sock, $cmd."\r\n");
$this->smtp_debug("> ".$cmd."\n");
return $this->smtp_ok();
}
function smtp_error($string)
{
$this->log_write("Error: Error occurred while ".$string.".\n");
return FALSE;
}
function log_write($message)
{
$this->smtp_debug($message);
if ($this->log_file == "")
{
return TRUE;
}
$message = date("M d H:i:s ").get_current_user()."[".getmypid()."]: ".$message;
if (!@file_exists($this->log_file) || !($fp = @fopen($this->log_file, "a")))
{
$this->smtp_debug("Warning: Cannot open log file \"".$this->log_file."\"\n");
return FALSE;;
}
flock($fp, LOCK_EX);
fputs($fp, $message);
fclose($fp);
return TRUE;
}
function strip_comment($address)
{
$comment = "\([^()]*\)";
while (ereg($comment, $address))
{
$address = ereg_replace($comment, "", $address);
}
return $address;
}
function get_address($address)
{
$address = ereg_replace("([ \t\r\n])+", "", $address);
$address = ereg_replace("^.*<(.+)>.*$", "\1", $address);
return $address;
}
function smtp_debug($message)
{
if ($this->debug)
{
echo $message;
}
}
}?>
實現效果:
到此,相信大家對“如何實現腳本SSH登錄郵件報警”有了更深的了解,不妨來實際操作一番吧!這里是億速云網站,更多相關內容可以進入相關頻道進行查詢,關注我們,繼續學習!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
