AIOps 一场颠覆传统运维的盛筵
701
2022-10-17
脚本实现SSH登录邮件报警
登录保护是一个非常重要的环节,下面通过图文并茂的方式给大家详细讲解下:
前两天@cyy 给我发了一个图
然后我就想到USHQ的ssh登录app通知功能,然后就像如果把这个部署到自用的服务器就好了。至少多一层安全系数。
首先要感谢@Legion 帮忙搞定了几个错误以及搞定了Geo2IP的JSON转换。 (P.S.此人为自动化运维大神级人物,现任职于德国一数据统计企业。)
当然,我和他相比我就是战五渣了...大家一定要多向 @Legion 学习啊~~
说下需要做的准备:
sendmail或者PostfixphpbashCentOS/Debian/Ubuntu若你的生产环境中没有php sendmail Postfix等组件,请移步:
@Legion: Linux之使用shell脚本实现ssh登录报警
参考文件
首先是报警脚本文件
Shell
然后是如何触发这个脚本:
Shell
复制代码 代码如下:
echo "screen -fa -d -m -S WL /etc/Login-alert.sh" >> /etc/profile
用这种方法, 新开终端或者复制终端都会触发报警
如果使用smtp方式,请保存以下文件为smtp-class.php
PHP
debug = FALSE; $this->smtp_port = $smtp_port; $this->relay_host = $relay_host; $this->time_out = 30; //is used in fsockopen() $this->auth = $auth;//auth $this->user = $user; $this->pass = $pass; $this->host_name = "localhost"; //is used in HELO command $this->log_file = ""; $this->sock = FALSE;} /* Main Function */ function sendmail($to, $from, $subject = "", $body = "", $mailtype, $cc = "", $bcc = "", $additional_headers = "") { $mail_from = $this->get_address($this->strip_comment($from)); $body = ereg_replace("(^|(\r\n))(\.)", "\1.\3", $body); $header .= "MIME-Version:1.0\r\n"; if($mailtype=="HTML") { $header .= "Content-Type: text/html; charset=\"utf-8\"" . "\r\n"; $header .= "Content-Transfer-Encoding: base64" . "\r\n"; } $header .= "To: ".$to."\r\n"; if ($cc != "") { $header .= "Cc: ".$cc."\r\n"; } $header .= "From: $from<".$from.">\r\n"; $header .= "Subject: ".$subject."\r\n"; $header .= $additional_headers; $header .= "Date: ".date("r")."\r\n"; $header .= "X-Mailer:By TianhaiTech (PHP/".phpversion().")\r\n"; list($msec, $sec) = explode(" ", microtime()); $header .= "Message-ID: <".date("YmdHis", $sec).".".($msec*1000000).".".$mail_from.">\r\n"; $TO = explode(",", $this->strip_comment($to)); if ($cc != "") { $TO = array_merge($TO, explode(",", $this->strip_comment($cc))); } if ($bcc != "") { $TO = array_merge($TO, explode(",", $this->strip_comment($bcc))); } $sent = TRUE; foreach ($TO as $rcpt_to) { $rcpt_to = $this->get_address($rcpt_to); if (!$this->smtp_sockopen($rcpt_to)) { $this->log_write("Error: Cannot send email to ".$rcpt_to."\n"); $sent = FALSE; continue; } if ($this->smtp_send($this->host_name, $mail_from, $rcpt_to, $header, $body)) { $this->log_write("E-mail has been sent to <".$rcpt_to.">\n"); } else { $this->log_write("Error: Cannot send email to <".$rcpt_to.">\n"); $sent = FALSE; } fclose($this->sock); $this->log_write("Disconnected from remote host\n"); } return $sent; } /* Private Functions */ function smtp_send($helo, $from, $to, $header, $body = "") { if (!$this->smtp_putcmd("HELO", $helo)) { return $this->smtp_error("sending HELO command"); } #auth if($this->auth) { if (!$this->smtp_putcmd("AUTH LOGIN", base64_encode($this->user))) { return $this->smtp_error("sending HELO command"); } if (!$this->smtp_putcmd("", base64_encode($this->pass))) { return $this->smtp_error("sending HELO command"); } } if (!$this->smtp_putcmd("MAIL", "FROM:<".$from.">")) { return $this->smtp_error("sending MAIL FROM command"); } if (!$this->smtp_putcmd("RCPT", "TO:<".$to.">")) { return $this->smtp_error("sending RCPT TO command"); } if (!$this->smtp_putcmd("DATA")) { return $this->smtp_error("sending DATA command"); } if (!$this->smtp_message($header, $body)) { return $this->smtp_error("sending message"); } if (!$this->smtp_eom()) { return $this->smtp_error("sending
?>实现效果:
有需要的朋友可以参考下,希望大家能够喜欢。
发表评论
暂时没有评论,来抢沙发吧~