triaquae / crazyeye Goto Github PK

OpenSource IT Automation Software

Python 3.34% CSS 4.33% JavaScript 34.42% HTML 7.75% Batchfile 0.03% CoffeeScript 0.16% Shell 3.95% Makefile 0.75% KRL 0.06% C 40.36% C++ 0.17% M4 1.55% Perl 0.02% Awk 0.09% GLSL 0.01% BitBake 0.01% GAP 0.01% OpenEdge ABL 0.01% Roff 2.99%

crazyeye's Introduction

CrazyEye

OpenSource IT Automation Software

CrazyEye介绍

CrazyEye是基于Python开发的一款简单易用的IT审计堡垒机,通过对原生ssh代码进行了部分修改，从而实现用户在登录堡垒机后，他所有的命令操作都将被实时抓取并写入审计日志，以供后期审计，目前CrazyEye主要实现了以下功能：

用户行为审计
- 底层使用原生ssh,不牺牲ssh使用体验,对用户操作无任何影响
- 支持对主机进行分组管理
- 可为运维人员分配指定服务器、指定账号的操作权限，即一个用户可以登录多少生产服务器，以及登录后有什么权限，都可以自如的控制
- 用户登录堡垒后的所有操作均可被记录下来以供日后审计.
主机批量操作
- 可对指定数量的机器进行批量命令、文件分发操作，可实时查看操作进度和结果

注意:: 目前暂时不支持对Windows系统的操作审计和批量任务

快速安装`(for Ubuntu)`

###环境依赖

python3.5+

cryptography==1.5.2
Django==1.10.2
django-session-security==2.4.0
djangorestframework==3.5.3
paramiko==2.0.2
pycparser==2.16
PyMySQL==0.7.9


sshpass 
openssh

###1.下载CrazyEye $ git clone https://github.com/triaquae/CrazyEye.git

###2.安装python环境依赖

首先确保使用的python版本是3.5+
进入CrazyEye目录执行sudo pip3 install -r requirements.txt

####3.安装sshpass

进入src目录,执行tar xvzff sshpass-1.06.tar.gz
cd sshpass-1.06/
./configure
make && make install

###3.安装改过源码的openssh

cd src/openssh-7.3p1/
./configure --prefix=/usr/local/openssh7/

注意有可能会报错误configure: error: OpenSSL version header not found.这是因为openssh需要openssl,此时需要安装一下openssl的开发模块`
```
 在ubuntu上安装openssl dev组件
 sudo apt-get install zlib1g
 sudo apt-get install zlib1g-dev
 sudo apt-get install libssl-dev
 
 再重新执行configure就应该没问题了
```
make && make install

###4.配置审计用户

创建一个审计用户,adduser crazy_audit
修改audit_user的.bashrc， vim /home/crazy_audit/.bashrc,在文件末尾加下以下2行并保存
```
python3 /usr/local/CrazyEye/crazy_eyes_mgr.py run

logout
```
修改sudo配置文件，使crazy_audit用户可以在sudo时不用输入密码

$ sudo vim /etc/sudoers
```
  %crazy_audit    ALL=NOPASSWD:ALL #/usr/bin/strace,/usr/bin/python3
```

###5.启动CrazyEye

sudo python3 manage.py runserver 0.0.0.0:9000
*注意启动此程序的用户不应是crazye_audit用户

###6.登录

管理用户登录通过浏览器打开http://your_ip_addr:9000/
```
用户名:[email protected]
密码: alex3714 
```

普通只需要通过命令行登录即可

 Alexs-MacBook-Pro:~ alex$ ssh [email protected]
 [email protected]'s password: *此处填写你之前创建的crazy_audit的密码
 
 press ENTER if you don't have token, [input your token]: #敲回车就行
 Username:[email protected] #此处方是真正的你为用户创建的审订账号
 Password:
 
 |-------[Welcome login CrazyEye Auditing System]-----|
 |            Version :   1.0                         |
 |            Author  :   Alex Li                     |
 |            QQ Group:   29215534                    |
 |----------------------------------------------------|
 
 
 z. Ungrouped [3] #你授权这个用户可以访问的主机列表 
 >>:z
   0.	ubuntu(10.211.55.5)  alex
   1.	oldboy web server 错的(202.106.23.22)  Alex
   2.	oldboy web server(101.200.195.98)  Alex
 ['b'(back)]>>>:0 #选中一台机器登录
 -----connecting [10.211.55.5] with user [alex]-----
 session_tag: hrqdan3soljbux6t
 Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-53-generic x86_64)
 
  * Documentation:  https://help.ubuntu.com/
 
 313 packages can be updated.
 26 updates are security updates.
 
 Last login: Sat Dec 31 15:39:59 2016 from 10.211.55.5
 alex@alex-ubuntu:~$ ifconfig #登录上了远程机器了
 enp0s5    Link encap:Ethernet  HWaddr 00:1c:42:2d:c0:18  
           inet addr:10.211.55.5  Bcast:10.211.55.255  Mask:255.255.255.0
           inet6 addr: fdb2:2c26:f4e4:0:3c28:9879:d171:74be/64 Scope:Global
           inet6 addr: fe80::8a5e:4c84:4dbb:5e3/64 Scope:Link
           inet6 addr: fdb2:2c26:f4e4:0:e59a:3d73:452b:1dc7/64 Scope:Global
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:26899 errors:0 dropped:0 overruns:0 frame:0
           TX packets:17202 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000 
           RX bytes:13283203 (13.2 MB)  TX bytes:5233012 (5.2 MB)
 
 lo        Link encap:Local Loopback  
           inet addr:127.0.0.1  Mask:255.0.0.0
           inet6 addr: ::1/128 Scope:Host
           UP LOOPBACK RUNNING  MTU:65536  Metric:1
           RX packets:24016 errors:0 dropped:0 overruns:0 frame:0
           TX packets:24016 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1 
           RX bytes:4440146 (4.4 MB)  TX bytes:4440146 (4.4 MB)
 
 alex@alex-ubuntu:~$ 
 alex@alex-ubuntu:~$ 
 alex@alex-ubuntu:~$ ls
 a.py      Desktop    Downloads         Music          Pictures  ssh_log   Templates  test.zip
 CrazyEye  Documents  examples.desktop  openssh-7.3p1  Public    ssh_log2  test.py    Videos
 alex@alex-ubuntu:~$ pwd
 /home/alex
 alex@alex-ubuntu:~$ exit #退出这台机器 
 logout
 Connection to 10.211.55.5 closed.  #又回到审计交互界面
   0.	ubuntu(10.211.55.5)  alex
   1.	oldboy web server 错的(202.106.23.22)  Alex
   2.	oldboy web server(101.200.195.98)  Alex
 ['b'(back)]>>>:b
 z. Ungrouped [3]
 >>:exit #即出审计系统 
 Bye!
 Connection to 10.211.55.5 closed.

作者介绍

Alex(金角大王),多年IT自动化开发经验,国内PYTHON语言知名推广者，曾任职公安部、飞信、Nokia**、中金公司、Advent软件、汽车之家等公司,目前任老男孩教育Python教学总监，热爱抽烟、喝酒、烫头！

他的Python基础视频 http://study.163.com/course/courseMain.htm?courseId=1003245008

技术支持

目前CrazyEye发布是的1.0测试版,由于时间有限，在使用过程中难免会出现一些小bug,你可以加入 PYTHON开发交流QQ群(29215534) 提交bug,我会尽快回复！

crazyeye's People

Contributors

Stargazers

Watchers

Forkers

shineforever tarivs ljb-2000 zhaojinhong shuxiang hujingguang s910501 yirenzui8 fengyunsen bytebility vinsonzou iceleeyo lue828 lilirui520 fjfd benliangcn tomzhang fit2cloud-backup kakakacool quanse unclebigb yangwm gdsellerpd imdaqian kismi imzhulei timxuhj chyangbj vikingliu helakelas xiaozhenliang freedream520 jacknjzhou morro-wind icanfly s270987763 yindashan niasand skyshe avldya key20 yocome diluga magicrefeng lostmonk gitsuke oeohomos adanac yujiaao oceanho wangdoubleyan abbabb123 pengzihe hwsyy skywaiting chickenlove hello-000 hanhui870 de8ug zeus911 lqfie johnsonybq lianghanquan wudi003 wangyouyan mainzxq aizaimenghuangu wanyinglong eleven1 daqing613 ftylove malzahr thinkdb srsman flying2016 eagle2015 ggbg liusic guadeitong aexleader juneman ymz2012 changyaoguang bullermartin cagee logonmy yoyopie yangxujing wdl0809 gexinworks chinarefers zhangnq lirenkai2000 withshunli xinyang128 loveguan wuchengjiang tonykuo222 devops-life fuquanjun

crazyeye's Issues

可以加个request.txt文件，这样pip install -r request.txt

manage.py createsuperuser运行失败

[root@jmeter107 sysadmin]# ./manage.py createsuperuser

You have 1 unapplied migration(s). Your project may not work properly until you apply the migrations for app(s): auth.
Run 'python manage.py migrate' to apply them.

Email address: [email protected]
Traceback (most recent call last):
File "./manage.py", line 10, in
execute_from_command_line(sys.argv)
File "/usr/lib/python2.7/site-packages/django/core/management/init.py", line 367, in execute_from_command_line
utility.execute()
File "/usr/lib/python2.7/site-packages/django/core/management/init.py", line 359, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/lib/python2.7/site-packages/django/core/management/base.py", line 294, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 63, in execute
return super(Command, self).execute(*args, **options)
File "/usr/lib/python2.7/site-packages/django/core/management/base.py", line 345, in execute
output = self.handle(*args, options)
File "/usr/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 121, in handle
self.UserModel._default_manager.db_manager(database).get_by_natural_key(username)
File "/usr/lib/python2.7/site-packages/django/contrib/auth/base_user.py", line 48, in get_by_natural_key
return self.get({self.model.USERNAME_FIELD: username})
File "/usr/lib/python2.7/site-packages/django/db/models/manager.py", line 85, in manager_method
return getattr(self.get_queryset(), name)(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/django/db/models/query.py", line 379, in get
num = len(clone)
File "/usr/lib/python2.7/site-packages/django/db/models/query.py", line 238, in len
self._fetch_all()
File "/usr/lib/python2.7/site-packages/django/db/models/query.py", line 1087, in _fetch_all
self._result_cache = list(self.iterator())
File "/usr/lib/python2.7/site-packages/django/db/models/query.py", line 54, in iter
results = compiler.execute_sql()
File "/usr/lib/python2.7/site-packages/django/db/models/sql/compiler.py", line 835, in execute_sql
cursor.execute(sql, params)
File "/usr/lib/python2.7/site-packages/django/db/backends/utils.py", line 79, in execute
return super(CursorDebugWrapper, self).execute(sql, params)
File "/usr/lib/python2.7/site-packages/django/db/backends/utils.py", line 64, in execute
return self.cursor.execute(sql, params)
File "/usr/lib/python2.7/site-packages/django/db/utils.py", line 94, in exit
six.reraise(dj_exc_type, dj_exc_value, traceback)
File "/usr/lib/python2.7/site-packages/django/db/backends/utils.py", line 64, in execute
return self.cursor.execute(sql, params)
File "/usr/lib/python2.7/site-packages/django/db/backends/mysql/base.py", line 110, in execute
return self.cursor.execute(query, args)
File "/usr/lib/python2.7/site-packages/pymysql/cursors.py", line 166, in execute
result = self._query(query)
File "/usr/lib/python2.7/site-packages/pymysql/cursors.py", line 322, in _query
conn.query(q)
File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 835, in query
self._affected_rows = self._read_query_result(unbuffered=unbuffered)
File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 1019, in _read_query_result
result.read()
File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 1302, in read
first_packet = self.connection._read_packet()
File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 981, in _read_packet
packet.check_error()
File "/usr/lib/python2.7/site-packages/pymysql/connections.py", line 393, in check_error
err.raise_mysql_exception(self._data)
File "/usr/lib/python2.7/site-packages/pymysql/err.py", line 107, in raise_mysql_exception
raise errorclass(errno, errval)
django.db.utils.InternalError: (1054, u"Unknown column 'web_userprofile.password' in 'field list'")
[root@jmeter107 sysadmin]#

.pyc 文件提交上来了

忽略下吧

ubuntu报错，新的进程文件报错，ModuleNotFoundError: No module named

Detials error Traceback (most recent call last): File "/home/DjangoPorject/AccessGateway/backend_task/run_task.py", line 94, in <module> django.setup() File "/usr/local/python3/lib/python3.8/site-packages/django/__init__.py", line 19, in setup configure_logging(settings.LOGGING_CONFIG, settings.LOGGING) File "/usr/local/python3/lib/python3.8/site-packages/django/conf/__init__.py", line 76, in __getattr__ self._setup(name) File "/usr/local/python3/lib/python3.8/site-packages/django/conf/__init__.py", line 63, in _setup self._wrapped = Settings(settings_module) File "/usr/local/python3/lib/python3.8/site-packages/django/conf/__init__.py", line 142, in __init__ mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/local/python3/lib/python3.8/importlib/__init__.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "<frozen importlib._bootstrap>", line 1014, in _gcd_import File "<frozen importlib._bootstrap>", line 991, in _find_and_load File "<frozen importlib._bootstrap>", line 961, in _find_and_load_unlocked File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed File "<frozen importlib._bootstrap>", line 1014, in _gcd_import File "<frozen importlib._bootstrap>", line 991, in _find_and_load File "<frozen importlib._bootstrap>", line 973, in _find_and_load_unlocked ModuleNotFoundError: No module named 'AccessGateway'

ubuntu 18.04编译OpenSSH

gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE -I. -I. -DSSHDIR="/usr/local/openssh7/etc" -D_PATH_SSH_PROGRAM="/usr/local/openssh7/bin/ssh" -D_PATH_SSH_ASKPASS_DEFAULT="/usr/local/openssh7/libexec/ssh-askpass" -D_PATH_SFTP_SERVER="/usr/local/openssh7/libexec/sftp-server" -D_PATH_SSH_KEY_SIGN="/usr/local/openssh7/libexec/ssh-keysign" -D_PATH_SSH_PKCS11_HELPER="/usr/local/openssh7/libexec/ssh-pkcs11-helper" -D_PATH_SSH_PIDDIR="/var/run" -D_PATH_PRIVSEP_CHROOT_DIR="/var/empty" -DHAVE_CONFIG_H -c ssh_api.c -o ssh_api.o
In file included from ssh_api.h:26:0,
from ssh_api.c:20:
cipher.h:69:17: error: field ‘evp’ has incomplete type
EVP_CIPHER_CTX evp;
^~~
Makefile:152: recipe for target 'ssh_api.o' failed
make: *** [ssh_api.o] Error 1

似乎是OpenSSL需要1.0，但系统是1.1。

环境前期的依赖包包括py模块都已经装好了，为啥启动就报那个模块没有··· 很尴尬啊

关于webssh方式,命令记录不全的问题

在shellinabox的界面中,如果碰到tab补全命令的时候,实际上,后台记录的时候,是看不到补全的命令行的.