ver1.7.0 新增浏览器调用securecrt,xshell,putty等客户端终端;新增会话录像审计

Dockerfile

@@ -5,4 +5,5 @@ RUN cd /devops && pip install -i https://pypi.douban.com/simple -r requirements.
 RUN cd /devops && echo_supervisord_conf > /etc/supervisord.conf && cat deamon.ini >> /etc/supervisord.conf && \
 	sed -i 's/nodaemon=false/nodaemon=true/g' /etc/supervisord.conf
 EXPOSE 8000
+EXPOSE 2222
 ENTRYPOINT ["supervisord", "-c", "/etc/supervisord.conf"]

README.md

@@ -10,6 +10,7 @@ pip install -r requirements.txt
 
 # 运行
 python3 manage.py runserver
+python3 manage.py proxy_sshd
 ```
 
 docker方式(Centos 7)
@@ -63,6 +64,8 @@ sh start_docker.sh
 ![效果](https://github.com/leffss/devops/blob/master/screenshots/35.PNG?raw=true)
 ![效果](https://github.com/leffss/devops/blob/master/screenshots/36.PNG?raw=true)
 ![效果](https://github.com/leffss/devops/blob/master/screenshots/37.JPG?raw=true)
+![效果](https://github.com/leffss/devops/blob/master/screenshots/38.PNG?raw=true)
+![效果](https://github.com/leffss/devops/blob/master/screenshots/39.PNG?raw=true)
 
 
 # TODO LISTS
@@ -95,7 +98,7 @@ sh start_docker.sh
 - [ ] 批量脚本
 - [x] webssh终端
 - [x] webtelnet终端
-- [ ] 网页调用crt,xshell等终端
+- [x] 网页调用securecrt,xshell,putty,winscp等终端(目前只支持windows)
 - [ ] websftp终端
 - [x] 查看在线会话列表
 - [x] 实时查看在线会话
@@ -106,6 +109,7 @@ sh start_docker.sh
 - [x] 用户日志审计
 - [x] 操作日志审计
 - [x] web终端日志审计
+- [x] web终端操作录像
 - [x] 所有界面表单数据验证(原生javascript正则表单式验证)
 - [ ] 搜索
 - [ ] 后台耗时任务使用 celery

apploader/apploader.py

@@ -0,0 +1,27 @@
+#!/usr/bin/env python
+
+import sys
+import traceback
+import time
+from urllib import parse
+import subprocess
+
+
+def main():
+    try:
+        tags = parse.unquote(sys.argv[1])
+        if tags.endswith('/'):  # 当前URL PROTOCOL协议传过来的数据中无 '/' 时，默认会在字符末尾添加一个 '/'，需要去掉
+            tags = tags[:-1]
+        # print(tags)
+        tags = tags.split('://')
+        del tags[0]
+        # print(tags)
+        subprocess.Popen('://'.join(tags))
+        # time.sleep(20)
+    except:
+        print(traceback.format_exc())
+        time.sleep(20)
+
+
+if __name__ == '__main__':
+    main()

apploader/apploader.reg

@@ -0,0 +1,10 @@
+Windows Registry Editor Version 5.00
+[HKEY_CLASSES_ROOT\apploader]
+"URL Protocol"="C:\\apploader.exe"
+@="apploader"
+[HKEY_CLASSES_ROOT\apploader\DefaultIcon]
+@="C:\\apploader.exe,1"
+[HKEY_CLASSES_ROOT\apploader\shell]
+[HKEY_CLASSES_ROOT\apploader\shell\open]
+[HKEY_CLASSES_ROOT\apploader\shell\open\command]
+@="\"C:\\apploader.exe\" \"%1\""

apploader/run_pyinstaller.bat

@@ -0,0 +1,2 @@
+"C:\Program Files\Python37\Scripts\pyinstaller" -F apploader.py
+pause

apploader/windows调用securecrt、xshell等客户端方法.txt

@@ -0,0 +1,3 @@
+windows调用securecrt、xshell等客户端方法:
+1.复制本目录dist\apploader.exe程序到c:\根目录下
+2.保存并导入apploader.reg文件到注册表。

deamon.ini

@@ -2,8 +2,8 @@
 [program:devops]
 directory=/devops
 command=python manage.py runserver 0.0.0.0:8000
-# stdout_logfile=/var/log/celeryd.log
-# stderr_logfile=/var/log/celeryd.log
+# stdout_logfile=/var/log/devops.log
+# stderr_logfile=/var/log/devops.log
 loglevel=info
 redirect_stderr=true
 user = root
@@ -13,6 +13,22 @@ autorestart=true
 startsecs=10
 stopwaitsecs=600
 
+
+[program:proxy-sshd]
+directory=/devops
+command=python manage.py proxy_sshd
+# stdout_logfile=/var/log/proxy_sshd.log
+# stderr_logfile=/var/log/proxy_sshd.log
+loglevel=info
+redirect_stderr=true
+user = root
+stopsignal = INT
+autostart=true
+autorestart=true
+startsecs=10
+stopwaitsecs=600
+
+
 [program:celery-worker]
 directory=/devops
 command=celery -A devops worker -l info
@@ -26,3 +42,4 @@ autostart=true
 autorestart=true
 startsecs=10
 stopwaitsecs=600
+

devops/settings.py

@@ -15,10 +15,18 @@
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 TMP_DIR = os.path.join(BASE_DIR, 'tmp')
-
 if not os.path.isdir(TMP_DIR):
     os.makedirs(TMP_DIR)
 
+TERMINAL_LOGS = os.path.join(BASE_DIR, 'terminal_logs')
+if not os.path.isdir(TERMINAL_LOGS):
+    os.makedirs(TERMINAL_LOGS)
+
+MEDIA_ROOT = os.path.join(BASE_DIR, 'terminal_logs')
+if not os.path.isdir(MEDIA_ROOT):
+    os.makedirs(MEDIA_ROOT)
+MEDIA_URL = '/media/'
+
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
 
@@ -123,8 +131,6 @@
 
 USE_TZ = False
 
-# Static files (CSS, JavaScript, Images)
-# https://docs.djangoproject.com/en/2.2/howto/static-files/
 
 STATIC_URL = '/static/'
 STATICFILES_DIRS = [
@@ -137,8 +143,13 @@
 # session 如果在此期间未做任何操作，则退出， django 本身要么设置固定时间，要么关闭浏览器失效
 CUSTOM_SESSION_EXIPRY_TIME = 60 * 30    # 30 分钟
 
-# celery 配置
-CELERY_BROKER_URL = 'redis://127.0.0.1:6379/0'
+redis_setting = {
+    'host': '127.0.0.1',
+    'port': 6379,
+}
+
+# celery 配置 redis
+CELERY_BROKER_URL = 'redis://{0}:{1}/0'.format(redis_setting['host'], redis_setting['port'])
 
 
 DEBUG_TOOLBAR_PANELS = [
@@ -162,12 +173,44 @@
     # ...
 ]
 
-# channel_layers
+# channel_layers 使用 redis
 CHANNEL_LAYERS = {
     "default": {
         "BACKEND": "channels_redis.core.RedisChannelLayer",
         "CONFIG": {
-            "hosts": [("127.0.0.1", 6379)],
+            "hosts": [(redis_setting['host'], redis_setting['port'])],
         },
     },
 }
+
+# 缓存使用 redis
+CACHES = {
+    'default': {
+        'BACKEND': 'django_redis.cache.RedisCache',
+        'LOCATION': 'redis://{0}:{1}'.format(redis_setting['host'], redis_setting['port']),
+        'OPTIONS': {
+            # 'DB': 10,
+            # 'PASSWORD': '123456',
+            'CLIENT_CLASS': 'django_redis.client.DefaultClient',
+            'PARSER_CLASS': 'redis.connection.HiredisParser',
+            'CONNECTION_POOL_CLASS': 'redis.BlockingConnectionPool',
+            'CONNECTION_POOL_CLASS_KWARGS': {
+                'max_connections': 250,
+                'timeout': 10,
+            },
+        },
+        'KEY_PREFIX': 'devops',
+    }
+}
+
+SESSION_ENGINE = "django.contrib.sessions.backends.cached_db"
+SESSION_COOKIE_HTTPONLY = True
+
+
+# proxy_sshd 配置
+PROXY_SSHD = {
+    'listen_host': '0.0.0.0',
+    'listen_port': 2222,
+    'cons': 100,
+}
+

devops/urls.py

@@ -17,6 +17,8 @@
 from django.urls import path, include
 import debug_toolbar
 from server.views import index
+from django.conf import settings
+from django.conf.urls.static import static
 
 urlpatterns = [
     path('__debug__/', include(debug_toolbar.urls)),
@@ -37,3 +39,7 @@
     path('webtelnet/', include('webtelnet.urls', namespace='webtelnet')),
 
 ]
+
+if settings.DEBUG:
+    # static files (images, css, javascript, etc.)
+    urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)

requirements.txt

@@ -8,3 +8,5 @@ celery==4.3.0
 redis
 eventlet
 django-debug-toolbar
+selectors2
+django-redis

run_proxy_sshd.bat

@@ -0,0 +1,2 @@
+"C:\Program Files\Python37\python" manage.py proxy_sshd
+pause

server/urls_api.py

@@ -1,7 +1,7 @@
 from django.urls import path
 from . import views_api
 
-app_name="server"
+app_name = "server"
 urlpatterns = [
     path('test/', views_api.test, name='test'),
 

start_docker.sh

@@ -4,4 +4,7 @@ docker rm -f devops
 docker rmi -f devops
 
 docker build -t devops .
-docker run -d --name devops -p 8000:8000 devops
+
+docker run -d --name devops -p 8000:8000 -p 2222:2222 devops
+
+# docker run -d --name devops -P devops