0
点赞
收藏
分享

微信扫一扫

深度探索:Linux CentOS 7内核的奥秘与管理之道

善解人意的娇娇 2024-11-01 阅读 10
import os
import sys
import subprocess
import re
import datetime
import threading
import multiprocessing
import tkinter as tk
from tkinter import messagebox, simpledialog, ttk
import scapy.all as scapy
import whois
import smtplib
from email.mime.text import MIMEText
import numpy as np
import tensorflow as tf
from sklearn.ensemble import IsolationForest
from sklearn.svm import OneClassSVM
from sklearn.preprocessing import StandardScaler
from keras.models import Sequential
from keras.layers import Dense, LSTM, Dropout
import json
import random
import socket
import pickle
from geopy.geocoders import Nominatim

# 请求 root 权限
def request_root_permission():
    if os.geteuid() != 0:
        print("请以 root 权限运行此脚本。")
        exit(1)

# 获取 root 权限
def get_root_permission():
    if os.geteuid() != 0:
        print("请求 root 权限...")
        subprocess.run(["sudo", sys.executable, *sys.argv])
        exit(0)

# 配置防火墙规则
def configure_firewall():
    print("配置防火墙规则...")
    subprocess.run(["sudo", "iptables", "-A", "INPUT", "-j", "LOG", "--log-prefix", "IPTables-Input: "])
    subprocess.run(["sudo", "iptables", "-A", "OUTPUT", "-j", "LOG", "--log-prefix", "IPTables-Output: "])
    # 阻断已知恶意 IP 地址
    known_malicious_ips = ["192.168.1.100", "10.0.0.1"]
    for ip in known_malicious_ips:
        subprocess.run(["sudo", "iptables", "-A", "INPUT", "-s", ip, "-j", "DROP"])
        subprocess.run(["sudo", "iptables", "-A", "OUTPUT", "-d", ip, "-j", "DROP"])

# 读取和解析系统日志
def analyze_logs(log_file):
    print(f"分析日志文件 {
     log_file}...")
    with open(log_file, 'r') as file:
        lines = file.readlines()
    
    suspicious_activities = []
    for line in lines:
        if "IPTables-Input" in line or "IPTables-Output" in line:
            match = re.search(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})', line)
            if match:
                ip_address = match.group(1)
                timestamp = re.search(r'\w{3} \w{3} \d{2} \d{2}:\d{2}:\d{2}', line)
                if timestamp:
                    timestamp = timestamp.group(0)
                    suspicious_activities.append((timestamp, ip_address, line.strip()))
    
    return suspicious_activities

# 使用 Scapy 抓取特定端口的流量
def capture_traffic(interface, port):
    print(f"抓取 {
     interface} 上的 {
     port} 端口流量...")
    packets = scapy.sniff(iface=interface, filter=f"port {
     port}", count=100)
    return packets

# 获取入侵者地理位置
def get_geolocation(ip_address):
    try:
        geolocator = Nominatim(user_agent="security_system")
        location = geolocator.geocode(ip_address)
        if location:
            return f"{
     location.city}, {
     location.country}"
        else:
            return "未知位置"
    except Exception as e:
        return f"获取地理位置失败: {
     str(e)}"

# 验证 IP 地址
def verify_ip(ip_address):
    try:
        w = whois.whois(ip_address)
        if w and w.get('nets'):
            return w.nets[0].get('description', "未知描述")
        else:
            return "未知描述"
    except Exception as e:
        return f"验证 IP 失败: {
     str(e)}"

# 生成报告
def generate_report(suspicious_activities, report_file):
    print(f"生成报告到 {
     report_file}...")
    with open(report_file, 'w') as file:
        file.write("可疑活动报告\n")
        file.write("=" * 30 + "\n")
        file.write(f"生成时间: {
     datetime.datetime.now()}\n")
        file.write("\n")
        file.write("时间戳\tIP 地址\t地理位置\t描述\t日志条目\n")
        file.write("-" * 80 + "\n")
        for activity in suspicious_activities:
            geolocation = get_geolocation
举报

相关推荐

0 条评论