0
点赞
收藏
分享

微信扫一扫

深度探索:Linux CentOS 7内核的奥秘与管理之道

善解人意的娇娇 2024-11-01 阅读 10
人工智能python安全
import os
import sys
import subprocess
import re
import datetime
import threading
import multiprocessing
import tkinter as tk
from tkinter import messagebox, simpledialog, ttk
import scapy.all as scapy
import whois
import smtplib
from email.mime.text import MIMEText
import numpy as np
import tensorflow as tf
from sklearn.ensemble import IsolationForest
from sklearn.svm import OneClassSVM
from sklearn.preprocessing import StandardScaler
from keras.models import Sequential
from keras.layers import Dense, LSTM, Dropout
import json
import random
import socket
import pickle
from geopy.geocoders import Nominatim

# 请求 root 权限
def request_root_permission():
    if os.geteuid() != 0:
        print("请以 root 权限运行此脚本。")
        exit(1)

# 获取 root 权限
def get_root_permission():
    if os.geteuid() != 0:
        print("请求 root 权限...")
        subprocess.run(["sudo", sys.executable, *sys.argv])
        exit(0)

# 配置防火墙规则
def configure_firewall():
    print("配置防火墙规则...")
    subprocess.run(["sudo", "iptables", "-A", "INPUT", "-j", "LOG", "--log-prefix", "IPTables-Input: "])
    subprocess.run(["sudo", "iptables", "-A", "OUTPUT", "-j", "LOG", "--log-prefix", "IPTables-Output: "])
    # 阻断已知恶意 IP 地址
    known_malicious_ips = ["192.168.1.100", "10.0.0.1"]
    for ip in known_malicious_ips:
        subprocess.run(["sudo", "iptables", "-A", "INPUT", "-s", ip, "-j", "DROP"])
        subprocess.run(["sudo", "iptables", "-A", "OUTPUT", "-d", ip, "-j", "DROP"])

# 读取和解析系统日志
def analyze_logs(log_file):
    print(f"分析日志文件 {
     log_file}...")
    with open(log_file, 'r') as file:
        lines = file.readlines()
    
    suspicious_activities = []
    for line in lines:
        if "IPTables-Input" in line or "IPTables-Output" in line:
            match = re.search(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})', line)
            if match:
                ip_address = match.group(1)
                timestamp = re.search(r'\w{3} \w{3} \d{2} \d{2}:\d{2}:\d{2}', line)
                if timestamp:
                    timestamp = timestamp.group(0)
                    suspicious_activities.append((timestamp, ip_address, line.strip()))
    
    return suspicious_activities

# 使用 Scapy 抓取特定端口的流量
def capture_traffic(interface, port):
    print(f"抓取 {
     interface} 上的 {
     port} 端口流量...")
    packets = scapy.sniff(iface=interface, filter=f"port {
     port}", count=100)
    return packets

# 获取入侵者地理位置
def get_geolocation(ip_address):
    try:
        geolocator = Nominatim(user_agent="security_system")
        location = geolocator.geocode(ip_address)
        if location:
            return f"{
     location.city}, {
     location.country}"
        else:
            return "未知位置"
    except Exception as e:
        return f"获取地理位置失败: {
     str(e)}"

# 验证 IP 地址
def verify_ip(ip_address):
    try:
        w = whois.whois(ip_address)
        if w and w.get('nets'):
            return w.nets[0].get('description', "未知描述")
        else:
            return "未知描述"
    except Exception as e:
        return f"验证 IP 失败: {
     str(e)}"

# 生成报告
def generate_report(suspicious_activities, report_file):
    print(f"生成报告到 {
     report_file}...")
    with open(report_file, 'w') as file:
        file.write("可疑活动报告\n")
        file.write("=" * 30 + "\n")
        file.write(f"生成时间: {
     datetime.datetime.now()}\n")
        file.write("\n")
        file.write("时间戳\tIP 地址\t地理位置\t描述\t日志条目\n")
        file.write("-" * 80 + "\n")
        for activity in suspicious_activities:
            geolocation = get_geolocation
举报

相关推荐

如何升级 CentOS 7 的 Linux 内核

CentOS驱动程序系统架构软件架构软件研发yyds干货盘点

linux(centos7)内核更新

linux运维服务器内核

Linux centos7 删除多余内核

linux内核启动搜索Linux系统/运维

Linux CentOS7.x 升级内核的方法

kubernetes容器linux运维centos虚拟化云计算

探索操作系统:内核、启动和系统调用的奥秘

系统调用应用程序内核空间Java后端开发yyds干货盘点

在Linux CentOS 7搭建OpenVPN服务与管理

技术日志运维

探索Kubernetes服务发现与Ingress的奥秘

服务发现Pod原生应用云原生云计算

CentOS 7路由管理解析:探秘路由表的奥秘

网络安全安全信息收集

CentOS7 内核更新

配置文件yum源Linux系统/运维

centos7 升级内核

内核Linux系统/运维
0 条评论