Python之paramiko远程配置Linux安全基线

最新推荐文章于 2024-05-16 23:28:52 发布

非运不可自通

最新推荐文章于 2024-05-16 23:28:52 发布

阅读量182

点赞数

分类专栏： python 文章标签： python linux

本文链接：https://blog.csdn.net/wang_ze6456/article/details/119279020

版权

python 专栏收录该内容

20 篇文章 1 订阅

订阅专栏

raspberry.py

import paramiko
import yaml


class Raspberry(object):

    def __init__(self):
        # 实例化SSHClient
        self.ssh_client = paramiko.SSHClient()
        # 自动添加策略，保存服务器的主机名和密钥信息，如果不添加，那么不再本地
        # know_hosts文件中记录的主机将无法连接 ，此方法必须放在connect方法的前面
        self.ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

    @staticmethod
    def server_info():
        with open('host_info.yaml') as f:
            data = f.read()
            return yaml.load(data)

    def execute_cmd(self):
        for host_info in self.server_info():
            print(host_info)
            self.ssh_client.connect(
                hostname=host_info.get('hostname'),
                port=host_info.get('port'),
                username=host_info.get('username'),
                password=host_info.get('password')
            )
            for command in host_info.get('exec_command'):
                std_in, stdout, stderr = self.ssh_client.exec_command(command)
                print(stdout.read().decode('utf-8'))

    def close_connect(self):
        self.execute_cmd()
        self.ssh_client.close()


if __name__ == '__main__':
    r = Raspberry()
    r.close_connect()

host_info.yaml

- hostname: 192.168.201.3
  username: root
  password: raspberry
  port: 22
  exec_command:
  - ls -l
  - df -Th
  - du -sh *
  - ifconfig|grep -E -o "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"
  - echo "hello world" > /root/paramiko.txt
  - sed -i "s/hello world/Hello World/g" /root/paramiko.txt
  - iptables -nvL
  - find  / -name  .netrc -exec rm -rf {} \;  && find  / -name  .rhosts -exec rm -rf {} \;
  - echo "TMOUT=180" >> /etc/profile
  - echo "auth required pam_tally.so deny=10 unlock_time=300" >> /etc/pam.d/system-auth
  - for PART in `grep -v ^# /etc/fstab | awk '($6 != "0") {print $2 }'`;do find $PART -nouser -o -nogroup -print 2>>/dev/null;done
  - echo "password  requisite  pam_cracklib.so  difok=3 minlen=8  ucredit=-1 lcredit=-1  dcredit=-1 ocredit=-1" >> /etc/pam.d/system-auth
  - sed -i 's/PermitRootLogin yes/#PermitRootLogin yes/g' /etc/ssh/sshd_config && service sshd restart
  - sed -i 's/PASS_MAX_DAYS/#PASS_MAX_DAYS/g'  /etc/login.defs
  - sed -i 's/PASS_MIN_DAYS/#PASS_MIN_DAYS/g'  /etc/login.defs
  - sed -i 's/PASS_WARN_AGE/#PASS_WARN_AGE/g'  /etc/login.defs
  - echo "PASS_MAX_DAYS 90" >> /etc/login.defs && echo "PASS_MIN_DAYS 2"  >> /etc/login.defs && echo "PASS_WARN_AGE 7" >> /etc/login.defs
  - echo "net.ipve.icmp_echo_ignore_broadcasts=1" >> /etc/sysctl.conf
  - rpm -e wget --nodeps
  - echo "PermitRootLogin no" >> /etc/ssh/sshd_config

- hostname: 192.168.244.135
  username: root
  password: raspberry
  port: 22
  exec_command:
  - ls -l
  - df -Th
  - du -sh *
  - ifconfig|grep -E -o "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"
  - echo "hello world" > /root/paramiko.txt

非运不可自通

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Python之paramiko远程配置Linux安全基线

raspberry.pyimport paramikoimport yamlclass Raspberry(object): def __init__(self): # 实例化SSHClient self.ssh_client = paramiko.SSHClient() # 自动添加策略，保存服务器的主机名和密钥信息，如果不添加，那么不再本地 # know_hosts文件中记录的主机将无法连接，此方法必须放在connec
复制链接

扫一扫

专栏目录