gh_mirrors/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-01-31 14:08:06 +08:00
Code

fix: 解决 ssh 登录日志年份获取失败的问题 (#1785)

Browse Source
This commit is contained in:
ssongliu 2023-07-28 18:27:20 +08:00 committed by GitHub
parent 5629dbff8e
commit f9c8aa0484
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 141 additions and 149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

290
backend/app/service/ssh.go
View File

@ -206,8 +206,13 @@ func (u *SSHService) LoadSSHSecret(mode string) (string, error) {
return string(file), err return string(file), err
} }
type sshFileItem struct {
Name string
Year int
}
func (u *SSHService) LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error) { func (u *SSHService) LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error) {
var fileList []string var fileList []sshFileItem
var data dto.SSHLog var data dto.SSHLog
baseDir := "/var/log" baseDir := "/var/log"
if err := filepath.Walk(baseDir, func(pathItem string, info os.FileInfo, err error) error { if err := filepath.Walk(baseDir, func(pathItem string, info os.FileInfo, err error) error {
@ -215,12 +220,15 @@ func (u *SSHService) LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error) {
return err return err
} }
if !info.IsDir() && strings.HasPrefix(info.Name(), "secure") || strings.HasPrefix(info.Name(), "auth") { if !info.IsDir() && strings.HasPrefix(info.Name(), "secure") || strings.HasPrefix(info.Name(), "auth") {
if strings.HasSuffix(info.Name(), ".gz") { if !strings.HasSuffix(info.Name(), ".gz") {
fileList = append(fileList, sshFileItem{Name: pathItem, Year: info.ModTime().Year()})
return nil
}
itemFileName := strings.TrimSuffix(pathItem, ".gz")
if _, err := os.Stat(itemFileName); err != nil && os.IsNotExist(err) {
if err := handleGunzip(pathItem); err == nil { if err := handleGunzip(pathItem); err == nil {
fileList = append(fileList, strings.ReplaceAll(pathItem, ".gz", "")) fileList = append(fileList, sshFileItem{Name: itemFileName, Year: info.ModTime().Year()})
} }
} else {
fileList = append(fileList, pathItem)
} }
} }
return nil return nil
@ -234,80 +242,62 @@ func (u *SSHService) LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error) {
command = fmt.Sprintf(" | grep '%s'", req.Info) command = fmt.Sprintf(" | grep '%s'", req.Info)
} }
for i := 0; i < len(fileList); i++ { showCountFrom := (req.Page - 1) * req.PageSize
withAppend := len(data.Logs) < req.Page*req.PageSize showCountTo := req.Page * req.PageSize
if req.Status != constant.StatusSuccess {
if strings.HasPrefix(path.Base(fileList[i]), "secure") {
commandItem := fmt.Sprintf("cat %s | grep -a 'Failed password for' | grep -v 'invalid' %s", fileList[i], command)
dataItem, itemTotal := loadFailedSecureDatas(commandItem, withAppend)
data.FailedCount += itemTotal
data.TotalCount += itemTotal
data.Logs = append(data.Logs, dataItem...)
}
if strings.HasPrefix(path.Base(fileList[i]), "auth.log") {
commandItem := fmt.Sprintf("cat %s | grep -a 'Connection closed by authenticating user' | grep -a 'preauth' %s", fileList[i], command)
dataItem, itemTotal := loadFailedAuthDatas(commandItem, withAppend)
data.FailedCount += itemTotal
data.TotalCount += itemTotal
data.Logs = append(data.Logs, dataItem...)
}
}
if req.Status != constant.StatusFailed {
commandItem := fmt.Sprintf("cat %s | grep -a Accepted %s", fileList[i], command)
dataItem, itemTotal := loadSuccessDatas(commandItem, withAppend)
data.TotalCount += itemTotal
data.Logs = append(data.Logs, dataItem...)
}
}
data.SuccessfulCount = data.TotalCount - data.FailedCount
if len(data.Logs) < 1 {
return nil, nil
}
var itemDatas []dto.SSHHistory
total, start, end := len(data.Logs), (req.Page-1)*req.PageSize, req.Page*req.PageSize
if start > total {
itemDatas = make([]dto.SSHHistory, 0)
} else {
if end >= total {
end = total
}
itemDatas = data.Logs[start:end]
}
data.Logs = itemDatas
timeNow := time.Now()
nyc, _ := time.LoadLocation(common.LoadTimeZone()) nyc, _ := time.LoadLocation(common.LoadTimeZone())
qqWry, err := qqwry.NewQQwry() qqWry, err := qqwry.NewQQwry()
if err != nil { if err != nil {
global.LOG.Errorf("load qqwry datas failed: %s", err) global.LOG.Errorf("load qqwry datas failed: %s", err)
} }
var itemLogs []dto.SSHHistory for _, file := range fileList {
for i := 0; i < len(data.Logs); i++ { commandItem := ""
data.Logs[i].Area = qqWry.Find(data.Logs[i].Address).Area if strings.HasPrefix(path.Base(file.Name), "secure") {
data.Logs[i].Date, _ = time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", timeNow.Year(), data.Logs[i].DateStr), nyc) switch req.Status {
itemLogs = append(itemLogs, data.Logs[i]) case constant.StatusSuccess:
commandItem = fmt.Sprintf("cat %s | grep -a Accepted %s", file.Name, command)
case constant.StatusFailed:
commandItem = fmt.Sprintf("cat %s | grep -a 'Failed password for' | grep -v 'invalid' %s", file.Name, command)
default:
commandItem = fmt.Sprintf("cat %s | grep -aE '(Failed password for|Accepted)' | grep -v 'invalid' %s", file.Name, command)
}
}
if strings.HasPrefix(path.Base(file.Name), "auth.log") {
switch req.Status {
case constant.StatusSuccess:
commandItem = fmt.Sprintf("cat %s | grep -a Accepted %s", file.Name, command)
case constant.StatusFailed:
commandItem = fmt.Sprintf("cat %s | grep -a 'Connection closed by authenticating user' | grep -a 'preauth' %s", file.Name, command)
default:
commandItem = fmt.Sprintf("cat %s | grep -aE \"(Connection closed by authenticating user|Accepted)\" | grep -v 'invalid' %s", file.Name, command)
}
}
dataItem, successCount, failedCount := loadSSHData(commandItem, showCountFrom, showCountTo, file.Year, qqWry, nyc)
data.FailedCount += failedCount
data.TotalCount += successCount + failedCount
showCountFrom = showCountFrom - data.TotalCount
showCountTo = showCountTo - data.TotalCount
data.Logs = append(data.Logs, dataItem...)
} }
data.Logs = itemLogs
data.SuccessfulCount = data.TotalCount - data.FailedCount
return &data, nil return &data, nil
} }
func sortFileList(fileNames []string) []string { func sortFileList(fileNames []sshFileItem) []sshFileItem {
if len(fileNames) < 2 { if len(fileNames) < 2 {
return fileNames return fileNames
} }
if strings.HasPrefix(path.Base(fileNames[0]), "secure") { if strings.HasPrefix(path.Base(fileNames[0].Name), "secure") {
var itemFile []string var itemFile []sshFileItem
sort.Slice(fileNames, func(i, j int) bool { sort.Slice(fileNames, func(i, j int) bool {
return fileNames[i] > fileNames[j] return fileNames[i].Name > fileNames[j].Name
}) })
itemFile = append(itemFile, fileNames[len(fileNames)-1]) itemFile = append(itemFile, fileNames[len(fileNames)-1])
itemFile = append(itemFile, fileNames[:len(fileNames)-2]...) itemFile = append(itemFile, fileNames[:len(fileNames)-2]...)
return itemFile return itemFile
} }
sort.Slice(fileNames, func(i, j int) bool { sort.Slice(fileNames, func(i, j int) bool {
return fileNames[i] < fileNames[j] return fileNames[i].Name < fileNames[j].Name
}) })
return fileNames return fileNames
} }
@ -342,109 +332,111 @@ func updateSSHConf(oldFiles []string, param string, value interface{}) []string
return newFiles return newFiles
} }
func loadSuccessDatas(command string, withAppend bool) ([]dto.SSHHistory, int) { func loadSSHData(command string, showCountFrom, showCountTo, currentYear int, qqWry *qqwry.QQwry, nyc *time.Location) ([]dto.SSHHistory, int, int) {
var ( var (
datas []dto.SSHHistory datas []dto.SSHHistory
totalNum int successCount int
failedCount int
) )
stdout2, err := cmd.Exec(command) stdout2, err := cmd.Exec(command)
if err == nil { if err != nil {
lines := strings.Split(string(stdout2), "\n") return datas, 0, 0
if len(lines) == 0 { }
return datas, 0 lines := strings.Split(string(stdout2), "\n")
} for i := len(lines) - 1; i >= 0; i-- {
for i := len(lines) - 1; i >= 0; i-- { var itemData dto.SSHHistory
parts := strings.Fields(lines[i]) switch {
if len(parts) < 14 { case strings.Contains(lines[i], "Failed password for"):
continue itemData = loadFailedSecureDatas(lines[i])
} if len(itemData.Address) != 0 {
totalNum++ if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo {
if withAppend { itemData.Area = qqWry.Find(itemData.Address).Area
historyItem := dto.SSHHistory{ itemData.Date, _ = time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", currentYear, itemData.DateStr), nyc)
DateStr: fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]), datas = append(datas, itemData)
AuthMode: parts[6],
User: parts[8],
Address: parts[10],
Port: parts[12],
Status: constant.StatusSuccess,
} }
datas = append(datas, historyItem) failedCount++
}
case strings.Contains(lines[i], "Connection closed by authenticating user"):
itemData = loadFailedAuthDatas(lines[i])
if len(itemData.Address) != 0 {
if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo {
itemData.Area = qqWry.Find(itemData.Address).Area
itemData.Date, _ = time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", currentYear, itemData.DateStr), nyc)
datas = append(datas, itemData)
}
failedCount++
}
case strings.Contains(lines[i], "Accepted "):
itemData = loadSuccessDatas(lines[i])
if len(itemData.Address) != 0 {
if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo {
itemData.Area = qqWry.Find(itemData.Address).Area
itemData.Date, _ = time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", currentYear, itemData.DateStr), nyc)
datas = append(datas, itemData)
}
successCount++
} }
} }
} }
return datas, totalNum return datas, successCount, failedCount
} }
func loadFailedAuthDatas(command string, withAppend bool) ([]dto.SSHHistory, int) { func loadSuccessDatas(line string) dto.SSHHistory {
var ( var data dto.SSHHistory
datas []dto.SSHHistory parts := strings.Fields(line)
totalNum int if len(parts) < 14 {
) return data
stdout2, err := cmd.Exec(command)
if err == nil {
lines := strings.Split(string(stdout2), "\n")
if len(lines) == 0 {
return datas, 0
}
for i := len(lines) - 1; i >= 0; i-- {
parts := strings.Fields(lines[i])
if len(parts) < 14 {
continue
}
totalNum++
if withAppend {
historyItem := dto.SSHHistory{
DateStr: fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
AuthMode: parts[8],
User: parts[10],
Address: parts[11],
Port: parts[13],
Status: constant.StatusFailed,
}
if strings.Contains(lines[i], ": ") {
historyItem.Message = strings.Split(lines[i], ": ")[1]
}
datas = append(datas, historyItem)
}
}
} }
return datas, totalNum data = dto.SSHHistory{
DateStr: fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
AuthMode: parts[6],
User: parts[8],
Address: parts[10],
Port: parts[12],
Status: constant.StatusSuccess,
}
return data
} }
func loadFailedSecureDatas(command string, withAppend bool) ([]dto.SSHHistory, int) { func loadFailedAuthDatas(line string) dto.SSHHistory {
var ( var data dto.SSHHistory
datas []dto.SSHHistory parts := strings.Fields(line)
totalNum int if len(parts) < 14 {
) return data
stdout2, err := cmd.Exec(command)
if err == nil {
lines := strings.Split(string(stdout2), "\n")
if len(lines) == 0 {
return datas, 0
}
for i := len(lines) - 1; i >= 0; i-- {
parts := strings.Fields(lines[i])
if len(parts) < 14 {
continue
}
totalNum++
if withAppend {
historyItem := dto.SSHHistory{
DateStr: fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
AuthMode: parts[6],
User: parts[8],
Address: parts[10],
Port: parts[12],
Status: constant.StatusFailed,
}
if strings.Contains(lines[i], ": ") {
historyItem.Message = strings.Split(lines[i], ": ")[1]
}
datas = append(datas, historyItem)
}
}
} }
return datas, totalNum data = dto.SSHHistory{
DateStr: fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
AuthMode: parts[8],
User: parts[10],
Address: parts[11],
Port: parts[13],
Status: constant.StatusFailed,
}
if strings.Contains(line, ": ") {
data.Message = strings.Split(line, ": ")[1]
}
return data
}
func loadFailedSecureDatas(line string) dto.SSHHistory {
var data dto.SSHHistory
parts := strings.Fields(line)
if len(parts) < 14 {
return data
}
data = dto.SSHHistory{
DateStr: fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
AuthMode: parts[6],
User: parts[8],
Address: parts[10],
Port: parts[12],
Status: constant.StatusFailed,
}
if strings.Contains(line, ": ") {
data.Message = strings.Split(line, ": ")[1]
}
return data
} }
func handleGunzip(path string) error { func handleGunzip(path string) error {