mirror/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2024-12-11 23:19:09 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

feat: SSH 登陆日志适配 Debian12 (#2567)

Browse Source 
Refs #2367
This commit is contained in:
ssongliu 2023-10-16 17:46:14 +08:00 committed by wanghe-fit2cloud
parent 51ca89daba
commit 5f009152d3
1 changed files with 92 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
backend/app/service/ssh.go
View File

@ -287,9 +287,9 @@ func (u *SSHService) LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error) {
case constant.StatusSuccess: case constant.StatusSuccess:
commandItem = fmt.Sprintf("cat %s | grep -a Accepted %s", file.Name, command) commandItem = fmt.Sprintf("cat %s | grep -a Accepted %s", file.Name, command)
case constant.StatusFailed: case constant.StatusFailed:
commandItem = fmt.Sprintf("cat %s | grep -a 'Connection closed by authenticating user' | grep -a 'preauth' %s", file.Name, command) commandItem = fmt.Sprintf("cat %s | grep -aE 'Failed password for|Connection closed by authenticating user' | grep -a 'preauth' %s", file.Name, command)
default: default:
commandItem = fmt.Sprintf("cat %s | grep -aE \"(Connection closed by authenticating user|Accepted)\" | grep -v 'invalid' %s", file.Name, command) commandItem = fmt.Sprintf("cat %s | grep -aE \"(Failed password for|Connection closed by authenticating user|Accepted)\" | grep -v 'invalid' %s", file.Name, command)
} }
} }
dataItem, successCount, failedCount := loadSSHData(commandItem, showCountFrom, showCountTo, file.Year, qqWry, nyc) dataItem, successCount, failedCount := loadSSHData(commandItem, showCountFrom, showCountTo, file.Year, qqWry, nyc)
@ -466,7 +466,7 @@ func loadSSHData(command string, showCountFrom, showCountTo, currentYear int, qq
if len(itemData.Address) != 0 { if len(itemData.Address) != 0 {
if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo { if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo {
itemData.Area = qqWry.Find(itemData.Address).Area itemData.Area = qqWry.Find(itemData.Address).Area
itemData.Date, _ = time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", currentYear, itemData.DateStr), nyc) itemData.Date = loadDate(currentYear, itemData.DateStr, nyc)
datas = append(datas, itemData) datas = append(datas, itemData)
} }
failedCount++ failedCount++
@ -476,7 +476,7 @@ func loadSSHData(command string, showCountFrom, showCountTo, currentYear int, qq
if len(itemData.Address) != 0 { if len(itemData.Address) != 0 {
if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo { if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo {
itemData.Area = qqWry.Find(itemData.Address).Area itemData.Area = qqWry.Find(itemData.Address).Area
itemData.Date, _ = time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", currentYear, itemData.DateStr), nyc) itemData.Date = loadDate(currentYear, itemData.DateStr, nyc)
datas = append(datas, itemData) datas = append(datas, itemData)
} }
failedCount++ failedCount++
@ -486,7 +486,7 @@ func loadSSHData(command string, showCountFrom, showCountTo, currentYear int, qq
if len(itemData.Address) != 0 { if len(itemData.Address) != 0 {
if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo { if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo {
itemData.Area = qqWry.Find(itemData.Address).Area itemData.Area = qqWry.Find(itemData.Address).Area
itemData.Date, _ = time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", currentYear, itemData.DateStr), nyc) itemData.Date = loadDate(currentYear, itemData.DateStr, nyc)
datas = append(datas, itemData) datas = append(datas, itemData)
} }
successCount++ successCount++
@ -540,6 +540,8 @@ func loadSSHDataForAnalysis(analysisMap map[string]dto.SSHLogAnalysis, commandIt
func loadSuccessDatas(line string) dto.SSHHistory { func loadSuccessDatas(line string) dto.SSHHistory {
var data dto.SSHHistory var data dto.SSHHistory
parts := strings.Fields(line) parts := strings.Fields(line)
t, err := time.Parse("2006-01-02T15:04:05.999999-07:00", parts[0])
if err != nil {
if len(parts) < 14 { if len(parts) < 14 {
return data return data
} }
@ -551,12 +553,27 @@ func loadSuccessDatas(line string) dto.SSHHistory {
Port: parts[12], Port: parts[12],
Status: constant.StatusSuccess, Status: constant.StatusSuccess,
} }
} else {
if len(parts) < 12 {
return data
}
data = dto.SSHHistory{
DateStr: t.Format("2006 Jan 2 15:04:05"),
AuthMode: parts[4],
User: parts[6],
Address: parts[8],
Port: parts[10],
Status: constant.StatusSuccess,
}
}
return data return data
} }
func loadFailedAuthDatas(line string) dto.SSHHistory { func loadFailedAuthDatas(line string) dto.SSHHistory {
var data dto.SSHHistory var data dto.SSHHistory
parts := strings.Fields(line) parts := strings.Fields(line)
t, err := time.Parse("2006-01-02T15:04:05.999999-07:00", parts[0])
if err != nil {
if len(parts) < 14 { if len(parts) < 14 {
return data return data
} }
@ -568,6 +585,19 @@ func loadFailedAuthDatas(line string) dto.SSHHistory {
Port: parts[13], Port: parts[13],
Status: constant.StatusFailed, Status: constant.StatusFailed,
} }
} else {
if len(parts) < 12 {
return data
}
data = dto.SSHHistory{
DateStr: t.Format("2006 Jan 2 15:04:05"),
AuthMode: parts[6],
User: parts[7],
Address: parts[9],
Port: parts[11],
Status: constant.StatusFailed,
}
}
if strings.Contains(line, ": ") { if strings.Contains(line, ": ") {
data.Message = strings.Split(line, ": ")[1] data.Message = strings.Split(line, ": ")[1]
} }
@ -577,6 +607,8 @@ func loadFailedAuthDatas(line string) dto.SSHHistory {
func loadFailedSecureDatas(line string) dto.SSHHistory { func loadFailedSecureDatas(line string) dto.SSHHistory {
var data dto.SSHHistory var data dto.SSHHistory
parts := strings.Fields(line) parts := strings.Fields(line)
t, err := time.Parse("2006-01-02T15:04:05.999999-07:00", parts[0])
if err != nil {
if len(parts) < 14 { if len(parts) < 14 {
return data return data
} }
@ -588,10 +620,26 @@ func loadFailedSecureDatas(line string) dto.SSHHistory {
Port: parts[12], Port: parts[12],
Status: constant.StatusFailed, Status: constant.StatusFailed,
} }
} else {
if len(parts) < 12 {
return data
}
index := 0
if strings.Contains("line", " invalid user") {
index = 2
}
data = dto.SSHHistory{
DateStr: t.Format("2006 Jan 2 15:04:05"),
AuthMode: parts[4],
User: parts[index+6],
Address: parts[index+8],
Port: parts[index+10],
Status: constant.StatusFailed,
}
}
if strings.Contains(line, ": ") { if strings.Contains(line, ": ") {
data.Message = strings.Split(line, ": ")[1] data.Message = strings.Split(line, ": ")[1]
} }
return data return data
} }
@ -610,3 +658,11 @@ func loadServiceName() (string, error) {
} }
return "", errors.New("The ssh or sshd service is unavailable") return "", errors.New("The ssh or sshd service is unavailable")
} }
func loadDate(currentYear int, DateStr string, nyc *time.Location) time.Time {
itemDate, err := time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", currentYear, DateStr), nyc)
if err != nil {
itemDate, _ = time.ParseInLocation("2006 Jan 2 15:04:05", DateStr, nyc)
}
return itemDate
}