1. 堡垒机,即在一个特定的网络环境下,为了保障网络和数据不受来自外部和内部用户的入侵和破坏,而运用各种技术手段实时收集和监控网络环境中每一个组成部分的系统状态、安全事件、网络活动,以便集中报警、及时处理及审计定责。 重新封存了用户的SSH代码,使得堡垒机变成了监视器。
2. 堡垒机的两个功能: 1, 记录操作,2,权限控制。
3,实现多对多的功能。
user_m2m_bindhost = Table('user_m2m_bindhost', Base.metadata, Column('userprofile_id', Integer, ForeignKey('user_profile.id')), Column('bindhost_id', Integer, ForeignKey('bind_host.id')), ) bindhost_m2m_hostgroup = Table('bindhost_m2m_hostgroup', Base.metadata, Column('bindhost_id', Integer, ForeignKey('bind_host.id')), Column('hostgroup_id', Integer, ForeignKey('host_group.id')), ) user_m2m_hostgroup = Table('userprofile_m2m_hostgroup', Base.metadata, Column('userprofile_id', Integer, ForeignKey('user_profile.id')), Column('hostgroup_id', Integer, ForeignKey('host_group.id')), )
4. 创建多个表结构:
class Host(Base): __tablename__ = 'host' id = Column(Integer,primary_key=True) hostname = Column(String(64),unique=True) ip = Column(String(64),unique=True) port = Column(Integer,default=22) def __repr__(self): return self.hostname class HostGroup(Base): __tablename__ = 'host_group' id = Column(Integer, primary_key=True) name = Column(String(64), unique=True) bind_hosts = relationship("BindHost",secondary="bindhost_m2m_hostgroup",backref="host_groups") def __repr__(self): return self.name class RemoteUser(Base): __tablename__ = 'remote_user' __table_args__ = (UniqueConstraint('auth_type', 'username','password', name='_user_passwd_uc'),) id = Column(Integer, primary_key=True) AuthTypes = [ ('ssh-password','SSH/Password'), ('ssh-key','SSH/KEY'), ] auth_type = Column(ChoiceType(AuthTypes)) username = Column(String(32)) password = Column(String(128)) def __repr__(self): return self.username class BindHost(Base): ''' 192.168.1.11 web 192.168.1.11 mysql ''' __tablename__ = "bind_host" __table_args__ = (UniqueConstraint('host_id','remoteuser_id', name='_host_remoteuser_uc'),) id = Column(Integer, primary_key=True) host_id = Column(Integer,ForeignKey('host.id')) #group_id = Column(Integer,ForeignKey('group.id')) remoteuser_id = Column(Integer, ForeignKey('remote_user.id')) host = relationship("Host",backref="bind_hosts") #host_group = relationship("HostGroup",backref="bind_hosts") remote_user = relationship("RemoteUser",backref="bind_hosts")
5. 比较复杂,后期再复盘。