Skip to main content
Glama
enesjakozh

OPS MCP Server

by Heht571
GitHub
Python
MIT License
37
  • Linux
  • Apple
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
main.cpython-310.pyc34.3 kB
o ���g,�� @s�ddlmZddlmZmZmZmZmZmZm Z m Z m Z ddl m Z ddlZddlZddlZddlZddlZddlZddlZddlZddlmZmZddlmZddlmZejejdd �e�d �Z Gd d �d e�Z!Gd d�de�Z"Gdd�de�Z#Gdd�de�Z$Gdd�de�Z%Gdd�de�Z&Gdd�de�Z'Gdd�de�Z(Gdd�de�Z)Gdd�de*e �Z+Gdd �d �Z,Gd!d"�d"�Z-ed#�Z.d$d%�Z/e.�0�e/dqd(d)���Z1e.�0�e/d*d+gd,�d-d.fdrd:d;���Z2e.�0� * + -dsdtd<d=��Z3e.�0�dud?d@��Z4e.�0� * + A B -dvdwdEdF��Z5e.�0�d*d+gd-fdxdHdI��Z6e.�0� * + -dsdtdJdK��Z7e.�0� * + L M N -dydzdRdS��Z8e.�0�d*d+gdT�dUdVfd{dYdZ��Z9e.�0� * + [ Vd|d}d]d^��Z:e.�0� * + _ ` -d~ddbdc��Z;e.�0� * + -dsdtddde��Z<e.�0� * + -dsdtdfdg��Z=dhdi�Z>e?djk�r�zZz e �@dk�e.jAdldm�Wn+eB�y�e �@dn�Yn(eC�y�ZDze �Edoe*eD����WYdZD[DndZD[DwwWe>�e �@dp�dSWe>�e �@dp�dSWe>�e �@dp�dSe>�e �@dp�wdS)��)� annotations) �Optional�Literal� TypedDict�List�Dict�Any�Union�Callable�cast)�EnumN)� BaseModel�Field)�FastMCP)�StringIOz4%(asctime)s - %(name)s - %(levelname)s - %(message)s)�level�formatZserver_monitorc@sfeZdZUdZedd�Zded<eed�Zded<eed�Z ded <ed d�Z d ed <d Z ded<d S)�InspectionResultu统一巡检结果模型�unknown)�defaultz&Literal['success', 'error', 'unknown']�status)�default_factory�dict�data� raw_outputs��str�errorN� Optional[str]�summary) �__name__� __module__� __qualname__�__doc__rr�__annotations__rrrrr�r%r%�:/Users/he.ht/Documents/Cline/MCP/mytestmcp/mcptest/main.pyrs rc@s2eZdZUdZded<ded<ded<ded<dS)� ServerMetricu!服务器资源指标基础模型�float�total�used�free�usageN�r r!r"r#r$r%r%r%r&r'�  r'c@s"eZdZUdZded<ded<dS)�CPUStatsuCPU指标数据结构zOptional[float]r,r�loadavgNr-r%r%r%r&r/&s  r/c@s2eZdZUdZded<ded<ded<ded<dS) �DiskInfou磁盘信息数据结构r� mount_pointr)r*r(r,Nr-r%r%r%r&r1+r.r1c@s*eZdZUdZded<ded<ded<dS)� LoginRecordu登录记录数据结构r�time�user�ipNr-r%r%r%r&r32�  r3c@sJeZdZUdZded<ded<ded<ded<ded <ded <ded <d S) � ProcessInfou进程信息数据结构�int�pidr�namer5r(� cpu_percent�memory_percentr�createdNr-r%r%r%r&r88s  r8c@s2eZdZUdZded<ded<ded<ded<dS) � ServiceStatusu服务状态数据结构rr;r�bool�active�enabledNr-r%r%r%r&r?Br.r?c@sBeZdZUdZded<ded<ded<ded<ded<ded <d S) �NetworkInterfaceu网络接口数据结构rr;� ip_address� mac_addressrr9�rx_bytes�tx_bytesNr-r%r%r%r&rCIs  rCc@s*eZdZUdZded<ded<ded<dS)�ToolInfou工具信息数据结构rr;� descriptionzList[Dict[str, Any]]� parametersNr-r%r%r%r&rHRr7rHc@sDeZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdS)� ServerToolsu服务器工具枚举�get_memory_info�remote_server_inspection�check_ssh_risk_logins�check_firewall_config�get_os_details�get_system_load�list_available_tools�monitor_processes�check_service_status�inspect_network� analyze_logs�backup_critical_files�security_vulnerability_scanN)r r!r"r#Z MEMORY_INFOZREMOTE_INSPECTIONZSSH_RISK_CHECKZFIREWALL_CHECKZ OS_DETAILSZ SYSTEM_LOADZ LIST_TOOLSZPROCESS_MONITORZSERVICE_STATUSZNETWORK_INSPECTIONZ LOG_ANALYZERZ FILE_BACKUPZ SECURITY_SCANr%r%r%r&rK[srKc@sFeZdZdZiZ    dddd�Zddd�Zdd�Zedd��Z dS)� SSHManageru*SSH连接管理器(上下文管理器)r��T�hostnamer�username�password�portr9�timeout� use_cacher@cCsRt��|_|j�t���|||||d�|_|�d|�d|��|_||_d|_dS)N)r\r]r^r_r`�@�:F) �paramikoZ SSHClient�clientZset_missing_host_key_policyZ AutoAddPolicy�connect_params�connection_keyra�is_new_connection)�selfr\r]r^r_r`rar%r%r&�__init__rs � zSSHManager.__init__�return�paramiko.SSHClientc Csrzg|jrD|j|jvrD|j|j}z|jddd�t�d|j���||_|jWWStyCt�d|j�d��|j�|jd�Ynwt�d|j���|jj d i|j ��d|_ |jrd|j|j|j<|jWSt j y�}zt�d |j�d t|�����d}~wt jy�}zt�d |j�d t|�����d}~wty�}zt�d |j�d t|�����d}~ww)Nzecho 1��r`z Using cached SSH connection for zCached connection invalid for z, creating new onezCreating new SSH connection to TzSSH authentication failed for �: zSSH connection error for zUnexpected error connecting to r%)rarg�_connection_cache� exec_command�logger�debugre� Exception�pop�connectrfrhrd�AuthenticationExceptionrr� SSHException)riZ cached_client�er%r%r&� __enter__�s>   �����zSSHManager.__enter__cCs4|js|jrt�d|j���|j��dSdSdS)NzClosing SSH connection to )rarhrrrsrgre�close)ri�exc_type�exc_val�exc_tbr%r%r&�__exit__�s �zSSHManager.__exit__cCs>|j��D] }z|��WqYq|j��t�d�dS)u清除连接缓存zSSH connection cache clearedN)rp�valuesr{�clearrr�info)�clsrer%r%r&� clear_cache�s  zSSHManager.clear_cacheN)rrZr[T) r\rr]rr^rr_r9r`r9rar@)rkrl) r r!r"r#rprjrzr� classmethodr�r%r%r%r&rYns � $rYc@s�eZdZdZiZed$d%d d ��Zed&dd��Zed'dd��Ze d(dd��Z e d)dd��Z e d*dd��Z e d+dd��Z e d,d!d"��Zd#S)-�ServerInspectoru服务器指标解析器�<� parser_funcr � cache_keyr� raw_output�max_ager9c CsPtj��}||jvr|j|\}}||��|kr|S||�}||f|j|<|S)u带缓存的解析函数)�datetime�now� _parse_cache� total_seconds) r�r�r�r�r�� current_timeZ cached_result� timestamp�resultr%r%r&� _cached_parse�s  zServerInspector._cached_parserkr/cC�$dd�}dt|���}|�|||�S)u解析CPU使用率和负载c Ss�z)t�d|�}t�d|�}|rdt|�d��nd|r%d�|���d�WSdd�WStyJ}zt�dt |����ddd�WYd}~Sd}~ww)Nz(\d+\.\d+)%? idz-load average: ([\d\.]+), ([\d\.]+), ([\d\.]+)�d��, )r,r0zError parsing CPU stats: ) �re�searchr(�group�join�groupsrtrrrr)�outputZ cpu_usage�load_avgryr%r%r&�_parser�s  ����z*ServerInspector.parse_cpu.<locals>._parserZcpu_��hashr��r�r�r�r�r%r%r&� parse_cpu�s zServerInspector.parse_cpur'cCr�)u解析内存使用情况c Sszidd�|�d�D�}t|�dkst|d�dkr*t�d|���tddddd �WSt|dd�d }t|dd�t|dd �d }tt|d�t|d�t||d�|dkret||d d�d �WSdd �WSty�}zt�d t |����tddddd �WYd}~Sd}~ww)NcSsg|]}|r|���qSr%)�split)�.0�liner%r%r&� <listcomp>��zAServerInspector.parse_memory.<locals>._parser.<locals>.<listcomp>� �r��z!Unexpected memory output format: r)r)r*r+r,irmr�zError parsing memory stats: ) r��lenrr�warningr'r9�roundrtrr)r�Z mem_linesr)r*ryr%r%r&r��s($ ����z-ServerInspector.parse_memory.<locals>._parserZmemory_r�r�r%r%r&� parse_memory�szServerInspector.parse_memory�list[DiskInfo]c Csjg}|�d�dd�D]'}|sq |��}t|�dkr2|�|d|d|dt|d�dd��d ��q |S) u解析磁盘使用情况r�r�Nrmr���%r)r2r)r*r,)r�r��appendr(�replace)r��disksr��partsr%r%r&� parse_disks ��zServerInspector.parse_disk�raw_log�(tuple[dict[str, int], list[LoginRecord]]c Cs�i}g}|�d�D]S}d|vr)d|vr|��dn|��d}|�|d�d||<d|vr\|��}|�|d�d |d�d |d ��d|vrJ|d n|d d |vrU|dn|dd��q ||dd�fS)u解析SSH认证日志r�zFailed passwordz invalid user�����i����rr�zAccepted password� r��� r_)r4r5r6i����N)r��getr�)r�� failed_logins�success_loginsr�r6r�r%r%r&�parse_auth_logs ��zServerInspector.parse_auth_log�list[ProcessInfo]cCs�g}|���d�}|dd�D]M}|sq|��}t|�dkr\z2|�t|d�|dt|d�t|d�|d|d t|�dkrHd �|dd��n|dd ��Wqttfy[Yqwq|S) u解析进程信息r�r�N� rr�� �r�r�)r:r5r<r=rr>r;) �stripr�r�r�r9r(r�� ValueError� IndexError)r�� processes�linesr�r�r%r%r&�parse_processes)s,    $ � ��zServerInspector.parse_processes�list[ServiceStatus]c Cs�g}|���d�D]5}|rd|vsd|vrq |��}t|�dkr>|�|dt|�dkr/|dndd|��vd|��vd ��q |S) u解析服务状态r�ZUNITZLOAD�ru未知rArB�r;rrArB)r�r�r�r��lower)r��servicesr�r�r%r%r&�parse_servicesEs   ��zServerInspector.parse_services�list[NetworkInterface]c Cs�g}d}|���d�D]�}|sq |�d�s;d|vr;|�d�d}|ddd|vr)dnd|vr/dnd ddd �}|�|�q d |vrO|rO|��d �d �d|d<q d|vr^|r^|��d |d<q d|vr�|r�tdd�|���d�D�d�}|r�zt|�d�d ��d�|d<Wq ttfy�Yq wq d|vr�|r�tdd�|���d�D�d�}|r�zt|�d�d ��d�|d<Wq ttfy�Yq wq |S)u解析网络接口信息Nr�r�rcrrZDOWNZUP�UNKNOWN)r;rDrErrFrGzinet r��/rDzether rEz RX packetscs��|] }d|vr|VqdS)zRX bytesNr%�r��lr%r%r&� <genexpr>x��z;ServerInspector.parse_network_interfaces.<locals>.<genexpr>�bytesrFz TX packetscsr�)zTX bytesNr%r�r%r%r&r��r�rG)r�r�� startswithr��nextr9r�r�)r�� interfacesZcurrent_interfacer�r;Zrx_lineZtx_liner%r%r&�parse_network_interfacesWsL�    "�� "��z(ServerInspector.parse_network_interfacesN)r�)r�r r�rr�rr�r9)r�rrkr/)r�rrkr')r�rrkr�)r�rrkr�)r�rrkr�)r�rrkr�)r�rrkr�)r r!r"r#r�r�r�r�r�� staticmethodr�r�r�r�r�r%r%r%r&r��s&      r�Z ServerMonitorcst����fdd��}|S)u0装饰器:统一处理工具函数中的异常c sz�|i|��WStjy3}zt�d�j�dt|����ddt|���d�WYd}~Sd}~wtjy]}zt�d�j�dt|����ddt|���d�WYd}~Sd}~wty�}z tjd�j�dt|���d d �dd t|���d�WYd}~Sd}~ww) NzSSH authentication failed in roruSSH认证失败: )rrzSSH connection error in uSSH连接错误: z Error in T)�exc_infou执行失败: )rdrwrrrr rrxrt)�args�kwargsry��funcr%r&�wrapper�s � �  ��z"handle_exceptions.<locals>.wrapper)� functools�wraps)r�r�r%r�r&�handle_exceptions�s r�rkrc Cs8t��}d|j|j|j|j|jt|dd�t|dd�d�S)�!获取本地服务器内存信息�success�cachedr�buffers)rr)r*r+r,� availabler�r�)�psutilZvirtual_memoryr)r*r+�percentr��getattr)�memr%r%r&rL�s  �rLrrZ��cpu�memory�diskr[Tr\rr]r^r_r9�inspection_modules� list[str]r`�use_connection_cacher@c s�t�}t�d|�d|���dddddd���fd d �|D�}t|�t|�kr7t|�t|�} t�d | ���|sFd |_d |_d|_|� �St ||||||d���} i} |D]�} zx| j �| |d�\} }}|� �� ���}|� �� ���}|r�t�d| �d|���||j| <|s�t�d| �d��WqU| dkr�t�|�|j| <n(dkr�t�|�� �|j| <ndkr�t�|�|j| <n dkr�ndkr� d| | <WqUty�}zt�d| �dt|����dt|���| | <WYd}~qUd}~wwdd �| ��D�}dd �| ��D�}|�r#|�rdt|��d t|��d!�|_nd"|_nd#|_|�s+d nd|_Wd�n 1�s9wYt�d$|�d%|j���|� �S)&�执行远程服务器巡检u 开始对 u! 执行服务器巡检,模块: z"top -bn1 | grep 'Cpu(s)' && uptimezfree -mzdf -hziostat -x 1 2 | tail -n +4z netstat -i)r�r�r��io�networkcsg|]}|�vr|�qSr%r%)r��m��commandsr%r&r��r�z,remote_server_inspection.<locals>.<listcomp>u忽略无效的巡检模块: ru没有有效的巡检模块u*巡检失败:没有有效的巡检模块)rarnu模块 u 执行时有错误输出: u 没有输出r�r�r�r�r�r�u 执行失败: zfailed: NcSsg|] \}}|dkr|�qS�r�r%�r�r�rr%r%r&r��cSsg|] \}}|dkr|�qSr�r%rr%r%r&r�ru部分模块巡检成功 (r��)u所有模块巡检失败u服务器巡检成功u 完成对 u 的服务器巡检,状态: )rrrr�r��setr�rrrrrYrq�read�decoder�rr�r�rr�r�rtr�items)r\r]r^r_r�r`r�r�Z valid_modulesZinvalid_modules�sshZmodule_results�module�stdin�stdout�stderrr�Z error_outputryZsuccess_modulesZfailed_modulesr%r�r&rM�st �       ���6rMc Cs�z=t|||||��*}|�d�\}}}|������} t�d| �} d| r(| �d�ndiWd�WS1s6wYWdStyU} z dt | �iWYd} ~ Sd} ~ ww)�获取系统负载信息�uptimezload average: (.*)Z load_averager�rNr) rYrqrrr�r�r�r�rtr) r\r]r^r_r`rr r r Z load_outputr�ryr%r%r&rQs  (���rQ�list[ToolInfo]c CsLg}ttj�D]{}|�d�rqttj|d�}t|�r�t|d�r�|jr�g}t|d�rv|j� �D]G\}}|dkrud}t|d�rj|j rjt |j� ��� |�t|j� ��t|j �}d|krct|j �krjnn|j |}|�|t|�|d��q.|�||j��|d ��qd d gd �d d dddd�dddd�dddd�dddd�ddgd�d�dddd�gd �dddddd�dddd�dddd�dddd�dddd�gd �ddgd �dddddd�dddd�dddd�dddd�d dd!d�d"dd#d�dddd�gd �d$d%dddd�dddd�dddd�dddd�d&dgd�dddd�gd �d'd(dddd�dddd�dddd�dddd�dddd�gd �d)d*dddd�dddd�dddd�dddd�d+dd,d�d-dd.d�d/dd0d�dddd�gd �d1d2dddd�dddd�dddd�dddd�d3dgd4�d�d5dd6d�ddd7d�gd �d8d9dddd�dddd�dddd�dddd�d:dd;d�ddd7d�gd �d<d=dddd�dddd�dddd�dddd�d+dd>d�d?dd@d�dddd�gd �dAdBdddd�dddd�dddd�dddd�dddd�gd �dCdDdddd�dddd�dddd�dddd�dddd�gd �g }t|�t|�k�r$|S|S)Eu'列出所有可用的工具及其描述�__Nr#r$rk� __defaults__r)r;�typer)r;rIrJrLr�rMr�r\rr]r^rr_r9rZr�r�r�r`r[rQr rRrS�?监控远程服务器进程,返回占用资源最多的进程�top_nr��sort_byr�rT�!检查指定服务的运行状态r�rU�!检查网络接口和连接状态rV�0分析服务器日志文件中的错误和警告�log_file�/var/log/syslog�pattern�error|fail|criticalr�r�rW�备份重要系统配置文件�files�z /etc/passwdz /etc/shadowz /etc/fstabz /etc/hosts� backup_dir� /tmp/backupr�rX�执行基础安全漏洞扫描� scan_type�basicrN�5检查SSH登录风险,包括失败尝试和可疑IP�/var/log/auth.log� thresholdrmrO�$检查防火墙配置和开放端口rP�获取操作系统详细信息)�dir�mcp�toolr�r��callable�hasattrr#r$rr�list�keys�indexr�r�rr�) �toolsZ tool_nameZ tool_func�params� param_name� param_type� default_valueZ param_indexZtool_descriptionsr%r%r&rR)s�  , ����      �     �        �      �     �        �      �      �       �     �     ��_rRr�r�rrc Cs�dgdd�}dddd�}|�|d�} zDt|||||��1} d| �d |d ��} | j| |d �\} } }| ������}t�|�|d <d |d<Wd�W|S1sOwYW|Stys}zd|d<t |�|d<WYd}~|Sd}~ww)rrr)rr�rz-pcpuz-pmemz-time)r�r�r4zps aux --sort=z | head -n r�rnr�r�rNr) r�rYrqrrr�r�r�rtr)r\r]r^r_rrr`r�Z sort_optionsZ sort_paramr�commandr r r r�ryr%r%r&rS�s. �   �����rSr�c Cs�dgdd�}z�t|||||���}|r�g}|D]d} d| ��} |j| |d�\} } } | ������}| dddd�}d|vrCd |d <d |d <nd |vrLd|d <n d|vsTd|vrXd|d <d| ��}|j||d�\} } } | ������}|dk|d<|�|�q||d<nd} |j| |d�\} } } | ������}t�|�|d<d|d <Wd�W|S1s�wYW|Sty�}zd|d <t |�|d<WYd}~|Sd}~ww)rrr)rr�rzsystemctl status rnFr�zActive: active�runningrTrAzActive: inactive�stoppedz not-foundzcould not be foundz not foundzsystemctl is-enabled rBr�z3systemctl list-units --type=service --state=runningr�Nr) rYrqrrr�r�r�r�rtr)r\r]r^r_r�r`r�rZservice_statusesZservicer6r r r r�Zservice_statusZenabled_commandZenabled_outputr�ryr%r%r&rT�sT  �        �1�1���rTc Cs�dgidd�}z�t|||||���}d}|j||d�\}} } | ������} t�| �|d<d} |j| |d�\}} } | ������} g}| �d�d d �D]$}d |vro|��}t|�d kro|d }d|vro|�d�d}|� |�qK||dd<|jd|d�}|d ������}d|v|dd<d|d<Wd �W|S1s�wYW|St y�}zd|d<t |�|d<WYd }~|Sd }~ww)rrr)rr�� connectionsrzip arnr�zss -tulnr�r�N�LISTENrmr�rc�����r9�listening_portszping -c 1 -W 2 8.8.8.8z 1 receivedZinternet_connectivityr�rr) rYrqrrr�r�r�r�r�r�rtr)r\r]r^r_r`r�rZinterfaces_commandr r r Zinterfaces_outputZconnections_commandZconnections_outputr<r�r�Z address_portZinternet_checkZinternet_outputryr%r%r&rUsF   �   �&�&���rUrrr�rrr�c CsDdgidd�}z�t|||||���} d|�d|��} | j| |d�\} } } | ������}|sBd|��|d<d|d <|Wd �WSd |�d |�d �}| j||d�\} } } | ������}g}dddddd�}|�d�D]r}|sqqld}zd�|��d d��}|}WnYd}|��}d|vr�d}|dd7<n9d|vr�d}|dd7<n*d|vs�d|vr�d}|dd7<nd|vr�d}|dd7<n|dd7<|�|||d��ql||d<t |�|d�|d<d|d <Wd �W|S1s�wYW|St �y!}zd|d <t |�|d<WYd }~|Sd }~ww)rrr)r�entriesrrztail -n r�rnu无法读取日志文件 rrNz grep -E 'z' <<< '�'r)rr��critical�fail�otherr�r�rAr?r�r��warnr@)r�r�messager=)Z total_entriesZcounts_by_levelrr�) rYrqrrr�r�r�r�r�r�rtr)r\r]r^r_rrr�r`r�rZ tail_commandr r r Z log_outputZ grep_commandZmatched_outputr=Zpattern_countsr�r�Ztimestamp_partrZ line_lowerryr%r%r&rVMsx �  � �  �E�E���rVrr r�rrc Cs�dgdd�}z�t|||||���}d|��} |j| |d�\} } } d} |j| |d�\} } } | ������}g}|D]s}|�d�d}|�d|�d |�d �}d |�d �}|j||d�\} } } | ������d k}|r�d|�d|��}|j||d�\} } } d |�d�}|j||d�\} } } | ������dk}|�|||r�dndd��q7|�|ddd��q7||d<d|d<Wd�W|S1s�wYW|Sty�}zd|d<t|�|d<WYd}~|Sd}~ww)rrr)r�backupsrz mkdir -p rnzdate +%Y%m%d_%H%M%Sr�r;�.z.bak�[ -f �' ] && echo 'exists' || echo 'not found'�existszcp r�z% ] && echo 'success' || echo 'failed'r�Zfailed)Z original_fileZ backup_filerzfile not foundrDrNr) rYrqrrr�r�r�rtr)r\r]r^r_rrr`r�rZ mkdir_commandr r r Z date_commandZ date_stringrD� file_path� file_nameZ backup_pathZ check_command� file_existsZ copy_commandZ check_backupZ backup_statusryr%r%r&rW�sV      � �  �2�2���rWr#r"c Cs�dgddd�}�z�t|||||����}g}|dks|dkrwd} |j| |d�\} } } | ������} d}|j||d�\} } } | ������}|rR|�d d d |d d ��d}|j||d�\} } } | ������}|rwd|vrw|�d dd|dd ��|dks|dkr�d}|j||d�\} } } | ������}d|vr�|�d ddddd ��d|vr�|�d ddddd ��d|vr�|�d d dddd ��|dks�|dk�r^|jd |d�\} } } | ������d!k}|jd"|d�\} } } | ������d!k}|�r&d#}|j||d�\} } } | ������}|�r%|�d dd$|d%d&�t|�d&k�rd'ndd(d ��n8|�r^d)}|j||d�\} } } | ������}d*|��v�r^|�d dd$|d%d&�t|�d&k�rWd'ndd+d ��||d,<d-d-d-d-d.�}|D]}d/|v�r�|d/|v�r�||d/d07<�qkt|� ��}|d-k�r�d1|d2<n.d3|�d4�|d2<|� �D]\}}|d-k�r�|d2|�d5|�d6�7<�q�|d2� d7�|d2<d8|d9<Wd%�W|S1�s�wYW|St �y�}zd:|d9<t |�|d:<WYd%}~|Sd%}~ww);r!rr)r�vulnerabilitiesrrr#�allzFgrep -E '^PASS_MAX_DAYS|^PASS_MIN_DAYS|^PASS_WARN_AGE' /etc/login.defsrnzgrep -E '^[^:]+::' /etc/shadowZsecurity_issuer?u存在空密码账户u为所有账户设置强密码)rrrI�detailsZrecommendationzNgrep -E '^[^#].*ALL=\(ALL\)' /etc/sudoers /etc/sudoers.d/* 2>/dev/null || trueZNOPASSWD�highu存在无需密码的sudo权限u)移除NOPASSWD选项,要求输入密码Zsshdzlgrep -E '^PasswordAuthentication|^PermitRootLogin|^PermitEmptyPasswords|^X11Forwarding' /etc/ssh/sshd_configzPermitRootLogin yesu允许SSH直接登录root账户uE设置 PermitRootLogin no 并使用普通用户登录后切换到rootzPasswordAuthentication yes�mediumuSSH密码认证已启用u*考虑使用密钥认证替代密码认证zPermitEmptyPasswords yesuSSH允许空密码登录u设置 PermitEmptyPasswords no�packagesz-which apt-get && echo found || echo not found�foundz)which yum && echo found || echo not foundz/apt-get --simulate upgrade | grep -i 'security'u!有可用的安全更新未安装N��z...u#运行 apt-get upgrade 安装更新zyum check-update --securityzneeded for securityu)运行 yum update --security 安装更新rLr)r?rOrP�lowrr�u未发现安全漏洞。ru发现 u 个安全问题: u 个u级, r�r�rr)rYrqrrr�r�r�r��sumr�r�rstriprtr)r\r]r^r_r"r`r�rrLZ passwd_checkr r r Z passwd_policyZ empty_passwdZempty_passwd_accountsZ sudo_checkZsudo_allZ sshd_checkZ sshd_configZhas_aptZhas_yumZ updates_checkZsecurity_updatesZseverity_countsZvulnZ total_vulnsr�countryr%r%r&rX�s� �  � ���  �� � �    � � � �� ���rXr%rmr&c s�dgigdd�}z�t|||||���}d|�d�} |j| |d�\} } } | ������dk} | sWdd g}|D]"}d|�d�} |j| |d�\} } } | ������dkrV|}d } nq4| skd |d <d |d <|Wd�WSd|�d�}|j||d�\} } } | ������}t�|�\}}�fdd�|��D�}|jdd�d d�||d<||d<||d<d|d <Wd�W|S1s�wYW|St y�}zd |d <t |�|d <WYd}~|Sd}~ww)r$rr)r�suspicious_ipsr�r�rrFrGrnrHz/var/log/securez/var/log/audit/audit.logTu找不到SSH日志文件rrNz grep 'sshd' z | tail -n 1000cs4g|]\}}|�kr|||�dkrdndd��qS)r�rOrP)r6�attemptsZ risk_levelr%)r�r6rW�r&r%r&r��s �z)check_ssh_risk_logins.<locals>.<listcomp>cSs|dS)NrYr%)�xr%r%r&�<lambda>�sz'check_ssh_risk_logins.<locals>.<lambda>)�key�reverserXr�r�r�) rYrqrrr�r�r�r�sortrtr)r\r]r^r_rr&r`r�rZ file_checkr r r rKZalternative_logsZalt_logZ log_commandZ log_contentr�r�rXryr%rZr&rN|sV   ��  �  �1�1���rNc Cs�dddd�ggdd�}�z�t|||||����}d}|j||d�\}} } | ������} d} |j| |d�\}} } | ������} d }|j||d�\}} } | ������}d | vr�d |d d <d|d d<d}|j||d�\}} } | ������}|�d�D]%}d|vs�d|vr�|d�|���t�d|�}|r�|d�|� d��q|n�d| v�rd|d d <d|d d<d}|j||d�\}} } | ������}d}|�d�D]B}|� d�r�|��d}|�rd|v�r|�d�d��}|��D]}d|v�r|d�|�d�d�|d�|�d |���q�q�nTd!|v�rTd"|d d <d|d d<|�d�D])}d#|v�rQd$|v�rQt�d%|�}|�rQ|d�|� d��|d�|����q)nd&|d d <d|d d<|d�d'�|d�s�d(}|j||d�\}} } | ������}|�d�D]}d)|v�r�t�d*|�}|�r�|d�|� d���q�t t |d��|d<d+|d,<Wd�W|S1�s�wYW|St �y�}zd-|d,<t|�|d-<WYd}~|Sd}~ww).r'rF)rArr)r�firewall� open_ports�rulesrz;which ufw > /dev/null && ufw status || echo 'ufw not found'rnzTwhich firewall-cmd > /dev/null && firewall-cmd --state || echo 'firewalld not found'zIwhich iptables > /dev/null && iptables -L -n || echo 'iptables not found'zStatus: activeZufwr`rTrAzufw status numberedr�ZALLOWZDENYrbz (\d+)/tcprar�r7Z firewalldzfirewall-cmd --list-all-zonesNz(active)rzports:r�z zone: z Chain INPUTZiptablesZACCEPTzdpt:z dpt:(\d+)�noneu未检测到活动的防火墙zss -tuln || netstat -tulnr:z:(\d+)r�rr)rYrqrrr�r�r�r�r�r��endswithr.rrtr)r\r]r^r_r`r�rZ ufw_commandr r r Z ufw_outputZfirewalld_commandZfirewalld_outputZiptables_commandZiptables_outputZufw_rules_commandZ ufw_rulesr�� port_matchZ zones_commandZ zones_outputZ current_zoneZportsZ ports_commandZ ports_outputryr%r%r&rO�s�    ��       ��   ��     �  �]�]���rOc Cs�didd�}z�t|||||���}dddddd d �}i}|��D]\} } |j| |d �\} } } | ������}||| <qd }d }d |dvrxt�d|dtj�}|rU|� d�}t�d|dtj�}|rg|� d�}nt�d|dtj�}|rx|� d�}||d<||d<d}|j||d �\} } } | ������}d |d<|d kr�dD]}|� �|� �vr�||d<nq�||d<d|d<Wd�W|S1s�wYW|St y�}zd|d<t |�|d<WYd}~|Sd}~ww)r(rr)r�os_inforr\zUcat /etc/os-release || cat /etc/redhat-release || cat /etc/debian_version || uname -azuname -rzuname -mz uptime -pzwho -b)r\� os_releaseZkernel� architecturer Z last_bootrnZUnknownzNAME=rgzNAME="?(.*?)"?r�zVERSION="?(.*?)"?zVERSION_ID="?(.*?)"?�distro�versionz�systemd-detect-virt || dmesg | grep -i virtual || dmidecode | grep -i vmware || dmidecode | grep -i virtualbox || echo 'Unknown'Zvirtualization)ZkvmZvmwareZ virtualboxZxen�dockerZlxcZopenvzZ parallelsrfr�rNr) rYrrqrrr�r�r�� MULTILINEr�r�rtr)r\r]r^r_r`r�rr�rfr]r6r r r r�rirjZ distro_matchZ version_matchZversion_id_matchZvm_check_commandZ vm_outputZvm_typeryr%r%r&rP(sf �      �  �8�8���rPc CsTz t�d�t��WdSty)}zt�dt|����WYd}~dSd}~ww)u清理资源,关闭连接u清理资源和连接...u清理资源时出错: N)rrr�rYr�rtrr)ryr%r%r&�cleanup_resourcesos "��rm�__main__u!启动服务器监控MCP服务...�stdio)� transportu-接收到中断信号,正在关闭服务...u服务运行时出错: u服务已关闭)rkr)r\rr]rr^rr_r9r�r�r`r9r�r@rkr)rrZr[) r\rr]rr^rr_r9r`r9rkr)rkr)rrZr�r�r[)r\rr]rr^rr_r9rr9rrr`r9rkr)r\rr]rr^rr_r9r�r�r`r9rkr)rrZrrr�r[)r\rr]rr^rr_r9rrrrr�r9r`r9rkr)r\rr]rr^rr_r9rr�rrr`r9rkr)rrZr#r�)r\rr]rr^rr_r9r"rr`r9rkr)rrZr%rmr[)r\rr]rr^rr_r9rrr&r9r`r9rkr)F� __future__r�typingrrrrrrr r r �enumr r�r�rdr��logging�platform�socketr��pydanticr rZmcp.server.fastmcprr�r� basicConfig�INFO� getLoggerrrrr'r/r1r3r8r?rCrHrrKrYr�r*r�r+rLrMrQrRrSrTrUrVrWrXrNrOrPrmr r��run�KeyboardInterruptrtryrr%r%r%r&�<module>s ,       OQ�^�  �%�?�3�U�A��@�j�F   ������ �

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Heht571/ops-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server