3344/dock
1
0
Fork 0
Code Issues Packages Projects Releases 1 Wiki Activity

Update 实时 history 监控

Browse Source
This commit is contained in:
xzx3344521
2025-10-22 09:55:09 +08:00
committed by GitHub
parent b4b93199d1
commit 82de7ea6a6
1 changed files with 82 additions and 259 deletions
Download Patch File Download Diff File Expand all files Collapse all files

341
实时 history 监控
View File

@@ -1,277 +1,100 @@
# 创建唯一的监控系统
cat > /usr/local/bin/cmdwatch << 'EOF'
# 创建超级简单的监控系统
cat > /usr/local/bin/watchcmd << 'EOF'
#!/bin/bash
# 配置文件
CONFIG_DIR="/root/.cmdwatch"
LOG_FILE="$CONFIG_DIR/monitor.log"
PID_FILE="$CONFIG_DIR/pid"
LOCK_FILE="$CONFIG_DIR/lock"
LOG="/root/watch.log"
PID="/tmp/watch.pid"
# 初始化
init_system() {
mkdir -p "$CONFIG_DIR"
touch "$LOG_FILE"
}
# 获取客户端IP
get_client_ip() {
local ip="unknown"
[ -n "$SSH_CLIENT" ] && ip=$(echo "$SSH_CLIENT" | awk '{print $1}')
[ "$ip" = "unknown" ] && [ -n "$SSH_CONNECTION" ] && ip=$(echo "$SSH_CONNECTION" | awk '{print $1}')
echo "$ip"
}
# 检查是否运行中
is_running() {
if [ -f "$PID_FILE" ]; then
local pid=$(cat "$PID_FILE" 2>/dev/null)
if ps -p "$pid" >/dev/null 2>&1; then
return 0
else
rm -f "$PID_FILE"
fi
fi
return 1
}
# 文件锁
get_lock() {
exec 200>"$LOCK_FILE"
flock -n 200 && return 0
return 1
}
release_lock() {
flock -u 200
}
# 停止所有可能的监控进程
stop_all_monitors() {
echo "停止所有监控进程..."
# 停止当前系统
if [ -f "$PID_FILE" ]; then
local pid=$(cat "$PID_FILE" 2>/dev/null)
[ -n "$pid" ] && kill "$pid" 2>/dev/null
fi
# 停止其他可能运行的监控
pkill -f "cmd_monitor"
pkill -f "monitor.sh"
pkill -f "mt"
pkill -f "mon"
pkill -f "cmdwatch"
# 清理文件
rm -f "$PID_FILE"
rm -f "$LOCK_FILE"
sleep 1
}
# 主监控函数
start_monitoring() {
echo "启动命令监控..."
# 设置实时history
for user_dir in /home/* /root; do
[ -d "$user_dir" ] || continue
bashrc="$user_dir/.bashrc"
[ -f "$bashrc" ] || continue
if ! grep -q "PROMPT_COMMAND.*cmdwatch" "$bashrc" 2>/dev/null; then
echo 'export PROMPT_COMMAND="history -a; history -c; history -r #cmdwatch"' >> "$bashrc"
fi
done
# 启动监控进程
(
echo "=== 命令监控启动: $(date) ===" >> "$LOG_FILE"
declare -A file_sizes
# 初始化文件大小
for user_dir in /home/* /root; do
[ -d "$user_dir" ] || continue
user=$(basename "$user_dir")
history_file="$user_dir/.bash_history"
[ -f "$history_file" ] && file_sizes["$user"]=$(stat -c%s "$history_file" 2>/dev/null || echo 0)
done
# 主监控循环
while true; do
for user_dir in /home/* /root; do
[ -d "$user_dir" ] || continue
user=$(basename "$user_dir")
history_file="$user_dir/.bash_history"
[ -f "$history_file" ] || continue
current_size=$(stat -c%s "$history_file" 2>/dev/null || echo 0)
last_size=${file_sizes["$user"]:-0}
if [ "$current_size" -gt "$last_size" ]; then
new_cmd=$(tail -n 1 "$history_file" 2>/dev/null | sed 's/^[ \t]*//;s/[ \t]*$//')
if [ -n "$new_cmd" ] && [ ${#new_cmd} -gt 1 ]; then
# 过滤简单命令
case "$new_cmd" in
ls|cd|pwd|ll|history|exit|clear|cmdwatch|"."|"..")
continue
;;
*)
client_ip=$(get_client_ip)
timestamp=$(date '+%Y-%m-%d %H:%M:%S')
log_entry="[$timestamp] 用户:$user | 命令:$new_cmd | 来源:$client_ip"
echo "$log_entry" >> "$LOG_FILE"
file_sizes["$user"]=$current_size
;;
esac
fi
fi
done
sleep 1
done
) &
echo $! > "$PID_FILE"
echo "✅ 监控已启动 (PID: $!)"
}
# 命令处理
case "$1" in
start)
init_system
if ! get_lock; then
echo "❌ 监控已经在运行中"
exit 1
fi
if is_running; then
echo "✅ 监控已在运行中"
release_lock
exit 0
fi
stop_all_monitors
start_monitoring
release_lock
;;
stop)
init_system
stop_all_monitors
echo "✅ 所有监控已停止"
;;
status)
init_system
if is_running; then
pid=$(cat "$PID_FILE")
echo "✅ 监控运行中 (PID: $pid)"
echo "📝 日志文件: $LOG_FILE"
echo "📊 日志行数: $(wc -l < "$LOG_FILE" 2>/dev/null || echo 0)"
else
echo "❌ 监控未运行"
fi
;;
view|logs)
init_system
if [ "$2" = "-f" ] || [ "$1" = "view" ]; then
if [ -f "$LOG_FILE" ]; then
tail -f "$LOG_FILE"
else
echo "暂无日志"
fi
else
if [ -f "$LOG_FILE" ]; then
tail -20 "$LOG_FILE"
else
echo "暂无日志"
fi
fi
;;
install)
init_system
stop_all_monitors
# 设置开机自启动
echo "设置开机自启动..."
(crontab -l 2>/dev/null | grep -v "cmdwatch"; echo "@reboot /usr/local/bin/cmdwatch start >/dev/null 2>&1") | crontab -
# 设置命令别名
echo "设置命令别名..."
sed -i '/alias cmdwatch=/d' ~/.bashrc
echo "alias cw='/usr/local/bin/cmdwatch view'" >> ~/.bashrc
# 启动监控
/usr/local/bin/cmdwatch start
source ~/.bashrc
echo ""
echo "🎉 安装完成!"
echo "========================"
echo "使用方法:"
echo " cw # 查看实时监控"
echo " cmdwatch view # 查看实时监控"
echo " cmdwatch status # 查看状态"
echo " cmdwatch stop # 停止监控"
echo " cmdwatch logs # 查看历史日志"
;;
clean)
echo "🧹 彻底清理所有监控系统..."
# 停止所有
pkill -f "cmd_monitor"
pkill -f "monitor.sh"
# 停止其他监控
pkill -f "cmdwatch"
pkill -f "monitor"
pkill -f "mt"
pkill -f "mon"
pkill -f "cmdwatch"
# 清理文件
rm -rf /root/monitor
rm -rf /root/install
rm -rf /root/.cmdwatch
rm -f /usr/local/bin/mt
rm -f /usr/local/bin/mon
rm -f /tmp/*monitor*
rm -f /tmp/cmd_monitor.*
# 清理crontab
(crontab -l 2>/dev/null | grep -v -E "(monitor|cmd_monitor|mt|mon|cmdwatch)") | crontab -
# 清理别名
sed -i '/alias to=/d' ~/.bashrc
sed -i '/alias mon=/d' ~/.bashrc
sed -i '/alias mt=/d' ~/.bashrc
sed -i '/alias cw=/d' ~/.bashrc
# 设置实时history
echo 'export PROMPT_COMMAND="history -a; history -c; history -r"' >> ~/.bashrc
source ~/.bashrc
echo "✅ 彻底清理完成"
;;
# 启动监控
(
echo "监控启动: $(date)" > "$LOG"
declare -A sizes
while true; do
for user in /home/* /root; do
[ -d "$user" ] || continue
history_file="$user/.bash_history"
[ -f "$history_file" ] || continue
user_name=$(basename "$user")
current=$(stat -c%s "$history_file" 2>/dev/null || echo 0)
last=${sizes["$user_name"]:-0}
if [ "$current" -gt "$last" ]; then
cmd=$(tail -n 1 "$history_file" 2>/dev/null | tr -d '\000-\037')
if [ -n "$cmd" ] && [ ${#cmd} -gt 1 ]; then
case "$cmd" in
ls|cd|pwd|ll|history|exit|clear|watchcmd|".")
continue
;;
*)
ip="unknown"
[ -n "$SSH_CLIENT" ] && ip=$(echo "$SSH_CLIENT" | awk '{print $1}')
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $user_name: $cmd (from: $ip)" >> "$LOG"
sizes["$user_name"]=$current
;;
esac
fi
fi
done
sleep 1
done
) &
echo $! > "$PID"
echo "监控已启动"
;;
stop)
pkill -f "watchcmd"
rm -f "$PID"
echo "监控已停止"
;;
view)
if [ -f "$LOG" ]; then
tail -f "$LOG"
else
echo "暂无日志"
fi
;;
status)
if [ -f "$PID" ] && ps -p $(cat "$PID") >/dev/null 2>&1; then
echo "监控运行中 (PID: $(cat "$PID"))"
else
echo "监控未运行"
rm -f "$PID"
fi
;;
install)
# 设置开机启动
(crontab -l 2>/dev/null; echo "@reboot /usr/local/bin/watchcmd start >/dev/null 2>&1") | crontab -
# 设置别名
echo "alias wc='watchcmd view'" >> ~/.bashrc
source ~/.bashrc
# 启动
watchcmd start
echo "安装完成! 使用 'wc' 查看监控"
;;
*)
echo "命令监控系统 (cmdwatch)"
echo "========================"
echo "使用方法:"
echo " cmdwatch start # 启动监控"
echo " cmdwatch stop # 停止监控"
echo " cmdwatch status # 查看状态"
echo " cmdwatch view # 实时查看"
echo " cmdwatch logs # 查看日志"
echo " cmdwatch install # 安装配置"
echo " cmdwatch clean # 彻底清理"
echo ""
echo "安装后使用: cw # 查看实时监控"
echo "使用: watchcmd [start|stop|view|status|install]"
;;
esac
EOF
# 给执行权限
chmod +x /usr/local/bin/cmdwatch
chmod +x /usr/local/bin/watchcmd
# 安装并启动
echo "安装唯一监控系统..."
cmdwatch install
# 安装并测试
watchcmd install
# 测试
echo "测试监控系统..."
cw
wc