实时 history 监控

2025-10-21 22:32:45 +08:00
parent b492b77af0
commit 97902fb617
1 changed files with 81 additions and 0 deletions
--- a/81
+++ b/81
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+# 实时 history 监控 - 强制实时写入
+echo "启用实时 history 监控..."
+
+# 配置所有用户的 bash 为实时记录
+configure_realtime_history() {
+    for user_dir in /home/* /root; do
+        if [ -d "$user_dir" ]; then
+            user=$(basename "$user_dir")
+            bashrc="$user_dir/.bashrc"
+            
+            # 添加实时 history 配置
+            if [ -f "$bashrc" ]; then
+                if ! grep -q "REAL_TIME_HISTORY" "$bashrc"; then
+                    echo "
+# REAL_TIME_HISTORY - 实时记录命令
+export PROMPT_COMMAND='history -a; history -c; history -r'
+export HISTTIMEFORMAT='%F %T '
+shopt -s histappend
+" >> "$bashrc"
+                    echo "已为用户 $user 配置实时 history"
+                fi
+            fi
+        fi
+    done
+}
+
+# 监控 history 文件变化
+monitor_history() {
+    echo "开始监控命令历史..."
+    
+    # 获取初始文件状态
+    declare -A file_sizes
+    for user_dir in /home/* /root; do
+        if [ -d "$user_dir" ]; then
+            user=$(basename "$user_dir")
+            history_file="$user_dir/.bash_history"
+            if [ -f "$history_file" ]; then
+                file_sizes["$user"]=$(stat -c%s "$history_file")
+            else
+                file_sizes["$user"]=0
+            fi
+        fi
+    done
+    
+    # 持续监控
+    while true; do
+        for user_dir in /home/* /root; do
+            if [ -d "$user_dir" ]; then
+                user=$(basename "$user_dir")
+                history_file="$user_dir/.bash_history"
+                
+                if [ -f "$history_file" ]; then
+                    current_size=$(stat -c%s "$history_file")
+                    last_size=${file_sizes["$user"]}
+                    
+                    if [ "$current_size" -gt "$last_size" ]; then
+                        # 读取新内容
+                        new_content=$(tail -c +$((last_size + 1)) "$history_file" 2>/dev/null)
+                        if [ -n "$new_content" ]; then
+                            echo "[$(date '+%Y-%m-%d %H:%M:%S')] 用户 $user 执行命令:"
+                            echo "$new_content" | while IFS= read -r line; do
+                                if [ -n "$line" ] && [ "${#line}" -gt 1 ]; then
+                                    echo "  → $line"
+                                fi
+                            done
+                            echo "---"
+                        fi
+                        file_sizes["$user"]=$current_size
+                    fi
+                fi
+            fi
+        done
+        sleep 1
+    done
+}
+
+# 执行
+configure_realtime_history
+monitor_history