diff --git a/实时 history 监控 b/实时 history 监控 index 71248b9..bff035c 100644 --- a/实时 history 监控 +++ b/实时 history 监控 @@ -1,264 +1,79 @@ -# 创建安装目录和脚本 -mkdir -p /root/monitor -cat > /root/monitor/cmd_monitor.sh << 'EOF' +# 创建完整的修复脚本 +cat > /tmp/fix_autostart.sh << 'EOF' #!/bin/bash -INSTALL_DIR="/root/monitor" -SCRIPT_PATH="$INSTALL_DIR/cmd_monitor.sh" -LOG_DIR="/root/command_logs" -PID_FILE="/tmp/cmd_monitor.pid" +echo "=== 修复命令监控开机自启动 ===" -# 获取客户端IP -get_client_ip() { - local ip="unknown" - [ -n "$SSH_CLIENT" ] && ip=$(echo "$SSH_CLIENT" | awk '{print $1}') - [ "$ip" = "unknown" ] && [ -n "$SSH_CONNECTION" ] && ip=$(echo "$SSH_CONNECTION" | awk '{print $1}') - echo "$ip" -} +# 停止现有监控 +/root/monitor/cmd_monitor.sh stop >/dev/null 2>&1 -# 检查to命令 -if [ "$1" = "to" ]; then - if [ -f "$PID_FILE" ] && ps -p $(cat "$PID_FILE") >/dev/null 2>&1; then - echo "切换到前台模式..." - kill $(cat "$PID_FILE") 2>/dev/null - rm -f "$PID_FILE" - exec "$SCRIPT_PATH" foreground - else - echo "切换到后台模式..." - exec "$SCRIPT_PATH" background - fi - exit 0 +# 清理旧的crontab条目 +echo "1. 清理旧的crontab条目..." +(crontab -l 2>/dev/null | grep -v "cmd_monitor" | grep -v "monitor") | crontab - + +# 添加新的crontab开机启动 +echo "2. 设置crontab开机启动..." +(crontab -l 2>/dev/null; echo "@reboot /bin/bash /root/monitor/cmd_monitor.sh background >/dev/null 2>&1") | crontab - + +# 尝试创建systemd服务 +echo "3. 尝试设置systemd服务..." +if command -v systemctl >/dev/null 2>&1; then + cat > /etc/systemd/system/cmd-monitor.service << SVC_EOF +[Unit] +Description=Command Monitor Service +After=network.target + +[Service] +Type=forking +User=root +ExecStart=/root/monitor/cmd_monitor.sh background +ExecStop=/root/monitor/cmd_monitor.sh stop +Restart=no +StandardOutput=null +StandardError=null + +[Install] +WantedBy=multi-user.target +SVC_EOF + + systemctl daemon-reload + systemctl enable cmd-monitor.service >/dev/null 2>&1 + echo " ✅ systemd服务已设置" +else + echo " ℹ️ systemctl不可用,跳过systemd设置" fi -case "$1" in - background|start) - # 设置实时history - for user_dir in /home/* /root; do - [ -d "$user_dir" ] || continue - bashrc="$user_dir/.bashrc" - [ -f "$bashrc" ] || continue - if ! grep -q "PROMPT_COMMAND.*history" "$bashrc" 2>/dev/null; then - echo 'export PROMPT_COMMAND="history -a; history -c; history -r"' >> "$bashrc" - echo "已为 $user_dir 设置实时history" - fi - done - - # 后台启动 - ( - echo "=== 后台监控启动: $(date) ===" >> "$LOG_DIR/monitor.log" - declare -A last_sizes - - # 初始化文件大小 - for user_dir in /home/* /root; do - [ -d "$user_dir" ] || continue - user=$(basename "$user_dir") - history_file="$user_dir/.bash_history" - [ -f "$history_file" ] && last_sizes["$user"]=$(stat -c%s "$history_file" 2>/dev/null || echo 0) - done - - while true; do - for user_dir in /home/* /root; do - [ -d "$user_dir" ] || continue - user=$(basename "$user_dir") - history_file="$user_dir/.bash_history" - [ -f "$history_file" ] || continue - - current_size=$(stat -c%s "$history_file" 2>/dev/null || echo 0) - last_size=${last_sizes["$user"]:-0} - - if [ "$current_size" -gt "$last_size" ]; then - new_cmd=$(tail -n 1 "$history_file" 2>/dev/null | sed 's/^[ \t]*//;s/[ \t]*$//') - if [ -n "$new_cmd" ] && [ ${#new_cmd} -gt 1 ]; then - # 过滤简单命令 - case "$new_cmd" in - ls|cd|pwd|ll|history|exit|clear|to|"."|"..") - continue - ;; - *) - client_ip=$(get_client_ip) - timestamp=$(date '+%Y-%m-%d %H:%M:%S') - log_entry="[$timestamp] 用户:$user | 命令:$new_cmd | 来源:$client_ip" - echo "$log_entry" >> "$LOG_DIR/monitor.log" - ;; - esac - fi - last_sizes["$user"]=$current_size - fi - done - sleep 2 - done - ) & - - echo $! > "$PID_FILE" - echo "✅ 后台监控已启动 (PID: $!)" - echo "📝 日志文件: $LOG_DIR/monitor.log" - ;; - - foreground) - echo "🔍 前台监控模式启动..." - echo "💡 输入 'to' 切换到后台模式" - echo "⏹️ 按 Ctrl+C 停止监控" - echo "================================" - - # 设置信号处理 - trap 'echo -e "\n🛑 停止监控"; exit 0' INT TERM - - declare -A last_sizes - - # 初始化文件大小 - for user_dir in /home/* /root; do - [ -d "$user_dir" ] || continue - user=$(basename "$user_dir") - history_file="$user_dir/.bash_history" - [ -f "$history_file" ] && last_sizes["$user"]=$(stat -c%s "$history_file" 2>/dev/null || echo 0) - done - - while true; do - # 检测to命令输入(非阻塞读取) - if read -t 0.5 -n 2 input 2>/dev/null; then - if [ "$input" = "to" ]; then - echo "🔄 切换到后台模式..." - "$SCRIPT_PATH" background - exit 0 - fi - fi - - # 监控命令 - for user_dir in /home/* /root; do - [ -d "$user_dir" ] || continue - user=$(basename "$user_dir") - history_file="$user_dir/.bash_history" - [ -f "$history_file" ] || continue - - current_size=$(stat -c%s "$history_file" 2>/dev/null || echo 0) - last_size=${last_sizes["$user"]:-0} - - if [ "$current_size" -gt "$last_size" ]; then - new_cmd=$(tail -n 1 "$history_file" 2>/dev/null | sed 's/^[ \t]*//;s/[ \t]*$//') - if [ -n "$new_cmd" ] && [ ${#new_cmd} -gt 1 ]; then - # 过滤简单命令 - case "$new_cmd" in - ls|cd|pwd|ll|history|exit|clear|to|"."|"..") - continue - ;; - *) - client_ip=$(get_client_ip) - timestamp=$(date '+%Y-%m-%d %H:%M:%S') - echo "[$timestamp] 用户:$user | 命令:$new_cmd | 来源:$client_ip" - ;; - esac - fi - last_sizes["$user"]=$current_size - fi - done - sleep 2 - done - ;; - - stop) - if [ -f "$PID_FILE" ]; then - pid=$(cat "$PID_FILE") - if ps -p "$pid" >/dev/null 2>&1; then - kill "$pid" 2>/dev/null - rm -f "$PID_FILE" - echo "✅ 监控已停止 (PID: $pid)" - else - rm -f "$PID_FILE" - echo "⚠️ 监控进程不存在,已清理PID文件" - fi - else - echo "ℹ️ 监控未运行" - fi - ;; - - status) - if [ -f "$PID_FILE" ]; then - pid=$(cat "$PID_FILE") - if ps -p "$pid" >/dev/null 2>&1; then - echo "✅ 监控运行中 (PID: $pid)" - echo "📝 日志文件: $LOG_DIR/monitor.log" - else - echo "❌ PID文件存在但进程不存在" - rm -f "$PID_FILE" - fi - else - echo "❌ 监控未运行" - fi - ;; - - install) - # 创建日志目录 - mkdir -p "$LOG_DIR" - - # 设置开机自启动 - echo "🔧 设置开机自启动..." - (crontab -l 2>/dev/null | grep -v "$SCRIPT_PATH"; echo "@reboot $SCRIPT_PATH background >/dev/null 2>&1") | crontab - - - # 设置to命令别名 - echo "🔧 设置命令别名..." - for user_dir in /home/* /root; do - [ -d "$user_dir" ] || continue - bashrc="$user_dir/.bashrc" - [ -f "$bashrc" ] || continue - if ! grep -q "alias to=" "$bashrc" 2>/dev/null; then - echo "alias to='$SCRIPT_PATH to'" >> "$bashrc" - echo "✅ 已为 $user_dir 设置别名" - fi - done - - echo "" - echo "🎉 安装完成!" - echo "========================" - echo "立即使用:" - echo " to - 切换前后台模式" - echo " $SCRIPT_PATH foreground - 前台模式" - echo " $SCRIPT_PATH background - 后台模式" - echo " $SCRIPT_PATH stop - 停止监控" - echo " $SCRIPT_PATH status - 查看状态" - echo "" - echo "请运行: source ~/.bashrc" - ;; - - logs) - if [ -f "$LOG_DIR/monitor.log" ]; then - tail -f "$LOG_DIR/monitor.log" - else - echo "日志文件不存在: $LOG_DIR/monitor.log" - fi - ;; - - *) - echo "命令监控系统" - echo "========================" - echo "使用方法: $0 {foreground|background|stop|status|install|logs|to}" - echo "" - echo "命令说明:" - echo " install - 安装并配置系统" - echo " foreground - 前台监控模式" - echo " background - 后台监控模式" - echo " to - 切换前后台模式" - echo " stop - 停止监控" - echo " status - 查看状态" - echo " logs - 查看实时日志" - echo "" - echo "安装后直接使用 'to' 命令切换模式" - ;; -esac -EOF +# 设置rc.local备用方案 +echo "4. 设置rc.local备用方案..." +if [ -d /etc/rc.d ]; then + # SysV init系统 + echo '/root/monitor/cmd_monitor.sh background >/dev/null 2>&1' > /etc/rc.d/rc.local + chmod +x /etc/rc.d/rc.local +elif [ -f /etc/rc.local ]; then + # systemd的rc.local兼容 + grep -q "cmd_monitor" /etc/rc.local || echo '/root/monitor/cmd_monitor.sh background >/dev/null 2>&1' >> /etc/rc.local + chmod +x /etc/rc.local +else + # 创建rc.local + echo '#!/bin/bash' > /etc/rc.local + echo '/root/monitor/cmd_monitor.sh background >/dev/null 2>&1' >> /etc/rc.local + chmod +x /etc/rc.local +fi -# 给脚本执行权限 -chmod +x /root/monitor/cmd_monitor.sh +# 立即启动监控 +echo "5. 立即启动监控服务..." +/root/monitor/cmd_monitor.sh background -# 创建日志目录 -mkdir -p /root/command_logs - -# 执行安装 -echo "开始安装监控系统..." -/root/monitor/cmd_monitor.sh install - -# 重新加载bash配置 -source ~/.bashrc +# 验证启动状态 +echo "6. 验证启动状态..." +sleep 2 +/root/monitor/cmd_monitor.sh status echo "" -echo "✅ 安装完成!" -echo "💡 现在可以测试: to" +echo "=== 修复完成 ===" +echo "重启系统测试: reboot" +echo "手动检查状态: /root/monitor/cmd_monitor.sh status" +EOF + +chmod +x /tmp/fix_autostart.sh +/tmp/fix_autostart.sh