# 创建最简单的监控系统 cat > /usr/local/bin/mt << 'EOF' #!/bin/bash LOG="/root/command_logs/monitor.log" PID="/tmp/monitor.pid" case "$1" in start) echo 'export PROMPT_COMMAND="history -a; history -c; history -r"' >> ~/.bashrc source ~/.bashrc ( mkdir -p /root/command_logs declare -A size for u in /home/* /root; do [ -d "$u" ] && h="$u/.bash_history" && [ -f "$h" ] && size["$(basename "$u")"]=$(stat -c%s "$h" 2>/dev/null || echo 0) done while true; do for u in /home/* /root; do [ -d "$u" ] || continue user=$(basename "$u") hfile="$u/.bash_history" [ -f "$hfile" ] || continue cur=$(stat -c%s "$hfile" 2>/dev/null || echo 0) last=${size["$user"]:-0} if [ "$cur" -gt "$last" ]; then cmd=$(tail -n 1 "$hfile" 2>/dev/null) if [ -n "$cmd" ] && [ ${#cmd} -gt 1 ]; then case "$cmd" in ls|cd|pwd|ll|history|exit|clear|mt|".") continue ;; *) ip="unknown" [ -n "$SSH_CLIENT" ] && ip=$(echo "$SSH_CLIENT" | awk '{print $1}') echo "[$(date '+%Y-%m-%d %H:%M:%S')] $user: $cmd (from: $ip)" >> "$LOG" ;; esac fi size["$user"]=$cur fi done sleep 2 done ) & echo $! > "$PID" echo "监控已启动" ;; stop) [ -f "$PID" ] && kill $(cat "$PID") 2>/dev/null rm -f "$PID" echo "监控已停止" ;; view) [ -f "$LOG" ] && tail -f "$LOG" || echo "无日志" ;; *) echo "用法: mt [start|stop|view]" ;; esac EOF chmod +x /usr/local/bin/mt # 设置开机启动 (crontab -l 2>/dev/null; echo "@reboot /usr/local/bin/mt start >/dev/null 2>&1") | crontab - # 启动 mt start echo "安装完成! 使用 'mt view' 查看日志"