dock/实时 history 监控

# 创建完整的修复脚本
cat > /tmp/fix_alias.sh << 'EOF'
#!/bin/bash

echo "=== 修复别名设置 ==="

# 检查脚本是否存在
SCRIPT_PATH="/root/monitor/cmd_monitor_fixed.sh"
if [ ! -f "$SCRIPT_PATH" ]; then
    echo "❌ 监控脚本不存在，重新创建..."
    
    # 创建监控目录
    mkdir -p /root/monitor
    
    # 重新创建监控脚本
    cat > "$SCRIPT_PATH" << 'SCRIPT_EOF'
#!/bin/bash

INSTALL_DIR="/root/monitor"
SCRIPT_PATH="$INSTALL_DIR/cmd_monitor_fixed.sh"
LOG_DIR="/root/command_logs"
PID_FILE="/tmp/cmd_monitor.pid"

# 获取客户端IP和地理位置
get_client_ip() {
    local ip="unknown"
    [ -n "$SSH_CLIENT" ] && ip=$(echo "$SSH_CLIENT" | awk '{print $1}')
    [ "$ip" = "unknown" ] && [ -n "$SSH_CONNECTION" ] && ip=$(echo "$SSH_CONNECTION" | awk '{print $1}')
    echo "$ip"
}

get_ip_location() {
    local ip="$1"
    [ "$ip" = "unknown" ] && echo "unknown" && return
    [ "$ip" = "127.0.0.1" ] && echo "localhost" && return
    
    # 使用简单的地理位置查询
    if [[ "$ip" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
        # 这里可以添加更复杂的地理位置查询
        # 现在先用简单的方式显示IP段
        echo "$(echo $ip | cut -d. -f1-2).x.x"
    else
        echo "unknown"
    fi
}

# 检查是否已经运行
is_running() {
    if [ -f "$PID_FILE" ]; then
        local pid=$(cat "$PID_FILE" 2>/dev/null)
        if ps -p "$pid" >/dev/null 2>&1; then
            return 0
        else
            rm -f "$PID_FILE"
        fi
    fi
    return 1
}

# 检查to命令
if [ "$1" = "to" ]; then
    if is_running; then
        echo "切换到前台显示模式..."
        exec "$SCRIPT_PATH" display
    else
        echo "启动后台监控+前台显示模式..."
        exec "$SCRIPT_PATH" both
    fi
    exit 0
fi

case "$1" in
    both|start)
        if is_running; then
            echo "监控已经在运行中"
            exec "$SCRIPT_PATH" display
            exit 0
        fi
        
        echo "启动后台监控+前台显示模式..."
        
        # 设置实时history
        for user_dir in /home/* /root; do
            [ -d "$user_dir" ] || continue
            bashrc="$user_dir/.bashrc"
            [ -f "$bashrc" ] || continue
            if ! grep -q "PROMPT_COMMAND.*history" "$bashrc" 2>/dev/null; then
                echo 'export PROMPT_COMMAND="history -a; history -c; history -r"' >> "$bashrc"
            fi
        done
        
        # 启动后台监控
        (
            mkdir -p "$LOG_DIR"
            echo "=== 后台监控启动: $(date) ===" >> "$LOG_DIR/monitor.log"
            declare -A last_sizes
            
            # 初始化文件大小
            for user_dir in /home/* /root; do
                [ -d "$user_dir" ] || continue
                user=$(basename "$user_dir")
                history_file="$user_dir/.bash_history"
                [ -f "$history_file" ] && last_sizes["$user"]=$(stat -c%s "$history_file" 2>/dev/null || echo 0)
            done
            
            while true; do
                for user_dir in /home/* /root; do
                    [ -d "$user_dir" ] || continue
                    user=$(basename "$user_dir")
                    history_file="$user_dir/.bash_history"
                    [ -f "$history_file" ] || continue
                    
                    current_size=$(stat -c%s "$history_file" 2>/dev/null || echo 0)
                    last_size=${last_sizes["$user"]:-0}
                    
                    if [ "$current_size" -gt "$last_size" ]; then
                        new_cmd=$(tail -n 1 "$history_file" 2>/dev/null | sed 's/^[ \t]*//;s/[ \t]*$//')
                        if [ -n "$new_cmd" ] && [ ${#new_cmd} -gt 1 ]; then
                            # 过滤简单命令
                            case "$new_cmd" in
                                ls|cd|pwd|ll|history|exit|clear|to|"."|"..")
                                    continue
                                    ;;
                                *)
                                    client_ip=$(get_client_ip)
                                    location=$(get_ip_location "$client_ip")
                                    timestamp=$(date '+%Y-%m-%d %H:%M:%S')
                                    log_entry="[$timestamp] 用户:$user | 命令:$new_cmd | 来源IP:$client_ip | 位置:$location"
                                    echo "$log_entry" >> "$LOG_DIR/monitor.log"
                                    # 同时输出到前台
                                    echo "$log_entry" > /tmp/cmd_monitor.last_cmd
                                    ;;
                            esac
                        fi
                        last_sizes["$user"]=$current_size
                    fi
                done
                sleep 2
            done
        ) &
        
        echo $! > "$PID_FILE"
        echo "✅ 后台监控已启动 (PID: $!)"
        
        # 启动前台显示
        echo "🔍 启动前台显示..."
        exec "$SCRIPT_PATH" display
        ;;
        
    display|foreground)
        echo "🔍 前台显示模式启动..."
        echo "💡 后台监控持续运行中"
        echo "💡 输入 'to' 退出显示（后台继续运行）"
        echo "⏹️  按 Ctrl+C 停止显示"
        echo "================================"
        
        # 显示最后几条记录
        if [ -f "$LOG_DIR/monitor.log" ]; then
            echo "最近记录:"
            tail -5 "$LOG_DIR/monitor.log" | while read line; do
                echo "  📌 $line"
            done
            echo "------------------------"
        fi
        
        # 设置信号处理
        trap 'echo -e "\n🛑 停止前台显示（后台监控继续运行）"; exit 0' INT TERM
        
        # 实时显示新命令
        while true; do
            # 检测to命令输入
            if read -t 1 -n 2 input 2>/dev/null; then
                if [ "$input" = "to" ]; then
                    echo "🔄 退出前台显示..."
                    echo "✅ 后台监控继续运行中"
                    exit 0
                fi
            fi
            
            # 显示新命令
            if [ -f /tmp/cmd_monitor.last_cmd ]; then
                echo "🆕 $(cat /tmp/cmd_monitor.last_cmd)"
                rm -f /tmp/cmd_monitor.last_cmd
            fi
        done
        ;;
        
    stop)
        if [ -f "$PID_FILE" ]; then
            pid=$(cat "$PID_FILE")
            if ps -p "$pid" >/dev/null 2>&1; then
                kill "$pid" 2>/dev/null
                rm -f "$PID_FILE"
                rm -f /tmp/cmd_monitor.last_cmd
                echo "✅ 监控已停止 (PID: $pid)"
            else
                rm -f "$PID_FILE"
                echo "⚠️  监控进程不存在，已清理"
            fi
        else
            echo "ℹ️  监控未运行"
        fi
        ;;
        
    status)
        if is_running; then
            pid=$(cat "$PID_FILE")
            echo "✅ 监控运行中 (PID: $pid)"
            echo "📝 日志文件: $LOG_DIR/monitor.log"
        else
            echo "❌ 监控未运行"
        fi
        ;;
        
    *)
        echo "命令监控系统"
        echo "使用方法: $0 {both|display|stop|status|to}"
        echo ""
        echo "示例:"
        echo "  to        - 启动/切换模式"
        echo "  $0 both   - 后台监控+前台显示"
        echo "  $0 display - 仅前台显示"
        echo "  $0 stop   - 停止监控"
        ;;
esac
SCRIPT_EOF

    chmod +x "$SCRIPT_PATH"
    echo "✅ 监控脚本已创建: $SCRIPT_PATH"
fi

# 修复别名
echo "修复别名设置..."
# 删除所有旧的to别名
sed -i '/alias to=/d' ~/.bashrc

# 添加新的别名
echo 'alias to="/root/monitor/cmd_monitor_fixed.sh to"' >> ~/.bashrc

# 重新加载bash配置
source ~/.bashrc

echo ""
echo "✅ 修复完成！"
echo "测试命令:"
echo "  to          # 启动监控"
echo "  或者直接运行: /root/monitor/cmd_monitor_fixed.sh both"
EOF

chmod +x /tmp/fix_alias.sh
/tmp/fix_alias.sh