255 lines
7.6 KiB
Plaintext
255 lines
7.6 KiB
Plaintext
# 创建统一的监控系统
|
||
cat > /usr/local/bin/mon << 'EOF'
|
||
#!/bin/bash
|
||
|
||
LOG_FILE="/root/command_logs/monitor.log"
|
||
PID_FILE="/tmp/monitor.pid"
|
||
LOCK_FILE="/tmp/monitor.lock"
|
||
|
||
# 获取客户端IP
|
||
get_client_ip() {
|
||
local ip="unknown"
|
||
[ -n "$SSH_CLIENT" ] && ip=$(echo "$SSH_CLIENT" | awk '{print $1}')
|
||
[ "$ip" = "unknown" ] && [ -n "$SSH_CONNECTION" ] && ip=$(echo "$SSH_CONNECTION" | awk '{print $1}')
|
||
echo "$ip"
|
||
}
|
||
|
||
# 检查是否运行中
|
||
is_running() {
|
||
if [ -f "$PID_FILE" ]; then
|
||
local pid=$(cat "$PID_FILE" 2>/dev/null)
|
||
if ps -p "$pid" >/dev/null 2>&1; then
|
||
return 0
|
||
else
|
||
rm -f "$PID_FILE"
|
||
fi
|
||
fi
|
||
return 1
|
||
}
|
||
|
||
# 获取文件锁防止重复启动
|
||
get_lock() {
|
||
exec 200>"$LOCK_FILE"
|
||
flock -n 200 && return 0
|
||
return 1
|
||
}
|
||
|
||
release_lock() {
|
||
flock -u 200
|
||
rm -f "$LOCK_FILE"
|
||
}
|
||
|
||
# to命令处理
|
||
if [ "$1" = "to" ]; then
|
||
if is_running; then
|
||
echo "🔍 切换到前台显示模式..."
|
||
echo "💡 按 Ctrl+C 返回后台模式"
|
||
echo "================================"
|
||
|
||
if [ -f "$LOG_FILE" ]; then
|
||
echo "最近记录:"
|
||
tail -5 "$LOG_FILE"
|
||
echo "------------------------"
|
||
echo "开始实时显示..."
|
||
tail -f "$LOG_FILE"
|
||
else
|
||
echo "暂无日志记录"
|
||
fi
|
||
else
|
||
echo "🚀 启动监控系统..."
|
||
exec "$0" start
|
||
fi
|
||
exit 0
|
||
fi
|
||
|
||
case "$1" in
|
||
start|background)
|
||
if ! get_lock; then
|
||
echo "❌ 监控已经在运行中"
|
||
exit 1
|
||
fi
|
||
|
||
if is_running; then
|
||
echo "✅ 监控已在运行中 (PID: $(cat "$PID_FILE"))"
|
||
release_lock
|
||
exit 0
|
||
fi
|
||
|
||
echo "🔧 启动后台监控..."
|
||
|
||
# 设置实时history(只设置一次)
|
||
for user_dir in /home/* /root; do
|
||
[ -d "$user_dir" ] || continue
|
||
bashrc="$user_dir/.bashrc"
|
||
[ -f "$bashrc" ] || continue
|
||
if ! grep -q "PROMPT_COMMAND.*history.*a.*c.*r" "$bashrc" 2>/dev/null; then
|
||
echo 'export PROMPT_COMMAND="history -a; history -c; history -r"' >> "$bashrc"
|
||
fi
|
||
done
|
||
|
||
# 创建日志目录
|
||
mkdir -p "/root/command_logs"
|
||
|
||
# 启动单一监控进程
|
||
(
|
||
echo "=== 监控系统启动: $(date) ===" >> "$LOG_FILE"
|
||
declare -A file_sizes
|
||
|
||
# 初始化文件大小
|
||
for user_dir in /home/* /root; do
|
||
[ -d "$user_dir" ] || continue
|
||
user=$(basename "$user_dir")
|
||
history_file="$user_dir/.bash_history"
|
||
[ -f "$history_file" ] && file_sizes["$user"]=$(stat -c%s "$history_file" 2>/dev/null || echo 0)
|
||
done
|
||
|
||
# 主监控循环
|
||
while true; do
|
||
for user_dir in /home/* /root; do
|
||
[ -d "$user_dir" ] || continue
|
||
user=$(basename "$user_dir")
|
||
history_file="$user_dir/.bash_history"
|
||
[ -f "$history_file" ] || continue
|
||
|
||
current_size=$(stat -c%s "$history_file" 2>/dev/null || echo 0)
|
||
last_size=${file_sizes["$user"]:-0}
|
||
|
||
if [ "$current_size" -gt "$last_size" ]; then
|
||
new_cmd=$(tail -n 1 "$history_file" 2>/dev/null | sed 's/^[ \t]*//;s/[ \t]*$//')
|
||
if [ -n "$new_cmd" ] && [ ${#new_cmd} -gt 1 ]; then
|
||
# 过滤简单命令
|
||
case "$new_cmd" in
|
||
ls|cd|pwd|ll|history|exit|clear|to|mon|"."|"..")
|
||
continue
|
||
;;
|
||
*)
|
||
client_ip=$(get_client_ip)
|
||
timestamp=$(date '+%Y-%m-%d %H:%M:%S')
|
||
log_entry="[$timestamp] 用户:$user | 命令:$new_cmd | 来源:$client_ip"
|
||
echo "$log_entry" >> "$LOG_FILE"
|
||
;;
|
||
esac
|
||
fi
|
||
file_sizes["$user"]=$current_size
|
||
fi
|
||
done
|
||
sleep 2
|
||
done
|
||
) &
|
||
|
||
monitor_pid=$!
|
||
echo $monitor_pid > "$PID_FILE"
|
||
release_lock
|
||
|
||
echo "✅ 后台监控已启动 (PID: $monitor_pid)"
|
||
echo "📝 日志文件: $LOG_FILE"
|
||
echo "💡 使用 'mon to' 查看实时监控"
|
||
;;
|
||
|
||
stop)
|
||
if [ -f "$PID_FILE" ]; then
|
||
pid=$(cat "$PID_FILE")
|
||
if ps -p "$pid" >/dev/null 2>&1; then
|
||
kill "$pid" 2>/dev/null
|
||
rm -f "$PID_FILE"
|
||
rm -f "$LOCK_FILE"
|
||
echo "✅ 监控已停止 (PID: $pid)"
|
||
else
|
||
rm -f "$PID_FILE"
|
||
rm -f "$LOCK_FILE"
|
||
echo "⚠️ 监控进程不存在,已清理"
|
||
fi
|
||
else
|
||
echo "ℹ️ 监控未运行"
|
||
fi
|
||
;;
|
||
|
||
status)
|
||
if is_running; then
|
||
pid=$(cat "$PID_FILE")
|
||
echo "✅ 监控运行中 (PID: $pid)"
|
||
echo "📝 日志文件: $LOG_FILE"
|
||
echo "📊 日志行数: $(wc -l < "$LOG_FILE" 2>/dev/null || echo 0)"
|
||
else
|
||
echo "❌ 监控未运行"
|
||
fi
|
||
;;
|
||
|
||
logs)
|
||
if [ -f "$LOG_FILE" ]; then
|
||
if [ "$2" = "-f" ]; then
|
||
tail -f "$LOG_FILE"
|
||
else
|
||
tail -20 "$LOG_FILE"
|
||
fi
|
||
else
|
||
echo "日志文件不存在"
|
||
fi
|
||
;;
|
||
|
||
install)
|
||
# 停止可能运行的旧监控
|
||
"$0" stop
|
||
|
||
# 设置开机自启动
|
||
echo "🔧 设置开机自启动..."
|
||
(crontab -l 2>/dev/null | grep -v "$0"; echo "@reboot $0 start >/dev/null 2>&1") | crontab -
|
||
|
||
# 设置命令别名
|
||
echo "🔧 设置命令别名..."
|
||
sed -i '/alias to=/d' ~/.bashrc
|
||
echo "alias to='$0 to'" >> ~/.bashrc
|
||
|
||
# 重新加载配置
|
||
source ~/.bashrc
|
||
|
||
# 启动监控
|
||
"$0" start
|
||
|
||
echo ""
|
||
echo "🎉 安装完成!"
|
||
echo "========================"
|
||
echo "立即使用:"
|
||
echo " to # 启动/查看监控"
|
||
echo " mon status # 查看状态"
|
||
echo " mon stop # 停止监控"
|
||
echo " mon logs # 查看日志"
|
||
;;
|
||
|
||
uninstall)
|
||
"$0" stop
|
||
rm -f "$0"
|
||
# 清理crontab
|
||
crontab -l 2>/dev/null | grep -v "$0" | crontab -
|
||
# 清理别名
|
||
sed -i '/alias to=/d' ~/.bashrc
|
||
echo "✅ 已卸载监控系统"
|
||
;;
|
||
|
||
*)
|
||
echo "命令监控系统"
|
||
echo "========================"
|
||
echo "使用方法:"
|
||
echo " to # 启动/查看监控"
|
||
echo " mon start # 启动后台监控"
|
||
echo " mon stop # 停止监控"
|
||
echo " mon status # 查看状态"
|
||
echo " mon logs # 查看日志"
|
||
echo " mon logs -f # 实时查看日志"
|
||
echo " mon install # 安装配置"
|
||
echo " mon uninstall # 卸载"
|
||
;;
|
||
esac
|
||
EOF
|
||
|
||
# 给执行权限
|
||
chmod +x /usr/local/bin/mon
|
||
|
||
# 安装并启动
|
||
echo "安装统一监控系统..."
|
||
mon install
|
||
|
||
# 测试
|
||
echo "测试监控系统..."
|
||
to
|