From 3b28ead0e4bd6514a5cc2ef6f7b92cb6d6e8840d Mon Sep 17 00:00:00 2001 From: hotyue <52734432+hotyue@users.noreply.github.com> Date: Mon, 20 Apr 2026 17:37:47 +0000 Subject: [PATCH] =?UTF-8?q?chore:=20=E6=88=98=E7=95=A5=E6=92=A4=E9=80=80?= =?UTF-8?q?=EF=BC=8C=E4=BB=A3=E7=A0=81=E5=85=A8=E9=87=8F=E5=9B=9E=E6=BB=9A?= =?UTF-8?q?=E8=87=B3=209a38fb6=20(PR=20=E5=BC=95=E5=85=A5=E5=89=8D?= =?UTF-8?q?=E7=9A=84=E7=BA=AF=E5=87=80=E7=8A=B6=E6=80=81)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 8 +- core/agent_daemon.sh | 41 +++------ core/install.sh | 177 ++++++------------------------------- core/mod_google.sh | 10 +-- core/runner.sh | 10 +-- core/uninstall.sh | 28 +++--- core/updater.sh | 9 +- master/install_master.sh | 54 ++--------- master/tg_master.sh | 8 +- master/uninstall_master.sh | 24 ++--- version.txt | 4 +- 11 files changed, 82 insertions(+), 291 deletions(-) diff --git a/README.md b/README.md index a80f580..3730ffb 100644 --- a/README.md +++ b/README.md @@ -54,12 +54,12 @@ - **部署 Master (中枢大脑)**:找一台 VPS 作为司令部(仅需部署一台),执行: ```bash -curl -fsSL https://raw.githubusercontent.com/hotyue/IP-Sentinel/main/master/install_master.sh -o /tmp/ins_master.sh && sudo bash /tmp/ins_master.sh +bash <(curl -sL https://raw.githubusercontent.com/hotyue/IP-Sentinel/main/master/install_master.sh) ``` - 部署 Agent (边缘哨兵):在需要养护的机器上执行 Agent 脚本,安装时选择私有独立中枢,并分别输入您自建机器人的 [Token](https://blog.iot-architect.com/engineering-practice/create-private-telegram-bot-via-botfather) 以及您的个人 [Chat ID](https://blog.iot-architect.com/engineering-practice/get-telegram-personal-id-via-userinfobot) : ```Bash -curl -fsSL https://raw.githubusercontent.com/hotyue/IP-Sentinel/main/core/install.sh -o /tmp/ins_agent.sh && sudo bash /tmp/ins_agent.sh +bash <(curl -sL https://raw.githubusercontent.com/hotyue/IP-Sentinel/main/core/install.sh) ``` - 激活节点:安装完成后,您的手机会收到一条 #REGISTER# 注册暗号,将其转发给您自己的机器人即可完成编队入库。 @@ -71,7 +71,7 @@ curl -fsSL https://raw.githubusercontent.com/hotyue/IP-Sentinel/main/core/instal - 部署 Agent:在目标 VPS 上执行以下指令,安装过程中选择官方公共网关,并输入您的 Chat ID: ```Bash -curl -fsSL https://raw.githubusercontent.com/hotyue/IP-Sentinel/main/core/install.sh -o /tmp/ins_agent.sh && sudo bash /tmp/ins_agent.sh +bash <(curl -sL https://raw.githubusercontent.com/hotyue/IP-Sentinel/main/core/install.sh) ``` - 激活节点:同上,将收到的暗号转发给官方机器人即可。 @@ -106,7 +106,7 @@ bash /opt/ip_sentinel/core/uninstall.sh *(注意:该分支仅作基础维护,不享受新功能迭代,请尽可能升级你的系统)* ```bash -curl -fsSL https://raw.githubusercontent.com/hotyue/IP-Sentinel/legacy/core/install.sh -o /tmp/ins_legacy.sh && sudo bash /tmp/ins_legacy.sh +bash <(curl -sL https://raw.githubusercontent.com/hotyue/IP-Sentinel/legacy/core/install.sh) ``` ## 📡 战术联络 (Community) diff --git a/core/agent_daemon.sh b/core/agent_daemon.sh index 1094ba2..8714294 100755 --- a/core/agent_daemon.sh +++ b/core/agent_daemon.sh @@ -375,17 +375,10 @@ class AgentHandler(http.server.BaseHTTPRequestHandler): self.wfile.write(b"Action Accepted: trigger_ota\n") # 挂起异步升级进程 (注入 SILENT_OTA 旁路变量跳过所有 read -p 交互) - import shutil - repo_url = "https://raw.githubusercontent.com/hotyue/IP-Sentinel/main" - ota_cmd = f"export SILENT_OTA='true'; curl -sL {repo_url}/core/install.sh | bash > /opt/ip_sentinel/logs/ota_upgrade.log 2>&1" - - # [修复] 逃逸 Systemd Cgroup,防止 Agent 在升级时被同归于尽机制误杀 - if shutil.which("systemd-run"): - full_cmd = f"systemd-run --quiet --no-block bash -c \"{ota_cmd}\"" - else: - full_cmd = f"nohup bash -c \"{ota_cmd}\" &" - - subprocess.Popen(full_cmd, shell=True) + # 注意:这里我们写死拉取 dev-v3.6.0 分支的安装脚本进行覆盖测试,未来正式版上线时会改回 main + repo_url = "https://raw.githubusercontent.com/hotyue/IP-Sentinel/dev-v3.6.0" + ota_cmd = f"export SILENT_OTA='true'; curl -sL {repo_url}/core/install.sh | bash > /opt/ip_sentinel/logs/ota_upgrade.log 2>&1 &" + subprocess.Popen(['bash', '-c', ota_cmd]) except Exception as e: self.send_response(500) @@ -401,27 +394,21 @@ class AgentHandler(http.server.BaseHTTPRequestHandler): import socket # ================== [v3.0.3 变更: 引入多线程模型抵抗 Slowloris 攻击] ================== -class ThreadedServer(socketserver.ThreadingMixIn, socketserver.TCPServer): +class ThreadedDualStackServer(socketserver.ThreadingMixIn, socketserver.TCPServer): allow_reuse_address = True # 开启端口复用,防止热重启时端口冲突 + address_family = socket.AF_INET6 if socket.has_ipv6 else socket.AF_INET try: - # 1. 优先尝试监听双栈/IPv6 (大多数 Linux 默认支持 IPv4 映射接入) - ThreadedServer.address_family = socket.AF_INET6 - httpd = ThreadedServer(("::", PORT), AgentHandler) -except Exception: - # 2. [核心修复 Issue #23] 若系统内核已禁用 IPv6,抛弃报错,智能回退至纯 IPv4 监听 - ThreadedServer.address_family = socket.AF_INET - httpd = ThreadedServer(("0.0.0.0", PORT), AgentHandler) - -try: - httpd.serve_forever() + bind_addr = "::" if socket.has_ipv6 else "" + with ThreadedDualStackServer((bind_addr, PORT), AgentHandler) as httpd: + httpd.serve_forever() except Exception as e: sys.exit(1) # ==================================================================================== EOF -# --- [重点升级 3: 移交系统级守护进程接管] --- -echo "🚀 [Agent] 正在启动 Webhook 监听服务 (端口: $AGENT_PORT)..." -# 去掉 nohup 和 &,使用 exec 让 Python 进程直接替换当前 Bash 进程,前台阻塞运行 -# 这样 Systemd 才能真正捕捉到 Python 进程的生命周期,永不误杀! -exec python3 "${INSTALL_DIR}/core/webhook.py" "$AGENT_PORT" \ No newline at end of file +# --- [重点升级 3: 真正的静默后台启动] --- +echo "🚀 [Agent] 正在后台启动 Webhook 监听服务 (端口: $AGENT_PORT)..." +nohup python3 "${INSTALL_DIR}/core/webhook.py" "$AGENT_PORT" > /dev/null 2>&1 & +disown 2>/dev/null || true +echo "✅ [Agent] 守护进程启动完毕,可安全关闭终端。" \ No newline at end of file diff --git a/core/install.sh b/core/install.sh index 90b8434..de51118 100755 --- a/core/install.sh +++ b/core/install.sh @@ -5,15 +5,6 @@ # 核心功能: 战区分组菜单、模块按需开启、官方机器人一键配置、版本状态机路由 # ========================================================== -# ========================================================== -# 🛑 核心权限防线: 检查是否以 root 权限运行 -# ========================================================== -if [ "$EUID" -ne 0 ]; then - echo -e "\033[31m❌ 权限被拒绝: 部署 IP-Sentinel 需要最高系统权限。\033[0m" - echo -e "💡 请使用 \033[36msudo bash -c \"\$(curl -fsSL ...)\"\033[0m 或切换到 root 执行。" - exit 1 -fi - # 你的 GitHub 仓库 Raw 数据直链前缀 REPO_RAW_URL="https://raw.githubusercontent.com/hotyue/IP-Sentinel/main" # 临时改为开发地址用于测试 @@ -258,17 +249,15 @@ if [ "$UPGRADE_MODE" == "false" ]; then IFS="|" read -r CITY_ID CITY_NAME < /tmp/cities.txt echo -e "\033[32m💡 该区域下仅有单一城市 [$CITY_NAME],已自动锁定。\033[0m" else - i=1; CITY_MAP=(); CITY_NAME_MAP=() + i=1; CITY_MAP=() while IFS="|" read -r c_id c_name; do echo " $i) $c_name" CITY_MAP[$i]="$c_id" - CITY_NAME_MAP[$i]="$c_name" ((i++)) done < /tmp/cities.txt read -p "请输入选择 [1-$((i-1))] (默认1): " CI_SEL CI_SEL=${CI_SEL:-1} CITY_ID="${CITY_MAP[$CI_SEL]}" - CITY_NAME="${CITY_NAME_MAP[$CI_SEL]}" fi # 清理临时文件 (增加清理 continents.txt) @@ -632,149 +621,39 @@ fi chmod +x ${INSTALL_DIR}/core/*.sh +# 7. 配置系统定时任务 (高频调度与看门狗) +echo -e "\n[7/7] 正在注入系统定时任务与看门狗进程..." +crontab -l 2>/dev/null | grep -v "ip_sentinel" > /tmp/cron_backup || true + +# 核心养护模块: 每 30 分钟触发一次 +echo "*/30 * * * * ${INSTALL_DIR}/core/runner.sh >/dev/null 2>&1" >> /tmp/cron_backup +# 养料更新模块: (v3.3.0升级) 每天凌晨 3 点触发,由中枢自动进行分频调度 +echo "0 3 * * * ${INSTALL_DIR}/core/updater.sh >/dev/null 2>&1" >> /tmp/cron_backup + # [v3.3.0 新增] 初始化 UA 指纹库更新时间戳,确立 30 天滚动周期的计算锚点 echo $(date +%s) > "${INSTALL_DIR}/core/.ua_last_update" -# [v3.0.1新增修改 3: 删除原来的 curl 取 IP,直接使用我们上方锁定的 BIND_IP] -# 并提前写入 IP 缓存,彻底阻断 agent_daemon 首次启动时的重复推送 -# [修复竞态]: 提前写入公网 IP 缓存,彻底阻断 agent_daemon 首次启动时的抢跑推送 -echo "$SAFE_PUBLIC_IP" > "${INSTALL_DIR}/core/.last_ip" - -# 7. 配置系统任务与原生守护进程 -echo -e "\n[7/7] 正在注入系统任务与守护进程..." -crontab -l 2>/dev/null | grep -v "ip_sentinel" > /tmp/cron_backup || true - -echo $(date +%s) > "${INSTALL_DIR}/core/.ua_last_update" - -if command -v systemctl >/dev/null 2>&1; then - echo "💡 检测到 Systemd 环境,正在部署 Systemd 调度单元..." +# 如果配置了联控,启动 Webhook 与战报任务 +if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then + # 每天早上 8 点发送昨天的统计战报 + echo "0 8 * * * ${INSTALL_DIR}/core/tg_report.sh >/dev/null 2>&1" >> /tmp/cron_backup - cat > /etc/systemd/system/ip-sentinel-runner.service << EOF -[Unit] -Description=IP-Sentinel Runner Service -After=network.target -[Service] -Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -SyslogIdentifier=ip-sentinel -Type=oneshot -ExecStart=/bin/bash ${INSTALL_DIR}/core/runner.sh -User=root -CPUSchedulingPolicy=idle -IOSchedulingClass=idle -EOF - - cat > /etc/systemd/system/ip-sentinel-runner.timer << EOF -[Unit] -Description=Timer for IP-Sentinel Runner Service -[Timer] -OnBootSec=10 -OnUnitActiveSec=30min -RandomizedDelaySec=180 -Persistent=true -Unit=ip-sentinel-runner.service -[Install] -WantedBy=timers.target -EOF - - cat > /etc/systemd/system/ip-sentinel-updater.service << EOF -[Unit] -Description=IP-Sentinel Updater Service -After=network.target -[Service] -Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -SyslogIdentifier=ip-sentinel -Type=oneshot -ExecStart=/bin/bash ${INSTALL_DIR}/core/updater.sh -User=root -CPUSchedulingPolicy=idle -IOSchedulingClass=idle -EOF - - cat > /etc/systemd/system/ip-sentinel-updater.timer << EOF -[Unit] -Description=Timer for IP-Sentinel Updater Service -[Timer] -OnCalendar=*-*-* 03:00:00 -Persistent=true -Unit=ip-sentinel-updater.service -[Install] -WantedBy=timers.target -EOF - - systemctl daemon-reload - systemctl enable --now ip-sentinel-runner.timer - systemctl enable --now ip-sentinel-updater.timer - systemctl restart ip-sentinel-runner.timer ip-sentinel-updater.timer - - if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then - echo "$SAFE_PUBLIC_IP" > "${INSTALL_DIR}/core/.last_ip" - - cat > /etc/systemd/system/ip-sentinel-report.service << EOF -[Unit] -Description=IP-Sentinel Telegram Report Service -[Service] -Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -SyslogIdentifier=ip-sentinel -Type=oneshot -ExecStart=/bin/bash ${INSTALL_DIR}/core/tg_report.sh -User=root -CPUSchedulingPolicy=idle -IOSchedulingClass=idle -EOF - - cat > /etc/systemd/system/ip-sentinel-report.timer << EOF -[Unit] -Description=Timer for IP-Sentinel Telegram Report -[Timer] -OnCalendar=*-*-* 08:00:00 -Unit=ip-sentinel-report.service -[Install] -WantedBy=timers.target -EOF - - # ⚠️ 已修复陷阱:改为 Type=simple,去除 Timer - cat > /etc/systemd/system/ip-sentinel-agent-daemon.service << EOF -[Unit] -Description=IP-Sentinel Agent Daemon Service -After=network.target -[Service] -Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -SyslogIdentifier=ip-sentinel -Type=simple -ExecStart=/bin/bash ${INSTALL_DIR}/core/agent_daemon.sh -Restart=always -RestartSec=10 -User=root -CPUSchedulingPolicy=idle -IOSchedulingClass=idle -[Install] -WantedBy=multi-user.target -EOF - - systemctl daemon-reload - systemctl enable --now ip-sentinel-report.timer - systemctl enable --now ip-sentinel-agent-daemon.service - systemctl restart ip-sentinel-report.timer ip-sentinel-agent-daemon.service - fi - - [ -f /tmp/cron_backup ] && crontab /tmp/cron_backup 2>/dev/null - rm -f /tmp/cron_backup -else - echo "💡 未检测到 Systemd (可能是 Alpine Linux),回退到 Cron 调度模式..." - echo "*/30 * * * * ${INSTALL_DIR}/core/runner.sh >/dev/null 2>&1" >> /tmp/cron_backup - echo "0 3 * * * ${INSTALL_DIR}/core/updater.sh >/dev/null 2>&1" >> /tmp/cron_backup - - if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then - echo "$SAFE_PUBLIC_IP" > "${INSTALL_DIR}/core/.last_ip" - echo "0 8 * * * ${INSTALL_DIR}/core/tg_report.sh >/dev/null 2>&1" >> /tmp/cron_backup - echo "@reboot nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup - echo "* * * * * pgrep -f agent_daemon.sh >/dev/null || nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup - nohup bash "${INSTALL_DIR}/core/agent_daemon.sh" >/dev/null 2>&1 & - fi - [ -f /tmp/cron_backup ] && crontab /tmp/cron_backup 2>/dev/null - rm -f /tmp/cron_backup + # [v3.0.1新增修改 3: 删除原来的 curl 取 IP,直接使用我们上方锁定的 BIND_IP] + # 并提前写入 IP 缓存,彻底阻断 agent_daemon 首次启动时的重复推送 + # [修复竞态]: 提前写入公网 IP 缓存,彻底阻断 agent_daemon 首次启动时的抢跑推送 + echo "$SAFE_PUBLIC_IP" > "${INSTALL_DIR}/core/.last_ip" + + # 双保险守护进程看门狗 + echo "@reboot nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup + echo "* * * * * nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup + + # 安装时立刻启动一次边缘守护进程 + nohup bash "${INSTALL_DIR}/core/agent_daemon.sh" >/dev/null 2>&1 & fi +[ -f /tmp/cron_backup ] && crontab /tmp/cron_backup 2>/dev/null +rm -f /tmp/cron_backup + # ================== [v3.4.0 核心: 状态机驱动的热更新路由] ================== if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then diff --git a/core/mod_google.sh b/core/mod_google.sh index 07945d1..0170dab 100755 --- a/core/mod_google.sh +++ b/core/mod_google.sh @@ -23,14 +23,8 @@ if ! type log >/dev/null 2>&1; then local local_ver="${AGENT_VERSION:-未知}" mkdir -p "${INSTALL_DIR}/logs" - local core_msg=$(printf "[v%-5s] [%-5s] [%-7s] [%s] %s" "$local_ver" "$2" "$1" "$REGION_CODE" "$3") - echo "[$(date '+%Y-%m-%d %H:%M:%S')] $core_msg" >> "${INSTALL_DIR}/logs/sentinel.log" - # 强制推送到 Systemd Journal (如果系统支持) - if command -v logger >/dev/null 2>&1; then - logger -t ip-sentinel "$core_msg" - else - echo "$core_msg" - fi + # 统一日志格式,注入 [版本号] 追踪标识 + printf "[$(date '+%Y-%m-%d %H:%M:%S')] [v%-5s] [%-5s] [%-7s] [%s] %s\n" "$local_ver" "$2" "$1" "$REGION_CODE" "$3" >> "${INSTALL_DIR}/logs/sentinel.log" } fi diff --git a/core/runner.sh b/core/runner.sh index f4830cb..10db3cc 100755 --- a/core/runner.sh +++ b/core/runner.sh @@ -31,14 +31,10 @@ log() { # [v3.4.0 核心] 提取当前配置中的版本锚点 local local_ver="${AGENT_VERSION:-未知}" + # 保证日志目录存在 mkdir -p "${INSTALL_DIR}/logs" - local core_msg=$(printf "[v%-5s] [%-5s] [%-7s] [%s] %s" "$local_ver" "$level" "$module" "$REGION_CODE" "$msg") - echo "[$(date '+%Y-%m-%d %H:%M:%S')] $core_msg" >> "$LOG_FILE" - if command -v logger >/dev/null 2>&1; then - logger -t ip-sentinel "$core_msg" - else - echo "$core_msg" - fi + # 日志格式注入 [版本号] 追踪标识 + printf "[$(date '+%Y-%m-%d %H:%M:%S')] [v%-5s] [%-5s] [%-7s] [%s] %s\n" "$local_ver" "$level" "$module" "$REGION_CODE" "$msg" >> "$LOG_FILE" } export -f log export CONFIG_FILE INSTALL_DIR diff --git a/core/uninstall.sh b/core/uninstall.sh index 2847911..4010b7f 100755 --- a/core/uninstall.sh +++ b/core/uninstall.sh @@ -5,17 +5,12 @@ # 核心功能: 无痕清理守护进程、定时任务、运行目录及临时缓存 # ========================================================== -if [ "$EUID" -ne 0 ]; then - echo -e "\033[31m❌ 权限被拒绝: 卸载 IP-Sentinel 需要最高系统权限。\033[0m" - echo -e "💡 请使用 \033[36msudo bash -c \"\$(curl -fsSL ...)\"\033[0m 或切换到 root 执行。" - exit 1 -fi - INSTALL_DIR="/opt/ip_sentinel" echo "========================================================" echo " 🗑️ 准备卸载 IP-Sentinel (边缘节点 Edge Agent)" +# [核心: 动态读取并播报即将销毁的本地版本号] CONFIG_FILE="${INSTALL_DIR}/config.conf" if [ -f "$CONFIG_FILE" ]; then CURRENT_VER=$(grep "^AGENT_VERSION=" "$CONFIG_FILE" | cut -d'"' -f2) @@ -23,20 +18,13 @@ if [ -f "$CONFIG_FILE" ]; then fi echo "========================================================" -echo "[1/3] 正在终止后台守护进程与 Systemd 服务..." -if command -v systemctl >/dev/null 2>&1; then - systemctl disable --now ip-sentinel-runner.service ip-sentinel-runner.timer \ - ip-sentinel-updater.service ip-sentinel-updater.timer \ - ip-sentinel-report.service ip-sentinel-report.timer \ - ip-sentinel-agent-daemon.service >/dev/null 2>&1 - rm -f /etc/systemd/system/ip-sentinel-*.service - rm -f /etc/systemd/system/ip-sentinel-*.timer - systemctl daemon-reload - systemctl reset-failed -fi +# 1. 停止运行中的守护进程与主控模块 (涵盖所有历史版本进程) +echo "[1/3] 正在终止后台守护进程与所有养护任务..." +# 使用 pkill 替代传统的 pgrep | xargs,指令更短、容错率更高 pkill -9 -f "tg_daemon.sh" >/dev/null 2>&1 pkill -9 -f "agent_daemon.sh" >/dev/null 2>&1 +# [v3.4.0 优化] 确保清理所有 python3 调起的 Webhook 实例 pkill -9 -f "python3.*webhook.py" >/dev/null 2>&1 pkill -9 -f "webhook.py" >/dev/null 2>&1 pkill -9 -f "runner.sh" >/dev/null 2>&1 @@ -45,6 +33,7 @@ pkill -9 -f "tg_report.sh" >/dev/null 2>&1 pkill -9 -f "mod_google.sh" >/dev/null 2>&1 pkill -9 -f "mod_trust.sh" >/dev/null 2>&1 +# 2. 清除系统定时任务 (Cron) echo "[2/3] 正在清理系统定时任务 (Cron)..." if crontab -l >/dev/null 2>&1; then crontab -l | grep -v "ip_sentinel" > /tmp/cron_backup @@ -52,15 +41,18 @@ if crontab -l >/dev/null 2>&1; then rm -f /tmp/cron_backup fi +# 3. 删除所有文件、日志与临时缓存 echo "[3/3] 正在抹除核心程序、配置文件与系统痕迹..." if [ -d "$INSTALL_DIR" ]; then rm -rf "$INSTALL_DIR" fi +# 拔除 /tmp 目录下的所有更新下载临时文件和 V1/V2 遗留的偏移量记录 rm -f /tmp/ip_sentinel_*.txt rm -f /tmp/ip_sentinel_*.json echo "========================================================" echo "✅ 卸载彻底完成!IP-Sentinel 已从您的系统中无痕移除。" -echo "💡 提示:如果安装时在防火墙放行了 Webhook 随机端口,请按需手动关闭。" +echo "💡 提示:如果安装时在防火墙放行了 Webhook 随机端口,请您按需手动关闭。" +echo "👋 感谢您的使用,期待未来再次为您守护资产!" echo "========================================================" \ No newline at end of file diff --git a/core/updater.sh b/core/updater.sh index 9dc38a3..eca26cd 100755 --- a/core/updater.sh +++ b/core/updater.sh @@ -26,13 +26,8 @@ log() { local local_ver="${AGENT_VERSION:-未知}" mkdir -p "${INSTALL_DIR}/logs" - local core_msg=$(printf "[v%-5s] [%-5s] [%-7s] [%s] %s" "$local_ver" "$2" "$1" "$REGION_CODE" "$3") - echo "[$(date '+%Y-%m-%d %H:%M:%S')] $core_msg" >> "$LOG_FILE" - if command -v logger >/dev/null 2>&1; then - logger -t ip-sentinel "$core_msg" - else - echo "$core_msg" - fi + # 日志格式注入 [版本号] 追踪标识 + printf "[$(date '+%Y-%m-%d %H:%M:%S')] [v%-5s] [%-5s] [%-7s] [%s] %s\n" "$local_ver" "$2" "$1" "$REGION_CODE" "$3" >> "$LOG_FILE" } log "Updater" "INFO " "========== 触发后台静默 OTA 热数据更新 ==========" diff --git a/master/install_master.sh b/master/install_master.sh index 7b10719..0a4831f 100755 --- a/master/install_master.sh +++ b/master/install_master.sh @@ -5,15 +5,6 @@ # 核心功能: 部署/卸载调度中枢、SQLite 资产管理、平滑热更新引擎 # ========================================================== -# ========================================================== -# 🛑 核心权限防线: 检查是否以 root 权限运行 -# ========================================================== -if [ "$EUID" -ne 0 ]; then - echo -e "\033[31m❌ 权限被拒绝: 部署 IP-Sentinel 需要最高系统权限。\033[0m" - echo -e "💡 请使用 \033[36msudo bash -c \"\$(curl -fsSL ...)\"\033[0m 或切换到 root 执行。" - exit 1 -fi - # 你的 GitHub 仓库 Raw 数据直链前缀 REPO_RAW_URL="https://raw.githubusercontent.com/hotyue/IP-Sentinel/main" # 临时改为开发地址用于测试 @@ -265,47 +256,18 @@ chmod 600 "$DB_FILE" # 4. 拉取核心调度代码并运行 echo -e "\n[4/4] 部署 TG 调度守护进程..." +# [修改] 剥离了写死的网址,改用顶部的 ${REPO_RAW_URL} 变量,确保与卸载脚本的数据源同源 curl -sL "${REPO_RAW_URL}/master/tg_master.sh" -o "${MASTER_DIR}/tg_master.sh" chmod +x "${MASTER_DIR}/tg_master.sh" -if command -v systemctl >/dev/null 2>&1; then - echo "💡 检测到 Systemd 环境,正在部署原生守护服务..." - cat > /etc/systemd/system/ip-sentinel-master.service << EOF -[Unit] -Description=IP-Sentinel Master Command Center Service -After=network.target +# 写入看门狗 Cron (容错版) +crontab -l 2>/dev/null | grep -v "tg_master.sh" > /tmp/cron_master || true +echo "* * * * * pgrep -f tg_master.sh >/dev/null || nohup bash ${MASTER_DIR}/tg_master.sh >/dev/null 2>&1 &" >> /tmp/cron_master +[ -f /tmp/cron_master ] && crontab /tmp/cron_master 2>/dev/null +rm -f /tmp/cron_master -[Service] -Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" -SyslogIdentifier=ip-sentinel -Type=simple -ExecStart=/bin/bash ${MASTER_DIR}/tg_master.sh -Restart=always -RestartSec=5 -User=root -WorkingDirectory=${MASTER_DIR} -CPUSchedulingPolicy=idle -IOSchedulingClass=idle - -[Install] -WantedBy=multi-user.target -EOF - systemctl daemon-reload - systemctl enable --now ip-sentinel-master.service - systemctl restart ip-sentinel-master.service - - # 清理遗留的 Cron - crontab -l 2>/dev/null | grep -v "tg_master.sh" > /tmp/cron_master || true - [ -f /tmp/cron_master ] && crontab /tmp/cron_master 2>/dev/null - rm -f /tmp/cron_master -else - echo "💡 未检测到 Systemd,回退到 Cron 看门狗调度模式..." - crontab -l 2>/dev/null | grep -v "tg_master.sh" > /tmp/cron_master || true - echo "* * * * * pgrep -f tg_master.sh >/dev/null || nohup bash ${MASTER_DIR}/tg_master.sh >/dev/null 2>&1 &" >> /tmp/cron_master - [ -f /tmp/cron_master ] && crontab /tmp/cron_master 2>/dev/null - rm -f /tmp/cron_master - pgrep -f tg_master.sh >/dev/null || { nohup bash "${MASTER_DIR}/tg_master.sh" >/dev/null 2>&1 & disown 2>/dev/null; } -fi +# 立刻启动 (追加 disown 彻底脱离终端管控,实现绝对静默) +pgrep -f tg_master.sh >/dev/null || { nohup bash "${MASTER_DIR}/tg_master.sh" >/dev/null 2>&1 & disown 2>/dev/null; } # ================== [v3.2.2 优化 & v3.6.1 OTA捷报: 战报文案分流] ================== echo "========================================================" diff --git a/master/tg_master.sh b/master/tg_master.sh index d15911d..06d9390 100755 --- a/master/tg_master.sh +++ b/master/tg_master.sh @@ -267,13 +267,7 @@ while true; do # 抛出幽灵进程进行脱壳升级,传递静默变量与回执 ID export SILENT_MASTER_OTA="true" export OTA_CHAT_ID="$CHAT_ID" - - # [修复] 逃逸 Systemd Cgroup,防止被同归于尽机制误杀 - if command -v systemd-run >/dev/null 2>&1; then - systemd-run --quiet --no-block /bin/bash /tmp/install_master.sh - else - nohup bash /tmp/install_master.sh >/dev/null 2>&1 & disown - fi + nohup bash /tmp/install_master.sh >/dev/null 2>&1 & disown # 当前旧进程休眠并等待被幽灵进程处决 sleep 10 diff --git a/master/uninstall_master.sh b/master/uninstall_master.sh index 992eeb7..f391a36 100644 --- a/master/uninstall_master.sh +++ b/master/uninstall_master.sh @@ -1,22 +1,17 @@ #!/bin/bash # ========================================================== -# 脚本名称: uninstall_master.sh (IP-Sentinel Master 一键卸载脚本) +# 脚本名称: uninstall_master.sh (IP-Sentinel Master 一键卸载脚本 - 动态锚点版) # 核心功能: 终止调度进程、清理看门狗定时任务、抹除数据库与配置 # ========================================================== -if [ "$EUID" -ne 0 ]; then - echo -e "\033[31m❌ 权限被拒绝: 卸载 IP-Sentinel 需要最高系统权限。\033[0m" - echo -e "💡 请使用 \033[36msudo bash -c \"\$(curl -fsSL ...)\"\033[0m 执行。" - exit 1 -fi - MASTER_DIR="/opt/ip_sentinel_master" CONF_FILE="${MASTER_DIR}/master.conf" echo "========================================================" echo " 🗑️ 准备卸载 IP-Sentinel Master (控制中枢)" +# [v3.4.0 优化] 卸载前读取并播报中枢版本号 if [ -f "$CONF_FILE" ]; then MASTER_VER=$(grep "^MASTER_VERSION=" "$CONF_FILE" | cut -d'"' -f2) [ -n "$MASTER_VER" ] && echo " 📍 目标版本: v${MASTER_VER}" @@ -30,21 +25,18 @@ if [[ ! "$CONFIRM_DEL" =~ ^[Yy]$ ]]; then exit 0 fi -echo "[1/3] 正在终止后台中枢 Systemd 调度进程..." -if command -v systemctl >/dev/null 2>&1; then - systemctl disable --now ip-sentinel-master.service >/dev/null 2>&1 - rm -f /etc/systemd/system/ip-sentinel-master.service - systemctl daemon-reload - systemctl reset-failed -fi - +# 1. 停止运行中的 Master 守护进程 +echo "[1/3] 正在终止后台中枢调度进程..." +# [优化] 使用 pkill 替代 pgrep | xargs,指令更短、容错率更高 pkill -9 -f "tg_master.sh" >/dev/null 2>&1 || true -echo "[2/3] 正在清理看门狗定时任务 (Cron)..." +# 2. 清除看门狗定时任务 (Cron) +echo "[2/3] 正在清理系统定时任务 (Cron)..." crontab -l 2>/dev/null | grep -v "tg_master.sh" > /tmp/cron_backup crontab /tmp/cron_backup rm -f /tmp/cron_backup +# 3. 删除所有文件、配置与数据库 echo "[3/3] 正在抹除核心程序、配置文件与 SQLite 数据库..." if [ -d "$MASTER_DIR" ]; then rm -rf "$MASTER_DIR" diff --git a/version.txt b/version.txt index eb41930..425399f 100644 --- a/version.txt +++ b/version.txt @@ -1,2 +1,2 @@ -AGENT_VERSION=3.6.2 -MASTER_VERSION=3.6.2 +AGENT_VERSION=3.6.1 +MASTER_VERSION=3.6.1