GithubBackup/IP-Sentinel
1
0
Fork 0
mirror of https://github.com/hotyue/IP-Sentinel.git synced 2026-05-11 23:49:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: 战略撤退,代码全量回滚至 9a38fb6 (PR 引入前的纯净状态)

Browse Source
This commit is contained in:
hotyue
2026-04-20 17:37:47 +00:00
parent d0ea5d09b1
commit 3b28ead0e4
11 changed files with 82 additions and 291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
core/agent_daemon.sh
View File

@@ -375,17 +375,10 @@ class AgentHandler(http.server.BaseHTTPRequestHandler):
self.wfile.write(b"Action Accepted: trigger_ota\n")
# 挂起异步升级进程 (注入 SILENT_OTA 旁路变量跳过所有 read -p 交互)
import shutil
repo_url = "https://raw.githubusercontent.com/hotyue/IP-Sentinel/main"
ota_cmd = f"export SILENT_OTA='true'; curl -sL {repo_url}/core/install.sh | bash > /opt/ip_sentinel/logs/ota_upgrade.log 2>&1"
# [修复] 逃逸 Systemd Cgroup防止 Agent 在升级时被同归于尽机制误杀
if shutil.which("systemd-run"):
full_cmd = f"systemd-run --quiet --no-block bash -c \"{ota_cmd}\""
else:
full_cmd = f"nohup bash -c \"{ota_cmd}\" &"
subprocess.Popen(full_cmd, shell=True)
# 注意:这里我们写死拉取 dev-v3.6.0 分支的安装脚本进行覆盖测试,未来正式版上线时会改回 main
repo_url = "https://raw.githubusercontent.com/hotyue/IP-Sentinel/dev-v3.6.0"
ota_cmd = f"export SILENT_OTA='true'; curl -sL {repo_url}/core/install.sh | bash > /opt/ip_sentinel/logs/ota_upgrade.log 2>&1 &"
subprocess.Popen(['bash', '-c', ota_cmd])
except Exception as e:
self.send_response(500)
@@ -401,27 +394,21 @@ class AgentHandler(http.server.BaseHTTPRequestHandler):
import socket
# ================== [v3.0.3 变更: 引入多线程模型抵抗 Slowloris 攻击] ==================
class ThreadedServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
class ThreadedDualStackServer(socketserver.ThreadingMixIn, socketserver.TCPServer):
allow_reuse_address = True # 开启端口复用,防止热重启时端口冲突
address_family = socket.AF_INET6 if socket.has_ipv6 else socket.AF_INET
try:
# 1. 优先尝试监听双栈/IPv6 (大多数 Linux 默认支持 IPv4 映射接入)
ThreadedServer.address_family = socket.AF_INET6
httpd = ThreadedServer(("::", PORT), AgentHandler)
except Exception:
# 2. [核心修复 Issue #23] 若系统内核已禁用 IPv6抛弃报错智能回退至纯 IPv4 监听
ThreadedServer.address_family = socket.AF_INET
httpd = ThreadedServer(("0.0.0.0", PORT), AgentHandler)
try:
httpd.serve_forever()
bind_addr = "::" if socket.has_ipv6 else ""
with ThreadedDualStackServer((bind_addr, PORT), AgentHandler) as httpd:
httpd.serve_forever()
except Exception as e:
sys.exit(1)
# ====================================================================================
EOF
# --- [重点升级 3: 移交系统级守护进程接管] ---
echo "🚀 [Agent] 正在启动 Webhook 监听服务 (端口: $AGENT_PORT)..."
# 去掉 nohup 和 &,使用 exec 让 Python 进程直接替换当前 Bash 进程,前台阻塞运行
# 这样 Systemd 才能真正捕捉到 Python 进程的生命周期,永不误杀!
exec python3 "${INSTALL_DIR}/core/webhook.py" "$AGENT_PORT"
# --- [重点升级 3: 真正的静默后台启动] ---
echo "🚀 [Agent] 正在后台启动 Webhook 监听服务 (端口: $AGENT_PORT)..."
nohup python3 "${INSTALL_DIR}/core/webhook.py" "$AGENT_PORT" > /dev/null 2>&1 &
disown 2>/dev/null || true
echo "✅ [Agent] 守护进程启动完毕,可安全关闭终端。"

177
core/install.sh
View File

@@ -5,15 +5,6 @@
# 核心功能: 战区分组菜单、模块按需开启、官方机器人一键配置、版本状态机路由
# ==========================================================
# ==========================================================
# 🛑 核心权限防线: 检查是否以 root 权限运行
# ==========================================================
if [ "$EUID" -ne 0 ]; then
echo -e "\033[31m❌ 权限被拒绝: 部署 IP-Sentinel 需要最高系统权限。\033[0m"
echo -e "💡 请使用 \033[36msudo bash -c \"\$(curl -fsSL ...)\"\033[0m 或切换到 root 执行。"
exit 1
fi
# 你的 GitHub 仓库 Raw 数据直链前缀
REPO_RAW_URL="https://raw.githubusercontent.com/hotyue/IP-Sentinel/main"
# 临时改为开发地址用于测试
@@ -258,17 +249,15 @@ if [ "$UPGRADE_MODE" == "false" ]; then
IFS="|" read -r CITY_ID CITY_NAME < /tmp/cities.txt
echo -e "\033[32m💡 该区域下仅有单一城市 [$CITY_NAME],已自动锁定。\033[0m"
else
i=1; CITY_MAP=(); CITY_NAME_MAP=()
i=1; CITY_MAP=()
while IFS="|" read -r c_id c_name; do
echo " $i) $c_name"
CITY_MAP[$i]="$c_id"
CITY_NAME_MAP[$i]="$c_name"
((i++))
done < /tmp/cities.txt
read -p "请输入选择 [1-$((i-1))] (默认1): " CI_SEL
CI_SEL=${CI_SEL:-1}
CITY_ID="${CITY_MAP[$CI_SEL]}"
CITY_NAME="${CITY_NAME_MAP[$CI_SEL]}"
fi
# 清理临时文件 (增加清理 continents.txt)
@@ -632,149 +621,39 @@ fi
chmod +x ${INSTALL_DIR}/core/*.sh
# 7. 配置系统定时任务 (高频调度与看门狗)
echo -e "\n[7/7] 正在注入系统定时任务与看门狗进程..."
crontab -l 2>/dev/null | grep -v "ip_sentinel" > /tmp/cron_backup || true
# 核心养护模块: 每 30 分钟触发一次
echo "*/30 * * * * ${INSTALL_DIR}/core/runner.sh >/dev/null 2>&1" >> /tmp/cron_backup
# 养料更新模块: (v3.3.0升级) 每天凌晨 3 点触发,由中枢自动进行分频调度
echo "0 3 * * * ${INSTALL_DIR}/core/updater.sh >/dev/null 2>&1" >> /tmp/cron_backup
# [v3.3.0 新增] 初始化 UA 指纹库更新时间戳,确立 30 天滚动周期的计算锚点
echo $(date +%s) > "${INSTALL_DIR}/core/.ua_last_update"
# [v3.0.1新增修改 3: 删除原来的 curl 取 IP直接使用我们上方锁定的 BIND_IP]
# 并提前写入 IP 缓存,彻底阻断 agent_daemon 首次启动时的重复推送
# [修复竞态]: 提前写入公网 IP 缓存,彻底阻断 agent_daemon 首次启动时的抢跑推送
echo "$SAFE_PUBLIC_IP" > "${INSTALL_DIR}/core/.last_ip"
# 7. 配置系统任务与原生守护进程
echo -e "\n[7/7] 正在注入系统任务与守护进程..."
crontab -l 2>/dev/null | grep -v "ip_sentinel" > /tmp/cron_backup || true
echo $(date +%s) > "${INSTALL_DIR}/core/.ua_last_update"
if command -v systemctl >/dev/null 2>&1; then
echo "💡 检测到 Systemd 环境,正在部署 Systemd 调度单元..."
# 如果配置了联控,启动 Webhook 与战报任务
if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then
# 每天早上 8 点发送昨天的统计战报
echo "0 8 * * * ${INSTALL_DIR}/core/tg_report.sh >/dev/null 2>&1" >> /tmp/cron_backup
cat > /etc/systemd/system/ip-sentinel-runner.service << EOF
[Unit]
Description=IP-Sentinel Runner Service
After=network.target
[Service]
Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SyslogIdentifier=ip-sentinel
Type=oneshot
ExecStart=/bin/bash ${INSTALL_DIR}/core/runner.sh
User=root
CPUSchedulingPolicy=idle
IOSchedulingClass=idle
EOF
cat > /etc/systemd/system/ip-sentinel-runner.timer << EOF
[Unit]
Description=Timer for IP-Sentinel Runner Service
[Timer]
OnBootSec=10
OnUnitActiveSec=30min
RandomizedDelaySec=180
Persistent=true
Unit=ip-sentinel-runner.service
[Install]
WantedBy=timers.target
EOF
cat > /etc/systemd/system/ip-sentinel-updater.service << EOF
[Unit]
Description=IP-Sentinel Updater Service
After=network.target
[Service]
Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SyslogIdentifier=ip-sentinel
Type=oneshot
ExecStart=/bin/bash ${INSTALL_DIR}/core/updater.sh
User=root
CPUSchedulingPolicy=idle
IOSchedulingClass=idle
EOF
cat > /etc/systemd/system/ip-sentinel-updater.timer << EOF
[Unit]
Description=Timer for IP-Sentinel Updater Service
[Timer]
OnCalendar=*-*-* 03:00:00
Persistent=true
Unit=ip-sentinel-updater.service
[Install]
WantedBy=timers.target
EOF
systemctl daemon-reload
systemctl enable --now ip-sentinel-runner.timer
systemctl enable --now ip-sentinel-updater.timer
systemctl restart ip-sentinel-runner.timer ip-sentinel-updater.timer
if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then
echo "$SAFE_PUBLIC_IP" > "${INSTALL_DIR}/core/.last_ip"
cat > /etc/systemd/system/ip-sentinel-report.service << EOF
[Unit]
Description=IP-Sentinel Telegram Report Service
[Service]
Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SyslogIdentifier=ip-sentinel
Type=oneshot
ExecStart=/bin/bash ${INSTALL_DIR}/core/tg_report.sh
User=root
CPUSchedulingPolicy=idle
IOSchedulingClass=idle
EOF
cat > /etc/systemd/system/ip-sentinel-report.timer << EOF
[Unit]
Description=Timer for IP-Sentinel Telegram Report
[Timer]
OnCalendar=*-*-* 08:00:00
Unit=ip-sentinel-report.service
[Install]
WantedBy=timers.target
EOF
# ⚠️ 已修复陷阱:改为 Type=simple去除 Timer
cat > /etc/systemd/system/ip-sentinel-agent-daemon.service << EOF
[Unit]
Description=IP-Sentinel Agent Daemon Service
After=network.target
[Service]
Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
SyslogIdentifier=ip-sentinel
Type=simple
ExecStart=/bin/bash ${INSTALL_DIR}/core/agent_daemon.sh
Restart=always
RestartSec=10
User=root
CPUSchedulingPolicy=idle
IOSchedulingClass=idle
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now ip-sentinel-report.timer
systemctl enable --now ip-sentinel-agent-daemon.service
systemctl restart ip-sentinel-report.timer ip-sentinel-agent-daemon.service
fi
[ -f /tmp/cron_backup ] && crontab /tmp/cron_backup 2>/dev/null
rm -f /tmp/cron_backup
else
echo "💡 未检测到 Systemd (可能是 Alpine Linux),回退到 Cron 调度模式..."
echo "*/30 * * * * ${INSTALL_DIR}/core/runner.sh >/dev/null 2>&1" >> /tmp/cron_backup
echo "0 3 * * * ${INSTALL_DIR}/core/updater.sh >/dev/null 2>&1" >> /tmp/cron_backup
if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then
echo "$SAFE_PUBLIC_IP" > "${INSTALL_DIR}/core/.last_ip"
echo "0 8 * * * ${INSTALL_DIR}/core/tg_report.sh >/dev/null 2>&1" >> /tmp/cron_backup
echo "@reboot nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup
echo "* * * * * pgrep -f agent_daemon.sh >/dev/null || nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup
nohup bash "${INSTALL_DIR}/core/agent_daemon.sh" >/dev/null 2>&1 &
fi
[ -f /tmp/cron_backup ] && crontab /tmp/cron_backup 2>/dev/null
rm -f /tmp/cron_backup
# [v3.0.1新增修改 3: 删除原来的 curl 取 IP直接使用我们上方锁定的 BIND_IP]
# 并提前写入 IP 缓存,彻底阻断 agent_daemon 首次启动时的重复推送
# [修复竞态]: 提前写入公网 IP 缓存,彻底阻断 agent_daemon 首次启动时的抢跑推送
echo "$SAFE_PUBLIC_IP" > "${INSTALL_DIR}/core/.last_ip"
# 双保险守护进程看门狗
echo "@reboot nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup
echo "* * * * * nohup bash ${INSTALL_DIR}/core/agent_daemon.sh >/dev/null 2>&1 &" >> /tmp/cron_backup
# 安装时立刻启动一次边缘守护进程
nohup bash "${INSTALL_DIR}/core/agent_daemon.sh" >/dev/null 2>&1 &
fi
[ -f /tmp/cron_backup ] && crontab /tmp/cron_backup 2>/dev/null
rm -f /tmp/cron_backup
# ================== [v3.4.0 核心: 状态机驱动的热更新路由] ==================
if [[ -n "$TG_TOKEN" ]] && [[ -n "$CHAT_ID" ]]; then

10
core/mod_google.sh
View File

@@ -23,14 +23,8 @@ if ! type log >/dev/null 2>&1; then
local local_ver="${AGENT_VERSION:-未知}"
mkdir -p "${INSTALL_DIR}/logs"
local core_msg=$(printf "[v%-5s] [%-5s] [%-7s] [%s] %s" "$local_ver" "$2" "$1" "$REGION_CODE" "$3")
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $core_msg" >> "${INSTALL_DIR}/logs/sentinel.log"
# 强制推送到 Systemd Journal (如果系统支持)
if command -v logger >/dev/null 2>&1; then
logger -t ip-sentinel "$core_msg"
else
echo "$core_msg"
fi
# 统一日志格式,注入 [版本号] 追踪标识
printf "[$(date '+%Y-%m-%d %H:%M:%S')] [v%-5s] [%-5s] [%-7s] [%s] %s\n" "$local_ver" "$2" "$1" "$REGION_CODE" "$3" >> "${INSTALL_DIR}/logs/sentinel.log"
}
fi

10
core/runner.sh
View File

@@ -31,14 +31,10 @@ log() {
# [v3.4.0 核心] 提取当前配置中的版本锚点
local local_ver="${AGENT_VERSION:-未知}"
# 保证日志目录存在
mkdir -p "${INSTALL_DIR}/logs"
local core_msg=$(printf "[v%-5s] [%-5s] [%-7s] [%s] %s" "$local_ver" "$level" "$module" "$REGION_CODE" "$msg")
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $core_msg" >> "$LOG_FILE"
if command -v logger >/dev/null 2>&1; then
logger -t ip-sentinel "$core_msg"
else
echo "$core_msg"
fi
# 日志格式注入 [版本号] 追踪标识
printf "[$(date '+%Y-%m-%d %H:%M:%S')] [v%-5s] [%-5s] [%-7s] [%s] %s\n" "$local_ver" "$level" "$module" "$REGION_CODE" "$msg" >> "$LOG_FILE"
}
export -f log
export CONFIG_FILE INSTALL_DIR

28
core/uninstall.sh
View File

@@ -5,17 +5,12 @@
# 核心功能: 无痕清理守护进程、定时任务、运行目录及临时缓存
# ==========================================================
if [ "$EUID" -ne 0 ]; then
echo -e "\033[31m❌ 权限被拒绝: 卸载 IP-Sentinel 需要最高系统权限。\033[0m"
echo -e "💡 请使用 \033[36msudo bash -c \"\$(curl -fsSL ...)\"\033[0m 或切换到 root 执行。"
exit 1
fi
INSTALL_DIR="/opt/ip_sentinel"
echo "========================================================"
echo " 🗑️ 准备卸载 IP-Sentinel (边缘节点 Edge Agent)"
# [核心: 动态读取并播报即将销毁的本地版本号]
CONFIG_FILE="${INSTALL_DIR}/config.conf"
if [ -f "$CONFIG_FILE" ]; then
CURRENT_VER=$(grep "^AGENT_VERSION=" "$CONFIG_FILE" | cut -d'"' -f2)
@@ -23,20 +18,13 @@ if [ -f "$CONFIG_FILE" ]; then
fi
echo "========================================================"
echo "[1/3] 正在终止后台守护进程与 Systemd 服务..."
if command -v systemctl >/dev/null 2>&1; then
systemctl disable --now ip-sentinel-runner.service ip-sentinel-runner.timer \
ip-sentinel-updater.service ip-sentinel-updater.timer \
ip-sentinel-report.service ip-sentinel-report.timer \
ip-sentinel-agent-daemon.service >/dev/null 2>&1
rm -f /etc/systemd/system/ip-sentinel-*.service
rm -f /etc/systemd/system/ip-sentinel-*.timer
systemctl daemon-reload
systemctl reset-failed
fi
# 1. 停止运行中的守护进程与主控模块 (涵盖所有历史版本进程)
echo "[1/3] 正在终止后台守护进程与所有养护任务..."
# 使用 pkill 替代传统的 pgrep | xargs指令更短、容错率更高
pkill -9 -f "tg_daemon.sh" >/dev/null 2>&1
pkill -9 -f "agent_daemon.sh" >/dev/null 2>&1
# [v3.4.0 优化] 确保清理所有 python3 调起的 Webhook 实例
pkill -9 -f "python3.*webhook.py" >/dev/null 2>&1
pkill -9 -f "webhook.py" >/dev/null 2>&1
pkill -9 -f "runner.sh" >/dev/null 2>&1
@@ -45,6 +33,7 @@ pkill -9 -f "tg_report.sh" >/dev/null 2>&1
pkill -9 -f "mod_google.sh" >/dev/null 2>&1
pkill -9 -f "mod_trust.sh" >/dev/null 2>&1
# 2. 清除系统定时任务 (Cron)
echo "[2/3] 正在清理系统定时任务 (Cron)..."
if crontab -l >/dev/null 2>&1; then
crontab -l | grep -v "ip_sentinel" > /tmp/cron_backup
@@ -52,15 +41,18 @@ if crontab -l >/dev/null 2>&1; then
rm -f /tmp/cron_backup
fi
# 3. 删除所有文件、日志与临时缓存
echo "[3/3] 正在抹除核心程序、配置文件与系统痕迹..."
if [ -d "$INSTALL_DIR" ]; then
rm -rf "$INSTALL_DIR"
fi
# 拔除 /tmp 目录下的所有更新下载临时文件和 V1/V2 遗留的偏移量记录
rm -f /tmp/ip_sentinel_*.txt
rm -f /tmp/ip_sentinel_*.json
echo "========================================================"
echo "✅ 卸载彻底完成IP-Sentinel 已从您的系统中无痕移除。"
echo "💡 提示:如果安装时在防火墙放行了 Webhook 随机端口,请按需手动关闭。"
echo "💡 提示:如果安装时在防火墙放行了 Webhook 随机端口,请按需手动关闭。"
echo "👋 感谢您的使用,期待未来再次为您守护资产!"
echo "========================================================"

9
core/updater.sh
View File

@@ -26,13 +26,8 @@ log() {
local local_ver="${AGENT_VERSION:-未知}"
mkdir -p "${INSTALL_DIR}/logs"
local core_msg=$(printf "[v%-5s] [%-5s] [%-7s] [%s] %s" "$local_ver" "$2" "$1" "$REGION_CODE" "$3")
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $core_msg" >> "$LOG_FILE"
if command -v logger >/dev/null 2>&1; then
logger -t ip-sentinel "$core_msg"
else
echo "$core_msg"
fi
# 日志格式注入 [版本号] 追踪标识
printf "[$(date '+%Y-%m-%d %H:%M:%S')] [v%-5s] [%-5s] [%-7s] [%s] %s\n" "$local_ver" "$2" "$1" "$REGION_CODE" "$3" >> "$LOG_FILE"
}
log "Updater" "INFO " "========== 触发后台静默 OTA 热数据更新 =========="