GithubBackup/IP-Sentinel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
269 Commits 2 Branches 42 Tags
d0ea5d09b1ef8a5d2ad4e7219ea284ae3662ef3b
Commit Graph

124 Commits

Author SHA1 Message Date
hotyue
34f2c7e123 fix(core): 引入 systemd-run 逃逸机制,彻底修复 OTA 升级时因子进程被 Cgroup 误杀导致的假死漏洞 2026-04-20 17:13:48 +00:00
hotyue
1e150f26f1 fix(core): 修复内核级禁用 IPv6 时 Python Webhook 假死的问题,引入智能 IPv4 降级回退机制 (Resolves #23) 2026-04-20 16:59:28 +00:00
hotyue
011c1faad4 fix(core): 移除 agent_daemon.sh 尾部的 nohup 后台逻辑,适配 Systemd Type=simple 的前台阻塞监听,修复 cgroup 误杀导致的无限重启死循环 2026-04-20 16:46:45 +00:00
hotyue
2325a8abdf fix(core): 修复节点部署多城市选择分支下 CITY_NAME 变量未赋值导致播报为空的 UI 瑕疵 2026-04-20 16:41:00 +00:00
hotyue
201df489db refactor(core): 缝合 Systemd 架构,修复 PR #25 中的管道符闪退及 oneshot 守护进程死锁漏洞 2026-04-20 16:24:32 +00:00
IcySteam
2d680c5fc7 refactor(core): Enable Systemd and upgrade Sentinel service orchestration 
The legacy crontabs have been superseded by Systemd to fortify orchestration of our global fleet of Sentinels.

While cron relies on timed, fire-and-forget execution, Systemd elevates our operations into natively integrated, state-aware OS daemons. This paradigm shift unlocks precise lifecycle management, unified logging (inspect all service logs with `journalctl -t ip-sentinel`), and absolute control over module deployment.

- Battle-Hardened: Sentinels now auto-resurrect upon failure, bypassing minute-long cron wait times.
- Zero-Impact Missions: Sentinels now operate under strict `idle` CPU/IO scheduling. This guarantees that automated maintenance cycles yield to high-priority user interactions, and never impact primary server workloads.
- Field Intelligence Auto-Stagger: Service-level `RandomizedDelaySec` natively staggers Agent check-ins to protect the Command Center.
- Legacy Fallback: OS interrogation on deployment ensures a seamless fallback to cron for Sentinels operating in Alpine/OpenRC environments.

The fleet is more resilient than ever, but the architecture is always evolving. I highly welcome any reviews/suggestions from the original Author/Commander to perfect this pull request!
 2026-04-21 00:27:01 +10:00
IcySteam
e77b7c0319 fix(telemetry): Implement dual-write logging for Systemd integration 
This commit refactors the internal logging functions across all core modules to guarantee telemetry reaches the Systemd journal. Sentinels now mirror their physical log outputs directly to the OS `logger`, ensuring flawless `journalctl` visibility even when modules are spawned in detached subshells.
 2026-04-21 00:12:03 +10:00
IcySteam
4a28f7f395 fix(core): Mandate root privileges for all setup scripts 
The old setup scripts assume root privileges. We are fixing this by explicitly requiring an `$EUID` root check before execution so that no borked, non-root installations happen.
 2026-04-20 19:46:30 +10:00
IcySteam
cd5160d1ea core(AU): Add AU flag to TG menu 2026-04-19 01:05:28 +10:00
hotyue
5dfaa19cca chore: 移除测试期 dev-v3.6.0 专属锚点,全系组件直链恢复至 main 主分支,准备发布正式版 2026-04-17 15:07:45 +00:00
hotyue
722db9f6d1 style(core): 引入终端 OSC 8 超链接特性,重构教程链接交互为点击即达,提升终端沉浸式体验 2026-04-17 14:35:55 +00:00
hotyue
3e9a82a657 chore: 临时将各组件拉取直链指向 dev-v3.6.0 分支,修复跨分支拉取导致的数据解析错位 2026-04-17 13:27:20 +00:00
hotyue
898349d22e feat(core): Webhook 通讯引擎新增 /trigger_ota 高危路由,实装本地与网关双重熔断校验,并支持后台剥离交互的静默热重载 2026-04-17 13:06:44 +00:00
hotyue
9ea188cb6d feat(core): 部署向导新增静默接管模式 (SILENT_OTA),并实现基于双轨网关的 OTA 权限物理熔断与配置下发 2026-04-17 13:06:37 +00:00
hotyue
45475f14b7 feat(core): 优化中枢接入交互引导,将私有独立部署设为首选默认项,为后续 OTA 远程平滑升级铺路 2026-04-17 07:06:45 +00:00
hotyue
30f396aefe fix(core): 升级智能包管理器嗅探器,彻底修复 Alpine/Arch 依赖安装失败 Bug,并重构 Master 接入交互逻辑防止误触跳过 (Resolves #21) 2026-04-17 06:49:16 +00:00
hotyue
7cf7117615 fix(core): 增强安装引擎容错能力,加固 Cron 清理逻辑并严格限制底层物理标识符格式 2026-04-17 05:32:19 +00:00
hotyue
062305d126 fix(core): Webhook 引擎引入 fcntl 排他写锁防配置文件损坏,强制清洗底层物理主键 2026-04-17 05:32:15 +00:00
hotyue
f451aea643 fix(core): 优化战报日志提取逻辑,改用精确截断替代全量扫描,大幅降低 I/O 消耗 2026-04-17 05:32:09 +00:00
hotyue
d96b6e769a fix(core): 引入 flock 排他锁,彻底解决 Cron 任务重入导致的内存雪崩与 Fork 炸弹 2026-04-17 05:31:58 +00:00
hotyue
f5aa68a8dc feat(core): [v3.5.3] Webhook 引擎新增模块动态启停(Toggle)路由,支持安全重写本地配置 (Resolves #19) 2026-04-17 02:40:19 +00:00
hotyue
63bbbd549e feat(agent): [v3.5.3] 优化安装向导,默认全量部署养护模块以支持远端动态控制 (Resolves #19) 2026-04-17 02:40:14 +00:00
hotyue
5e40ed426b chore: revert failed v3.6.0 attempts, rollback to safe state 2026-04-17 02:24:07 +00:00
hotyue
aebf3a9e90 fix(core): [v3.6.0] 终极修复 OTA 死锁:解决 curl 管道吞噬脚本 Bug,并应用底层网络脱壳机制 2026-04-17 02:17:32 +00:00
hotyue
8a3d7c305b fix(core): [v3.6.0] 彻底重构 OTA 升级调度,引入外挂延时脚本实现 100% 的网络脱壳与静默重启 2026-04-17 02:09:05 +00:00
hotyue
2d580eaea2 fix(core): [v3.6.0] 彻底解决 OTA 升级 TCP 通讯超时 Bug,引入 close_fds 剥离套接字继承机制 2026-04-17 01:59:29 +00:00
hotyue
d7ab695372 fix(core): [v3.6.0] 彻底解决 OTA 升级 TCP 通讯超时 Bug,引入异步守护线程与套接字剥离机制 2026-04-17 01:48:46 +00:00
hotyue
0c250dfd17 fix(core): [v3.6.0] 修复 OTA 升级时的竞态自杀 Bug,引入 TCP 强制刷新与 3 秒延迟脱壳机制 2026-04-17 01:44:40 +00:00
hotyue
46e418dfd0 feat(core): [v3.6.0] Webhook 引擎新增 OTA 升级与动态启停路由,实装底层权限物理熔断机制 (Resolves #17, Resolves #19) 2026-04-17 01:19:13 +00:00
hotyue
673e0ce3e6 feat(agent): [v3.6.0] 重构安装向导,引入静默 OTA 嗅探机制与双端授权防线,默认全量部署养护模块 (Resolves #17, Resolves #19) 2026-04-17 01:19:06 +00:00
hotyue
c4faa102cf fix(installer): [v3.5.2] 修复交互向导首选项的默认值丢失问题,防止直接回车导致平滑升级失效被误删档 2026-04-16 07:52:45 +00:00
hotyue
e6c6e66e4b feat(agent): [v3.5.2] 剥除改名后的冗余 TG 推送报文,实现静默修改配置与底层 HTTP 回执 2026-04-16 05:51:04 +00:00
hotyue
41906d0570 revert: 紧急回滚至稳定版 9768bed (修复加密升级导致的通讯中断) 2026-04-16 03:24:11 +00:00
hotyue
dc7d1c0f40 feat: [v3.5.2] 终极安全与逻辑闭环补丁 
1. 升级军工级 HMAC 签名:将数据负载 (Base64) 卷入哈希,封死中间人篡改路径。
2. 引入高熵复合密钥:结合 CHAT_ID 与 TG_TOKEN,大幅提升抗暴力破解强度。
3. 实现全自动改名闭环:Master 确认 Agent 修改成功后自动同步数据库,彻底告别手动复制。
 2026-04-16 03:14:12 +00:00
hotyue
fa202a0405 fix(core): [v3.5.2] 采用 Base64 编码彻底重构别名同步链路,免疫 WAF 拦截与中英文符号解析崩溃 2026-04-16 02:24:50 +00:00
hotyue
b8bcd09134 fix(agent): [v3.5.2] 修复别名同步时的中文 UTF-8 编码崩溃,改用 curl 绕过 WAF 拦截,并拦截下划线防止 TG 面板渲染异常 2026-04-16 01:55:57 +00:00
hotyue
f4f93d8955 feat(agent): [v3.5.2] 每日战报全面适配 NODE_ALIAS 展示字段 2026-04-16 01:35:16 +00:00
hotyue
07cac792f0 feat(agent): [v3.5.2] 守护进程新增 /trigger_rename 接口,实现免注入安全重命名 2026-04-16 01:35:16 +00:00
hotyue
50edad9e25 feat(agent): [v3.5.2] 部署引擎引入双轨身份,支持自定义节点展示别名 2026-04-16 01:35:16 +00:00
hotyue
423a765e5f feat(core): 引入 KV 环境分解法,实现 Agent 与 Master 版本独立解耦 2026-04-15 05:58:28 +00:00
hotyue
c7c93ea22e refactor(core): 全面肃清硬编码版本注释,适配动态锚点架构 2026-04-15 03:57:12 +00:00
hotyue
9aef79831c refactor(daemon): 动态注入节点防撞身份与运行时版本号至 UA 请求头及交互播报中 2026-04-15 03:57:02 +00:00
hotyue
5627c0115a feat(installer): 引入 SSOT 动态版本抓取机制,并重构边缘节点战区分组交互 UI 2026-04-15 03:56:45 +00:00
hotyue
28f04a4eb9 feat(core): 🗑️ 卸载脚本增加版本感知识别逻辑 2026-04-14 08:00:41 +00:00
hotyue
26328e66c4 feat(core): 🛡️ Trust 净化模块同步 v3.4.0 版本追踪标识 2026-04-14 08:00:40 +00:00
hotyue
1d85837e79 feat(core): 📍 Google 养护模块日志格式化对齐 v3.4.0 2026-04-14 08:00:40 +00:00
hotyue
ba8e2f1625 feat(core): 📊 战报模块注入云端版本感知与 OTA 提醒 2026-04-14 08:00:40 +00:00
hotyue
6b809138e5 feat(core): 🔄 更新引擎同步 v3.4.0 版本锚点架构 2026-04-14 08:00:40 +00:00
hotyue
6f4e871c7c feat(core): ⏱️ 调度引擎注入版本探针日志追踪 2026-04-14 08:00:40 +00:00
hotyue
fe2c9de80b fix(core): 🐍 守护进程同步 v3.4.0 标识并修正节点命名连接符 2026-04-14 08:00:40 +00:00