Initial commit: Momentry Core v0.1

- Rust-based digital asset management system - Video analysis: ASR, OCR, YOLO, Face, Pose - RAG capabilities with Qdrant vector database - Multi-database support: PostgreSQL, Redis, MongoDB - Monitoring system with launchd plists - n8n workflow automation integration
2026-03-16 15:07:33 +08:00
commit de14bd6afa
101 changed files with 19858 additions and 0 deletions
--- a/monitor/users/session_tracker.sh
+++ b/monitor/users/session_tracker.sh
@@ -0,0 +1,163 @@
+#!/bin/bash
+
+# Momentry 使用者會話追蹤 (Layer 6)
+# 路徑: /Users/accusys/momentry_core_0.1/monitor/users/session_tracker.sh
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+LOG_DIR="/Users/accusys/momentry/log/monitor"
+
+mkdir -p "$LOG_DIR"
+LOG_FILE="$LOG_DIR/session_check.log"
+
+log() {
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE"
+}
+
+# 記錄會話
+record_session() {
+    local session_type=$1
+    local service=$2
+    local username=$3
+    local source_ip=$4
+    local status=$5
+    
+    psql -U accusys -h localhost -d momentry << EOF 2>/dev/null
+INSERT INTO monitor_sessions (session_type, service_name, username, source_ip, connected_at, status)
+VALUES ('$session_type', '$service', '$username', '$source_ip', NOW(), '$status');
+EOF
+}
+
+# 記錄登入
+record_login() {
+    local user_type=$1
+    local username=$2
+    local source_ip=$3
+    local success=$4
+    local method=$5
+    
+    psql -U accusys -h localhost -d momentry << EOF 2>/dev/null
+INSERT INTO monitor_logins (user_type, username, source_ip, success, login_method, login_at)
+VALUES ('$user_type', '$username', '$source_ip', $success, '$method', NOW());
+EOF
+}
+
+# 記錄異常
+record_anomaly() {
+    local anomaly_type=$1
+    local severity=$2
+    local username=$3
+    local source_ip=$4
+    local description=$5
+    
+    psql -U accusys -h localhost -d momentry << EOF 2>/dev/null
+INSERT INTO monitor_anomalies (anomaly_type, severity, source_type, username, source_ip, description, detected_at)
+VALUES ('$anomaly_type', '$severity', 'system', '$username', '$source_ip', '$description', NOW());
+EOF
+}
+
+# SSH 會話
+track_ssh() {
+    echo "SSH 會話:"
+    
+    # 獲取當前 SSH 連線
+    who | grep -E "pts|tty" | while read -r line; do
+        user=$(echo "$line" | awk '{print $1}')
+        tty=$(echo "$line" | awk '{print $2}')
+        login_time=$(echo "$line" | awk '{print $3,$4}')
+        ip=$(echo "$line" | awk '{print $NF}' | tr -d '()')
+        
+        if [ -n "$ip" ] && [ "$ip" != "-" ]; then
+            echo "  - $user @ $ip (tty $tty) 登入時間: $login_time"
+            record_session "ssh" "sshd" "$user" "$ip" "active"
+        fi
+    done
+    
+    # 檢查 SSH 登入失敗
+    echo ""
+    echo "SSH 登入失敗 (最近 5 分鐘):"
+    last -5 -f /var/log/auth.log 2>/dev/null | grep -i "failed password" | tail -5 | while read -r line; do
+        user=$(echo "$line" | awk '{print $9}')
+        ip=$(echo "$line" | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | tail -1)
+        
+        if [ -n "$ip" ]; then
+            echo "  - Failed: $user from $ip"
+            record_login "system" "$user" "$ip" "false" "ssh"
+        fi
+    done
+}
+
+# Web 服務會話
+track_web() {
+    echo ""
+    echo "Web 服務:"
+    
+    # n8n 活躍會話 (如果有認證)
+    n8n_sessions=0
+    echo "  - n8n: 檢查中... (需要 API key)"
+    
+    # Gitea 活躍會話
+    gitea_sessions=0
+    echo "  - Gitea: 檢查中... (需要登入)"
+}
+
+# 資料庫連線
+track_database() {
+    echo ""
+    echo "資料庫連線:"
+    
+    # PostgreSQL
+    pg_conn=$(psql -U accusys -h localhost -t -A -c "SELECT count(*) FROM pg_stat_activity WHERE datname = 'momentry';" 2>/dev/null || echo "0")
+    echo "  - PostgreSQL: $pg_conn connections"
+    
+    # Redis
+    redis_conn=$(redis-cli -a accusys INFO clients 2>/dev/null | grep "connected_clients" | cut -d: -f2 | tr -d '\r')
+    echo "  - Redis: $redis_conn clients"
+}
+
+# SFTP 會話
+track_sftp() {
+    echo ""
+    echo "SFTP 會話:"
+    
+    # 檢查 SFTPGo 在線用戶
+    if nc -z localhost 2222 2>/dev/null; then
+        echo "  - SFTPGo: 檢查中..."
+    fi
+}
+
+# 檢測暴力破解
+detect_bruteforce() {
+    echo ""
+    echo "異常檢測:"
+    
+    # 檢查 SSH 暴力破解
+    now=$(date +%s)
+    window=300  # 5 分鐘
+    
+    # 統計最近失敗
+    fail_count=$(last -f /var/log/auth.log 2>/dev/null | grep -i "failed" | wc -l)
+    
+    if [ $fail_count -gt 10 ]; then
+        echo "  ⚠️  發現潛在暴力破解嘗試: $fail_count 次失敗"
+        record_anomaly "bruteforce" "critical" "unknown" "multiple" "SSH暴力破解: $fail_count 次失敗"
+    else
+        echo "  ✓ 無明顯暴力破解跡象"
+    fi
+}
+
+# 主程序
+echo "========================================"
+echo "Layer 6: User Session Tracking"
+echo "Time: $(date)"
+echo "========================================"
+echo ""
+
+track_ssh
+track_web
+track_database
+track_sftp
+detect_bruteforce
+
+echo ""
+echo "========================================"
+log "Session tracking completed"