注意:仅监控没有php文件的目录
下载脚本
cd /root && curl -O https://raw.githubusercontent.com/woniu336/open_shell/main/block_php.sh
赋予权限
chmod +x /root/block_php.sh
运行
前台运行,记得先修改检测目录和设置钉钉通知,记得把ip加入到钉钉的IP地址(段)
./block_php.sh
后台运行
nohup ./block_php.sh > /dev/null 2>&1 &
启动服务
创建系统服务:
nano /etc/systemd/system/block-php.service
写入
[Unit]
Description=Block PHP Files Monitor
After=network.target
[Service]
Type=simple
ExecStart=/root/block_php.sh
Restart=always
User=root
[Install]
WantedBy=multi-user.target
启动服务:
systemctl daemon-reload
systemctl enable block-php.service
systemctl start block-php.service
监控脚本运行状态:
# 查看服务状态
systemctl status block-php.service
# 查看日志
tail -f /var/log/php_block.log
# 查看系统日志
journalctl -u block-php.service
停止服务
# 停止服务
sudo systemctl stop block-php.service
# 禁用开机自启
sudo systemctl disable block-php.service
# 检查服务状态
sudo systemctl status block-php.service
如果是在后台运行的进程:
# 查找进程
ps aux | grep block_php.sh
# 或者更精确的查找
pgrep -f "block_php.sh"
# 终止进程
kill $(pgrep -f "block_php.sh")
# 如果普通 kill 不能终止,可以强制终止
kill -9 $(pgrep -f "block_php.sh")
完全移除
# 停止服务
sudo systemctl stop block-php.service
# 禁用服务
sudo systemctl disable block-php.service
# 删除服务文件
sudo rm /etc/systemd/system/block-php.service
# 重新加载 systemd
sudo systemctl daemon-reload
# 删除脚本文件
sudo rm /root/block_php.sh
# 如果不再需要日志和隔离目录
sudo rm /var/log/php_block.log
sudo rm -rf /root/php_quarantine