[cmd]重构配置读取，支持传入参数

[install](未测试) 安装脚本&Systemd&Makefile
2026-04-08 21:08:20 +08:00 · 2026-04-08 20:05:06 +08:00
10 changed files with 340 additions and 195 deletions
--- a/.gitignore
+++ b/.gitignore
@ -24,3 +24,4 @@ go.work
 sysmonitord.code-workspace
 data/
 config.yaml
 dist/
--- a/25
+++ b/25
@ -0,0 +1,25 @@
 APP_NAME = sysmonitord
 VERSION = V0.1.0
 BUILD_TIME = $(shell date +%Y-%m-%d_%H:%M:%S)
 GIT_COMMIT = $(shell git rev-parse --short HEAD 2>/dev/null || echo "unknown")
 LDFLAGS = -ldflags "-X 'sysmonitord/internal/version.Version=$(VERSION)' \
 -X 'sysmonitord/internal/version.BuildTime=$(BUILD_TIME)' \
 -X 'sysmonitord/internal/version.GitCommit=$(GIT_COMMIT)'"
 all: build
 build:
 	@echo "开始编译 $(APP_NAME) 版本: $(VERSION)"
 	go build $(LDFLAGS) -o dist/$(APP_NAME) main.go
 	@echo "编译完成: dist/$(APP_NAME)"
 install:
 	@echo "安装 $(APP_NAME) 到/usr/local/bin..."
 	cp dist/$(APP_NAME) /usr/local/bin/
 	@echo "安装完成"
 clean:
 	@echo "清理编译产物..."
 	rm -rf dist/$(APP_NAME)
 	@echo "清理完成"
--- a/cmd/safe/safe.go
+++ b/cmd/safe/safe.go
@ -16,19 +16,22 @@ import (
 	"golang.org/x/term"
 )
-var SafeCmd = &cobra.Command{
+func NewSafeCmd() *cobra.Command {
-	Use:   "safe",
+	cmd := &cobra.Command{
-	Short: "交互式安全确认，将可疑对象加入白名单",
+		Use:   "safe",
-	Long:  "查看当前的可疑文件和进程列表，并选择将其移入白名单。",
+		Short: "交互式安全确认，将可疑对象加入白名单",
-	Run: func(cmd *cobra.Command, args []string) {
+		Long:  "查看当前的可疑文件和进程列表，并选择将其移入白名单。",
-		cfg, err := config.LoadConfig("./config.yaml")
+		Run: func(cmd *cobra.Command, args []string) {
-		if err != nil {
+			cfg, err := config.LoadConfig("./config.yaml")
-			fmt.Printf("加载配置失败: %v\n", err)
+			if err != nil {
-			os.Exit(1)
+				fmt.Printf("加载配置失败: %v\n", err)
-		}
+				os.Exit(1)
 			}
-		interactiveSafe(cfg)
+			interactiveSafe(cfg)
-	},
+		},
 	}
 	return cmd
 }
 func readKeyWithESC() (string, error) {
--- a/cmd/start/start.go
+++ b/cmd/start/start.go
@ -20,160 +20,164 @@ import (
 	"go.uber.org/zap"
 )
-var StartCmd = &cobra.Command{
+func NewStartCmd() *cobra.Command {
-	Use:   "start",
+	cmd := &cobra.Command{
-	Short: "启动系统监控守护服务",
+		Use:   "start",
-	Long:  "sysmonitord start 命令用于启动系统监控守护服务，首次启动会进行全量扫描建立白名单。",
+		Short: "启动系统监控守护服务",
-	Run: func(cmd *cobra.Command, args []string) {
+		Long:  "sysmonitord start 命令用于启动系统监控守护服务，首次启动会进行全量扫描建立白名单。",
-		logger.Log.Info("正在启动系统监控守护服务...")
+		Run: func(cmd *cobra.Command, args []string) {
 			logger.Log.Info("正在启动系统监控守护服务...")
-		cfg, err := config.LoadConfig("./config.yaml")
+			cfg, ok := cmd.Context().Value("config").(*config.Config)
-		if err != nil {
+			if !ok {
-			logger.Log.Error("加载配置文件失败", zap.Error(err))
+				logger.Log.Error("无法获取配置")
 			os.Exit(1)
 		}
 		logger.Log.Info("配置文件加载成功",
 			zap.String("审计服务器地址", fmt.Sprintf("%s:%d", cfg.Audit.Server, cfg.Audit.Port)),
 		)
 		storageCfg := &storage.Storage{
 			DataDir:           cfg.Storage.DataDir,
 			ProcessSystemFile: cfg.Storage.ProcessSystemFile,
 			FileSystemFile:    cfg.Storage.FileSystemFile,
 		}
 		// ====== 进程扫描和存储 ======
 		startTime := time.Now()
 		procs, err := process.ScanAllProcesses(cfg)
 		logger.Log.Info("进程扫描完成",
 			zap.Int("进程数量", len(procs)),
 			zap.Duration("扫描耗时", time.Since(startTime)),
 		)
 		if err != nil {
 			logger.Log.Error("扫描进程失败", zap.Error(err))
 			os.Exit(1)
 		} else {
 			if err := storage.SaveProcessSystem(procs, storageCfg.DataDir, storageCfg.ProcessSystemFile); err != nil {
 				logger.Log.Error("保存进程白名单失败", zap.Error(err))
 			}
 		}
 		// ====== 文件扫描和存储 ======
 		logger.Log.Info("正在扫描文件系统...")
 		startTime = time.Now()
 		fileScanner := file.NewScanner(cfg)
 		files, err := fileScanner.Scan()
 		if err != nil {
 			logger.Log.Error("扫描文件系统失败", zap.Error(err))
 			os.Exit(1)
 		} else {
 			if err := storage.SaveFileSystem(files, storageCfg.DataDir, storageCfg.FileSystemFile); err != nil {
 				logger.Log.Error("保存文件系统白名单失败", zap.Error(err))
 				os.Exit(1)
 			}
 		}
-		duration := time.Since(startTime)
+			logger.Log.Info("配置文件加载成功",
-		logger.Log.Info("文件系统扫描完成",
+				zap.String("审计服务器地址", fmt.Sprintf("%s:%d", cfg.Audit.Server, cfg.Audit.Port)),
-			zap.Int("文件数量", len(files)),
+			)
 			zap.Duration("扫描耗时", duration),
 		)
 		// ====== 启动文件监听 ======
 		logger.Log.Info("正在启动文件监听...")
 		fileMon, err := watcher.NewWatcher(cfg)
 		if err != nil {
 			logger.Log.Error("启动文件监听失败", zap.Error(err))
 			os.Exit(1)
 		}
 		fileMon.Start()
 		// ====== 初始化文件检测器 ======
 		fileDetector, err := detector.NewFileDetector(cfg)
 		if err != nil {
 			logger.Log.Error("初始化文件检测器失败", zap.Error(err))
 			os.Exit(1)
 		}
 		// ====== 启动进程检测定时任务 ======
 		procDetector, err := detector.NewProcessDetector(cfg)
 		if err != nil {
 			logger.Log.Error("初始化进程检测器失败", zap.Error(err))
 			os.Exit(1)
 		}
 		procEventChan := procDetector.Event()
 		procScheduler := timer.NewScheduler(time.Duration(cfg.Scanner.Process.Interval)*time.Second, procDetector)
 		procScheduler.Start()
 		// ====== 启动告警管理器 ======
 		alerter := notifier.NewAlerter(cfg.Notification)
 		alerter.Start()
 		logger.Log.Info("系统监控守护服务已启动，正在监控系统变化...")
 		quit := make(chan os.Signal, 1)
 		signal.Notify(quit, os.Interrupt, syscall.SIGTERM, syscall.SIGINT)
 		for {
 			select {
 			case event := <-fileMon.Events():
 				logger.Log.Info("文件系统事件",
 					zap.String("path", event.Path),
 					zap.String("op", event.Op.String()),
 				)
 				if event.FileInfo != nil {
 					logger.Log.Debug("文件详情", zap.Int64("size", event.FileInfo.Size()))
 					fileDetector.HandleEvent(event.Path, event.Op.String())
 				}
 				// test
 				alerter.PushAlert(notifier.AlertEvent{
 					Type:    "File",
 					Path:    event.Path,
 					Reason:  event.Op.String(),
 					Details: "To test",
 				})
 			case procEvents := <-procEventChan:
 				logger.Log.Info("可疑进程事件",
 					zap.Int32("pid", procEvents.PID),
 					zap.String("name", procEvents.Name),
 					zap.String("path", procEvents.Path),
 				)
 				procDetector.HandleDubiousProcesses(procEvents)
 				// test
 				alerter.PushAlert(notifier.AlertEvent{
 					Type:    "Process",
 					Path:    procEvents.Path,
 					Reason:  "可疑进程",
 					Details: "To test",
 				})
 			case err := <-fileMon.Errors():
 				logger.Log.Error("文件监听错误", zap.Error(err))
 			case <-quit:
 				logger.Log.Info("正在停止系统监控守护服务...")
 				fileMon.Stop()
 				procScheduler.Stop()
 				logger.Log.Info("系统监控守护服务已停止")
 				return
 			storageCfg := &storage.Storage{
 				DataDir:           cfg.Storage.DataDir,
 				ProcessSystemFile: cfg.Storage.ProcessSystemFile,
 				FileSystemFile:    cfg.Storage.FileSystemFile,
 			}
 		}
-	},
+			// ====== 进程扫描和存储 ======
 			startTime := time.Now()
 			procs, err := process.ScanAllProcesses(cfg)
 			logger.Log.Info("进程扫描完成",
 				zap.Int("进程数量", len(procs)),
 				zap.Duration("扫描耗时", time.Since(startTime)),
 			)
 			if err != nil {
 				logger.Log.Error("扫描进程失败", zap.Error(err))
 				os.Exit(1)
 			} else {
 				if err := storage.SaveProcessSystem(procs, storageCfg.DataDir, storageCfg.ProcessSystemFile); err != nil {
 					logger.Log.Error("保存进程白名单失败", zap.Error(err))
 				}
 			}
 			// ====== 文件扫描和存储 ======
 			logger.Log.Info("正在扫描文件系统...")
 			startTime = time.Now()
 			fileScanner := file.NewScanner(cfg)
 			files, err := fileScanner.Scan()
 			if err != nil {
 				logger.Log.Error("扫描文件系统失败", zap.Error(err))
 				os.Exit(1)
 			} else {
 				if err := storage.SaveFileSystem(files, storageCfg.DataDir, storageCfg.FileSystemFile); err != nil {
 					logger.Log.Error("保存文件系统白名单失败", zap.Error(err))
 					os.Exit(1)
 				}
 			}
 			duration := time.Since(startTime)
 			logger.Log.Info("文件系统扫描完成",
 				zap.Int("文件数量", len(files)),
 				zap.Duration("扫描耗时", duration),
 			)
 			// ====== 启动文件监听 ======
 			logger.Log.Info("正在启动文件监听...")
 			fileMon, err := watcher.NewWatcher(cfg)
 			if err != nil {
 				logger.Log.Error("启动文件监听失败", zap.Error(err))
 				os.Exit(1)
 			}
 			fileMon.Start()
 			// ====== 初始化文件检测器 ======
 			fileDetector, err := detector.NewFileDetector(cfg)
 			if err != nil {
 				logger.Log.Error("初始化文件检测器失败", zap.Error(err))
 				os.Exit(1)
 			}
 			// ====== 启动进程检测定时任务 ======
 			procDetector, err := detector.NewProcessDetector(cfg)
 			if err != nil {
 				logger.Log.Error("初始化进程检测器失败", zap.Error(err))
 				os.Exit(1)
 			}
 			procEventChan := procDetector.Event()
 			procScheduler := timer.NewScheduler(time.Duration(cfg.Scanner.Process.Interval)*time.Second, procDetector)
 			procScheduler.Start()
 			// ====== 启动告警管理器 ======
 			alerter := notifier.NewAlerter(cfg.Notification)
 			alerter.Start()
 			logger.Log.Info("系统监控守护服务已启动，正在监控系统变化...")
 			quit := make(chan os.Signal, 1)
 			signal.Notify(quit, os.Interrupt, syscall.SIGTERM, syscall.SIGINT)
 			for {
 				select {
 				case event := <-fileMon.Events():
 					logger.Log.Info("文件系统事件",
 						zap.String("path", event.Path),
 						zap.String("op", event.Op.String()),
 					)
 					if event.FileInfo != nil {
 						logger.Log.Debug("文件详情", zap.Int64("size", event.FileInfo.Size()))
 						fileDetector.HandleEvent(event.Path, event.Op.String())
 					}
 					// test
 					alerter.PushAlert(notifier.AlertEvent{
 						Type:    "File",
 						Path:    event.Path,
 						Reason:  event.Op.String(),
 						Details: "To test",
 					})
 				case procEvents := <-procEventChan:
 					logger.Log.Info("可疑进程事件",
 						zap.Int32("pid", procEvents.PID),
 						zap.String("name", procEvents.Name),
 						zap.String("path", procEvents.Path),
 					)
 					procDetector.HandleDubiousProcesses(procEvents)
 					// test
 					alerter.PushAlert(notifier.AlertEvent{
 						Type:    "Process",
 						Path:    procEvents.Path,
 						Reason:  "可疑进程",
 						Details: "To test",
 					})
 				case err := <-fileMon.Errors():
 					logger.Log.Error("文件监听错误", zap.Error(err))
 				case <-quit:
 					logger.Log.Info("正在停止系统监控守护服务...")
 					fileMon.Stop()
 					procScheduler.Stop()
 					logger.Log.Info("系统监控守护服务已停止")
 					return
 				}
 			}
 		},
 	}
 	return cmd
 }
--- a/cmd/status/status.go
+++ b/cmd/status/status.go
@ -10,20 +10,23 @@ import (
 	"github.com/spf13/cobra"
 )
-var StatusCmd = &cobra.Command{
+func NewStatusCmd() *cobra.Command {
-	Use:   "status",
+	cmd := &cobra.Command{
-	Short: "显示系统状态",
+		Use:   "status",
-	Long:  "显示Sysmonitod的当前状态",
+		Short: "显示系统状态",
-	Run: func(cmd *cobra.Command, args []string) {
+		Long:  "显示Sysmonitod的当前状态",
-		cfg, err := config.LoadConfig("./config.yaml")
+		Run: func(cmd *cobra.Command, args []string) {
 			cfg, err := config.LoadConfig("./config.yaml")
-		if err != nil {
+			if err != nil {
-			fmt.Printf("加载配置失败: %v\n", err)
+				fmt.Printf("加载配置失败: %v\n", err)
-			os.Exit(1)
+				os.Exit(1)
-		}
+			}
-		printStatus(cfg)
+			printStatus(cfg)
-	},
+		},
 	}
 	return cmd
 }
 func printStatus(cfg *config.Config) {
--- a/cmd/version/version.go
+++ b/cmd/version/version.go
@ -7,11 +7,14 @@ import (
 	"github.com/spf13/cobra"
 )
-var VersionCmd = &cobra.Command{
+func NewVersionCmd() *cobra.Command {
-	Use:   "version",
+	cmd := &cobra.Command{
-	Short: "显示 sysmonitord 的版本信息",
+		Use:   "version",
-	Long:  "sysmonitord version 命令用于显示当前 sysmonitord 的版本、Git 提交信息和构建时间。",
+		Short: "显示 sysmonitord 的版本信息",
-	Run: func(cmd *cobra.Command, args []string) {
+		Long:  "sysmonitord version 命令用于显示当前 sysmonitord 的版本、Git 提交信息和构建时间。",
-		fmt.Println(version.Info())
+		Run: func(cmd *cobra.Command, args []string) {
-	},
+			fmt.Println(version.Info())
 		},
 	}
 	return cmd
 }
--- a/config.yaml.example
+++ b/config.yaml.example
@ -19,7 +19,7 @@ scanner:
    algorithm: "xxhash64"
  file:
    include_paths:
-      - /home/wuko233/Downloads
+      - /
    exclude_paths:
      - /proc
      - /sys
@ -27,10 +27,22 @@ scanner:
    fast_hash_size: 100MB
    fast_hash_chunk: 2MB
  process:
-    interval: 30 # seconds
+    interval: 300 # seconds
 storage:
  data_dir: "./data"
  process_system_file: "process_system.data"
  file_system_file: "file_system.data"
  dubious_file_list_file: "dubious_files.data"
  dubious_process_list_file: "dubious_processes.data"
 notification:
  email:
    enabled: true
    recipients:
      - admin@wuko.top
    smtp:
      server:
      port: 465
      username:
      password:
--- a/install.sh
+++ b/install.sh
@ -0,0 +1,59 @@
 #!/bin/bash
 # sysmonitord 安装脚本
 set -e
 echo "正在安装 sysmonitord..."
 # 检测是否为 root 用户
 if [ "$EUID" -ne 0 ]; then
    echo "请使用 root 用户运行此安装脚本。"
    exit 1
 fi
 # 路径设置
 BIN_NAME="sysmonitord"
 INSTALL_DIR="/usr/local/bin"
 CONFIG_DIR="/etc/sysmonitord"
 DATA_DIR="/var/lib/sysmonitord"
 LOG_DIR="/var/log/sysmonitord"
 # 编译
 echo "正在编译 sysmonitord..."
 make build
 # 创建目录
 echo "正在创建目录..."
 mkdir -p "$CONFIG_DIR"
 mkdir -p "$DATA_DIR"
 mkdir -p "$LOG_DIR"
 # 复制文件
 echo "正在复制文件..."
 cp "dist/$BIN_NAME" "$INSTALL_DIR/"
 chmod +x "$INSTALL_DIR/$BIN_NAME"
 # 初始化配置文件
 if [ ! -f "$CONFIG_DIR/config.yaml" ]; then
    echo "==> 初始化配置文件..."
    cp config.yaml.example $CONFIG_DIR/config.yaml
 else
    echo "==> 配置文件已存在，跳过覆盖..."
 fi
 # 安装systemd服务
 echo "正在安装 systemd 服务..."
 cp scripts/sysmonitord.service /etc/systemd/system/
 systemctl daemon-reload
 systemctl enable sysmonitord
 echo ""
 echo "安装完成！"
 echo ""
 echo "配置文件路径: $CONFIG_DIR/config.yaml"
 echo "数据目录: $DATA_DIR"
 echo "日志目录: $LOG_DIR"
 echo ""
 echo "您可以使用以下命令来管理 sysmonitord 服务："
 echo "启动: systemctl start sysmonitord"
 echo "停止: systemctl stop sysmonitord"
 echo "重启: systemctl restart sysmonitord"
 echo "查看状态: systemctl status sysmonitord"
 echo "查看日志: journalctl -u sysmonitord -f"
--- a/main.go
+++ b/main.go
@ -1,6 +1,8 @@
 package main
 import (
 	"context"
 	"fmt"
 	"os"
 	"sysmonitord/cmd/safe"
 	"sysmonitord/cmd/start"
@ -13,27 +15,44 @@ import (
 	"go.uber.org/zap"
 )
 var (
 	cfgFile string
 	cfg     *config.Config
 )
 func main() {
 	logger.InitLogger()
 	defer logger.Sync()
 	cfg, err := config.LoadConfig("./config.yaml")
 	if err != nil {
 		logger.Log.Error("加载配置文件失败", zap.Error(err))
 		os.Exit(1)
 	} else {
 		logger.SetLogLevel(cfg.Log.Level)
 	}
 	var rootCmd = &cobra.Command{
 		Use:   "sysmonitord",
 		Short: "Sysmonitord 是一个 Linux 系统安全监控工具",
 		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
 			if cfgFile == "" {
 				if _, err := os.Stat("./config.yaml"); err == nil {
 					cfgFile = "./config.yaml"
 				} else if _, err := os.Stat("/etc/sysmonitord/config.yaml"); err == nil {
 					cfgFile = "/etc/sysmonitord/config.yaml"
 				}
 			}
 			cfg, err := config.LoadConfig(cfgFile)
 			if err != nil {
 				return fmt.Errorf("加载配置文件失败: %w", err)
 			}
 			ctx := context.WithValue(cmd.Context(), "config", cfg)
 			cmd.SetContext(ctx)
 			return nil
 		},
 	}
-	rootCmd.AddCommand(start.StartCmd)
+	rootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "c", "", "配置文件路径 (默认: ./config.yaml 或 /etc/sysmonitord/config.yaml)")
-	rootCmd.AddCommand(version.VersionCmd)
+
-	rootCmd.AddCommand(status.StatusCmd)
+	rootCmd.AddCommand(start.NewStartCmd())
-	rootCmd.AddCommand(safe.SafeCmd)
+	rootCmd.AddCommand(version.NewVersionCmd())
 	rootCmd.AddCommand(status.NewStatusCmd())
 	rootCmd.AddCommand(safe.NewSafeCmd())
 	if err := rootCmd.Execute(); err != nil {
 		logger.Log.Error("命令执行失败", zap.Error(err))
--- a/scripts/sysmonitord.service
+++ b/scripts/sysmonitord.service
@ -0,0 +1,16 @@
 [Unit]
 Description=Sysmonitord - Linux System Security Monitor Daemon
 Documentation=https://github.com/wuko233/sysmonitord
 After=network.target
 [Service]
 Type=simple
 User=root
 Group=root
 ExecStart=/usr/local/bin/sysmonitord start
 Restart=on-failure
 RestartSec=10
 LimitNOFILE=65536
 [Install]
 WantedBy=multi-user.target
Author	SHA1	Message	Date
wuko233	47602c5838	[cmd]重构配置读取，支持传入参数	2026-04-08 21:08:20 +08:00
wuko233	60a64a63ce	[install](未测试) 安装脚本&Systemd&Makefile	2026-04-08 20:05:06 +08:00