debiey/sentinelai

# SentinelAI **自主 Linux 事件响应系统** SentinelAI 是一个 AI 驱动的监控代理，可监控您的 Linux 系统以发现异常情况，使用本地 AI 模型推断根本原因，并用通俗易懂的语言解释每一起事件。完全离线——无需连接云端，无需 API 密钥。 ## 它能检测什么 | 事件 | 描述 | |----------|-------------| | CPU 激增 | CPU 使用率过高并识别消耗最高的进程 | | 内存过高 | RAM 压力和内存泄漏模式 | | 磁盘已满 | 所有挂载点的磁盘容量警告 | | 服务失败 | systemd 服务失败 | | SSH 暴力破解 | 来自 auth 日志的失败登录尝试 | ## 命令 ``` sentinel watch # Start continuous monitoring (default: every 30s) sentinel watch -i 60 # Monitor every 60 seconds sentinel status # Run a single scan right now sentinel incidents # View all logged incidents sentinel incidents -u # View only unresolved incidents sentinel explain # AI explanation for a specific incident sentinel report # AI-generated summary report sentinel resolve # Mark an incident as resolved ``` ## 快速安装 **1. 安装 Ollama 并拉取模型** ``` curl -fsSL https://ollama.com/install.sh | sh ollama pull llama3.2:3b ollama serve ``` **2. 安装 SentinelAI** ``` git clone https://github.com/debiey/sentinelai.git cd sentinelai python3 -m venv .venv source .venv/bin/activate pip install -e . ``` **3. 运行它** ``` sentinel status # immediate scan sentinel watch # start the agent ``` ## 工作原理 ``` System Metrics (psutil) ↓ Anomaly Detectors (CPU / RAM / Disk / Services / SSH) ↓ AI Reasoning Engine (Ollama — fully offline) ↓ Plain English Explanation + Recommended Fix ↓ Incident Logger (SQLite at ~/.sentinel/incidents.db) ``` ## 示例输出 ``` sentinel status SentinelAI — System Scan [WARNING] MEMORY_HIGH — RAM usage at 78.3% (5.9GB / 7.5GB) ram_percent: 78.3% top_process: chrome top_process_ram: 34.2% [CRITICAL] SSH_BRUTE_FORCE — 47 failed SSH login attempts detected failed_attempts: 47 unique_source_ips: 3 sample_ips: 192.168.1.105, 10.0.0.22 ``` ``` sentinel explain 3 AI Analysis Your system is experiencing significant memory pressure at 78.3% RAM usage, primarily driven by the Chrome browser process consuming 34.2% of available memory. This pattern is consistent with a memory leak or excessive tab usage. Consider restarting Chrome or closing unused tabs. If the issue persists, check for runaway background processes using: ps aux --sort=-%mem | head -10 ``` ## 系统要求 - Python 3.10+ - Linux (Ubuntu, Debian, Fedora, Arch) - 本地运行 Ollama (推荐 llama3.2:3b) - 需使用 sudo 权限读取 auth 日志 (用于 SSH 检测) ## 作者 **Chioma Obiagboso** — Linux 系统工程师 · AI 工具开发者 · RHCSA 认证 [作品集](https://debiey.github.io) · [GitHub](https://github.com/debiey) · [OmaAI](https://github.com/debiey/omaai) · [Mimir](https://github.com/debiey/mimir) ## 许可证 MIT

标签：AI智能体, AI风险缓解, CPU监控, DLL 劫持, Linux系统运维, Llama3, LLM评估, Ollama, PB级数据处理, psutil, Python, SecOps, SQLite, SSH暴力破解, systemd, 云安全架构, 人工智能, 内存监控, 大语言模型, 安全运维, 开源, 异常检测, 故障排查, 无后门, 智能诊断, 本地AI, 根因分析, 用户模式Hook绕过, 监控告警, 磁盘监控, 离线AI, 自动化响应, 自动化运维, 逆向工具