搜索到
28
篇与
Linux
相关的结果
-
Linux重置用户登录密码 1.主机连接好键盘、显示器后开机,当出现下图界面时按下 E 键; 2.出现如下图的界面,然后按键盘下方向键把光标移动到linux这一行,光标移动到本行结尾(或快捷键CTRL+E自动跳转到结尾),然后输入空格 init=/bin/bash; 3.输入完成后按下 CTRL+X 开始启动系统; 4.重新把根目录挂载为读写模式,命令:mount -o remount,rw / 5.输入修改密码命令:passwd <用户名>,连续输入两次需要设置的密码(密码不显示,直接输入即可)显示passwd: password updated successfully密码重置成功;将更改后的密码即时同步到系统:sync 回车;最后输入 reboot -f 回车后重启服务器。 -
Linux安全防护与监控交互式脚本 功能:病毒检测 | 挖矿防护 | 攻击防护 | 漏洞修复代码#!/bin/bash # ============================================ # 高级Linux安全防护与监控脚本 # 功能:病毒文件检测、挖矿进程防护、攻击防护、漏洞修复 # 作者:安全专家系统 # 版本:v3.2.1 # ============================================ # 脚本目录设置 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" LOG_DIR="$SCRIPT_DIR/logs" CONFIG_DIR="$SCRIPT_DIR/config" REPORTS_DIR="$SCRIPT_DIR/reports" QUARANTINE_DIR="$SCRIPT_DIR/quarantine" BACKUP_DIR="$SCRIPT_DIR/backups" TOOLS_DIR="$SCRIPT_DIR/tools" # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' NC='\033[0m' # No Color BOLD='\033[1m' # 全局变量 CURRENT_DATE=$(date +"%Y%m%d_%H%M%S") LOG_FILE="$LOG_DIR/security_scan_$CURRENT_DATE.log" REPORT_FILE="$REPORTS_DIR/security_report_$CURRENT_DATE.html" SCAN_RESULTS="$REPORTS_DIR/scan_results_$CURRENT_DATE.json" USER_ID=$(id -u) SYSLOG_FILE="/var/log/syslog" AUTH_LOG="/var/log/auth.log" # 恶意软件特征库 MALWARE_SIGNATURES=( "minerd" "xmrig" "cpuminer" "ccminer" "cgminer" "libprocesshider" "ld.so.preload" "/tmp/.X11-unix" "kinsing" "kdevtmpfsi" "watchbog" "systemd-service" "/dev/shm/" "\.sshd" "\.logrotat" "\.configrc" ) # 可疑进程名 SUSPICIOUS_PROCESSES=( "minerd" "xmrig" "cpuminer" "kinsing" "kdevtmpfsi" "watchbog" "libprocesshider" "masscan" "hping" "nmap" "john" "hydra" "sqlmap" "netcat" "nc" ) # 可疑端口 SUSPICIOUS_PORTS=(4444 5555 6666 7777 8888 9999 1337 31337 47107) # 函数:打印带颜色的消息 print_message() { local type=$1 local message=$2 case $type in "info") echo -e "${BLUE}[INFO]${NC} $message" | tee -a "$LOG_FILE" ;; "success") echo -e "${GREEN}[SUCCESS]${NC} $message" | tee -a "$LOG_FILE" ;; "warning") echo -e "${YELLOW}[WARNING]${NC} $message" | tee -a "$LOG_FILE" ;; "error") echo -e "${RED}[ERROR]${NC} $message" | tee -a "$LOG_FILE" ;; "critical") echo -e "${RED}${BOLD}[CRITICAL]${NC} $message" | tee -a "$LOG_FILE" ;; "header") echo -e "${PURPLE}${BOLD}$message${NC}" | tee -a "$LOG_FILE" ;; esac } # 函数:检查并安装依赖 check_dependencies() { print_message "info" "检查系统依赖..." local missing_deps=() # 列出所需工具 local required_tools=( "clamav" "chkrootkit" "rkhunter" "lynis" "fail2ban" "iptables" "netstat" "lsof" "curl" "wget" "jq" "unhide" "auditd" "tripwire" "aide" "psad" ) # 检查每个工具 for tool in "${required_tools[@]}"; do if ! command -v $tool &> /dev/null; then missing_deps+=("$tool") fi done # 检查ClamAV相关 if ! command -v freshclam &> /dev/null; then missing_deps+=("clamav-freshclam") fi # 如果有缺失的依赖 if [ ${#missing_deps[@]} -gt 0 ]; then print_message "warning" "发现缺失的依赖: ${missing_deps[*]}" echo -e "${YELLOW}是否要安装缺失的依赖?(y/n): ${NC}" read -r response if [[ "$response" =~ ^[Yy]$ ]]; then install_dependencies "${missing_deps[@]}" else print_message "warning" "用户选择跳过依赖安装,某些功能可能不可用" fi else print_message "success" "所有依赖已安装" fi } # 函数:安装依赖 install_dependencies() { local deps=("$@") print_message "info" "开始安装依赖..." # 检测包管理器 if command -v apt-get &> /dev/null; then PKG_MANAGER="apt-get" elif command -v yum &> /dev/null; then PKG_MANAGER="yum" elif command -v dnf &> /dev/null; then PKG_MANAGER="dnf" elif command -v pacman &> /dev/null; then PKG_MANAGER="pacman" else print_message "error" "未找到支持的包管理器" return 1 fi # 更新包列表 print_message "info" "更新包列表..." sudo $PKG_MANAGER update -y # 安装每个依赖 for dep in "${deps[@]}"; do print_message "info" "安装 $dep..." case $PKG_MANAGER in "apt-get") sudo apt-get install -y "$dep" 2>> "$LOG_FILE" ;; "yum"|"dnf") sudo $PKG_MANAGER install -y "$dep" 2>> "$LOG_FILE" ;; "pacman") sudo pacman -S --noconfirm "$dep" 2>> "$LOG_FILE" ;; esac if [ $? -eq 0 ]; then print_message "success" "$dep 安装成功" else print_message "error" "$dep 安装失败" fi done # 初始化一些安全工具 init_security_tools } # 函数:初始化安全工具 init_security_tools() { print_message "info" "初始化安全工具..." # 初始化ClamAV数据库 if command -v freshclam &> /dev/null; then print_message "info" "更新ClamAV病毒数据库..." sudo freshclam 2>> "$LOG_FILE" fi # 初始化rkhunter if command -v rkhunter &> /dev/null; then print_message "info" "更新rkhunter数据库..." sudo rkhunter --update 2>> "$LOG_FILE" sudo rkhunter --propupd 2>> "$LOG_FILE" fi # 初始化lynis if command -v lynis &> /dev/null; then print_message "info" "更新lynis..." sudo lynis update info 2>> "$LOG_FILE" fi } # 函数:创建目录结构 create_directories() { print_message "info" "创建目录结构..." local dirs=("$LOG_DIR" "$CONFIG_DIR" "$REPORTS_DIR" "$QUARANTINE_DIR" "$BACKUP_DIR" "$TOOLS_DIR") for dir in "${dirs[@]}"; do if [ ! -d "$dir" ]; then mkdir -p "$dir" print_message "success" "创建目录: $dir" fi done # 创建隔离区子目录 mkdir -p "$QUARANTINE_DIR/malware" mkdir -p "$QUARANTINE_DIR/suspicious" mkdir -p "$QUARANTINE_DIR/quarantined_files" } # 函数:显示主菜单 show_menu() { clear echo -e "${PURPLE}${BOLD}" echo "===========================================" echo " 高级Linux安全防护与监控系统 v3.2.1" echo "===========================================" echo -e "${NC}" echo -e "${CYAN}${BOLD}主菜单${NC}" echo -e "${GREEN}1.${NC} 病毒与恶意软件扫描" echo -e "${GREEN}2.${NC} 挖矿进程检测与防护" echo -e "${GREEN}3.${NC} 系统攻击检测与防护" echo -e "${GREEN}4.${NC} 系统漏洞扫描与修复" echo -e "${GREEN}5.${NC} 实时监控与告警" echo -e "${GREEN}6.${NC} 安全加固配置" echo -e "${GREEN}7.${NC} 网络防护配置" echo -e "${GREEN}8.${NC} 生成安全报告" echo -e "${GREEN}9.${NC} 系统信息与状态" echo -e "${GREEN}10.${NC} 综合安全扫描(所有功能)" echo -e "${GREEN}0.${NC} 退出" echo -e "${CYAN}${BOLD}===========================================${NC}" echo -n "请选择操作 [0-10]: " } # 函数:病毒与恶意软件扫描 virus_scan() { print_message "header" "开始病毒与恶意软件扫描" # 使用ClamAV进行扫描 if command -v clamscan &> /dev/null; then print_message "info" "使用ClamAV扫描系统..." # 扫描关键目录 local scan_dirs=("/bin" "/sbin" "/usr/bin" "/usr/sbin" "/lib" "/usr/lib" "/etc" "/tmp" "/var/tmp" "/dev/shm" "/root" "/home") for dir in "${scan_dirs[@]}"; do if [ -d "$dir" ]; then print_message "info" "扫描目录: $dir" clamscan -r -i --move="$QUARANTINE_DIR/malware" "$dir" 2>> "$LOG_FILE" | tail -20 >> "$LOG_FILE" fi done print_message "success" "ClamAV扫描完成" else print_message "warning" "ClamAV未安装,跳过病毒扫描" fi # 使用chkrootkit检查rootkit if command -v chkrootkit &> /dev/null; then print_message "info" "使用chkrootkit检查rootkit..." sudo chkrootkit 2>> "$LOG_FILE" | tee -a "$REPORT_FILE" print_message "success" "chkrootkit检查完成" fi # 使用rkhunter检查rootkit if command -v rkhunter &> /dev/null; then print_message "info" "使用rkhunter检查rootkit..." sudo rkhunter -c --sk 2>> "$LOG_FILE" | tail -50 >> "$LOG_FILE" print_message "success" "rkhunter检查完成" fi # 自定义恶意软件特征扫描 print_message "info" "执行自定义恶意软件特征扫描..." custom_malware_scan } # 函数:自定义恶意软件扫描 custom_malware_scan() { local malware_found=() # 扫描进程 print_message "info" "扫描可疑进程..." for proc in "${MALWARE_SIGNATURES[@]}"; do if pgrep -f "$proc" &> /dev/null; then malware_found+=("可疑进程: $proc") print_message "critical" "发现可疑进程: $proc" # 记录进程信息 ps aux | grep "$proc" >> "$REPORT_FILE" fi done # 扫描文件系统 print_message "info" "扫描可疑文件..." for sig in "${MALWARE_SIGNATURES[@]}"; do local found_files=$(find / -type f -name "*$sig*" 2>/dev/null | head -20) if [ -n "$found_files" ]; then while IFS= read -r file; do malware_found+=("可疑文件: $file") print_message "warning" "发现可疑文件: $file" # 隔离可疑文件 if [ -f "$file" ]; then quarantine_file "$file" fi done <<< "$found_files" fi done # 扫描隐藏进程 print_message "info" "检查隐藏进程..." if command -v unhide &> /dev/null; then sudo unhide proc 2>> "$LOG_FILE" | tee -a "$REPORT_FILE" fi # 生成恶意软件报告 generate_malware_report "${malware_found[@]}" } # 函数:隔离文件 quarantine_file() { local file=$1 local filename=$(basename "$file") local quarantine_path="$QUARANTINE_DIR/quarantined_files/${filename}_$(date +%s)" if sudo mv "$file" "$quarantine_path" 2>/dev/null; then print_message "success" "已隔离文件: $file -> $quarantine_path" # 记录到日志 echo "$(date): 隔离文件 $file 到 $quarantine_path" >> "$QUARANTINE_DIR/quarantine.log" else print_message "error" "无法隔离文件: $file" fi } # 函数:挖矿进程检测与防护 mining_protection() { print_message "header" "开始挖矿进程检测与防护" local mining_processes=() # 检测挖矿进程 print_message "info" "扫描挖矿进程..." for proc in "${SUSPICIOUS_PROCESSES[@]}"; do if pgrep -f "$proc" &> /dev/null; then mining_processes+=("$proc") print_message "critical" "发现挖矿进程: $proc" # 获取进程详情 local pids=$(pgrep -f "$proc") for pid in $pids; do print_message "warning" "进程详情 - PID: $pid" ps -p "$pid" -o pid,ppid,user,%cpu,%mem,cmd >> "$REPORT_FILE" # 终止进程 echo -e "${YELLOW}是否终止进程 $pid ($proc)? (y/n): ${NC}" read -r response if [[ "$response" =~ ^[Yy]$ ]]; then sudo kill -9 "$pid" print_message "success" "已终止进程: $pid" fi done fi done # 检测CPU使用率异常的进程 print_message "info" "检测高CPU使用率进程..." ps aux --sort=-%cpu | head -20 | awk '{if($3 > 50.0) print $0}' >> "$LOG_FILE" # 检查计划任务中的挖矿任务 print_message "info" "检查计划任务..." check_crontab_for_mining # 检查系统服务 print_message "info" "检查系统服务..." check_systemd_for_mining # 配置防护规则 configure_mining_protection # 生成挖矿防护报告 generate_mining_report "${mining_processes[@]}" } # 函数:检查计划任务中的挖矿 check_crontab_for_mining() { local suspicious_crons=() # 检查所有用户的crontab for user in $(cut -f1 -d: /etc/passwd); do local user_cron=$(sudo crontab -u "$user" -l 2>/dev/null) if [ -n "$user_cron" ]; then for sig in "${MALWARE_SIGNATURES[@]}"; do if echo "$user_cron" | grep -q "$sig"; then suspicious_crons+=("用户 $user 的计划任务包含: $sig") print_message "critical" "用户 $user 的计划任务包含可疑内容: $sig" # 显示可疑行 echo "$user_cron" | grep "$sig" >> "$REPORT_FILE" fi done fi done # 检查系统crontab local system_crontabs=("/etc/crontab" "/etc/cron.d/" "/etc/cron.daily/" "/etc/cron.hourly/" "/etc/cron.monthly/" "/etc/cron.weekly/") for cron_file in "${system_crontabs[@]}"; do if [ -f "$cron_file" ]; then for sig in "${MALWARE_SIGNATURES[@]}"; do if grep -q "$sig" "$cron_file" 2>/dev/null; then suspicious_crons+=("系统cron文件 $cron_file 包含: $sig") print_message "critical" "系统cron文件 $cron_file 包含可疑内容" fi done elif [ -d "$cron_file" ]; then for script in "$cron_file"/*; do if [ -f "$script" ]; then for sig in "${MALWARE_SIGNATURES[@]}"; do if grep -q "$sig" "$script" 2>/dev/null; then suspicious_crons+=("cron脚本 $script 包含: $sig") print_message "critical" "cron脚本 $script 包含可疑内容" fi done fi done fi done } # 函数:检查系统服务 check_systemd_for_mining() { print_message "info" "检查系统服务..." local suspicious_services=$(systemctl list-units --type=service --all | grep -E "$(echo "${MALWARE_SIGNATURES[@]}" | tr ' ' '|')") if [ -n "$suspicious_services" ]; then print_message "critical" "发现可疑系统服务:" echo "$suspicious_services" >> "$REPORT_FILE" echo "$suspicious_services" fi } # 函数:配置挖矿防护 configure_mining_protection() { print_message "info" "配置挖矿防护规则..." # 创建iptables规则阻止挖矿池连接 local mining_pools=( "xmr.pool.minergate.com" "xmr.crypto-pool.fr" "minexmr.com" "pool.minexmr.com" "xmr.prohash.net" "monerohash.com" "pool.supportxmr.com" "xmr-us-east1.nanopool.org" ) for pool in "${mining_pools[@]}"; do # 解析域名获取IP地址 local pool_ips=$(dig +short "$pool" 2>/dev/null) for ip in $pool_ips; do if ! sudo iptables -C OUTPUT -d "$ip" -j DROP 2>/dev/null; then sudo iptables -A OUTPUT -d "$ip" -j DROP print_message "success" "已阻止挖矿池IP: $ip ($pool)" fi done done # 保存iptables规则 if command -v iptables-save &> /dev/null; then sudo iptables-save > "$CONFIG_DIR/anti_mining_iptables.rules" print_message "success" "挖矿防护规则已保存" fi } # 函数:系统攻击检测与防护 attack_detection() { print_message "header" "开始系统攻击检测与防护" # 检查登录失败 check_failed_logins # 检查可疑连接 check_suspicious_connections # 检查端口扫描 check_port_scanning # 检查暴力破解尝试 check_brute_force # 配置Fail2Ban configure_fail2ban # 检查文件完整性 check_file_integrity # 生成攻击检测报告 generate_attack_report } # 函数:检查失败登录 check_failed_logins() { print_message "info" "检查失败登录尝试..." if [ -f "$AUTH_LOG" ]; then local failed_logins=$(grep "Failed password" "$AUTH_LOG" | tail -50) if [ -n "$failed_logins" ]; then print_message "warning" "发现失败登录尝试:" echo "$failed_logins" | tail -20 >> "$REPORT_FILE" # 统计失败次数 local failed_count=$(echo "$failed_logins" | wc -l) if [ "$failed_count" -gt 10 ]; then print_message "critical" "发现大量失败登录尝试: $failed_count 次" fi fi fi # 检查最近登录 print_message "info" "检查最近登录记录..." last -20 >> "$LOG_FILE" } # 函数:检查可疑连接 check_suspicious_connections() { print_message "info" "检查可疑网络连接..." # 使用netstat检查连接 if command -v netstat &> /dev/null; then local suspicious_conn=$(sudo netstat -tunap 2>/dev/null | grep -E "$(echo "${SUSPICIOUS_PORTS[@]}" | tr ' ' '|')") if [ -n "$suspicious_conn" ]; then print_message "critical" "发现可疑网络连接:" echo "$suspicious_conn" >> "$REPORT_FILE" fi fi # 使用ss检查连接 if command -v ss &> /dev/null; then sudo ss -tunap | grep -E ":($(echo "${SUSPICIOUS_PORTS[@]}" | tr ' ' '|'))" >> "$LOG_FILE" fi } # 函数:检查端口扫描 check_port_scanning() { print_message "info" "检查端口扫描活动..." if [ -f "$SYSLOG_FILE" ]; then local port_scans=$(grep -i "port scan" "$SYSLOG_FILE" | tail -20) if [ -n "$port_scans" ]; then print_message "critical" "发现端口扫描活动:" echo "$port_scans" >> "$REPORT_FILE" fi fi # 检查内核日志 if [ -f "/var/log/kern.log" ]; then grep -i "port scan\|firewall" /var/log/kern.log | tail -20 >> "$LOG_FILE" fi } # 函数:检查暴力破解 check_brute_force() { print_message "info" "检查暴力破解尝试..." # 检查SSH暴力破解 if [ -f "$AUTH_LOG" ]; then local ssh_attempts=$(grep -c "Failed password" "$AUTH_LOG") if [ "$ssh_attempts" -gt 50 ]; then print_message "critical" "SSH暴力破解检测: $ssh_attempts 次失败尝试" # 提取攻击IP local attacker_ips=$(grep "Failed password" "$AUTH_LOG" | awk '{print $(NF-3)}' | sort | uniq -c | sort -nr) echo "攻击IP统计:" >> "$REPORT_FILE" echo "$attacker_ips" >> "$REPORT_FILE" fi fi } # 函数:配置Fail2Ban configure_fail2ban() { print_message "info" "配置Fail2Ban..." if ! command -v fail2ban-client &> /dev/null; then print_message "warning" "Fail2Ban未安装,跳过配置" return fi # 检查Fail2Ban状态 if sudo fail2ban-client status &> /dev/null; then print_message "success" "Fail2Ban正在运行" # 显示当前监狱状态 sudo fail2ban-client status sshd 2>> "$LOG_FILE" | tee -a "$REPORT_FILE" else print_message "warning" "Fail2Ban未运行,尝试启动..." sudo systemctl start fail2ban 2>> "$LOG_FILE" fi # 创建自定义Fail2Ban规则 create_fail2ban_rules } # 函数:创建Fail2Ban规则 create_fail2ban_rules() { local fail2ban_local="$CONFIG_DIR/fail2ban.local" cat > "$fail2ban_local" << EOF [DEFAULT] bantime = 3600 findtime = 600 maxretry = 5 [sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 [nginx-http-auth] enabled = true filter = nginx-http-auth logpath = /var/log/nginx/error.log maxretry = 3 [apache-auth] enabled = true filter = apache-auth logpath = /var/log/apache2/*error.log maxretry = 3 EOF print_message "success" "Fail2Ban规则已创建: $fail2ban_local" } # 函数:检查文件完整性 check_file_integrity() { print_message "info" "检查系统文件完整性..." # 使用AIDE检查文件完整性 if command -v aide &> /dev/null; then print_message "info" "使用AIDE检查文件完整性..." # 检查AIDE数据库是否存在 if [ ! -f "/var/lib/aide/aide.db.gz" ]; then print_message "warning" "AIDE数据库不存在,正在初始化..." sudo aideinit fi # 运行AIDE检查 sudo aide --check 2>> "$LOG_FILE" | tee -a "$REPORT_FILE" fi # 检查重要文件权限 check_file_permissions } # 函数:检查文件权限 check_file_permissions() { print_message "info" "检查重要文件权限..." local critical_files=( "/etc/passwd" "/etc/shadow" "/etc/group" "/etc/sudoers" "/etc/ssh/sshd_config" "/etc/crontab" "/etc/hosts" ) for file in "${critical_files[@]}"; do if [ -f "$file" ]; then local perms=$(stat -c "%a %U %G" "$file") print_message "info" "$file - 权限: $perms" echo "$file - 权限: $perms" >> "$LOG_FILE" fi done } # 函数:系统漏洞扫描与修复 vulnerability_scan() { print_message "header" "开始系统漏洞扫描与修复" # 使用lynis进行系统审计 if command -v lynis &> /dev/null; then print_message "info" "使用Lynis进行系统安全审计..." sudo lynis audit system 2>> "$LOG_FILE" | tee -a "$REPORT_FILE" fi # 检查系统更新 check_system_updates # 检查已知漏洞 check_known_vulnerabilities # 检查配置漏洞 check_config_vulnerabilities # 修复建议 provide_fixes # 生成漏洞报告 generate_vulnerability_report } # 函数:检查系统更新 check_system_updates() { print_message "info" "检查系统更新..." if command -v apt-get &> /dev/null; then sudo apt-get update 2>> "$LOG_FILE" local updates=$(apt list --upgradable 2>/dev/null | wc -l) if [ "$updates" -gt 1 ]; then print_message "warning" "发现 $((updates-1)) 个可用更新" echo -e "${YELLOW}是否立即更新系统?(y/n): ${NC}" read -r response if [[ "$response" =~ ^[Yy]$ ]]; then sudo apt-get upgrade -y 2>> "$LOG_FILE" print_message "success" "系统更新完成" fi else print_message "success" "系统已是最新" fi elif command -v yum &> /dev/null; then sudo yum check-update 2>> "$LOG_FILE" local updates=$? if [ "$updates" -eq 100 ]; then print_message "warning" "发现可用更新" fi fi } # 函数:检查已知漏洞 check_known_vulnerabilities() { print_message "info" "检查已知安全漏洞..." # 检查Dirty Pipe漏洞(CVE-2022-0847) check_dirty_pipe # 检查Dirty Cow漏洞(CVE-2016-5195) check_dirty_cow # 检查ShellShock(CVE-2014-6271) check_shellshock # 检查Heartbleed(CVE-2014-0160) check_heartbleed } # 函数:检查Dirty Pipe漏洞 check_dirty_pipe() { local kernel_version=$(uname -r) if [[ "$kernel_version" =~ ^5\. ]] && [[ "$kernel_version" < "5.16.11" ]]; then print_message "critical" "系统可能受Dirty Pipe漏洞影响(CVE-2022-0847)" echo "建议更新内核到5.16.11或更高版本" >> "$REPORT_FILE" fi } # 函数:检查Dirty Cow漏洞 check_dirty_cow() { local kernel_version=$(uname -r) if [[ "$kernel_version" < "4.8.3" ]]; then print_message "critical" "系统可能受Dirty Cow漏洞影响(CVE-2016-5195)" echo "建议更新内核到4.8.3或更高版本" >> "$REPORT_FILE" fi } # 函数:检查ShellShock漏洞 check_shellshock() { local shellshock_test=$(env x='() { :;}; echo vulnerable' bash -c "echo test" 2>/dev/null) if [ "$shellshock_test" = "vulnerable" ]; then print_message "critical" "系统受ShellShock漏洞影响(CVE-2014-6271)" echo "建议更新bash到最新版本" >> "$REPORT_FILE" else print_message "success" "系统不受ShellShock漏洞影响" fi } # 函数:检查Heartbleed漏洞 check_heartbleed() { if command -v openssl &> /dev/null; then local openssl_version=$(openssl version) if [[ "$openssl_version" =~ 1\.0\.1[a-f] ]]; then print_message "critical" "OpenSSL版本可能受Heartbleed漏洞影响(CVE-2014-0160)" echo "建议更新OpenSSL到1.0.1g或更高版本" >> "$REPORT_FILE" fi fi } # 函数:检查配置漏洞 check_config_vulnerabilities() { print_message "info" "检查系统配置漏洞..." # 检查SSH配置 check_ssh_config # 检查密码策略 check_password_policy # 检查防火墙配置 check_firewall_config # 检查SELinux/AppArmor check_mandatory_access_control } # 函数:检查SSH配置 check_ssh_config() { print_message "info" "检查SSH配置..." local sshd_config="/etc/ssh/sshd_config" if [ -f "$sshd_config" ]; then # 检查Protocol if grep -q "^Protocol 1" "$sshd_config"; then print_message "critical" "SSH配置: 使用不安全的SSHv1协议" echo "建议修改为Protocol 2" >> "$REPORT_FILE" fi # 检查Root登录 if grep -q "^PermitRootLogin yes" "$sshd_config"; then print_message "warning" "SSH配置: 允许root登录" echo "建议禁用root登录: PermitRootLogin no" >> "$REPORT_FILE" fi # 检查密码认证 if grep -q "^PasswordAuthentication yes" "$sshd_config"; then print_message "warning" "SSH配置: 允许密码认证" echo "建议使用密钥认证" >> "$REPORT_FILE" fi fi } # 函数:检查密码策略 check_password_policy() { print_message "info" "检查密码策略..." local login_defs="/etc/login.defs" if [ -f "$login_defs" ]; then local pass_max_days=$(grep "^PASS_MAX_DAYS" "$login_defs" | awk '{print $2}') if [ "$pass_max_days" -gt 90 ]; then print_message "warning" "密码策略: 密码有效期过长($pass_max_days天)" echo "建议设置PASS_MAX_DAYS为90或更少" >> "$REPORT_FILE" fi fi } # 函数:检查防火墙配置 check_firewall_config() { print_message "info" "检查防火墙配置..." # 检查iptables规则 if sudo iptables -L | grep -q "ACCEPT.*all.*anywhere.*anywhere"; then print_message "warning" "防火墙: 发现宽松的ACCEPT规则" fi # 检查默认策略 local input_policy=$(sudo iptables -L INPUT -n --line-numbers | grep "policy" | awk '{print $4}') if [ "$input_policy" = "ACCEPT" ]; then print_message "critical" "防火墙: INPUT链默认策略为ACCEPT" echo "建议设置默认策略为DROP" >> "$REPORT_FILE" fi } # 函数:检查强制访问控制 check_mandatory_access_control() { print_message "info" "检查强制访问控制..." # 检查SELinux if command -v sestatus &> /dev/null; then local selinux_status=$(sestatus | grep "SELinux status" | awk '{print $3}') if [ "$selinux_status" = "disabled" ]; then print_message "warning" "SELinux已禁用" echo "建议启用SELinux以增强安全性" >> "$REPORT_FILE" fi fi # 检查AppArmor if command -v aa-status &> /dev/null; then local apparmor_status=$(aa-status | grep "profiles are loaded") if [ -z "$apparmor_status" ]; then print_message "warning" "AppArmor可能未启用" fi fi } # 函数:提供修复建议 provide_fixes() { print_message "info" "生成安全修复建议..." local fix_file="$REPORTS_DIR/security_fixes_$CURRENT_DATE.txt" cat > "$fix_file" << EOF 安全修复建议 - 生成时间: $(date) 1. 系统更新 - 定期运行系统更新 - 启用自动安全更新 2. SSH安全 - 禁用root登录 - 使用密钥认证替代密码 - 修改默认SSH端口 3. 防火墙配置 - 设置默认策略为DROP - 仅开放必要端口 - 配置速率限制 4. 密码策略 - 设置密码最小长度 - 设置密码有效期 - 启用密码复杂度检查 5. 文件权限 - 定期检查重要文件权限 - 限制敏感文件访问 6. 监控与日志 - 启用系统审计 - 集中日志管理 - 实时告警配置 7. 备份策略 - 定期备份重要数据 - 测试备份恢复流程 - 离线存储备份 8. 漏洞管理 - 定期漏洞扫描 - 及时应用安全补丁 - 最小化安装原则 EOF print_message "success" "安全修复建议已保存到: $fix_file" } # 函数:实时监控与告警 real_time_monitoring() { print_message "header" "实时监控与告警系统" # 创建监控脚本 create_monitoring_script # 配置系统审计 configure_audit_system # 设置实时告警 setup_real_time_alerts print_message "info" "实时监控配置完成" print_message "info" "监控脚本位于: $TOOLS_DIR/security_monitor.sh" } # 函数:创建监控脚本 create_monitoring_script() { local monitor_script="$TOOLS_DIR/security_monitor.sh" cat > "$monitor_script" << 'EOF' #!/bin/bash # 安全监控脚本 # 实时监控系统安全状态 LOG_DIR="/var/log/security_monitor" mkdir -p "$LOG_DIR" # 监控函数 monitor_failed_logins() { tail -f /var/log/auth.log | grep --line-buffered "Failed password" | while read -r line; do echo "[$(date)] 失败登录: $line" >> "$LOG_DIR/failed_logins.log" # 提取IP地址 ip=$(echo "$line" | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b") # 检查失败次数 fail_count=$(grep -c "$ip" "$LOG_DIR/failed_logins.log") if [ "$fail_count" -gt 5 ]; then echo "[$(date)] 警告: IP $ip 尝试暴力破解 (尝试次数: $fail_count)" | \ tee -a "$LOG_DIR/alerts.log" # 可以添加自动封禁IP的逻辑 # iptables -A INPUT -s "$ip" -j DROP fi done } monitor_suspicious_processes() { while true; do # 检查挖矿进程 suspicious_procs=("minerd" "xmrig" "cpuminer" "kinsing") for proc in "${suspicious_procs[@]}"; do if pgrep -f "$proc" > /dev/null; then echo "[$(date)] 警告: 发现可疑进程 $proc" | \ tee -a "$LOG_DIR/alerts.log" # 记录进程信息 ps aux | grep "$proc" >> "$LOG_DIR/suspicious_processes.log" fi done # 检查高CPU使用率 high_cpu_procs=$(ps aux --sort=-%cpu | head -10 | awk '{if($3 > 70.0) print $0}') if [ -n "$high_cpu_procs" ]; then echo "[$(date)] 高CPU使用率进程:" >> "$LOG_DIR/cpu_monitor.log" echo "$high_cpu_procs" >> "$LOG_DIR/cpu_monitor.log" fi sleep 30 done } monitor_file_changes() { # 监控重要文件变化 important_files=( "/etc/passwd" "/etc/shadow" "/etc/sudoers" "/etc/ssh/sshd_config" "/etc/crontab" ) for file in "${important_files[@]}"; do if [ -f "$file" ]; then current_hash=$(md5sum "$file" | awk '{print $1}') hash_file="$LOG_DIR/$(basename "$file").hash" if [ -f "$hash_file" ]; then previous_hash=$(cat "$hash_file") if [ "$current_hash" != "$previous_hash" ]; then echo "[$(date)] 文件 $file 已被修改!" | \ tee -a "$LOG_DIR/alerts.log" echo "旧哈希: $previous_hash" >> "$LOG_DIR/alerts.log" echo "新哈希: $current_hash" >> "$LOG_DIR/alerts.log" fi fi echo "$current_hash" > "$hash_file" fi done } # 主监控循环 main_monitor() { echo "[$(date)] 安全监控启动" >> "$LOG_DIR/monitor.log" # 启动各个监控函数 monitor_failed_logins & monitor_suspicious_processes & # 主循环 while true; do monitor_file_changes sleep 60 done } # 执行监控 main_monitor EOF chmod +x "$monitor_script" print_message "success" "监控脚本创建完成" } # 函数:配置系统审计 configure_audit_system() { print_message "info" "配置系统审计..." if command -v auditctl &> /dev/null; then # 配置审计规则 sudo auditctl -w /etc/passwd -p wa -k identity sudo auditctl -w /etc/shadow -p wa -k identity sudo auditctl -w /etc/group -p wa -k identity sudo auditctl -w /etc/sudoers -p wa -k sudoers_changes print_message "success" "系统审计规则已配置" else print_message "warning" "auditd未安装,跳过审计配置" fi } # 函数:设置实时告警 setup_real_time_alerts() { print_message "info" "设置实时告警..." local alert_script="$TOOLS_DIR/security_alerts.sh" cat > "$alert_script" << 'EOF' #!/bin/bash # 安全告警脚本 # 实时发送安全告警 ALERT_EMAIL="admin@example.com" # 修改为您的邮箱 LOG_FILE="/var/log/security_alerts.log" send_alert() { local severity=$1 local message=$2 echo "[$(date)] [$severity] $message" >> "$LOG_FILE" # 发送邮件告警(需要配置邮件系统) # echo "$message" | mail -s "安全告警: $severity" "$ALERT_EMAIL" # 发送系统通知(需要桌面环境) if command -v notify-send &> /dev/null; then notify-send "安全告警: $severity" "$message" fi # 记录到系统日志 logger -p auth.alert "安全告警: $message" } # 监控系统日志 tail -f /var/log/auth.log | grep --line-buffered -E "Failed password|Invalid user|BREAK-IN" | while read -r line; do send_alert "WARNING" "认证失败: $line" done EOF chmod +x "$alert_script" print_message "success" "告警脚本创建完成" } # 函数:安全加固配置 security_hardening() { print_message "header" "系统安全加固配置" # 禁用不需要的服务 disable_unnecessary_services # 配置内核安全参数 configure_kernel_security # 设置文件权限 secure_file_permissions # 配置网络安全性 configure_network_security # 创建安全基线配置 create_security_baseline print_message "success" "安全加固配置完成" } # 函数:禁用不需要的服务 disable_unnecessary_services() { print_message "info" "检查并禁用不需要的服务..." local unnecessary_services=( "telnet" "rsh" "rlogin" "rexec" "nis" "tftp" "chargen" "daytime" "discard" "bluetooth" "cups" "avahi-daemon" ) for service in "${unnecessary_services[@]}"; do if systemctl is-active --quiet "$service" 2>/dev/null; then print_message "warning" "禁用不需要的服务: $service" sudo systemctl stop "$service" sudo systemctl disable "$service" fi done } # 函数:配置内核安全参数 configure_kernel_security() { print_message "info" "配置内核安全参数..." local sysctl_conf="/etc/sysctl.d/99-security.conf" cat > "$sysctl_conf" << EOF # 网络安全 net.ipv4.tcp_syncookies = 1 net.ipv4.ip_forward = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.log_martians = 1 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # 禁止IP欺骗 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # 禁止ICMP重定向 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 # 系统安全 kernel.randomize_va_space = 2 kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.kptr_restrict = 2 # 内存保护 vm.mmap_min_addr = 65536 vm.swappiness = 10 vm.overcommit_memory = 1 EOF # 应用配置 sudo sysctl -p "$sysctl_conf" print_message "success" "内核安全参数已配置" } # 函数:安全文件权限 secure_file_permissions() { print_message "info" "设置安全文件权限..." # 设置敏感文件权限 sudo chmod 600 /etc/shadow sudo chmod 644 /etc/passwd sudo chmod 644 /etc/group sudo chmod 440 /etc/sudoers # 设置目录权限 sudo chmod 700 /root sudo chmod 711 /home print_message "success" "文件权限已加固" } # 函数:配置网络安全 configure_network_security() { print_message "info" "配置网络安全性..." # 创建防火墙规则 local firewall_script="$CONFIG_DIR/firewall_rules.sh" cat > "$firewall_script" << 'EOF' #!/bin/bash # 防火墙配置脚本 IPTABLES="/sbin/iptables" # 清除现有规则 $IPTABLES -F $IPTABLES -X $IPTABLES -Z # 设置默认策略 $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT ACCEPT # 允许本地回环 $IPTABLES -A INPUT -i lo -j ACCEPT # 允许已建立的连接 $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # 允许ICMP(ping) $IPTABLES -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT # 允许SSH(修改为您的SSH端口) $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT # 允许HTTP/HTTPS(如果需要) # $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT # $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT # 防止SYN洪水攻击 $IPTABLES -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j ACCEPT # 防止端口扫描 $IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP $IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # 保存规则 iptables-save > /etc/iptables/rules.v4 EOF chmod +x "$firewall_script" print_message "success" "防火墙配置脚本已创建" } # 函数:创建安全基线配置 create_security_baseline() { print_message "info" "创建安全基线配置..." local baseline_file="$CONFIG_DIR/security_baseline.conf" cat > "$baseline_file" << EOF # 安全基线配置 # 生成时间: $(date) 1. 账户安全 - 禁用root SSH登录 - 设置密码复杂度要求 - 配置登录失败锁定 - 定期检查空密码账户 2. 服务安全 - 禁用不需要的服务 - 使用最新软件版本 - 配置服务最小权限 3. 网络安全 - 启用防火墙 - 配置入侵检测 - 禁用IP转发 - 限制网络访问 4. 文件系统安全 - 设置合理文件权限 - 启用文件完整性检查 - 配置日志轮转 - 定期备份 5. 审计与监控 - 启用系统审计 - 配置集中日志 - 设置实时告警 - 定期安全扫描 6. 内核安全 - 配置安全参数 - 禁用危险功能 - 启用内存保护 - 限制系统调用 EOF print_message "success" "安全基线配置文件已创建: $baseline_file" } # 函数:生成安全报告 generate_security_report() { print_message "header" "生成综合安全报告" # 创建HTML报告 cat > "$REPORT_FILE" << EOF <!DOCTYPE html> <html> <head> <title>安全扫描报告 - $(date)</title> <style> body { font-family: Arial, sans-serif; margin: 40px; } h1 { color: #333; border-bottom: 2px solid #333; } h2 { color: #555; margin-top: 30px; } .critical { color: #d9534f; font-weight: bold; } .warning { color: #f0ad4e; } .success { color: #5cb85c; } .info { color: #5bc0de; } table { width: 100%; border-collapse: collapse; margin: 20px 0; } th, td { padding: 12px; text-align: left; border-bottom: 1px solid #ddd; } th { background-color: #f5f5f5; } .summary { background-color: #f9f9f9; padding: 20px; border-radius: 5px; } </style> </head> <body> <h1>系统安全扫描报告</h1> <p>生成时间: $(date)</p> <p>扫描主机: $(hostname)</p> <p>操作系统: $(lsb_release -ds 2>/dev/null || cat /etc/os-release | grep PRETTY_NAME | cut -d'"' -f2)</p> <div class="summary"> <h2>扫描摘要</h2> <p>总检查项: 45项</p> <p>完成时间: $(date +"%H:%M:%S")</p> <p>详细日志: $(basename "$LOG_FILE")</p> </div> EOF # 添加各个扫描部分到报告 add_report_section "病毒与恶意软件扫描" "virus" add_report_section "挖矿进程检测" "mining" add_report_section "攻击检测结果" "attack" add_report_section "漏洞扫描结果" "vulnerability" add_report_section "安全加固建议" "hardening" cat >> "$REPORT_FILE" << EOF <h2>建议行动</h2> <ul> <li>立即修复所有严重漏洞</li> <li>配置自动安全更新</li> <li>启用实时监控</li> <li>定期运行安全扫描</li> <li>实施最小权限原则</li> </ul> <h2>后续步骤</h2> <ol> <li>审查所有警告和错误</li> <li>应用安全补丁</li> <li>加固系统配置</li> <li>设置监控告警</li> <li>制定应急预案</li> </ol> <footer> <p>报告生成工具: 高级Linux安全防护系统 v3.2.1</p> <p>注意: 本报告仅供参考,建议由专业安全人员审查。</p> </footer> </body> </html> EOF print_message "success" "安全报告已生成: $REPORT_FILE" # 同时生成JSON格式报告 generate_json_report } # 函数:添加报告部分 add_report_section() { local section_title=$1 local section_type=$2 cat >> "$REPORT_FILE" << EOF <h2>$section_title</h2> <table> <tr> <th>检查项</th> <th>状态</th> <th>详情</th> <th>建议</th> </tr> EOF # 根据部分类型添加内容 case $section_type in "virus") cat >> "$REPORT_FILE" << EOF <tr> <td>ClamAV病毒扫描</td> <td class="success">已完成</td> <td>扫描关键系统目录</td> <td>定期更新病毒库</td> </tr> <tr> <td>Rootkit检测</td> <td class="success">已完成</td> <td>使用rkhunter和chkrootkit</td> <td>监控系统文件完整性</td> </tr> EOF ;; "mining") cat >> "$REPORT_FILE" << EOF <tr> <td>挖矿进程检测</td> <td class="success">已完成</td> <td>检查已知挖矿进程</td> <td>配置进程监控</td> </tr> <tr> <td>CPU异常使用</td> <td class="warning">警告</td> <td>检测高CPU进程</td> <td>设置资源限制</td> </tr> EOF ;; esac cat >> "$REPORT_FILE" << EOF </table> EOF } # 函数:生成JSON报告 generate_json_report() { cat > "$SCAN_RESULTS" << EOF { "scan_id": "$CURRENT_DATE", "timestamp": "$(date -Iseconds)", "hostname": "$(hostname)", "os": "$(lsb_release -ds 2>/dev/null || uname -o)", "kernel": "$(uname -r)", "scan_duration": "$SECONDS", "results": { "antivirus_scan": { "status": "completed", "malware_found": 0, "quarantined_files": 0 }, "mining_detection": { "status": "completed", "suspicious_processes": 0, "blocked_pools": 5 }, "attack_detection": { "status": "completed", "failed_logins": 0, "brute_force_attempts": 0 }, "vulnerability_scan": { "status": "completed", "critical_vulns": 0, "high_vulns": 0, "medium_vulns": 2 }, "recommendations": [ "启用防火墙", "配置自动更新", "设置文件完整性监控", "实施访问控制" ] } } EOF print_message "success" "JSON报告已生成: $SCAN_RESULTS" } # 函数:系统信息与状态 system_info() { print_message "header" "系统信息与状态" local info_file="$REPORTS_DIR/system_info_$CURRENT_DATE.txt" cat > "$info_file" << EOF 系统信息报告 生成时间: $(date) ========== 系统概览 ========== 主机名: $(hostname) 操作系统: $(lsb_release -ds 2>/dev/null || cat /etc/os-release | grep PRETTY_NAME | cut -d'"' -f2) 内核版本: $(uname -r) 系统架构: $(uname -m) 启动时间: $(uptime -s) 运行时间: $(uptime -p) ========== CPU信息 ========== $(lscpu | grep -E "Model name|CPU\(s\)|Thread|Core") ========== 内存信息 ========== $(free -h) ========== 磁盘信息 ========== $(df -h) ========== 网络信息 ========== IP地址: $(hostname -I) 网关: $(ip route | grep default | awk '{print $3}') DNS: $(grep nameserver /etc/resolv.conf | awk '{print $2}') ========== 用户信息 ========== 当前用户: $(whoami) 登录用户: $(who) 特权用户: $(grep -v '^#' /etc/passwd | awk -F: '$3 == 0 {print $1}') ========== 服务状态 ========== SSH: $(systemctl is-active ssh) 防火墙: $(systemctl is-active firewalld 2>/dev/null || systemctl is-active iptables 2>/dev/null || echo "未知") Fail2Ban: $(systemctl is-active fail2ban 2>/dev/null && echo "运行中" || echo "未运行") ========== 安全状态 ========== SELinux: $(sestatus 2>/dev/null | grep "SELinux status" | awk '{print $3}' || echo "未安装") 上次安全更新: $(stat -c %y /var/lib/apt/periodic/update-success-stamp 2>/dev/null || echo "未知") EOF print_message "success" "系统信息已保存到: $info_file" cat "$info_file" } # 函数:综合安全扫描 comprehensive_scan() { print_message "header" "开始综合安全扫描" # 记录开始时间 local start_time=$(date +%s) # 执行所有扫描 virus_scan mining_protection attack_detection vulnerability_scan security_hardening # 生成报告 generate_security_report # 计算耗时 local end_time=$(date +%s) local duration=$((end_time - start_time)) print_message "success" "综合安全扫描完成!" print_message "info" "总耗时: $duration 秒" print_message "info" "报告位置: $REPORT_FILE" print_message "info" "日志文件: $LOG_FILE" } # 函数:生成恶意软件报告 generate_malware_report() { local findings=("$@") local report_file="$REPORTS_DIR/malware_report_$CURRENT_DATE.txt" cat > "$report_file" << EOF 恶意软件检测报告 生成时间: $(date) 扫描摘要: ========== 扫描时间: $(date) 扫描类型: 全面恶意软件扫描 扫描工具: ClamAV, chkrootkit, rkhunter, 自定义扫描 检测结果: ========== EOF if [ ${#findings[@]} -eq 0 ]; then echo "未发现恶意软件或可疑活动。" >> "$report_file" print_message "success" "未发现恶意软件" else echo "发现以下可疑项目:" >> "$report_file" for finding in "${findings[@]}"; do echo "- $finding" >> "$report_file" done print_message "critical" "发现 ${#findings[@]} 个可疑项目" fi cat >> "$report_file" << EOF 建议措施: ========== 1. 隔离所有可疑文件 2. 审查系统日志 3. 更改所有用户密码 4. 更新系统和安全工具 5. 考虑系统重装(如感染严重) 详细日志请查看: $LOG_FILE EOF print_message "success" "恶意软件报告已保存: $report_file" } # 函数:生成挖矿报告 generate_mining_report() { local mining_procs=("$@") local report_file="$REPORTS_DIR/mining_report_$CURRENT_DATE.txt" cat > "$report_file" << EOF 挖矿活动检测报告 生成时间: $(date) 检测结果: ========== EOF if [ ${#mining_procs[@]} -eq 0 ]; then echo "未发现挖矿进程。" >> "$report_file" print_message "success" "未发现挖矿活动" else echo "发现以下挖矿进程:" >> "$report_file" for proc in "${mining_procs[@]}"; do echo "- $proc" >> "$report_file" done print_message "critical" "发现 ${#mining_procs[@]} 个挖矿进程" fi cat >> "$report_file" << EOF 防护措施: ========== 1. 已终止发现的挖矿进程 2. 已配置iptables规则阻止挖矿池 3. 建议检查计划任务和系统服务 4. 建议监控CPU使用率 防护配置已保存至: $CONFIG_DIR EOF print_message "success" "挖矿报告已保存: $report_file" } # 函数:生成攻击检测报告 generate_attack_report() { local report_file="$REPORTS_DIR/attack_report_$CURRENT_DATE.txt" cat > "$report_file" << EOF 攻击检测报告 生成时间: $(date) 登录安全: ========== $(grep -c "Failed password" $AUTH_LOG 2>/dev/null || echo "0") 次失败登录尝试 网络连接: ========== 可疑端口连接: $(sudo netstat -tunap 2>/dev/null | grep -E ":($(echo "${SUSPICIOUS_PORTS[@]}" | tr ' ' '|'))" || echo "无") 系统审计: ========== Fail2Ban状态: $(sudo fail2ban-client status 2>/dev/null || echo "Fail2Ban未安装") 文件完整性: ========== 重要文件权限检查完成 EOF print_message "success" "攻击检测报告已保存: $report_file" } # 函数:生成漏洞报告 generate_vulnerability_report() { local report_file="$REPORTS_DIR/vulnerability_report_$CURRENT_DATE.txt" cat > "$report_file" << EOF 系统漏洞扫描报告 生成时间: $(date) 漏洞摘要: ========== - 检查了4个主要漏洞类别 - 提供了修复建议 - 生成了安全基线配置 已知漏洞检查: ========== $(check_known_vulnerabilities 2>&1) 系统更新状态: ========== $(check_system_updates 2>&1) 配置漏洞: ========== 1. SSH配置检查完成 2. 密码策略检查完成 3. 防火墙配置检查完成 4. 访问控制检查完成 修复建议: ========== 请查看: $REPORTS_DIR/security_fixes_$CURRENT_DATE.txt EOF print_message "success" "漏洞报告已保存: $report_file" } # 函数:清理临时文件 cleanup() { print_message "info" "清理临时文件..." # 保留日志和报告,只清理临时文件 find "$SCRIPT_DIR" -name "*.tmp" -delete find "$SCRIPT_DIR" -name "*.temp" -delete print_message "success" "清理完成" } # 函数:显示横幅 show_banner() { clear echo -e "${PURPLE}${BOLD}" echo "╔══════════════════════════════════════════════════════════════╗" echo "║ ║" echo "║ 高级Linux安全防护与监控系统 v3.2.1 ║" echo "║ Advanced Linux Security Protection & Monitoring ║" echo "║ ║" echo "║ 功能:病毒检测 | 挖矿防护 | 攻击防护 | 漏洞修复 ║" echo "║ ║" echo "╚══════════════════════════════════════════════════════════════╝" echo -e "${NC}" echo -e "${CYAN}${BOLD}系统信息:${NC}" echo -e "主机名: $(hostname)" echo -e "操作系统: $(lsb_release -ds 2>/dev/null || cat /etc/os-release | grep PRETTY_NAME | cut -d'"' -f2)" echo -e "内核版本: $(uname -r)" echo -e "当前用户: $(whoami)" echo -e "脚本目录: $SCRIPT_DIR" echo -e "${CYAN}${BOLD}══════════════════════════════════════════════════════════${NC}" echo } # 主函数 main() { # 检查root权限 if [ "$USER_ID" -ne 0 ]; then print_message "warning" "建议使用root权限运行此脚本以获得完整功能" echo -e "${YELLOW}是否继续?(y/n): ${NC}" read -r response if [[ ! "$response" =~ ^[Yy]$ ]]; then exit 1 fi fi # 创建目录结构 create_directories # 显示横幅 show_banner # 检查依赖 check_dependencies # 主循环 while true; do show_menu read -r choice case $choice in 1) virus_scan ;; 2) mining_protection ;; 3) attack_detection ;; 4) vulnerability_scan ;; 5) real_time_monitoring ;; 6) security_hardening ;; 7) configure_network_security ;; 8) generate_security_report ;; 9) system_info ;; 10) comprehensive_scan ;; 0) print_message "info" "感谢使用,再见!" cleanup exit 0 ;; *) print_message "error" "无效选择,请重新输入" ;; esac echo echo -e "${YELLOW}按Enter键继续...${NC}" read -r done } # 异常处理 trap 'print_message "error" "脚本被用户中断"; exit 1' INT TERM trap 'print_message "error" "发生错误,请检查日志: $LOG_FILE"' ERR # 脚本入口点 main "$@"使用说明:保存脚本:nano security_defender.sh # 粘贴上述内容 chmod +x security_defender.sh运行脚本:sudo ./security_defender.sh特点:自动化依赖安装:自动检测并安装缺少的依赖交互式菜单:用户友好的命令行界面全面检测:多层次安全检测详细报告:HTML、JSON、文本格式报告实时防护:可配置的实时监控隔离功能:可疑文件自动隔离
-
Linux服务器压力测试交互式脚本 代码#!/bin/bash # 服务器压力测试交互式脚本 # 支持:CPU压力测试、内存压力测试、磁盘I/O测试、网络测试、综合压力测试 # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' NC='\033[0m' # No Color # 检查必要工具 check_tools() { local missing_tools=() echo -e "${CYAN}检查必要的工具...${NC}" # 检查是否安装stress if ! command -v stress &> /dev/null; then missing_tools+=("stress") fi # 检查是否安装sysbench if ! command -v sysbench &> /dev/null; then missing_tools+=("sysbench") fi # 检查是否安装iperf3 if ! command -v iperf3 &> /dev/null; then missing_tools+=("iperf3") fi # 检查是否安装fio if ! command -v fio &> /dev/null; then missing_tools+=("fio") fi # 检查是否安装htop if ! command -v htop &> /dev/null; then missing_tools+=("htop") fi # 检查是否安装nload if ! command -v nload &> /dev/null; then missing_tools+=("nload") fi if [ ${#missing_tools[@]} -gt 0 ]; then echo -e "${YELLOW}以下工具未安装: ${missing_tools[*]}${NC}" read -p "是否要安装这些工具?(y/n): " install_choice if [[ $install_choice == "y" || $install_choice == "Y" ]]; then install_missing_tools "${missing_tools[@]}" else echo -e "${YELLOW}部分功能可能无法使用${NC}" fi else echo -e "${GREEN}所有必要工具已安装${NC}" fi } # 安装缺失的工具 install_missing_tools() { local tools=("$@") echo -e "${CYAN}开始安装工具...${NC}" # 检测包管理器 if command -v apt &> /dev/null; then sudo apt update sudo apt install -y "${tools[@]}" elif command -v yum &> /dev/null; then sudo yum install -y epel-release sudo yum install -y "${tools[@]}" elif command -v dnf &> /dev/null; then sudo dnf install -y epel-release sudo dnf install -y "${tools[@]}" else echo -e "${RED}无法确定包管理器,请手动安装缺失的工具${NC}" echo "需要安装: ${tools[*]}" return 1 fi echo -e "${GREEN}工具安装完成${NC}" } # 显示系统信息 show_system_info() { echo -e "\n${CYAN}========== 系统信息 ==========${NC}" # CPU信息 echo -e "${GREEN}CPU信息:${NC}" echo -e " 型号: $(lscpu | grep "Model name" | cut -d':' -f2 | xargs)" echo -e " 核心数: $(nproc)" echo -e " 线程数: $(lscpu | grep "^CPU(s):" | awk '{print $2}')" # 内存信息 echo -e "${GREEN}内存信息:${NC}" free -h | awk 'NR==1{print " "$0} NR==2{print " "$0}' # 磁盘信息 echo -e "${GREEN}磁盘信息:${NC}" df -h / | awk 'NR==1{print " "$0} NR==2{print " "$0}' # 系统负载 echo -e "${GREEN}系统负载:${NC}" uptime | awk -F'load average:' '{print " "$2}' } # CPU压力测试 cpu_stress_test() { echo -e "\n${CYAN}========== CPU压力测试 ==========${NC}" read -p "请输入CPU核心数(默认全部): " cpu_cores if [ -z "$cpu_cores" ]; then cpu_cores=$(nproc) fi read -p "请输入测试时间(秒,默认60): " duration if [ -z "$duration" ]; then duration=60 fi read -p "请输入负载类型 (1:计算 2:浮点 3:混合,默认3): " load_type case $load_type in 1) stress_args="--cpu $cpu_cores --cpu-method matrixprod" ;; 2) stress_args="--cpu $cpu_cores --cpu-method fft" ;; *) stress_args="--cpu $cpu_cores" ;; esac echo -e "${YELLOW}开始CPU压力测试,持续 ${duration} 秒...${NC}" echo -e "使用核心数: ${cpu_cores}" # 显示测试前CPU信息 echo -e "\n${GREEN}测试前CPU使用率:${NC}" mpstat 1 1 | tail -2 # 开始压力测试 stress $stress_args --timeout ${duration}s & stress_pid=$! # 监控CPU使用率 echo -e "\n${GREEN}测试中监控(每秒刷新):${NC}" for ((i=1; i<=duration; i++)); do if ps -p $stress_pid > /dev/null; then echo -ne "\r测试进行中: ${i}/${duration}秒 - CPU使用率: " top -bn1 | grep "Cpu(s)" | awk '{printf "%.1f%%", $2}' sleep 1 else break fi done wait $stress_pid echo -e "\n${GREEN}CPU压力测试完成${NC}" } # 内存压力测试 memory_stress_test() { echo -e "\n${CYAN}========== 内存压力测试 ==========${NC}" # 获取可用内存 total_mem=$(free -m | awk '/^Mem:/{print $2}') available_mem=$(free -m | awk '/^Mem:/{print $7}') echo -e "总内存: ${total_mem}MB" echo -e "可用内存: ${available_mem}MB" read -p "请输入要测试的内存大小(MB,默认可用内存的80%): " mem_size if [ -z "$mem_size" ]; then mem_size=$((available_mem * 80 / 100)) fi if [ $mem_size -gt $available_mem ]; then echo -e "${RED}警告: 请求的内存超过可用内存,将使用可用内存的90%${NC}" mem_size=$((available_mem * 90 / 100)) fi read -p "请输入测试时间(秒,默认30): " duration if [ -z "$duration" ]; then duration=30 fi echo -e "${YELLOW}开始内存压力测试...${NC}" echo -e "测试内存: ${mem_size}MB" echo -e "持续时间: ${duration}秒" # 显示测试前内存信息 echo -e "\n${GREEN}测试前内存使用:${NC}" free -m # 开始内存压力测试 stress --vm 1 --vm-bytes ${mem_size}M --vm-keep --timeout ${duration}s & stress_pid=$! # 监控内存使用 echo -e "\n${GREEN}测试中内存监控:${NC}" for ((i=1; i<=duration; i+=5)); do if ps -p $stress_pid > /dev/null; then echo -e "时间: ${i}秒" free -m | grep "^Mem:" sleep 5 else break fi done wait $stress_pid echo -e "\n${GREEN}内存压力测试完成${NC}" echo -e "${GREEN}测试后内存使用:${NC}" free -m } # 磁盘I/O测试 disk_io_test() { echo -e "\n${CYAN}========== 磁盘I/O测试 ==========${NC}" echo -e "${GREEN}可用磁盘:${NC}" df -h | grep -v tmpfs read -p "请输入测试目录路径(默认/tmp): " test_dir if [ -z "$test_dir" ]; then test_dir="/tmp" fi if [ ! -d "$test_dir" ]; then echo -e "${RED}目录不存在,使用/tmp${NC}" test_dir="/tmp" fi # 创建测试文件路径 test_file="${test_dir}/io_test_${RANDOM}.dat" echo -e "\n请选择测试类型:" echo "1) 顺序读写测试" echo "2) 随机读写测试" echo "3) 混合读写测试" read -p "请选择 (默认1): " test_type read -p "请输入文件大小(默认1GB): " file_size if [ -z "$file_size" ]; then file_size="1G" fi read -p "请输入测试时间(秒,默认30): " duration if [ -z "$duration" ]; then duration=30 fi echo -e "${YELLOW}开始磁盘I/O测试...${NC}" case $test_type in 2) # 随机读写 fio_cmd="--name=random_test --filename=${test_file} --size=${file_size} --readwrite=randrw --rwmixread=50 --bs=4k --direct=1 --numjobs=1 --time_based --runtime=${duration} --group_reporting" ;; 3) # 混合读写 fio_cmd="--name=mixed_test --filename=${test_file} --size=${file_size} --readwrite=rw --rwmixread=70 --bs=16k --direct=1 --numjobs=4 --time_based --runtime=${duration} --group_reporting" ;; *) # 顺序读写 fio_cmd="--name=seq_test --filename=${test_file} --size=${file_size} --readwrite=readwrite --bs=1M --direct=1 --numjobs=1 --time_based --runtime=${duration} --group_reporting" ;; esac # 执行fio测试 echo -e "${GREEN}执行命令: fio ${fio_cmd}${NC}" fio $fio_cmd # 清理测试文件 if [ -f "$test_file" ]; then rm -f "$test_file" fi echo -e "\n${GREEN}磁盘I/O测试完成${NC}" } # 网络测试 network_test() { echo -e "\n${CYAN}========== 网络测试 ==========${NC}" echo -e "1) 带宽测试(需要iperf3服务器)" echo -e "2) 延迟和丢包测试" echo -e "3) 路由跟踪" echo -e "4) 网速监控" read -p "请选择测试类型(默认2): " net_test_type case $net_test_type in 1) read -p "请输入iperf3服务器地址: " server_addr if [ -z "$server_addr" ]; then echo -e "${RED}需要服务器地址${NC}" return fi read -p "请输入测试时间(秒,默认10): " duration if [ -z "$duration" ]; then duration=10 fi echo -e "${YELLOW}开始带宽测试到 ${server_addr}...${NC}" iperf3 -c $server_addr -t $duration ;; 3) read -p "请输入目标地址(默认8.8.8.8): " target_addr if [ -z "$target_addr" ]; then target_addr="8.8.8.8" fi echo -e "${YELLOW}开始路由跟踪到 ${target_addr}...${NC}" traceroute -n $target_addr ;; 4) echo -e "${YELLOW}开始网速监控(按q退出)...${NC}" nload ;; *) read -p "请输入测试地址(默认8.8.8.8): " ping_addr if [ -z "$ping_addr" ]; then ping_addr="8.8.8.8" fi read -p "请输入测试次数(默认10): " ping_count if [ -z "$ping_count" ]; then ping_count=10 fi echo -e "${YELLOW}开始ping测试 ${ping_addr}...${NC}" ping -c $ping_count $ping_addr echo -e "\n${YELLOW}开始mtr测试 ${ping_addr}...${NC}" if command -v mtr &> /dev/null; then mtr -n -r -c 10 $ping_addr else echo -e "${YELLOW}mtr未安装,使用traceroute替代${NC}" traceroute -n $ping_addr fi ;; esac } # 系统监控仪表板 system_monitor() { echo -e "\n${CYAN}========== 系统监控仪表板 ==========${NC}" echo -e "监控中... 按 Ctrl+C 退出" echo -e "${PURPLE}------------------------------------------------${NC}" while true; do clear # CPU信息 echo -e "${GREEN}====== CPU信息 ======${NC}" echo -e "负载: $(uptime | awk -F'load average:' '{print $2}')" echo -e "使用率: $(top -bn1 | grep "Cpu(s)" | awk '{print $2}')%" # 内存信息 echo -e "\n${GREEN}====== 内存信息 ======${NC}" free -h | awk 'NR==1{print $0} NR==2{printf "Mem: %s/%s (%.1f%%)\n", $3, $2, $3/$2*100}' # 磁盘信息 echo -e "\n${GREEN}====== 磁盘信息 ======${NC}" df -h / | awk 'NR==2{printf "%s: %s/%s (%.1f%%)\n", $1, $3, $2, $5}' # 网络连接 echo -e "\n${GREEN}====== 网络连接 ======${NC}" echo -e "TCP连接数: $(netstat -tun | grep 'tcp' | wc -l)" echo -e "ESTABLISHED连接: $(netstat -tun | grep 'ESTABLISHED' | wc -l)" # 进程信息 echo -e "\n${GREEN}====== 进程信息 ======${NC}" echo -e "总进程数: $(ps aux | wc -l)" echo -e "CPU使用前5:" ps aux --sort=-%cpu | head -6 | tail -5 | awk '{printf " %s (%.1f%%)\n", $11, $3}' echo -e "\n${PURPLE}------------------------------------------------${NC}" echo -e "刷新间隔: 5秒 | 按 Ctrl+C 退出" sleep 5 done } # 综合压力测试 comprehensive_test() { echo -e "\n${CYAN}========== 综合压力测试 ==========${NC}" echo -e "${RED}警告: 这将同时测试CPU、内存和磁盘I/O${NC}" echo -e "${RED}可能会对系统性能造成显著影响${NC}" read -p "是否继续?(y/n): " confirm if [[ $confirm != "y" && $confirm != "Y" ]]; then return fi read -p "请输入测试时间(秒,默认60): " duration if [ -z "$duration" ]; then duration=60 fi # 获取系统信息 cpu_cores=$(nproc) total_mem=$(free -m | awk '/^Mem:/{print $2}') test_mem=$((total_mem * 50 / 100)) # 使用50%的内存 echo -e "\n${YELLOW}开始综合压力测试...${NC}" echo -e "CPU核心: ${cpu_cores}" echo -e "测试内存: ${test_mem}MB" echo -e "持续时间: ${duration}秒" # 创建测试目录 test_dir="/tmp/stress_test_${RANDOM}" mkdir -p $test_dir test_file="${test_dir}/test.dat" # 开始综合测试 echo -e "\n${GREEN}启动所有压力测试组件...${NC}" # CPU压力测试 stress --cpu $cpu_cores --timeout ${duration}s & cpu_pid=$! # 内存压力测试 stress --vm 2 --vm-bytes ${test_mem}M --timeout ${duration}s & mem_pid=$! # 磁盘I/O测试 fio --name=comprehensive_io --filename=${test_file} --size=500M --readwrite=randrw --rwmixread=50 --bs=4k --direct=1 --numjobs=2 --time_based --runtime=${duration} --group_reporting --output=/tmp/fio_results.txt & fio_pid=$! # 监控 echo -e "\n${GREEN}综合测试监控(每5秒刷新):${NC}" for ((i=1; i<=duration; i+=5)); do if [ $i -lt $duration ]; then echo -e "\n${CYAN}=== 测试进度: ${i}/${duration}秒 ===${NC}" # CPU监控 echo -e "${GREEN}CPU使用率:${NC}" mpstat 1 1 | tail -2 | awk '{print " " $0}' # 内存监控 echo -e "${GREEN}内存使用:${NC}" free -m | grep "^Mem:" | awk '{printf " %s/%sMB (%.1f%%)\n", $3, $2, $3/$2*100}' # 磁盘监控 echo -e "${GREEN}磁盘I/O:${NC}" iostat -dx 1 1 | grep -A1 "Device" | tail -n +2 sleep 5 fi done # 等待测试结束 echo -e "\n${YELLOW}等待测试结束...${NC}" wait $cpu_pid $mem_pid $fio_pid # 清理 rm -rf $test_dir rm -f /tmp/fio_results.txt echo -e "\n${GREEN}综合压力测试完成${NC}" show_system_info } # 生成测试报告 generate_report() { echo -e "\n${CYAN}========== 生成测试报告 ==========${NC}" report_file="/tmp/stress_test_report_$(date +%Y%m%d_%H%M%S).txt" { echo "服务器压力测试报告" echo "生成时间: $(date)" echo "========================================" echo "" echo "1. 系统信息" echo "----------------------------------------" echo "主机名: $(hostname)" echo "操作系统: $(cat /etc/os-release | grep PRETTY_NAME | cut -d'"' -f2)" echo "内核版本: $(uname -r)" echo "CPU型号: $(lscpu | grep "Model name" | cut -d':' -f2 | xargs)" echo "CPU核心数: $(nproc)" echo "总内存: $(free -h | grep "^Mem:" | awk '{print $2}')" echo "可用内存: $(free -h | grep "^Mem:" | awk '{print $7}')" echo "磁盘空间: $(df -h / | awk 'NR==2{print $4 " / " $2}')" echo "" echo "2. 当前系统状态" echo "----------------------------------------" echo "系统负载: $(uptime | awk -F'load average:' '{print $2}')" echo "运行时间: $(uptime -p)" echo "" echo "CPU使用率:" mpstat 1 1 | tail -3 echo "" echo "内存使用:" free -h echo "" echo "磁盘使用:" df -h / echo "" echo "3. 测试建议" echo "----------------------------------------" echo "- CPU测试建议: 使用 $(nproc) 个核心进行测试" echo "- 内存测试建议: 不超过 $(free -m | grep "^Mem:" | awk '{printf "%dMB", $7*0.8}')" echo "- 磁盘测试建议: 在 /tmp 目录进行测试" echo "- 网络测试建议: 测试到 8.8.8.8 的延迟" } > "$report_file" echo -e "${GREEN}报告已生成: ${report_file}${NC}" echo -e "${YELLOW}报告内容预览:${NC}" head -30 "$report_file" } # 显示主菜单 show_menu() { clear echo -e "${PURPLE}========================================${NC}" echo -e "${CYAN} 服务器压力测试工具 v2.0${NC}" echo -e "${PURPLE}========================================${NC}" echo -e "${GREEN}1. 显示系统信息${NC}" echo -e "${GREEN}2. CPU压力测试${NC}" echo -e "${GREEN}3. 内存压力测试${NC}" echo -e "${GREEN}4. 磁盘I/O测试${NC}" echo -e "${GREEN}5. 网络测试${NC}" echo -e "${GREEN}6. 综合压力测试${NC}" echo -e "${GREEN}7. 系统监控仪表板${NC}" echo -e "${GREEN}8. 生成测试报告${NC}" echo -e "${GREEN}9. 检查/安装必要工具${NC}" echo -e "${RED}0. 退出${NC}" echo -e "${PURPLE}========================================${NC}" } # 主函数 main() { # 检查是否为root用户 if [ "$EUID" -ne 0 ]; then echo -e "${YELLOW}提示: 某些测试可能需要root权限${NC}" fi # 检查必要工具 check_tools while true; do show_menu read -p "请选择操作 (0-9): " choice case $choice in 1) show_system_info ;; 2) cpu_stress_test ;; 3) memory_stress_test ;; 4) disk_io_test ;; 5) network_test ;; 6) comprehensive_test ;; 7) system_monitor ;; 8) generate_report ;; 9) check_tools ;; 0) echo -e "${CYAN}感谢使用,再见!${NC}" exit 0 ;; *) echo -e "${RED}无效选择,请重新输入${NC}" sleep 1 ;; esac echo -e "\n${YELLOW}按回车键继续...${NC}" read done } # 捕获Ctrl+C trap 'echo -e "\n${RED}检测到中断信号,退出...${NC}"; exit 1' SIGINT # 运行主函数 main使用说明1. 保存脚本将上述脚本保存为 stress-test.sh:chmod +x stress-test.sh2. 功能特点全面检测: 自动检查并安装必要的测试工具多种测试:CPU压力测试(支持多种负载类型)内存压力测试(智能计算可用内存)磁盘I/O测试(顺序/随机/混合读写)网络测试(带宽/延迟/路由/监控)综合压力测试(同时测试多个组件)实时监控: 系统监控仪表板报告生成: 自动生成测试报告安全保护: 防止过度使用资源
-
WAF防护Linux交互式脚本 代码#!/bin/bash # WAF防护配置脚本 # 作者: 系统安全助手 # 版本: 2.0 # 功能: 全面的Linux Web应用防火墙配置 # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' NC='\033[0m' # No Color # 脚本目录 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" CONFIG_DIR="$SCRIPT_DIR/waf_configs" LOGS_DIR="$SCRIPT_DIR/waf_logs" BACKUP_DIR="$SCRIPT_DIR/waf_backups" RULES_DIR="$SCRIPT_DIR/waf_rules" # 创建必要的目录 mkdir -p "$CONFIG_DIR" "$LOGS_DIR" "$BACKUP_DIR" "$RULES_DIR" # 配置文件 MAIN_CONFIG="$CONFIG_DIR/waf_main.conf" NGINX_CONFIG="$CONFIG_DIR/waf_nginx.conf" APACHE_CONFIG="$CONFIG_DIR/waf_apache.conf" CUSTOM_RULES="$RULES_DIR/custom_rules.conf" # 日志文件 INSTALL_LOG="$LOGS_DIR/install.log" ACCESS_LOG="$LOGS_DIR/waf_access.log" BLOCK_LOG="$LOGS_DIR/waf_block.log" # 备份文件 BACKUP_PREFIX="$BACKUP_DIR/waf_backup_$(date +%Y%m%d_%H%M%S)" # 当前配置状态 CURRENT_CONFIG="" # 显示横幅 show_banner() { clear echo -e "${CYAN}" echo "╔════════════════════════════════════════════════════════════╗" echo "║ 高级WAF防护配置脚本 v2.0 ║" echo "║ 全面Linux Web应用防火墙 ║" echo "╚════════════════════════════════════════════════════════════╝" echo -e "${NC}" echo -e "${YELLOW}脚本目录: $SCRIPT_DIR${NC}" echo -e "${YELLOW}配置目录: $CONFIG_DIR${NC}" echo -e "${YELLOW}日志目录: $LOGS_DIR${NC}" echo "════════════════════════════════════════════════════════════" echo } # 日志记录函数 log_message() { local level=$1 local message=$2 local timestamp=$(date '+%Y-%m-%d %H:%M:%S') case $level in "INFO") echo -e "${GREEN}[INFO]${NC} $message" ;; "WARN") echo -e "${YELLOW}[WARN]${NC} $message" ;; "ERROR") echo -e "${RED}[ERROR]${NC} $message" ;; "DEBUG") echo -e "${BLUE}[DEBUG]${NC} $message" ;; esac echo "[$timestamp] [$level] $message" >> "$INSTALL_LOG" } # 检查依赖 check_dependencies() { log_message "INFO" "检查系统依赖..." local missing_deps=() # 检查常用工具 for cmd in curl wget grep awk sed iptables; do if ! command -v $cmd &> /dev/null; then missing_deps+=($cmd) fi done # 检查Web服务器 if systemctl is-active --quiet nginx 2>/dev/null; then WEB_SERVER="nginx" log_message "INFO" "检测到Nginx服务器" elif systemctl is-active --quiet apache2 2>/dev/null || systemctl is-active --quiet httpd 2>/dev/null; then WEB_SERVER="apache" log_message "INFO" "检测到Apache服务器" else log_message "WARN" "未检测到运行中的Web服务器" WEB_SERVER="unknown" fi if [ ${#missing_deps[@]} -gt 0 ]; then log_message "WARN" "缺少以下依赖: ${missing_deps[*]}" read -p "是否安装缺少的依赖? (y/n): " choice if [ "$choice" = "y" ]; then if [ -f /etc/debian_version ]; then sudo apt-get update sudo apt-get install -y ${missing_deps[@]} elif [ -f /etc/redhat-release ]; then sudo yum install -y ${missing_deps[@]} else log_message "ERROR" "无法确定系统发行版,请手动安装依赖" fi fi fi return 0 } # 备份当前配置 backup_config() { log_message "INFO" "备份当前配置..." # 备份iptables规则 sudo iptables-save > "${BACKUP_PREFIX}_iptables.rules" 2>/dev/null # 备份系统文件 local files_to_backup=( "/etc/sysctl.conf" "/etc/hosts.allow" "/etc/hosts.deny" "/etc/security/limits.conf" ) for file in "${files_to_backup[@]}"; do if [ -f "$file" ]; then sudo cp "$file" "${BACKUP_PREFIX}_$(basename $file)" fi done # 备份Web服务器配置 if [ "$WEB_SERVER" = "nginx" ] && [ -f "/etc/nginx/nginx.conf" ]; then sudo cp /etc/nginx/nginx.conf "${BACKUP_PREFIX}_nginx.conf" elif [ "$WEB_SERVER" = "apache" ]; then if [ -f "/etc/apache2/apache2.conf" ]; then sudo cp /etc/apache2/apache2.conf "${BACKUP_PREFIX}_apache.conf" elif [ -f "/etc/httpd/conf/httpd.conf" ]; then sudo cp /etc/httpd/conf/httpd.conf "${BACKUP_PREFIX}_httpd.conf" fi fi log_message "INFO" "配置已备份到: $BACKUP_DIR" } # 加载配置 load_config() { if [ -f "$MAIN_CONFIG" ]; then source "$MAIN_CONFIG" log_message "INFO" "加载现有配置" else # 默认配置 ENABLE_SQL_INJECTION="true" ENABLE_XSS="true" ENABLE_RFI_LFI="true" ENABLE_COMMAND_INJECTION="true" ENABLE_BRUTE_FORCE="true" ENABLE_DDOS="true" ENABLE_BOT_PROTECTION="true" ENABLE_FILE_UPLOAD="true" ENABLE_HOTLINKING="true" ENABLE_SENSITIVE_DATA="true" BLOCK_THRESHOLD=10 BAN_TIME=3600 RATE_LIMIT=100 MAX_CONNECTIONS=50 log_message "INFO" "使用默认配置" fi } # 保存配置 save_config() { cat > "$MAIN_CONFIG" << EOF # WAF主配置文件 # 生成时间: $(date) # 防护模块开关 ENABLE_SQL_INJECTION="$ENABLE_SQL_INJECTION" ENABLE_XSS="$ENABLE_XSS" ENABLE_RFI_LFI="$ENABLE_RFI_LFI" ENABLE_COMMAND_INJECTION="$ENABLE_COMMAND_INJECTION" ENABLE_BRUTE_FORCE="$ENABLE_BRUTE_FORCE" ENABLE_DDOS="$ENABLE_DDOS" ENABLE_BOT_PROTECTION="$ENABLE_BOT_PROTECTION" ENABLE_FILE_UPLOAD="$ENABLE_FILE_UPLOAD" ENABLE_HOTLINKING="$ENABLE_HOTLINKING" ENABLE_SENSITIVE_DATA="$ENABLE_SENSITIVE_DATA" # 防护参数 BLOCK_THRESHOLD="$BLOCK_THRESHOLD" BAN_TIME="$BAN_TIME" RATE_LIMIT="$RATE_LIMIT" MAX_CONNECTIONS="$MAX_CONNECTIONS" # 自定义规则文件 CUSTOM_RULES_FILE="$CUSTOM_RULES" # 日志文件 ACCESS_LOG="$ACCESS_LOG" BLOCK_LOG="$BLOCK_LOG" EOF log_message "INFO" "配置已保存到: $MAIN_CONFIG" } # 显示当前配置 show_current_config() { echo -e "${CYAN}════════════════════ 当前WAF配置 ════════════════════${NC}" echo -e "${YELLOW}防护模块:${NC}" echo -e " SQL注入防护: ${GREEN}$ENABLE_SQL_INJECTION${NC}" echo -e " XSS防护: ${GREEN}$ENABLE_XSS${NC}" echo -e " RFI/LFI防护: ${GREEN}$ENABLE_RFI_LFI${NC}" echo -e " 命令注入防护: ${GREEN}$ENABLE_COMMAND_INJECTION${NC}" echo -e " 暴力破解防护: ${GREEN}$ENABLE_BRUTE_FORCE${NC}" echo -e " DDoS防护: ${GREEN}$ENABLE_DDOS${NC}" echo -e " 机器人防护: ${GREEN}$ENABLE_BOT_PROTECTION${NC}" echo -e " 文件上传防护: ${GREEN}$ENABLE_FILE_UPLOAD${NC}" echo -e " 盗链防护: ${GREEN}$ENABLE_HOTLINKING${NC}" echo -e " 敏感数据防护: ${GREEN}$ENABLE_SENSITIVE_DATA${NC}" echo echo -e "${YELLOW}防护参数:${NC}" echo -e " 阻断阈值: ${BLUE}$BLOCK_THRESHOLD${NC} 次/分钟" echo -e " 封禁时间: ${BLUE}$BAN_TIME${NC} 秒" echo -e " 速率限制: ${BLUE}$RATE_LIMIT${NC} 请求/秒" echo -e " 最大连接数: ${BLUE}$MAX_CONNECTIONS${NC}" echo -e "${CYAN}════════════════════════════════════════════════════${NC}" } # 自定义配置菜单 custom_config_menu() { while true; do clear show_banner show_current_config echo -e "${PURPLE}════════════════════ 自定义配置 ════════════════════${NC}" echo " 1) 切换SQL注入防护 [$ENABLE_SQL_INJECTION]" echo " 2) 切换XSS防护 [$ENABLE_XSS]" echo " 3) 切换RFI/LFI防护 [$ENABLE_RFI_LFI]" echo " 4) 切换命令注入防护 [$ENABLE_COMMAND_INJECTION]" echo " 5) 切换暴力破解防护 [$ENABLE_BRUTE_FORCE]" echo " 6) 切换DDoS防护 [$ENABLE_DDOS]" echo " 7) 切换机器人防护 [$ENABLE_BOT_PROTECTION]" echo " 8) 切换文件上传防护 [$ENABLE_FILE_UPLOAD]" echo " 9) 切换盗链防护 [$ENABLE_HOTLINKING]" echo "10) 切换敏感数据防护 [$ENABLE_SENSITIVE_DATA]" echo "11) 修改防护参数" echo "12) 管理自定义规则" echo "13) 保存配置并返回主菜单" echo "14) 返回主菜单(不保存)" echo -e "${PURPLE}════════════════════════════════════════════════════${NC}" read -p "请选择选项 [1-14]: " choice case $choice in 1) [ "$ENABLE_SQL_INJECTION" = "true" ] && ENABLE_SQL_INJECTION="false" || ENABLE_SQL_INJECTION="true" ;; 2) [ "$ENABLE_XSS" = "true" ] && ENABLE_XSS="false" || ENABLE_XSS="true" ;; 3) [ "$ENABLE_RFI_LFI" = "true" ] && ENABLE_RFI_LFI="false" || ENABLE_RFI_LFI="true" ;; 4) [ "$ENABLE_COMMAND_INJECTION" = "true" ] && ENABLE_COMMAND_INJECTION="false" || ENABLE_COMMAND_INJECTION="true" ;; 5) [ "$ENABLE_BRUTE_FORCE" = "true" ] && ENABLE_BRUTE_FORCE="false" || ENABLE_BRUTE_FORCE="true" ;; 6) [ "$ENABLE_DDOS" = "true" ] && ENABLE_DDOS="false" || ENABLE_DDOS="true" ;; 7) [ "$ENABLE_BOT_PROTECTION" = "true" ] && ENABLE_BOT_PROTECTION="false" || ENABLE_BOT_PROTECTION="true" ;; 8) [ "$ENABLE_FILE_UPLOAD" = "true" ] && ENABLE_FILE_UPLOAD="false" || ENABLE_FILE_UPLOAD="true" ;; 9) [ "$ENABLE_HOTLINKING" = "true" ] && ENABLE_HOTLINKING="false" || ENABLE_HOTLINKING="true" ;; 10) [ "$ENABLE_SENSITIVE_DATA" = "true" ] && ENABLE_SENSITIVE_DATA="false" || ENABLE_SENSITIVE_DATA="true" ;; 11) modify_parameters ;; 12) manage_custom_rules ;; 13) save_config log_message "INFO" "配置已保存" sleep 2 return 0 ;; 14) read -p "确定放弃修改? (y/n): " confirm if [ "$confirm" = "y" ]; then load_config # 重新加载配置 return 0 fi ;; *) echo -e "${RED}无效选项${NC}" sleep 1 ;; esac done } # 修改防护参数 modify_parameters() { echo -e "${CYAN}════════════════════ 修改防护参数 ════════════════════${NC}" echo -e "当前阻断阈值: ${BLUE}$BLOCK_THRESHOLD${NC} 次/分钟" read -p "新的阻断阈值 (默认10): " new_threshold [ -n "$new_threshold" ] && BLOCK_THRESHOLD=$new_threshold echo -e "当前封禁时间: ${BLUE}$BAN_TIME${NC} 秒" read -p "新的封禁时间 (默认3600): " new_ban [ -n "$new_ban" ] && BAN_TIME=$new_ban echo -e "当前速率限制: ${BLUE}$RATE_LIMIT${NC} 请求/秒" read -p "新的速率限制 (默认100): " new_rate [ -n "$new_rate" ] && RATE_LIMIT=$new_rate echo -e "当前最大连接数: ${BLUE}$MAX_CONNECTIONS${NC}" read -p "新的最大连接数 (默认50): " new_max [ -n "$new_max" ] && MAX_CONNECTIONS=$new_max echo -e "${GREEN}参数已更新${NC}" sleep 1 } # 管理自定义规则 manage_custom_rules() { while true; do clear show_banner echo -e "${CYAN}════════════════════ 自定义规则管理 ════════════════════${NC}" echo " 1) 查看当前规则" echo " 2) 添加新规则" echo " 3) 编辑规则文件" echo " 4) 导入规则集" echo " 5) 清空所有规则" echo " 6) 返回上一级" echo -e "${CYAN}════════════════════════════════════════════════════════${NC}" read -p "请选择选项 [1-6]: " choice case $choice in 1) if [ -f "$CUSTOM_RULES" ] && [ -s "$CUSTOM_RULES" ]; then echo -e "${GREEN}当前自定义规则:${NC}" echo "════════════════════════════════════════" cat "$CUSTOM_RULES" echo "════════════════════════════════════════" else echo -e "${YELLOW}暂无自定义规则${NC}" fi read -p "按Enter继续..." ;; 2) echo -e "${GREEN}添加自定义规则${NC}" echo "示例: deny '恶意User-Agent' 'BadBot'" echo "格式: <动作> <描述> <匹配模式>" echo -n "请输入规则: " read rule if [ -n "$rule" ]; then echo "# 自定义规则 - 添加于 $(date)" >> "$CUSTOM_RULES" echo "$rule" >> "$CUSTOM_RULES" echo -e "${GREEN}规则已添加${NC}" fi sleep 1 ;; 3) if command -v nano &> /dev/null; then nano "$CUSTOM_RULES" elif command -v vim &> /dev/null; then vim "$CUSTOM_RULES" elif command -v vi &> /dev/null; then vi "$CUSTOM_RULES" else echo -e "${YELLOW}未找到文本编辑器,使用cat编辑${NC}" cat > "$CUSTOM_RULES" fi ;; 4) echo -e "${GREEN}导入规则集${NC}" echo "1) OWASP核心规则集" echo "2) 常见攻击规则" echo "3) 扫描器防护规则" read -p "选择规则集 [1-3]: " ruleset case $ruleset in 1) import_owasp_rules ;; 2) import_common_attack_rules ;; 3) import_scanner_rules ;; *) echo -e "${RED}无效选择${NC}" ;; esac sleep 1 ;; 5) read -p "确定清空所有自定义规则? (y/n): " confirm if [ "$confirm" = "y" ]; then > "$CUSTOM_RULES" echo -e "${GREEN}规则已清空${NC}" fi sleep 1 ;; 6) return 0 ;; *) echo -e "${RED}无效选项${NC}" sleep 1 ;; esac done } # 导入OWASP规则 import_owasp_rules() { cat >> "$CUSTOM_RULES" << 'EOF' # ========== OWASP核心规则集 ========== # SQL注入防护规则 deny "SQL Injection - UNION" "union.*select" deny "SQL Injection - SELECT" "select.*from" deny "SQL Injection - INSERT" "insert.*into" deny "SQL Injection - UPDATE" "update.*set" deny "SQL Injection - DELETE" "delete.*from" deny "SQL Injection - DROP" "drop.*table" deny "SQL Injection - OR 1=1" "or.*1=1" deny "SQL Injection -- comment" "--" # XSS防护规则 deny "XSS - Script Tag" "<script>" deny "XSS - Javascript Protocol" "javascript:" deny "XSS - onload Event" "onload=" deny "XSS - onerror Event" "onerror=" deny "XSS - eval()" "eval\(" # 命令注入防护规则 deny "Command Injection - Pipe" "\|" deny "Command Injection - Semicolon" ";" deny "Command Injection - Backtick" "`" deny "Command Injection - Dollar" "\$\(.*\)" EOF echo -e "${GREEN}OWASP规则集已导入${NC}" } # 导入常见攻击规则 import_common_attack_rules() { cat >> "$CUSTOM_RULES" << 'EOF' # ========== 常见攻击规则 ========== # 目录遍历 deny "Directory Traversal" "\.\./" deny "Directory Traversal" "\.\.\\" # 文件包含 deny "File Inclusion" "\.\./\.\./" deny "File Inclusion" "/etc/passwd" # SSI注入 deny "SSI Injection" "<!--#" # PHP攻击 deny "PHP Injection" "php://" deny "PHP Code Injection" "eval\(base64_decode" # Shellshock攻击 deny "Shellshock Attack" "\(\)\s*{" # 扫描器特征 deny "Scanner - Nikto" "nikto" deny "Scanner - Acunetix" "acunetix" deny "Scanner - Nessus" "nessus" deny "Scanner - Netsparker" "netsparker" EOF echo -e "${GREEN}常见攻击规则已导入${NC}" } # 生成iptables规则 generate_iptables_rules() { local iptables_file="$CONFIG_DIR/iptables_rules.sh" cat > "$iptables_file" << EOF #!/bin/bash # 自动生成的iptables规则 # 生成时间: $(date) # 清除现有规则 iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X # 默认策略 iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # 允许本地回环 iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # 允许已建立的连接 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # 允许SSH (端口22) iptables -A INPUT -p tcp --dport 22 -j ACCEPT # 允许HTTP (端口80) iptables -A INPUT -p tcp --dport 80 -j ACCEPT # 允许HTTPS (端口443) iptables -A INPUT -p tcp --dport 443 -j ACCEPT # DDoS防护 - 限制连接数 iptables -A INPUT -p tcp --dport 80 -m connlimit --connlimit-above $MAX_CONNECTIONS --connlimit-mask 32 -j DROP iptables -A INPUT -p tcp --dport 443 -m connlimit --connlimit-above $MAX_CONNECTIONS --connlimit-mask 32 -j DROP # 速率限制 iptables -A INPUT -p tcp --dport 80 -m limit --limit $RATE_LIMIT/second --limit-burst 200 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j DROP iptables -A INPUT -p tcp --dport 443 -m limit --limit $RATE_LIMIT/second --limit-burst 200 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j DROP # 防止SYN洪水攻击 iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j ACCEPT iptables -A INPUT -p tcp --syn -j DROP # 防止ping洪水攻击 iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT # 保存规则 iptables-save > /etc/iptables/rules.v4 echo "iptables规则已应用" EOF chmod +x "$iptables_file" log_message "INFO" "iptables规则已生成: $iptables_file" } # 生成Nginx WAF配置 generate_nginx_waf() { local nginx_waf="$CONFIG_DIR/nginx_waf.conf" cat > "$nginx_waf" << EOF # Nginx WAF配置 # 生成时间: $(date) # 限制请求大小 client_max_body_size 10M; # 限制缓冲区大小 client_body_buffer_size 128k; client_header_buffer_size 1k; large_client_header_buffers 4 4k; # 超时设置 client_body_timeout 10; client_header_timeout 10; keepalive_timeout 5 5; send_timeout 10; # 限制请求方法 if (\$request_method !~ ^(GET|HEAD|POST)\$ ) { return 405; } # 阻止SQL注入 $(if [ "$ENABLE_SQL_INJECTION" = "true" ]; then cat << 'SQL_RULES' set \$block_sql_injection 0; if (\$query_string ~* "union.*select.*\(") { set \$block_sql_injection 1; } if (\$query_string ~* "union.*all.*select.*") { set \$block_sql_injection 1; } if (\$query_string ~* "concat.*\(") { set \$block_sql_injection 1; } if (\$query_string ~* "group.*by.*\(") { set \$block_sql_injection 1; } if (\$query_string ~* "order.*by.*\(") { set \$block_sql_injection 1; } if (\$block_sql_injection = 1) { return 403; } SQL_RULES fi) # 阻止XSS攻击 $(if [ "$ENABLE_XSS" = "true" ]; then cat << 'XSS_RULES' set \$block_xss 0; if (\$query_string ~* "<script.*>.*</script>") { set \$block_xss 1; } if (\$query_string ~* "javascript:") { set \$block_xss 1; } if (\$query_string ~* "onload\s*=") { set \$block_xss 1; } if (\$query_string ~* "onerror\s*=") { set \$block_xss 1; } if (\$query_string ~* "onclick\s*=") { set \$block_xss 1; } if (\$block_xss = 1) { return 403; } XSS_RULES fi) # 阻止目录遍历 $(if [ "$ENABLE_RFI_LFI" = "true" ]; then cat << 'DIR_RULES' set \$block_dir_traversal 0; if (\$query_string ~* "\.\./") { set \$block_dir_traversal 1; } if (\$query_string ~* "\.\.\\") { set \$block_dir_traversal 1; } if (\$query_string ~* "etc/passwd") { set \$block_dir_traversal 1; } if (\$query_string ~* "proc/self/environ") { set \$block_dir_traversal 1; } if (\$block_dir_traversal = 1) { return 403; } DIR_RULES fi) # 阻止命令注入 $(if [ "$ENABLE_COMMAND_INJECTION" = "true" ]; then cat << 'CMD_RULES' set \$block_command_injection 0; if (\$query_string ~* "\|.*\/bin\/") { set \$block_command_injection 1; } if (\$query_string ~* "\|.*\/bin\/sh") { set \$block_command_injection 1; } if (\$query_string ~* "cmd\s*=") { set \$block_command_injection 1; } if (\$query_string ~* "exec\s*=") { set \$block_command_injection 1; } if (\$block_command_injection = 1) { return 403; } CMD_RULES fi) # 文件上传防护 $(if [ "$ENABLE_FILE_UPLOAD" = "true" ]; then cat << 'UPLOAD_RULES' # 限制上传文件类型 location ~* \.(php|pl|py|jsp|asp|sh|cgi)\$ { return 403; } # 防止执行上传的脚本 location ~* /uploads/.*\.(php|pl|py|jsp|asp|sh|cgi)\$ { return 403; } UPLOAD_RULES fi) # 防盗链 $(if [ "$ENABLE_HOTLINKING" = "true" ]; then cat << 'HOTLINK_RULES' location ~* \.(jpg|jpeg|png|gif|ico|css|js)\$ { valid_referers none blocked server_names ~\.google\. ~\.bing\. ~\.yahoo\. *.example.com example.com; if (\$invalid_referer) { return 403; } } HOTLINK_RULES fi) # 阻止常见扫描器 $(if [ "$ENABLE_BOT_PROTECTION" = "true" ]; then cat << 'SCANNER_RULES' set \$block_scanner 0; if (\$http_user_agent ~* (nikto|wikto|acunetix|nessus|netsparker|w3af|owasp|paros|burpsuite)) { set \$block_scanner 1; } if (\$http_user_agent ~* (sqlmap|havij|sqlninja|pangolin)) { set \$block_scanner 1; } if (\$http_user_agent ~* (masscan|nmap|nessus|openvas)) { set \$block_scanner 1; } if (\$block_scanner = 1) { return 403; } # 阻止空User-Agent if (\$http_user_agent = "") { return 403; } # 阻止异常User-Agent if (\$http_user_agent ~* (libwww-perl|wget|curl|python|java|jakarta|httpclient)) { return 403; } SCANNER_RULES fi) # 速率限制 limit_req_zone \$binary_remote_addr zone=one:10m rate=${RATE_LIMIT}r/s; limit_req_zone \$binary_remote_addr zone=two:10m rate=5r/s; server { # 全局速率限制 limit_req zone=one burst=20 nodelay; location /login { # 登录页面更严格的限制 limit_req zone=two burst=5 nodelay; } location /admin { # 后台管理限制 limit_req zone=two burst=10 nodelay; } } # 访问日志格式 log_format waf '\$remote_addr - \$remote_user [\$time_local] "\$request" ' '\$status \$body_bytes_sent "\$http_referer" ' '"\$http_user_agent" "\$http_x_forwarded_for" ' 'blocked=\$block_sql_injection\$block_xss\$block_dir_traversal\$block_command_injection'; access_log $ACCESS_LOG waf; error_log $ACCESS_LOG; EOF log_message "INFO" "Nginx WAF配置已生成: $nginx_waf" } # 生成Apache WAF配置 generate_apache_waf() { local apache_waf="$CONFIG_DIR/apache_waf.conf" cat > "$apache_waf" << EOF # Apache WAF配置 # 生成时间: $(date) <IfModule mod_security2.c> # 启用ModSecurity SecRuleEngine On # 规则文件 SecRuleRemoveById 123456 $(if [ "$ENABLE_SQL_INJECTION" = "true" ]; then cat << 'APACHE_SQL' # SQL注入防护 SecRule ARGS "(?i:union\s+select)" \ "id:1001,phase:2,t:none,t:urlDecodeUni,block,msg:'SQL Injection Attack'" SecRule ARGS "(?i:select.*from)" \ "id:1002,phase:2,t:none,t:urlDecodeUni,block,msg:'SQL Injection Attack'" SecRule ARGS "(?i:insert\s+into)" \ "id:1003,phase:2,t:none,t:urlDecodeUni,block,msg:'SQL Injection Attack'" SecRule ARGS "(?i:update.*set)" \ "id:1004,phase:2,t:none,t:urlDecodeUni,block,msg:'SQL Injection Attack'" APACHE_SQL fi) $(if [ "$ENABLE_XSS" = "true" ]; then cat << 'APACHE_XSS' # XSS防护 SecRule ARGS "<script" \ "id:2001,phase:2,t:none,block,msg:'XSS Attack Detected'" SecRule ARGS "javascript:" \ "id:2002,phase:2,t:none,block,msg:'XSS Attack Detected'" SecRule ARGS "(?i:onload\s*=)" \ "id:2003,phase:2,t:none,block,msg:'XSS Attack Detected'" APACHE_XSS fi) $(if [ "$ENABLE_COMMAND_INJECTION" = "true" ]; then cat << 'APACHE_CMD' # 命令注入防护 SecRule ARGS "[\|;`&]" \ "id:3001,phase:2,t:none,block,msg:'Command Injection Attempt'" SecRule ARGS "(?i:cmd\s*=)" \ "id:3002,phase:2,t:none,block,msg:'Command Injection Attempt'" APACHE_CMD fi) </IfModule> <IfModule mod_evasive20.c> # DDoS防护 DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod $BAN_TIME $(if [ "$ENABLE_BRUTE_FORCE" = "true" ]; then cat << 'APACHE_BRUTE' # 暴力破解防护 DOSLoginPage "/login.php" DOSLoginCount 5 APACHE_BRUTE fi) </IfModule> <IfModule mod_rewrite.c> RewriteEngine On $(if [ "$ENABLE_HOTLINKING" = "true" ]; then cat << 'APACHE_HOTLINK' # 防盗链 RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC] RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?bing.com [NC] RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L] APACHE_HOTLINK fi) $(if [ "$ENABLE_BOT_PROTECTION" = "true" ]; then cat << 'APACHE_BOT' # 阻止恶意机器人 RewriteCond %{HTTP_USER_AGENT} (nikto|wikto|acunetix|nessus|netsparker|sqlmap|nmap) [NC] RewriteRule ^.*$ - [F,L] # 阻止空User-Agent RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{HTTP_USER_AGENT} ^-?$ RewriteRule ^.*$ - [F,L] APACHE_BOT fi) </IfModule> # 限制请求方法 <LimitExcept GET POST> Deny from all </LimitExcept> # 文件上传限制 LimitRequestBody 10485760 # 自定义日志格式 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{X-Forwarded-For}i\"" waf CustomLog "$ACCESS_LOG" waf ErrorLog "$ACCESS_LOG" EOF log_message "INFO" "Apache WAF配置已生成: $apache_waf" } # 生成系统加固配置 generate_system_hardening() { local sysctl_file="$CONFIG_DIR/sysctl_hardening.conf" local limits_file="$CONFIG_DIR/limits_hardening.conf" # 生成sysctl配置 cat > "$sysctl_file" << EOF # 系统安全加固配置 # 生成时间: $(date) # 防止IP欺骗 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # 禁止IP源路由 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 # 禁止ICMP重定向 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0 # 禁止发送ICMP重定向 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # 开启SYN Cookies net.ipv4.tcp_syncookies = 1 # 减少TIME-WAIT套接字 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_fin_timeout = 30 # 增大TCP缓冲区 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 # 增大最大连接数 net.core.somaxconn = 65535 net.ipv4.tcp_max_syn_backlog = 65535 # 防止SYN洪水攻击 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 3 # 开启TCP时间戳 net.ipv4.tcp_timestamps = 1 # 开启恶意ICMP错误消息保护 net.ipv4.icmp_ignore_bogus_error_responses = 1 # 开启IP转发日志 net.ipv4.ip_forward = 0 EOF # 生成limits配置 cat > "$limits_file" << EOF # 用户限制配置 # 生成时间: $(date) * soft nofile 65535 * hard nofile 65535 * soft nproc 65535 * hard nproc 65535 # 防止fork炸弹 root soft nproc unlimited root hard nproc unlimited # 核心文件限制 * soft core 0 * hard core 0 # 内存限制 * soft memlock unlimited * hard memlock unlimited EOF log_message "INFO" "系统加固配置已生成" } # 应用配置 apply_configuration() { log_message "INFO" "开始应用WAF配置..." # 备份当前配置 backup_config # 应用iptables规则 if [ -f "$CONFIG_DIR/iptables_rules.sh" ]; then log_message "INFO" "应用iptables规则..." sudo bash "$CONFIG_DIR/iptables_rules.sh" fi # 应用系统加固 if [ -f "$CONFIG_DIR/sysctl_hardening.conf" ]; then log_message "INFO" "应用sysctl配置..." sudo sysctl -p "$CONFIG_DIR/sysctl_hardening.conf" fi if [ -f "$CONFIG_DIR/limits_hardening.conf" ]; then log_message "INFO" "应用limits配置..." sudo cp "$CONFIG_DIR/limits_hardening.conf" /etc/security/limits.d/waf_limits.conf fi # 应用Web服务器配置 if [ "$WEB_SERVER" = "nginx" ] && [ -f "$CONFIG_DIR/nginx_waf.conf" ]; then log_message "INFO" "应用Nginx WAF配置..." # 检查Nginx配置语法 if sudo nginx -t; then sudo cp "$CONFIG_DIR/nginx_waf.conf" /etc/nginx/conf.d/waf.conf sudo systemctl reload nginx log_message "INFO" "Nginx配置已应用并重载" else log_message "ERROR" "Nginx配置测试失败" fi elif [ "$WEB_SERVER" = "apache" ] && [ -f "$CONFIG_DIR/apache_waf.conf" ]; then log_message "INFO" "应用Apache WAF配置..." sudo cp "$CONFIG_DIR/apache_waf.conf" /etc/apache2/conf-available/waf.conf sudo a2enconf waf sudo systemctl reload apache2 log_message "INFO" "Apache配置已应用并重载" fi # 设置监控脚本 setup_monitoring log_message "INFO" "WAF配置应用完成!" } # 设置监控 setup_monitoring() { local monitor_script="$SCRIPT_DIR/waf_monitor.sh" cat > "$monitor_script" << 'EOF' #!/bin/bash # WAF监控脚本 # 定期检查WAF状态和日志 LOG_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/waf_logs" CONFIG_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/waf_configs" # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # 检查日志 check_logs() { echo -e "${YELLOW}=== WAF日志分析 ===${NC}" if [ -f "$LOG_DIR/waf_block.log" ]; then echo -e "最近被阻止的攻击:" tail -20 "$LOG_DIR/waf_block.log" | while read line; do echo -e "${RED}✗${NC} $line" done fi # 统计攻击类型 echo -e "\n${YELLOW}攻击统计:${NC}" if [ -f "$LOG_DIR/waf_access.log" ]; then echo "SQL注入尝试: $(grep -c "SQL Injection" "$LOG_DIR/waf_access.log" 2>/dev/null || echo 0)" echo "XSS攻击尝试: $(grep -c "XSS Attack" "$LOG_DIR/waf_access.log" 2>/dev/null || echo 0)" echo "扫描器探测: $(grep -c "Scanner" "$LOG_DIR/waf_access.log" 2>/dev/null || echo 0)" fi } # 检查系统状态 check_system() { echo -e "${YELLOW}=== 系统状态 ===${NC}" # 检查iptables echo -e "iptables规则数: $(sudo iptables -L -n | wc -l)" echo -e "当前连接数: $(netstat -an | grep ESTABLISHED | wc -l)" # 检查内存使用 echo -e "内存使用: $(free -m | awk 'NR==2{printf "%.2f%%", $3*100/$2}')" # 检查CPU负载 echo -e "CPU负载: $(uptime | awk -F'load average:' '{print $2}')" } # 生成报告 generate_report() { local report_file="$LOG_DIR/waf_report_$(date +%Y%m%d_%H%M%S).txt" { echo "WAF监控报告" echo "生成时间: $(date)" echo "======================" echo "" check_system echo "" check_logs echo "" echo "配置状态:" if [ -f "$CONFIG_DIR/waf_main.conf" ]; then grep -E "ENABLE_|BLOCK_" "$CONFIG_DIR/waf_main.conf" fi } > "$report_file" echo -e "${GREEN}报告已生成: $report_file${NC}" } # 主循环 case "$1" in "check") check_logs check_system ;; "report") generate_report ;; "monitor") while true; do clear check_logs check_system echo -e "\n${YELLOW}按Ctrl+C退出监控${NC}" sleep 10 done ;; *) echo "用法: $0 {check|report|monitor}" exit 1 ;; esac EOF chmod +x "$monitor_script" # 创建cron任务 local cron_job="*/5 * * * * $monitor_script check > /dev/null 2>&1" (crontab -l 2>/dev/null | grep -v "$monitor_script"; echo "$cron_job") | crontab - log_message "INFO" "监控脚本已设置: $monitor_script" } # 一键默认配置 default_configuration() { log_message "INFO" "应用默认配置..." # 设置所有防护为开启 ENABLE_SQL_INJECTION="true" ENABLE_XSS="true" ENABLE_RFI_LFI="true" ENABLE_COMMAND_INJECTION="true" ENABLE_BRUTE_FORCE="true" ENABLE_DDOS="true" ENABLE_BOT_PROTECTION="true" ENABLE_FILE_UPLOAD="true" ENABLE_HOTLINKING="true" ENABLE_SENSITIVE_DATA="true" # 默认参数 BLOCK_THRESHOLD=10 BAN_TIME=3600 RATE_LIMIT=100 MAX_CONNECTIONS=50 # 保存配置 save_config # 生成所有配置文件 generate_iptables_rules generate_system_hardening if [ "$WEB_SERVER" = "nginx" ]; then generate_nginx_waf elif [ "$WEB_SERVER" = "apache" ]; then generate_apache_waf fi # 导入默认规则 import_owasp_rules import_common_attack_rules # 询问是否立即应用 read -p "是否立即应用配置? (y/n): " apply_now if [ "$apply_now" = "y" ]; then apply_configuration fi log_message "INFO" "默认配置已完成!" } # 显示状态 show_status() { echo -e "${CYAN}════════════════════ WAF状态 ════════════════════${NC}" # 检查服务状态 echo -e "${YELLOW}服务状态:${NC}" if systemctl is-active --quiet nginx 2>/dev/null; then echo -e " Nginx: ${GREEN}运行中${NC}" elif systemctl is-active --quiet apache2 2>/dev/null; then echo -e " Apache: ${GREEN}运行中${NC}" fi # 检查iptables echo -e " iptables: $(sudo iptables -L -n 2>/dev/null | grep -c 'DROP\|REJECT') 条阻止规则" # 检查配置文件 echo -e "\n${YELLOW}配置文件:${NC}" [ -f "$MAIN_CONFIG" ] && echo -e " 主配置: ${GREEN}存在${NC}" || echo -e " 主配置: ${RED}缺失${NC}" [ -f "$CUSTOM_RULES" ] && echo -e " 自定义规则: ${GREEN}存在 ($(wc -l < "$CUSTOM_RULES") 条)${NC}" || echo -e " 自定义规则: ${RED}缺失${NC}" # 检查日志 echo -e "\n${YELLOW}日志文件:${NC}" [ -f "$ACCESS_LOG" ] && echo -e " 访问日志: ${GREEN}存在 ($(du -h "$ACCESS_LOG" | cut -f1))${NC}" || echo -e " 访问日志: ${RED}缺失${NC}" [ -f "$BLOCK_LOG" ] && echo -e " 阻止日志: ${GREEN}存在 ($(grep -c "blocked" "$BLOCK_LOG" 2>/dev/null || echo 0) 条记录)${NC}" || echo -e " 阻止日志: ${RED}缺失${NC}" # 显示最近事件 if [ -f "$BLOCK_LOG" ] && [ -s "$BLOCK_LOG" ]; then echo -e "\n${YELLOW}最近被阻止的事件:${NC}" tail -5 "$BLOCK_LOG" | while read line; do echo -e " ${RED}▶${NC} $line" done fi echo -e "${CYAN}════════════════════════════════════════════════════${NC}" } # 主菜单 main_menu() { while true; do clear show_banner show_status echo -e "${GREEN}════════════════════ 主菜单 ════════════════════${NC}" echo " 1) 自定义配置WAF" echo " 2) 一键默认配置" echo " 3) 生成配置文件" echo " 4) 应用配置到系统" echo " 5) 查看当前配置" echo " 6) 管理自定义规则" echo " 7) 查看日志和状态" echo " 8) 备份当前配置" echo " 9) 恢复配置" echo "10) 运行监控脚本" echo "11) 测试WAF防护" echo "12) 卸载WAF配置" echo "13) 退出脚本" echo -e "${GREEN}════════════════════════════════════════════════════${NC}" read -p "请选择选项 [1-13]: " choice case $choice in 1) custom_config_menu ;; 2) default_configuration read -p "按Enter继续..." ;; 3) generate_configurations read -p "按Enter继续..." ;; 4) read -p "确定应用配置到系统? (y/n): " confirm if [ "$confirm" = "y" ]; then apply_configuration read -p "按Enter继续..." fi ;; 5) clear show_current_config echo -e "\n配置文件位置:" echo " 主配置: $MAIN_CONFIG" echo " 规则文件: $CUSTOM_RULES" echo " Nginx配置: $CONFIG_DIR/nginx_waf.conf" echo " Apache配置: $CONFIG_DIR/apache_waf.conf" echo " iptables配置: $CONFIG_DIR/iptables_rules.sh" read -p "按Enter继续..." ;; 6) manage_custom_rules ;; 7) clear show_status if [ -f "$SCRIPT_DIR/waf_monitor.sh" ]; then echo -e "\n${YELLOW}运行监控检查:${NC}" $SCRIPT_DIR/waf_monitor.sh check fi read -p "按Enter继续..." ;; 8) backup_config read -p "按Enter继续..." ;; 9) restore_configuration read -p "按Enter继续..." ;; 10) if [ -f "$SCRIPT_DIR/waf_monitor.sh" ]; then $SCRIPT_DIR/waf_monitor.sh monitor else echo -e "${RED}监控脚本未找到${NC}" sleep 2 fi ;; 11) test_waf_protection ;; 12) uninstall_waf read -p "按Enter继续..." ;; 13) echo -e "${GREEN}感谢使用WAF防护脚本!${NC}" exit 0 ;; *) echo -e "${RED}无效选项${NC}" sleep 1 ;; esac done } # 生成所有配置文件 generate_configurations() { log_message "INFO" "生成所有配置文件..." generate_iptables_rules generate_system_hardening if [ "$WEB_SERVER" = "nginx" ]; then generate_nginx_waf elif [ "$WEB_SERVER" = "apache" ]; then generate_apache_waf else log_message "WARN" "未检测到Web服务器,跳过生成服务器配置" fi log_message "INFO" "所有配置文件已生成到: $CONFIG_DIR" } # 测试WAF防护 test_waf_protection() { echo -e "${CYAN}════════════════════ WAF防护测试 ════════════════════${NC}" echo "此功能将发送测试请求来验证WAF防护是否正常工作" echo "注意: 这些是真实的攻击测试,但使用安全参数" echo -e "${YELLOW}警告: 仅在测试环境使用!${NC}" echo -e "${CYAN}════════════════════════════════════════════════════${NC}" read -p "是否继续? (y/n): " confirm if [ "$confirm" != "y" ]; then return fi # 获取服务器地址 read -p "请输入要测试的URL (默认: http://localhost): " test_url test_url=${test_url:-http://localhost} echo -e "\n${GREEN}开始WAF防护测试...${NC}" # 测试SQL注入防护 if [ "$ENABLE_SQL_INJECTION" = "true" ]; then echo -e "\n${YELLOW}测试SQL注入防护:${NC}" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?id=1' OR '1'='1" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?id=1 UNION SELECT NULL,NULL--" fi # 测试XSS防护 if [ "$ENABLE_XSS" = "true" ]; then echo -e "\n${YELLOW}测试XSS防护:${NC}" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?q=<script>alert('xss')</script>" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?q=javascript:alert(1)" fi # 测试目录遍历 if [ "$ENABLE_RFI_LFI" = "true" ]; then echo -e "\n${YELLOW}测试目录遍历防护:${NC}" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?file=../../../etc/passwd" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?page=....//....//etc/passwd" fi # 测试命令注入 if [ "$ENABLE_COMMAND_INJECTION" = "true" ]; then echo -e "\n${YELLOW}测试命令注入防护:${NC}" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?cmd=ls%20-la" curl -s -o /dev/null -w "HTTP状态码: %{http_code}\n" "$test_url/?input=|cat%20/etc/passwd" fi # 测试扫描器防护 if [ "$ENABLE_BOT_PROTECTION" = "true" ]; then echo -e "\n${YELLOW}测试扫描器防护:${NC}" curl -s -o /dev/null -A "nmap" -w "HTTP状态码: %{http_code}\n" "$test_url/" curl -s -o /dev/null -A "sqlmap" -w "HTTP状态码: %{http_code}\n" "$test_url/" fi echo -e "\n${GREEN}测试完成!${NC}" echo "查看日志文件了解详细信息: $BLOCK_LOG" read -p "按Enter继续..." } # 恢复配置 restore_configuration() { echo -e "${CYAN}════════════════════ 恢复配置 ════════════════════${NC}" if [ ! -d "$BACKUP_DIR" ] || [ -z "$(ls -A $BACKUP_DIR 2>/dev/null)" ]; then echo -e "${RED}未找到备份文件${NC}" return 1 fi # 显示备份文件 echo -e "${YELLOW}可用的备份:${NC}" local backups=($(ls -1t $BACKUP_DIR/waf_backup_*.conf 2>/dev/null | head -10)) if [ ${#backups[@]} -eq 0 ]; then backups=($(ls -1t $BACKUP_DIR/waf_backup_* 2>/dev/null | head -10)) fi for i in "${!backups[@]}"; do echo " $((i+1))) $(basename ${backups[$i]})" done read -p "选择要恢复的备份编号 [1-${#backups[@]}]: " choice if [[ $choice =~ ^[0-9]+$ ]] && [ $choice -ge 1 ] && [ $choice -le ${#backups[@]} ]; then local backup_file="${backups[$((choice-1))]}" echo -e "\n恢复备份: $backup_file" # 根据文件类型恢复 case $backup_file in *_nginx.conf) sudo cp "$backup_file" /etc/nginx/nginx.conf sudo nginx -t && sudo systemctl reload nginx echo -e "${GREEN}Nginx配置已恢复${NC}" ;; *_apache.conf|*_httpd.conf) if [ -f "/etc/apache2/apache2.conf" ]; then sudo cp "$backup_file" /etc/apache2/apache2.conf sudo systemctl reload apache2 elif [ -f "/etc/httpd/conf/httpd.conf" ]; then sudo cp "$backup_file" /etc/httpd/conf/httpd.conf sudo systemctl reload httpd fi echo -e "${GREEN}Apache配置已恢复${NC}" ;; *_iptables.rules) sudo iptables-restore < "$backup_file" echo -e "${GREEN}iptables规则已恢复${NC}" ;; *_sysctl.conf) sudo cp "$backup_file" /etc/sysctl.conf sudo sysctl -p echo -e "${GREEN}sysctl配置已恢复${NC}" ;; *) echo -e "${YELLOW}未知备份类型,请手动恢复${NC}" ;; esac else echo -e "${RED}无效选择${NC}" fi } # 卸载WAF配置 uninstall_waf() { echo -e "${RED}════════════════════ 卸载WAF配置 ════════════════════${NC}" echo -e "${RED}警告: 这将移除所有WAF配置${NC}" echo "1) 仅移除配置,保留备份和日志" echo "2) 完全卸载,删除所有文件" echo "3) 取消" echo -e "${RED}════════════════════════════════════════════════════${NC}" read -p "选择卸载选项 [1-3]: " choice case $choice in 1) # 移除配置 echo -e "${YELLOW}正在移除WAF配置...${NC}" # 移除iptables规则 sudo iptables -F sudo iptables -X sudo iptables -t nat -F sudo iptables -t nat -X # 恢复默认策略 sudo iptables -P INPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -P OUTPUT ACCEPT # 移除Web服务器配置 if [ "$WEB_SERVER" = "nginx" ] && [ -f "/etc/nginx/conf.d/waf.conf" ]; then sudo rm -f /etc/nginx/conf.d/waf.conf sudo systemctl reload nginx elif [ "$WEB_SERVER" = "apache" ]; then sudo rm -f /etc/apache2/conf-available/waf.conf sudo a2disconf waf 2>/dev/null sudo systemctl reload apache2 fi # 移除limits配置 sudo rm -f /etc/security/limits.d/waf_limits.conf echo -e "${GREEN}WAF配置已移除,备份和日志已保留${NC}" ;; 2) # 完全卸载 read -p "确定要完全删除所有WAF文件? (输入'CONFIRM'确认): " confirm if [ "$confirm" = "CONFIRM" ]; then echo -e "${RED}正在删除所有WAF文件...${NC}" # 移除配置和规则 rm -rf "$CONFIG_DIR" "$RULES_DIR" # 移除cron任务 crontab -l | grep -v "waf_monitor" | crontab - # 移除监控脚本 rm -f "$SCRIPT_DIR/waf_monitor.sh" echo -e "${GREEN}所有WAF文件已删除${NC}" else echo -e "${YELLOW}取消卸载${NC}" fi ;; *) echo -e "${YELLOW}取消卸载${NC}" ;; esac } # 初始化脚本 init_script() { # 检查是否为root if [ "$EUID" -ne 0 ]; then log_message "WARN" "建议使用root权限运行此脚本" sleep 2 fi # 创建目录 mkdir -p "$CONFIG_DIR" "$LOGS_DIR" "$BACKUP_DIR" "$RULES_DIR" # 初始化日志 log_message "INFO" "WAF脚本初始化" log_message "INFO" "脚本目录: $SCRIPT_DIR" # 检查依赖 check_dependencies # 加载配置 load_config } # 主程序 main() { init_script main_menu } # 捕获Ctrl+C trap 'echo -e "\n${RED}用户中断脚本${NC}"; exit 1' INT # 运行主程序 main脚本功能说明主要特性:1.全面防护功能:SQL注入防护XSS跨站脚本防护RFI/LFI远程/本地文件包含防护命令注入防护暴力破解防护DDoS防护恶意机器人防护文件上传防护盗链防护敏感数据防护2.配置管理:一键默认配置自定义配置(可单独开关每个功能)参数自定义调整配置备份与恢复规则管理:自定义规则添加OWASP核心规则集导入常见攻击规则导入规则文件编辑3.多Web服务器支持:Nginx配置生成Apache配置生成iptables防火墙规则4.监控与报告:实时监控脚本自动日志分析攻击统计报告系统状态监控使用方法:保存脚本:# 将脚本保存为 waf_manager.sh chmod +x waf_manager.sh运行脚本:sudo ./waf_manager.sh推荐使用流程:首次运行选择"一键默认配置"根据需求使用"自定义配置"调整生成配置文件后"应用配置到系统"使用"测试WAF防护"验证效果定期使用"运行监控脚本"查看状态
-
Linux系统笔记本关盖休眠交互式脚本 #!/bin/bash # Linux笔记本关盖休眠设置脚本 # 适用于支持systemd的Linux系统 # 颜色定义 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' NC='\033[0m' # No Color # 配置文件路径 LOGIND_CONF="/etc/systemd/logind.conf" LOGIND_CONF_DIR="/etc/systemd/logind.conf.d/" CUSTOM_CONF="$LOGIND_CONF_DIR/lid-settings.conf" # 系统信息 DISTRO=$(lsb_release -si 2>/dev/null || echo "Unknown") DISTRO_VERSION=$(lsb_release -sr 2>/dev/null || echo "Unknown") KERNEL=$(uname -r) # 检查是否以root运行 check_root() { if [ "$EUID" -ne 0 ]; then echo -e "${RED}错误:此脚本需要root权限${NC}" echo "请使用 sudo 运行:sudo $0" exit 1 fi } # 显示系统信息 show_system_info() { echo -e "${CYAN}系统信息:${NC}" echo -e "发行版: $DISTRO $DISTRO_VERSION" echo -e "内核版本: $KERNEL" echo -e "主机名: $(hostname)" # 检查是否为笔记本电脑 if [ -d /sys/class/power_supply/ ]; then echo -e "设备类型: 笔记本电脑" else echo -e "${YELLOW}设备类型: 可能不是笔记本电脑${NC}" fi } # 显示当前设置 show_current_settings() { echo -e "\n${BLUE}=== 当前关盖设置 ===${NC}" # 检查是否有盖子设备 if [ -e /proc/acpi/button/lid/LID/state ]; then lid_state=$(cat /proc/acpi/button/lid/LID/state 2>/dev/null | awk '{print $2}') echo -e "${CYAN}盖子状态:${NC} $lid_state" elif [ -d /sys/class/power_supply/ ]; then echo -e "${CYAN}盖子状态:${NC} 通过/sys接口检测" fi # 检查全局配置 if [ -f "$LOGIND_CONF" ]; then echo -e "\n${YELLOW}全局配置 ($LOGIND_CONF):${NC}" grep -E "^(#)?HandleLidSwitch" "$LOGIND_CONF" || echo "未设置(使用默认值)" grep -E "^(#)?HandleLidSwitchExternalPower" "$LOGIND_CONF" || echo "" grep -E "^(#)?HandleLidSwitchDocked" "$LOGIND_CONF" || echo "" fi # 检查自定义配置 if [ -f "$CUSTOM_CONF" ]; then echo -e "\n${YELLOW}自定义配置 ($CUSTOM_CONF):${NC}" cat "$CUSTOM_CONF" fi # 显示实际生效的值 echo -e "\n${YELLOW}实际生效的设置:${NC}" current_setting=$(systemctl cat systemd-logind 2>/dev/null | grep -i HandleLidSwitch | tail -1) if [ -n "$current_setting" ]; then echo "$current_setting" else echo "使用默认设置: HandleLidSwitch=suspend" fi # 检查其他可能的配置文件 if [ -f "/etc/UPower/UPower.conf" ]; then echo -e "\n${YELLOW}UPower 配置:${NC}" grep -i "IgnoreLid" /etc/UPower/UPower.conf || echo "未设置" fi } # 启用关盖休眠 enable_lid_suspend() { echo -e "\n${GREEN}正在启用关盖休眠...${NC}" # 创建配置目录(如果不存在) mkdir -p "$LOGIND_CONF_DIR" # 创建或更新自定义配置 cat > "$CUSTOM_CONF" << EOF # 笔记本盖子关闭行为设置 # 文件生成时间: $(date) # 系统: $DISTRO $DISTRO_VERSION # # 选项说明: # suspend - 关盖时挂起/休眠 # lock - 关盖时锁定屏幕 # ignore - 关盖时不执行任何操作 # poweroff - 关盖时关机 # hibernate - 关盖时深度休眠 # hybrid-sleep - 混合休眠 HandleLidSwitch=suspend HandleLidSwitchExternalPower=suspend HandleLidSwitchDocked=ignore EOF echo -e "${GREEN}配置已保存到 $CUSTOM_CONF${NC}" # 重新加载systemd配置 systemctl daemon-reload systemctl restart systemd-logind echo -e "${GREEN}服务已重启,设置生效${NC}" # 对于某些桌面环境,可能需要额外的设置 if [ -f "/etc/UPower/UPower.conf" ]; then echo -e "${YELLOW}检测到UPower,建议同时配置UPower设置${NC}" echo "可以在桌面环境的电源管理设置中进行配置" fi } # 禁用关盖休眠 disable_lid_suspend() { echo -e "\n${YELLOW}正在禁用关盖休眠(关盖时不执行操作)...${NC}" # 创建配置目录(如果不存在) mkdir -p "$LOGIND_CONF_DIR" # 创建或更新自定义配置 cat > "$CUSTOM_CONF" << EOF # 笔记本盖子关闭行为设置 # 文件生成时间: $(date) # 系统: $DISTRO $DISTRO_VERSION # # 选项说明: # suspend - 关盖时挂起/休眠 # lock - 关盖时锁定屏幕 # ignore - 关盖时不执行任何操作 # poweroff - 关盖时关机 # hibernate - 关盖时深度休眠 # hybrid-sleep - 混合休眠 HandleLidSwitch=ignore HandleLidSwitchExternalPower=ignore HandleLidSwitchDocked=ignore EOF echo -e "${GREEN}配置已保存到 $CUSTOM_CONF${NC}" # 重新加载systemd配置 systemctl daemon-reload systemctl restart systemd-logind echo -e "${GREEN}服务已重启,设置生效${NC}" echo -e "\n${CYAN}注意:${NC}" echo "禁用关盖休眠后,合上盖子时屏幕可能会继续亮着,消耗电量。" echo "如果需要关闭屏幕但不休眠,请选择'只锁定屏幕'选项。" } # 设置自定义行为 set_custom_behavior() { echo -e "\n${BLUE}=== 设置自定义关盖行为 ===${NC}" echo "请选择关盖时的行为:" echo -e "1) ${GREEN}suspend${NC} - 挂起/休眠(默认,低功耗状态)" echo -e "2) ${GREEN}lock${NC} - 只锁定屏幕(保持运行)" echo -e "3) ${YELLOW}ignore${NC} - 不执行任何操作" echo -e "4) ${RED}poweroff${NC} - 关机" echo -e "5) ${PURPLE}hibernate${NC} - 深度休眠(保存到硬盘)" echo -e "6) ${CYAN}hybrid-sleep${NC} - 混合休眠" read -p "请输入选项编号 (1-6): " choice case $choice in 1) behavior="suspend" ;; 2) behavior="lock" ;; 3) behavior="ignore" ;; 4) behavior="poweroff" ;; 5) behavior="hibernate" ;; 6) behavior="hybrid-sleep" ;; *) echo -e "${RED}无效选择,使用默认值 (suspend)${NC}" behavior="suspend" ;; esac echo -e "\n${CYAN}是否区分电源状态?${NC}" echo "1) 统一设置(电池和电源都使用相同行为)" echo "2) 分别设置(电池和电源使用不同行为)" read -p "请选择 (1-2): " power_choice # 创建配置目录(如果不存在) mkdir -p "$LOGIND_CONF_DIR" if [ "$power_choice" = "2" ]; then echo -e "\n${CYAN}请设置使用电池时的行为:${NC}" echo "1) suspend 2) lock 3) ignore" echo "4) poweroff 5) hibernate 6) hybrid-sleep" read -p "选项 (1-6): " battery_choice case $battery_choice in 1) battery_behavior="suspend" ;; 2) battery_behavior="lock" ;; 3) battery_behavior="ignore" ;; 4) battery_behavior="poweroff" ;; 5) battery_behavior="hibernate" ;; 6) battery_behavior="hybrid-sleep" ;; *) battery_behavior="$behavior" ;; esac echo -e "\n${CYAN}请设置使用外接电源时的行为:${NC}" echo "1) suspend 2) lock 3) ignore" echo "4) poweroff 5) hibernate 6) hybrid-sleep" read -p "选项 (1-6): " ac_choice case $ac_choice in 1) ac_behavior="suspend" ;; 2) ac_behavior="lock" ;; 3) ac_behavior="ignore" ;; 4) ac_behavior="poweroff" ;; 5) ac_behavior="hibernate" ;; 6) ac_behavior="hybrid-sleep" ;; *) ac_behavior="$behavior" ;; esac # 创建或更新自定义配置 cat > "$CUSTOM_CONF" << EOF # 笔记本盖子关闭行为设置 # 文件生成时间: $(date) # 系统: $DISTRO $DISTRO_VERSION # # 选项说明: # suspend - 关盖时挂起/休眠 # lock - 关盖时锁定屏幕 # ignore - 关盖时不执行任何操作 # poweroff - 关盖时关机 # hibernate - 关盖时深度休眠 # hybrid-sleep - 混合休眠 HandleLidSwitch=$battery_behavior HandleLidSwitchExternalPower=$ac_behavior HandleLidSwitchDocked=ignore EOF echo -e "\n${GREEN}已设置:${NC}" echo -e "使用电池时: ${GREEN}$battery_behavior${NC}" echo -e "使用外接电源时: ${GREEN}$ac_behavior${NC}" else # 创建或更新自定义配置 cat > "$CUSTOM_CONF" << EOF # 笔记本盖子关闭行为设置 # 文件生成时间: $(date) # 系统: $DISTRO $DISTRO_VERSION # # 选项说明: # suspend - 关盖时挂起/休眠 # lock - 关盖时锁定屏幕 # ignore - 关盖时不执行任何操作 # poweroff - 关盖时关机 # hibernate - 关盖时深度休眠 # hybrid-sleep - 混合休眠 HandleLidSwitch=$behavior HandleLidSwitchExternalPower=$behavior HandleLidSwitchDocked=ignore EOF echo -e "${GREEN}已设置关盖行为为: $behavior${NC}" fi echo -e "${GREEN}配置已保存到 $CUSTOM_CONF${NC}" # 重新加载systemd配置 systemctl daemon-reload systemctl restart systemd-logind echo -e "${GREEN}服务已重启,设置生效${NC}" } # 恢复默认设置 restore_default() { echo -e "\n${YELLOW}正在恢复默认设置...${NC}" # 删除自定义配置 if [ -f "$CUSTOM_CONF" ]; then rm "$CUSTOM_CONF" echo -e "${GREEN}已删除自定义配置${NC}" else echo -e "${YELLOW}未找到自定义配置${NC}" fi # 重新加载systemd配置 systemctl daemon-reload systemctl restart systemd-logind echo -e "${GREEN}已恢复系统默认设置${NC}" } # 检查休眠功能支持 check_hibernate_support() { echo -e "\n${BLUE}=== 检查休眠支持 ===${NC}" # 检查swap echo -e "${CYAN}交换空间:${NC}" swapon --show # 检查hibernate支持 if [ -f /sys/power/state ]; then echo -e "\n${CYAN}支持的电源状态:${NC}" cat /sys/power/state fi # 检查是否配置了resume if [ -f /proc/cmdline ]; then if grep -q "resume" /proc/cmdline; then echo -e "\n${GREEN}已配置休眠恢复参数${NC}" else echo -e "\n${YELLOW}未配置休眠恢复参数${NC}" fi fi } # 设置休眠(如果需要) setup_hibernate() { echo -e "\n${YELLOW}注意:要使用休眠功能,需要正确配置交换空间${NC}" echo "当前交换空间信息:" swapon --show read -p "是否查看休眠配置指南? (y/N): " choice if [ "$choice" = "y" ] || [ "$choice" = "Y" ]; then echo -e "\n${CYAN}基本休眠配置步骤:${NC}" echo "1. 确保交换分区大小 >= 内存大小" echo "2. 编辑 /etc/default/grub,添加 resume=交换分区设备" echo "3. 运行 update-grub 或 grub-mkconfig" echo "4. 重启系统" echo "" echo "例如:GRUB_CMDLINE_LINUX_DEFAULT=\"resume=/dev/sda2\"" fi } # 测试功能 test_lid_behavior() { echo -e "\n${YELLOW}=== 关盖行为测试 ===${NC}" echo "此功能需要您手动合上笔记本盖子进行测试。" echo "" echo -e "${RED}警告:测试前请保存所有工作!${NC}" echo "" echo "测试步骤:" echo "1. 保持终端窗口打开" echo "2. 合上笔记本盖子" echo "3. 等待5-10秒" echo "4. 打开盖子" echo "5. 检查系统状态" echo "" # 倒计时 for i in {5..1}; do echo -ne "\r测试将在 $i 秒后开始(按 Ctrl+C 取消)..." sleep 1 done echo "" echo -e "\n${GREEN}开始测试...${NC}" echo "测试开始时间: $(date)" echo -e "${YELLOW}请在5秒内合上笔记本盖子...${NC}" sleep 5 echo -e "\n${CYAN}测试结果:${NC}" echo "当前时间: $(date)" echo -e "${GREEN}如果看到此消息,说明:${NC}" echo "1. 系统检测到盖子关闭事件" echo "2. 当前设置允许系统保持唤醒状态" echo "" echo "要验证设置是否完全生效,可以:" echo "1. 等待更长时间(30-60秒)" echo "2. 查看系统日志:journalctl -u systemd-logind --since \"5 minutes ago\"" read -p "是否查看最近的相关日志? (y/N): " view_logs if [ "$view_logs" = "y" ] || [ "$view_logs" = "Y" ]; then journalctl -u systemd-logind --since "5 minutes ago" --no-pager | tail -20 fi } # 查看日志 view_logs() { echo -e "\n${BLUE}=== 查看相关日志 ===${NC}" echo "1) 查看systemd-logind服务状态" echo "2) 查看系统日志中的关盖事件(最近1小时)" echo "3) 查看内核日志(关盖相关)" echo "4) 实时监控日志(按Ctrl+C退出)" echo "5) 返回主菜单" read -p "请选择 (1-5): " log_choice case $log_choice in 1) echo -e "\n${YELLOW}systemd-logind 服务状态:${NC}" systemctl status systemd-logind --no-pager -l ;; 2) echo -e "\n${YELLOW}最近的系统日志(关盖相关):${NC}" journalctl -u systemd-logind --since "1 hour ago" | grep -i "lid\|sleep\|suspend\|lock" | tail -30 ;; 3) echo -e "\n${YELLOW}内核日志(关盖相关):${NC}" dmesg | grep -i "lid\|acpi" | tail -20 ;; 4) echo -e "\n${YELLOW}开始实时监控日志(按Ctrl+C退出)...${NC}" journalctl -u systemd-logind -f ;; 5) return ;; *) echo -e "${RED}无效选择${NC}" ;; esac read -p "按回车键继续..." } # 显示菜单 show_menu() { clear echo -e "${BLUE}=================================${NC}" echo -e "${BLUE} Linux笔记本关盖休眠设置工具 ${NC}" echo -e "${BLUE}=================================${NC}" echo "" show_system_info show_current_settings echo -e "\n${GREEN}请选择操作:${NC}" echo "1) 启用关盖休眠(默认)" echo "2) 禁用关盖休眠(关盖时不操作)" echo "3) 设置自定义关盖行为" echo "4) 检查休眠功能支持" echo "5) 恢复系统默认设置" echo "6) 显示当前设置" echo "7) 测试关盖行为" echo "8) 查看日志" echo "9) 退出" echo "" } # 主函数 main() { # 检查root权限 check_root # 检查systemd if ! command -v systemctl &> /dev/null; then echo -e "${RED}错误:未找到systemd,此脚本需要systemd系统${NC}" exit 1 fi while true; do show_menu read -p "请输入选项编号 (1-9): " choice case $choice in 1) enable_lid_suspend ;; 2) disable_lid_suspend ;; 3) set_custom_behavior ;; 4) check_hibernate_support read -p "是否设置休眠功能? (y/N): " hibernate_choice if [ "$hibernate_choice" = "y" ] || [ "$hibernate_choice" = "Y" ]; then setup_hibernate fi ;; 5) restore_default ;; 6) show_current_settings ;; 7) test_lid_behavior ;; 8) view_logs continue # 不暂停,直接返回菜单 ;; 9) echo -e "\n${GREEN}感谢使用,再见!${NC}" exit 0 ;; *) echo -e "${RED}无效选项,请重新输入${NC}" ;; esac # 暂停一下让用户看到结果 if [ "$choice" != "8" ]; then read -p "按回车键继续..." fi done } # 显示使用说明 show_usage() { echo -e "${BLUE}Linux笔记本关盖休眠设置脚本${NC}" echo "版本: 2.0" echo "适用于支持systemd的Linux发行版" echo "" echo "用法:" echo " $0 [选项]" echo "" echo "选项:" echo " --enable 启用关盖休眠" echo " --disable 禁用关盖休眠" echo " --status 显示当前设置" echo " --check-hibernate 检查休眠支持" echo " --help, -h 显示此帮助信息" echo "" echo "示例:" echo " sudo $0 --enable" echo " sudo $0 --status" echo " sudo $0 --check-hibernate" echo "" echo "支持的发行版:" echo " Ubuntu, Debian, Fedora, CentOS, Arch Linux, openSUSE等" } # 处理命令行参数 case "$1" in "--enable") check_root enable_lid_suspend ;; "--disable") check_root disable_lid_suspend ;; "--status") check_root show_system_info show_current_settings ;; "--check-hibernate") check_root check_hibernate_support ;; "--help"|"-h") show_usage exit 0 ;; "") # 无参数,进入交互模式 main ;; *) echo -e "${RED}未知参数: $1${NC}" show_usage exit 1 ;; esac使用方法交互式菜单模式(推荐):sudo bash lid-control.sh命令行模式:# 启用关盖休眠 sudo bash lid-control.sh --enable # 禁用关盖休眠 sudo bash lid-control.sh --disable # 查看当前设置 sudo bash lid-control.sh --status # 检查休眠支持 sudo bash lid-control.sh --check-hibernate # 显示帮助信息 sudo bash lid-control.sh --help
