系统盘锁定加固脚本之加固脚本

03.6W+86.2W+

只锁定不影响业务的关键文件,避开所有动态目录

1778431043001

锁定

#!/bin/bash
# 系统终极加固 - 安全锁定脚本(不影响宝塔/网站/上传)
echo "=================================================="
echo "  系统终极加固 · 安全锁定脚本(业务零影响版)"
echo "=================================================="

# 只锁定不会被宝塔/网站动态修改的关键文件
LOCK_LIST=(
    "/etc/passwd"
    "/etc/shadow"
    "/etc/group"
    "/etc/gshadow"
    "/etc/sudoers"
    "/etc/hosts"
    "/etc/resolv.conf"
    "/etc/crontab"
    "/etc/cron.daily"
    "/etc/cron.hourly"
    "/etc/cron.monthly"
    "/etc/cron.weekly"
    "/etc/rc.local"
    "/etc/sysctl.conf"
    "/etc/security/limits.conf"
    "/etc/login.defs"
    "/etc/securetty"
    "/usr/bin/passwd"
    "/usr/bin/sudo"
    "/usr/bin/crontab"
    "/usr/bin/at"
    "/bin/login"
    "/bin/su"
    "/root/.bashrc"
    "/root/.bash_profile"
    "/etc/profile"
    "/etc/bashrc"
    "/etc/shells"
    "/etc/issue"
    "/etc/issue.net"
    "/etc/motd"
    "/etc/fstab"
    "/etc/host.conf"
    "/etc/nsswitch.conf"
    "/etc/ssh/sshd_config"
)

echo -e "\n[开始安全加固,锁定文件...]"
for item in "${LOCK_LIST[@]}"; do
    if [ -e "$item" ]; then
        chattr +i "$item" 2>/dev/null
        if [ $? -eq 0 ]; then
            echo "🔒 已锁定: $item"
        else
            echo "⚠️  锁定失败(文件被占用或无权限): $item"
        fi
    else
        echo "ℹ️  文件不存在,跳过: $item"
    fi
done

echo -e "\n=================================================="
echo "✅ 加固完成!所有锁定均不影响宝塔/网站/上传"
echo "如需修改配置,请先运行解锁脚本"
echo "=================================================="

解锁

#!/bin/bash
# 系统临时解锁 - 解除关键文件锁定脚本
echo "=================================================="
echo "          系统临时解锁 · 解锁脚本"
echo "=================================================="

# 和加固脚本保持一致的列表
LOCK_LIST=(
    "/etc/passwd"
    "/etc/shadow"
    "/etc/group"
    "/etc/gshadow"
    "/etc/sudoers"
    "/etc/hosts"
    "/etc/resolv.conf"
    "/etc/crontab"
    "/etc/cron.daily"
    "/etc/cron.hourly"
    "/etc/cron.monthly"
    "/etc/cron.weekly"
    "/etc/rc.local"
    "/etc/sysctl.conf"
    "/etc/security/limits.conf"
    "/etc/login.defs"
    "/etc/securetty"
    "/usr/bin/passwd"
    "/usr/bin/sudo"
    "/usr/bin/crontab"
    "/usr/bin/at"
    "/bin/login"
    "/bin/su"
    "/root/.bashrc"
    "/root/.bash_profile"
    "/etc/profile"
    "/etc/bashrc"
    "/etc/shells"
    "/etc/issue"
    "/etc/issue.net"
    "/etc/motd"
    "/etc/fstab"
    "/etc/host.conf"
    "/etc/nsswitch.conf"
    "/etc/ssh/sshd_config"
)

echo -e "\n[开始解锁:解除关键文件锁定...]"
for item in "${LOCK_LIST[@]}"; do
    if [ -e "$item" ]; then
        chattr -i "$item" 2>/dev/null
        if [ $? -eq 0 ]; then
            echo "🔓 已解锁: $item"
        else
            echo "⚠️  解锁失败: $item"
        fi
    else
        echo "ℹ️  文件不存在,跳过: $item"
    fi
done

echo -e "\n=================================================="
echo "✅ 解锁完成!修改完成后请重新运行加固脚本"
echo "=================================================="

验证

#!/bin/bash
# 系统锁定状态验证脚本(业务零影响版)
echo "=================================================="
echo "          系统锁定状态 · 验证脚本"
echo "=================================================="

# 和前两个脚本保持一致的列表
LOCK_LIST=(
    "/etc/passwd"
    "/etc/shadow"
    "/etc/group"
    "/etc/gshadow"
    "/etc/sudoers"
    "/etc/hosts"
    "/etc/resolv.conf"
    "/etc/crontab"
    "/etc/cron.daily"
    "/etc/cron.hourly"
    "/etc/cron.monthly"
    "/etc/cron.weekly"
    "/etc/rc.local"
    "/etc/sysctl.conf"
    "/etc/security/limits.conf"
    "/etc/login.defs"
    "/etc/securetty"
    "/usr/bin/passwd"
    "/usr/bin/sudo"
    "/usr/bin/crontab"
    "/usr/bin/at"
    "/bin/login"
    "/bin/su"
    "/root/.bashrc"
    "/root/.bash_profile"
    "/etc/profile"
    "/etc/bashrc"
    "/etc/shells"
    "/etc/issue"
    "/etc/issue.net"
    "/etc/motd"
    "/etc/fstab"
    "/etc/host.conf"
    "/etc/nsswitch.conf"
    "/etc/ssh/sshd_config"
)

echo -e "\n[锁定状态检查结果]"
printf "%-40s %s\n" "文件/目录" "状态"
echo "--------------------------------------------------"

locked=0
unlocked=0
for item in "${LOCK_LIST[@]}"; do
    if [ -e "$item" ]; then
        if lsattr "$item" 2>/dev/null | grep -q "i"; then
            printf "%-40s \033[32m✅ 已锁定\033[0m\n" "$item"
            ((locked++))
        else
            printf "%-40s \033[31m❌ 未锁定\033[0m\n" "$item"
            ((unlocked++))
        fi
    else
        printf "%-40s ℹ️  不存在\n" "$item"
    fi
done

echo "--------------------------------------------------"
echo -e "\n统计结果:"
echo "已锁定文件数: $locked"
echo "未锁定文件数: $unlocked"

if [ $unlocked -eq 0 ]; then
    echo -e "\n\033[32m✅ 所有关键文件均已锁定,系统处于安全加固状态\033[0m"
else
    echo -e "\n\033[33m⚠️  存在未锁定文件,建议运行加固脚本\033[0m"
fi

echo -e "\n=================================================="

1. 创建三个脚本文件

# 1. 创建加固脚本
nano /root/lock.sh
# 2. 创建解锁脚本
nano /root/unlock.sh
# 3. 创建验证脚本
nano /root/check.sh

2. 赋予执行权限

chmod +x /root/lock.sh /root/unlock.sh /root/check.sh

3. 运行加固脚本

/root/lock.sh

4. 验证锁定状态

/root/check.sh
© 版权声明
版权声明 1 公司全称: 神人佛个人网站信息
2 本站简称:神人佛-善无痕蛇无泪
3 本站网址:swhswl.com
4 本网站的文章部分内容可能来源于网络和用户搬运,仅供大家学习与参考
5 如有侵权,请联系站长邮箱:1259532999@qq.com进行删除处理
6 本站所有资源内容,仅供大家学习和参考,不存在任何商业目的与商业用途,请下载后24小时内删除
7 禁止下载使用本站资源参与商业和非法行为,如用户未及时删除资源引起的版权纠纷,本站不承担任何法律责任。
8 分享是一种美德,文章是腾讯元宝给的
THE END
优化教程
喜欢就支持一下吧
点赞86.2W+ 分享
评论 抢沙发

请登录后发表评论

    暂无评论内容