文章目录[隐藏]
跟AI讨论出的结果。不保证效果。
Fail2ban 蜜罐防线脚本
[alert class="danger"]必须把SSH端口转移到其他非22端口上否则可能造成系统无法访问[/alert]
- 自动识别Debian还是RedHat系的系统自动安装Fail2ban
- 自动识别是哪种防火墙(ufw/firewall/iptables)
- 设置22端口为蜜罐端口,主要访问就关小黑屋
- 小黑屋期限一周
#!/bin/bash
# 识别系统路径
if [ -f /etc/debian_version ]; then
apt update && apt install -y fail2ban
LOG_PATH="/var/log/auth.log"
elif [ -f /etc/redhat-release ]; then
dnf install -y epel-release && dnf install -y fail2ban
LOG_PATH="/var/log/secure"
fi
# 自动识别防火墙动作
BANACTION="iptables-multiport"
systemctl is-active --quiet firewalld && BANACTION="firewallcmd-new"
systemctl is-active --quiet nftables && BANACTION="nftables-multiport"
# 抓取当前SSH端口
CURRENT_SSH_PORT=$(ss -tlnp | grep sshd | awk '{print $4}' | awk -F: '{print $NF}' | head -n1)
# 写入配置
cat <<EOF > /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1
findtime = 1h
bantime = 1w
dbpurgeage = 7d
banaction = $BANACTION
[sshd]
enabled = true
port = $CURRENT_SSH_PORT
logpath = $LOG_PATH
[sshd-honeypot]
enabled = true
port = 22
filter = sshd
logpath = $LOG_PATH
maxretry = 1
bantime = 1w
EOF
# 开放22诱饵端口
if [ "$BANACTION" == "firewallcmd-new" ]; then
firewall-cmd --permanent --add-port=22/tcp && firewall-cmd --reload
elif command -v ufw > /dev/null; then
ufw allow 22/tcp
else
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
fi
systemctl enable fail2ban && systemctl restart fail2ban
echo "Fail2ban 蜜罐防线脚本完成。"
智能瘦身系统
- 清理LNMP一键包或系统安装Web环境日志
- 清理1Panel日志及Docker日志
- 清理系统日志
- 显示清理前后容量对比
#!/bin/bash
#!/bin/bash
echo "=====开始执行智能瘦身系统 [$(date +'%Y-%m-%d %H:%M:%S')] ====="
# 函数:计算指定日志清单的总大小 (单位 MB)
get_logs_size() {
local total=0
for path in "${LOG_SITES[@]}"; do
# 使用 du 计算存在的文件大小
size=$(ls $path 2>/dev/null | xargs du -cm 2>/dev/null | grep total$ | awk '{print $1}')
if [ ! -z "$size" ]; then
total=$((total + size))
fi
done
echo $total
}
# 1. 记录清理前的状态
PRE_JOURNAL_SIZE=$(journalctl --disk-usage | awk '{print $7}' | sed 's/M//' | cut -d'.' -f1)
# 定义扫描路径(用于计算大小)
LOG_SITES=(
"/home/wwwlogs/*.log"
"/www/sites/*/log/*.log"
"/opt/1panel/log/*[1p,1P]anel*.log"
"/opt/1panel/apps/openresty/openresty/logs/*.log"
"/var/log/fail2ban.log"
"/var/log/auth.log"
"/var/log/secure"
"/usr/local/mysql/var/*.log"
"/var/lib/docker/containers/*/*-json.log"
)
PRE_LOGS_SIZE=$(get_logs_size)
# 2. 执行清理动作
echo "[1/4] 正在清理系统日志 (Journalctl)..."
journalctl --vacuum-time=15d > /dev/null 2>&1
journalctl --vacuum-size=50M > /dev/null 2>&1
# 优化 Journald 设置
if ! grep -q "SystemMaxUse=50M" /etc/systemd/journald.conf; then
sed -i 's/#SystemMaxUse=/SystemMaxUse=50M/g' /etc/systemd/journald.conf
systemctl restart systemd-journald
fi
echo "[2/4] 正在关闭 UFW 高频日志..."
command -v ufw > /dev/null && ufw logging off > /dev/null
echo "[3/4] 正在设置并执行 Logrotate 轮替..."
CLEAN_CONF="/etc/logrotate.d/sys-dynamic-cleaner"
echo "# Dynamic Cleaner" > $CLEAN_CONF
for LOG_PATH in "${LOG_SITES[@]}"; do
if ls $LOG_PATH >/dev/null 2>&1; then
cat <> $CLEAN_CONF
$LOG_PATH {
daily
rotate 1
size 5M
missingok
compress
notifempty
copytruncate
}
EOF
fi
done
# 强制执行一次清理以显示即使效果
logrotate -f $CLEAN_CONF > /dev/null 2>&1
echo "[4/4] 正在优化 1Panel 目录权限..."
[ -d /opt/1panel/log/ ] && chmod 755 /opt/1panel/log/
# 3. 记录清理后的状态并输出对比
POST_JOURNAL_SIZE=$(journalctl --disk-usage | awk '{print $7}' | sed 's/M//' | cut -d'.' -f1)
POST_LOGS_SIZE=$(get_logs_size)
SAVED_JOURNAL=$((PRE_JOURNAL_SIZE - POST_JOURNAL_SIZE))
SAVED_LOGS=$((PRE_LOGS_SIZE - POST_LOGS_SIZE))
TOTAL_SAVED=$((SAVED_JOURNAL + SAVED_LOGS))
echo "----------------------------------------------"
echo "清理结果统计:"
echo " - 系统日志(Journal): 清理前 ${PRE_JOURNAL_SIZE}MB -> 清理后 ${POST_JOURNAL_SIZE}MB (节约 ${SAVED_JOURNAL}MB)"
echo " - 应用日志 (Logs): 清理前 ${PRE_LOGS_SIZE}MB -> 清理后 ${POST_LOGS_SIZE}MB (节约 ${SAVED_LOGS}MB)"
echo " - 总计节约空间: ${TOTAL_SAVED} MB"
echo "----------------------------------------------"
echo "===== 瘦身任务完成! ====="
文章评论