1. 推荐一键脚本解决 推荐使用 kejilion脚本面板 一键脚本,能够自动完成常见环境的安装和配置,极大简化搭建流程。
1 bash <(curl -sL kejilion.sh)
一、前期准备 新建security-fix.sh文件,内容如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 #!/bin/bash set -eecho "📦 系统更新..." if command -v apt >/dev/null; then apt update && apt upgrade -y elif command -v yum >/dev/null; then yum update -y elif command -v dnf >/dev/null; then dnf upgrade -y else echo "❌ 不支持的包管理器" exit 1 fi echo "🔐 移除 suid/sgid(保留 mount/umount)" chmod u-s /usr/bin/gpasswd 2>/dev/null || true chmod u-s /usr/bin/chfn 2>/dev/null || true chmod u-s /usr/bin/chsh 2>/dev/null || true chmod u-s /usr/bin/newgrp 2>/dev/null || true chmod g-s /usr/bin/chage 2>/dev/null || true echo "🕒 SSH 登录超时配置" sshd_config=$(find /etc/ssh -name 'sshd_config' 2>/dev/null | head -n 1) if [ -f "$sshd_config " ]; then sed -i '/^#\?LoginGraceTime/c\LoginGraceTime 60' "$sshd_config " fi echo "🕓 SSH 空闲超时配置" if [ -f "$sshd_config " ]; then sed -i '/^#\?ClientAliveInterval/c\ClientAliveInterval 600' "$sshd_config " fi echo "📛 禁用 Ping" sysctl -w net.ipv4.icmp_echo_ignore_all=1 grep -q "icmp_echo_ignore_all" /etc/sysctl.conf || echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf echo "🔒 修复 grub 权限" for grubfile in /boot/grub2/grub.cfg /boot/grub/grub.cfg; do if [ -f "$grubfile " ]; then chmod 600 "$grubfile " chown root:root "$grubfile " fi done echo "💾 限制核心转储" sysctl -w fs.suid_dumpable=0 grep -q "fs.suid_dumpable" /etc/sysctl.conf || echo "fs.suid_dumpable = 0" >> /etc/sysctl.conf echo "🔑 设置最小密码修改间隔" if [ -f /etc/login.defs ]; then sed -i '/^PASS_MIN_DAYS/c\PASS_MIN_DAYS 7' /etc/login.defs fi if command -v chage >/dev/null; then chage --mindays 7 root || true fi echo "🔐 强制使用 SSH Protocol 2" if [ -f "$sshd_config " ]; then sed -i '/^#\?Protocol/c\Protocol 2' "$sshd_config " fi echo "⚠️ 移除 cloud-init sudo NOPASSWD 权限" [ -f /etc/sudoers.d/90-cloud-init-users ] && sed -i 's/NOPASSWD.*//' /etc/sudoers.d/90-cloud-init-users echo "⏱️ 命令行超时退出设置" grep -q "TMOUT=" /etc/profile || echo "TMOUT=300" >> /etc/profile echo "🧹 设置 ls 命令别名(保留 rm 原样)" grep -q "alias ls=" ~/.bashrc || echo "alias ls='ls -alh --color=auto'" >> ~/.bashrc echo "📡 启用 TCP SYN cookie 防护" sysctl -w net.ipv4.tcp_syncookies=1 grep -q "tcp_syncookies" /etc/sysctl.conf || echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf echo "👮 限制 su 切换为 root,仅允许 wheel 组用户" if ! grep -q "pam_wheel.so" /etc/pam.d/su 2>/dev/null; then echo "auth required pam_wheel.so" >> /etc/pam.d/su fi groupadd wheel 2>/dev/null || true gpasswd -a root wheel 2>/dev/null || true echo "✅ 所有安全修复已完成,建议手动执行:systemctl restart sshd"
然后通过 . security-fix.sh 命令运行
二、部署面板 1. kejilion脚本面板 kejilion脚本面板
1 bash <(curl -sL kejilion.sh)
2. 宝塔开心版面板 快云博客 https://kyblog.cn/155.html
CentOS安装脚本 (2025.5.28测试通过:CentOS 8.2、7.6)
1 yum install -y wget && wget -O install.sh https://bl.yinghuangi.cn/install/install_panel.sh && sh install.sh
Ubuntu/Debian安装脚本 (2025.5.28测试通过:Ubuntu 18.04)
1 wget -O install.sh https://bl.yinghuangi.cn/install/install_panel.sh && bash install.sh
Linux面板升级命令 :
1 curl https://bl.yinghuangi.cn/install/update6.sh|bash
3. 1Panel面板 1 bash -c "$(curl -sSL https://resource.fit2cloud.com/1panel/package/v2/quick_start.sh) "
如果遇到 Docker 安装失败等问题,可以尝试运行以下脚本:
1 bash <(curl -sSL https://linuxmirrors.cn/docker.sh)
卸载命令
4. 宝塔官方面板 宝塔官方一键安装命令:
1 if [ -f /usr/bin/curl ];then curl -sSO https://download.bt.cn/install/install_panel.sh;else wget -O install_panel.sh https://download.bt.cn/install/install_panel.sh;fi ;bash install_panel.sh ed8484bec
5 Linuxmirrors 华为源最快https://linuxmirrors.cn/#gnulinux
LinuxMirror软件源脚本
1 bash <(curl -sSL https://linuxmirrors.cn/main.sh)
Docker 安装脚本
1 bash <(curl -sSL https://linuxmirrors.cn/docker.sh)
