{"id":"c981cbe2-d19b-46ed-beb7-9fee21034c79","shortId":"DVzEWP","kind":"skill","title":"server-security","tagline":"服务器安全审计与加固。扫描 SSH、防火墙、端口暴露、文件权限、暴力破解等安全问题，生成报告并提供一键修复。当用户说服务器安全、安全审计、安全检查、安全加固时使用","description":"# 服务器安全审计与加固工具\n\n你是一个服务器安全专家，帮助用户全面审计 Linux 服务器的安全状况，生成结构化报告，并提供交互式修复。\n\n## 参数\n\n用户传入的参数：$ARGUMENTS\n\n参数应为 SSH 连接串，格式：`[user@]host`。如果用户没有传入参数，用 AskUserQuestion 询问 SSH 连接信息。\n\n将参数赋值给变量 `SSH_TARGET`，后续所有命令通过 `ssh $SSH_TARGET \"命令\"` 执行。\n\n## 审计流程\n\n严格按以下步骤执行，最大化并行采集，最后生成结构化报告。\n\n### 第一步：系统基本信息\n\n**并行执行：**\n\n1. **系统版本与内核**\n```bash\nssh $SSH_TARGET \"cat /etc/os-release | grep -E '(PRETTY_NAME|VERSION)' && uname -r\"\n```\n\n2. **系统运行时间与负载**\n```bash\nssh $SSH_TARGET \"uptime\"\n```\n\n3. **磁盘和内存概况**\n```bash\nssh $SSH_TARGET \"df -h / && echo '' && free -h\"\n```\n\n### 第二步：网络安全扫描\n\n**并行执行：**\n\n1. **SSH 配置审计**\n```bash\nssh $SSH_TARGET \"grep -E '(PermitRootLogin|PasswordAuthentication|Port |PubkeyAuthentication|PermitEmptyPasswords|MaxAuthTries|AllowUsers|AllowGroups)' /etc/ssh/sshd_config | grep -v '^#'\"\n```\n\n2. **防火墙状态**\n```bash\nssh $SSH_TARGET \"ufw status verbose 2>/dev/null || iptables -L INPUT -n 2>/dev/null | head -20\"\n```\n\n3. **所有监听端口**\n```bash\nssh $SSH_TARGET \"ss -tlnp\"\n```\n\n4. **fail2ban 状态**\n```bash\nssh $SSH_TARGET \"systemctl is-active fail2ban 2>/dev/null && fail2ban-client status 2>/dev/null || echo 'fail2ban 未安装'\"\n```\n\n### 第三步：用户与权限审计\n\n**并行执行：**\n\n1. **UID=0 的用户（超级用户）**\n```bash\nssh $SSH_TARGET \"awk -F: '\\$3==0{print \\$1}' /etc/passwd\"\n```\n\n2. **可登录用户**\n```bash\nssh $SSH_TARGET \"grep -v '/nologin\\|/false\\|/sync' /etc/passwd\"\n```\n\n3. **sudo 权限用户**\n```bash\nssh $SSH_TARGET \"getent group sudo 2>/dev/null; getent group wheel 2>/dev/null; cat /etc/sudoers.d/* 2>/dev/null | grep -v '^#' | grep -v '^$'\"\n```\n\n4. **SSH 密钥检查**\n```bash\nssh $SSH_TARGET \"for u in \\$(awk -F: '\\$7 !~ /nologin|false/ {print \\$6}' /etc/passwd); do if [ -f \\$u/.ssh/authorized_keys ]; then echo \\\"--- \\$u/.ssh/authorized_keys ---\\\"; wc -l < \\$u/.ssh/authorized_keys; fi; done\"\n```\n\n### 第四步：暴力破解与入侵检测\n\n**并行执行：**\n\n1. **最近登录失败记录**\n```bash\nssh $SSH_TARGET \"lastb 2>/dev/null | head -20 || journalctl -u sshd --no-pager -n 30 2>/dev/null | grep -i 'failed\\|invalid'\"\n```\n\n2. **最近成功登录**\n```bash\nssh $SSH_TARGET \"last -15\"\n```\n\n3. **当前登录用户**\n```bash\nssh $SSH_TARGET \"w\"\n```\n\n### 第五步：服务与文件安全\n\n**并行执行：**\n\n1. **危险服务检查**（rpcbind、telnet、ftp、NFS 等）\n```bash\nssh $SSH_TARGET \"systemctl is-active rpcbind telnetd vsftpd nfs-server 2>/dev/null; ss -tlnp | grep -E ':111 |:23 |:21 |:2049 '\"\n```\n\n2. **Nginx/Apache 安全配置**\n```bash\nssh $SSH_TARGET \"nginx -v 2>&1; curl -sI http://localhost/ 2>/dev/null | grep -iE '(server:|x-frame|x-content|x-xss|strict-transport|content-security|referrer)'\"\n```\n\n3. **敏感文件权限检查**\n```bash\nssh $SSH_TARGET \"find /opt /var/www /home -maxdepth 4 -name '.env*' -o -name '*.key' -o -name '*.pem' -o -name 'credentials*' -o -name '*.db' -o -name '*.sqlite' 2>/dev/null | head -20 | while read f; do ls -la \\\"\\$f\\\"; done\"\n```\n\n4. **世界可写文件**\n```bash\nssh $SSH_TARGET \"find /opt /var/www -perm -o+w -type f 2>/dev/null | head -20\"\n```\n\n5. **Docker 安全**（如果有）\n```bash\nssh $SSH_TARGET \"docker ps --format 'table {{.Names}}\\t{{.Ports}}\\t{{.Status}}' 2>/dev/null || echo 'Docker 未运行'\"\n```\n\n### 第六步：系统更新状态\n\n```bash\nssh $SSH_TARGET \"apt list --upgradable 2>/dev/null | wc -l && apt list --upgradable 2>/dev/null | grep -iE '(security|openssl|openssh|nginx|kernel|linux-image)' || yum check-update --security 2>/dev/null | tail -20\"\n```\n\n### 第七步：生成审计报告\n\n综合以上所有信息，按以下格式生成报告。每项检查按严重程度分类：\n\n```\n## 服务器安全审计报告\n\n**目标**: $SSH_TARGET\n**扫描时间**: YYYY-MM-DD HH:MM\n**系统**: Ubuntu XX.XX / CentOS X / ...\n**内核**: X.XX.X-XX\n\n---\n\n## 系统概况\n\n| 指标 | 值 |\n|------|------|\n| 运行时间 | X天 |\n| CPU 核心 | X |\n| 内存 | X GB (已用 X%) |\n| 磁盘 | X GB (已用 X%) |\n\n## 发现问题\n\n### 🔴 严重（需立即修复）\n\n| # | 问题 | 风险 | 修复方案 |\n|---|------|------|----------|\n| 1 | PostgreSQL 监听 0.0.0.0:5432 | 数据库对外暴露，可被爆破 | 改为 listen_addresses='localhost' |\n| 2 | ... | ... | ... |\n\n### 🟡 高危\n\n| # | 问题 | 风险 | 修复方案 |\n|---|------|------|----------|\n| ... | ... | ... | ... |\n\n### 🔵 中等\n\n| # | 问题 | 风险 | 修复方案 |\n|---|------|------|----------|\n| ... | ... | ... | ... |\n\n### ✅ 安全项（通过检查）\n\n- SSH 密码登录已禁用\n- ...\n\n## 安全评分: X/100\n\n| 类别 | 得分 | 满分 |\n|------|------|------|\n| SSH 安全 | X | 20 |\n| 防火墙 | X | 20 |\n| 端口管理 | X | 15 |\n| 用户权限 | X | 15 |\n| 文件权限 | X | 10 |\n| Web 安全 | X | 10 |\n| 系统更新 | X | 10 |\n```\n\n### 评分规则\n\n| 类别 | 检查项 | 分值 | 扣分条件 |\n|------|--------|------|----------|\n| **SSH 安全 (20)** | 密码登录禁用 | 8 | PasswordAuthentication yes |\n| | Root 密码登录禁用 | 5 | PermitRootLogin yes (非 prohibit-password) |\n| | fail2ban 运行中 | 7 | 未安装或未运行 |\n| **防火墙 (20)** | UFW/iptables 启用 | 15 | 防火墙未启用 |\n| | 默认拒绝入站 | 5 | 默认策略非 deny |\n| **端口管理 (15)** | 无危险服务暴露 | 5 | rpcbind/telnet/ftp 运行中 |\n| | 数据库未对外暴露 | 5 | MySQL/PG/Redis 监听 0.0.0.0 |\n| | 仅必要端口开放 | 5 | 非必要端口暴露 |\n| **用户权限 (15)** | 无多余可登录用户 | 5 | 不需要的用户可登录 |\n| | 无多余 sudo 用户 | 5 | 不需要的用户有 sudo |\n| | 仅 root 的 UID=0 | 5 | 多个 UID=0 用户 |\n| **文件权限 (10)** | .env 文件权限 ≤ 600 | 5 | 权限过大 |\n| | 数据库文件权限合理 | 5 | 世界可读的 .db/.sqlite |\n| **Web 安全 (10)** | 隐藏服务器版本 | 3 | 暴露 nginx/apache 版本 |\n| | 安全响应头 | 7 | 缺少 X-Frame-Options 等 |\n| **系统更新 (10)** | 安全更新已安装 | 10 | 有待安装的安全更新 |\n\n### 第八步：交互式修复\n\n报告输出后，用 AskUserQuestion 询问用户：\n\n**问题**：需要修复哪些问题？\n\n**选项**：\n1. 全部自动修复（推荐）— 按优先级依次修复所有发现的问题\n2. 仅修复严重和高危 — 只修复红色和黄色标记的问题\n3. 选择性修复 — 让我逐项确认\n4. 仅生成报告，不修复\n\n### 修复操作库\n\n根据用户选择，执行对应的修复操作：\n\n#### 1. 安装配置 fail2ban\n```bash\nssh $SSH_TARGET \"apt-get update -qq && apt-get install -y -qq fail2ban\"\nssh $SSH_TARGET \"cat > /etc/fail2ban/jail.local << 'EOF'\n[DEFAULT]\nbantime = 3600\nfindtime = 600\nmaxretry = 5\n\n[sshd]\nenabled = true\nport = ssh\nfilter = sshd\nlogpath = /var/log/auth.log\nmaxretry = 3\nbantime = 86400\nEOF\nsystemctl enable fail2ban && systemctl restart fail2ban\"\n```\n\n#### 2. 启用 UFW 防火墙\n先从监听端口列表中识别需要放通的端口（22 必须），然后：\n```bash\nssh $SSH_TARGET \"ufw default deny incoming && ufw default allow outgoing && ufw allow 22/tcp\"\n# 根据实际需要放通其他端口（80, 443 等）\nssh $SSH_TARGET \"echo 'y' | ufw enable\"\n```\n\n**关键**：启用前必须确保 SSH 端口已放通，否则会锁死连接。\n\n#### 3. 数据库只监听 localhost\n- **PostgreSQL**: 修改 `listen_addresses = 'localhost'` 并 `systemctl restart postgresql`\n- **MySQL**: 修改 `bind-address = 127.0.0.1` 并 `systemctl restart mysql`\n- **Redis**: 修改 `bind 127.0.0.1` 并 `systemctl restart redis`\n\n#### 4. 禁用危险服务\n```bash\nssh $SSH_TARGET \"systemctl stop rpcbind rpcbind.socket && systemctl disable rpcbind rpcbind.socket && systemctl mask rpcbind rpcbind.socket\"\n```\n\n#### 5. 修复文件权限\n```bash\n# .env 文件改为 600\nssh $SSH_TARGET \"find /opt /var/www -name '.env*' -exec chmod 600 {} \\;\"\n# 数据库文件改为 600，目录改为 700\nssh $SSH_TARGET \"find /opt /var/www -name '*.db' -o -name '*.sqlite' | while read f; do chmod 600 \\\"\\$f\\\"; chmod 700 \\$(dirname \\\"\\$f\\\"); done\"\n```\n\n#### 6. Nginx 安全加固\n```bash\n# 隐藏版本\nssh $SSH_TARGET \"sed -i 's/# server_tokens off;/server_tokens off;/' /etc/nginx/nginx.conf\"\n# 添加安全头（在每个 server block 中添加）\n# add_header X-Frame-Options \"SAMEORIGIN\" always;\n# add_header X-Content-Type-Options \"nosniff\" always;\n# add_header X-XSS-Protection \"1; mode=block\" always;\n# add_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\nssh $SSH_TARGET \"nginx -t && systemctl reload nginx\"\n```\n\n#### 7. 禁用多余用户\n```bash\nssh $SSH_TARGET \"usermod -s /usr/sbin/nologin <username>\"\n# 移除不必要的 sudo 权限\nssh $SSH_TARGET \"deluser <username> sudo\"\n```\n\n### 修复后验证\n\n每项修复完成后立即验证：\n\n| 修复项 | 验证命令 |\n|--------|----------|\n| fail2ban | `fail2ban-client status sshd` |\n| UFW | `ufw status verbose` |\n| 数据库监听 | `ss -tlnp \\| grep <port>` |\n| rpcbind | `ss -tlnp \\| grep :111` |\n| 文件权限 | `ls -la <file>` |\n| Nginx | `curl -sI http://localhost/ \\| grep -i server` |\n| SSH 连通性 | 每次修改网络配置后都要验证 SSH 仍可连接 |\n\n### 第九步：修复总结\n\n所有修复完成后，重新计算安全评分，输出对比：\n\n```\n## 修复总结\n\n| 问题 | 修复前 | 修复后 | 状态 |\n|------|--------|--------|------|\n| fail2ban | 未安装 | 运行中，SSH 3次封禁24h | ✅ |\n| 防火墙 | 未启用 | UFW 启用，仅开放 22/80/443 | ✅ |\n| ... | ... | ... | ... |\n\n## 安全评分: X/100 → Y/100 (+Z)\n```\n\n## 安全规则\n\n- **SSH 端口必须始终放通**：任何防火墙操作前先确保 22 端口放通\n- **修改网络配置后立即验证 SSH**：每次改防火墙、改 SSH 配置后都要验证能连上\n- **不主动重启 SSH 服务**：修改 sshd_config 后用 `sshd -t` 先测试，再 `systemctl reload sshd`\n- **不删除 authorized_keys**：这会导致无法 SSH 登录\n- **不修改 SSH 端口**：除非用户明确要求\n- **数据库操作前确认依赖**：改数据库配置前检查哪些应用在使用它\n- **每步操作都可回滚**：记录修改前的配置值，必要时能恢复\n\n## 注意事项\n\n- 用中文输出所有信息\n- 扫描时最大化并行执行命令，减少等待时间\n- 对于不同的 Linux 发行版自动适配命令（apt/yum、ufw/firewalld 等）\n- 如果 SSH 连接失败，提示用户检查连接信息和网络","tags":["server","security","claude","arsenal","majiayu000","agent-skills","ai-agents","ai-coding-assistant","automation","claude-code","code-review","developer-tools"],"capabilities":["skill","source-majiayu000","skill-server-security","topic-agent-skills","topic-ai-agents","topic-ai-coding-assistant","topic-automation","topic-claude","topic-claude-code","topic-code-review","topic-developer-tools","topic-devops","topic-productivity","topic-prompt-engineering","topic-python"],"categories":["claude-arsenal"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/majiayu000/claude-arsenal/server-security","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add majiayu000/claude-arsenal","source_repo":"https://github.com/majiayu000/claude-arsenal","install_from":"skills.sh"}},"qualityScore":"0.464","qualityRationale":"deterministic score 0.46 from registry signals: · indexed on github topic:agent-skills · 29 github stars · SKILL.md body (8,008 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-01T07:01:16.534Z","embedding":null,"createdAt":"2026-04-18T22:24:27.861Z","updatedAt":"2026-05-01T07:01:16.534Z","lastSeenAt":"2026-05-01T07:01:16.534Z","tsv":"'-15':281 '-20':128,259,390,416,475 '/dev/null':120,126,150,156,202,207,211,257,269,314,338,388,414,435,449,456,473 '/etc/fail2ban/jail.local':728 '/etc/nginx/nginx.conf':904 '/etc/os-release':61 '/etc/passwd':178,190,233 '/etc/ssh/sshd_config':107 '/etc/sudoers.d':209 '/false':188 '/home':367 '/nologin':187,229 '/opt':365,406,854,869 '/server_tokens':902 '/sync':189 '/usr/sbin/nologin':965 '/var/log/auth.log':745 '/var/www':366,407,855,870 '0':165,175,642,646 '0.0.0.0':529,623 '1':54,90,163,177,249,292,333,526,689,705,933 '10':570,574,577,649,661,676,678 '111':319,996 '127.0.0.1':813,821 '15':564,567,607,614,628 '2':69,110,119,125,149,155,179,201,206,210,256,268,274,313,323,332,337,387,413,434,448,455,472,537,693,757 '20':558,561,585,604 '2049':322 '21':321 '22':762,1041 '22/80/443':1032 '22/tcp':779 '23':320 '3':76,129,174,191,282,358,663,696,747,796 '30':267 '3600':732 '3次封禁24h':1026 '4':137,216,369,399,699,826 '443':782 '5':417,592,610,616,620,625,630,635,643,653,656,736,844 '5432':530 '6':232,888 '600':652,734,849,860,862,881 '7':228,601,668,957 '700':864,884 '8':587 '80':781 '86400':749 'activ':147,306 'add':910,918,927,937 'address':535,802,812 'allow':775,778 'allowgroup':106 'allowus':105 'alway':917,926,936,948 'apt':445,452,713,718 'apt-get':712,717 'apt/yum':1085 'argument':25 'askuserquest':34,684 'author':1064 'awk':172,226 'bantim':731,748 'bash':56,71,78,93,112,131,140,168,181,194,219,251,276,284,299,326,360,401,421,441,708,765,828,846,891,959 'bind':811,820 'bind-address':810 'block':908,935 'cat':60,208,727 'cento':495 'check':469 'check-upd':468 'chmod':859,880,883 'client':153,981 'config':1054 'content':347,355,922 'content-secur':354 'cpu':507 'credenti':380 'cross':946 'curl':334,1001 'db':383,872 'db/.sqlite':658 'dd':489 'default':730,770,774 'delus':972 'deni':612,771 'df':82 'dirnam':885 'disabl':837 'docker':418,425,437 'done':245,398,887 'e':63,98,318 'echo':84,157,239,436,787 'enabl':738,752,790 'env':371,650,847,857 'eof':729,750 'exec':858 'f':173,227,236,393,397,412,878,882,886 'fail':272 'fail2ban':138,148,152,158,599,707,723,753,756,978,980,1022 'fail2ban-client':151,979 'fals':230 'fi':244 'filter':742 'find':364,405,853,868 'findtim':733 'format':427 'frame':344,672,914 'free':85 'ftp':296 'gb':512,517 'get':714,719 'getent':198,203 'grep':62,97,108,185,212,214,270,317,339,457,991,995,1004 'group':199,204 'h':83,86 'head':127,258,389,415 'header':911,919,928,938 'hh':490 'host':31 'ie':340,458 'imag':466 'incom':772 'input':123 'instal':720 'invalid':273 'iptabl':121 'is-act':145,304 'journalctl':260 'kernel':463 'key':374,1065 'l':122,242,451 'la':396,999 'last':280 'lastb':255 'linux':19,465,1083 'linux-imag':464 'list':446,453 'listen':534,801 'localhost':336,536,798,803,1003 'logpath':744 'ls':395,998 'mask':841 'maxauthtri':104 'maxdepth':368 'maxretri':735,746 'mm':488,491 'mode':934 'mysql':808,817 'mysql/pg/redis':621 'n':124,266 'name':65,370,373,376,379,382,385,429,856,871,874 'nfs':297,311 'nfs-server':310 'nginx':330,462,889,952,956,1000 'nginx/apache':324,665 'no-pag':263 'nosniff':925 'o':372,375,378,381,384,409,873 'openssh':461 'openssl':460 'option':673,915,924 'origin':944,947 'outgo':776 'pager':265 'password':598 'passwordauthent':100,588 'pem':377 'perm':408 'permitemptypassword':103 'permitrootlogin':99,593 'polici':941 'port':101,431,740 'postgresql':527,799,807 'pretti':64 'print':176,231 'prohibit':597 'prohibit-password':596 'protect':932 'ps':426 'pubkeyauthent':102 'qq':716,722 'r':68 'read':392,877 'redi':818,825 'referr':357,940 'referrer-polici':939 'reload':955,1061 'restart':755,806,816,824 'root':590,639 'rpcbind':294,307,834,838,842,992 'rpcbind.socket':835,839,843 'rpcbind/telnet/ftp':617 'sameorigin':916 'secur':3,356,459,471 'sed':896 'server':2,312,341,899,907,1006 'server-secur':1 'si':335,1002 'skill' 'skill-server-security' 'source-majiayu000' 'sqlite':386,875 'ss':135,315,989,993 'ssh':6,27,36,39,42,43,57,58,72,73,79,80,91,94,95,113,114,132,133,141,142,169,170,182,183,195,196,217,220,221,252,253,277,278,285,286,300,301,327,328,361,362,402,403,422,423,442,443,483,548,555,583,709,710,724,725,741,766,767,784,785,793,829,830,850,851,865,866,893,894,949,950,960,961,969,970,1007,1010,1025,1038,1044,1047,1050,1067,1070,1089 'sshd':262,737,743,983,1053,1056,1062 'status':117,154,433,982,986 'stop':833 'strict':352,943 'strict-origin-when-cross-origin':942 'strict-transport':351 'sudo':192,200,633,637,967,973 'systemctl':144,303,751,754,805,815,823,832,836,840,954,1060 'tabl':428 'tail':474 'target':40,44,59,74,81,96,115,134,143,171,184,197,222,254,279,287,302,329,363,404,424,444,484,711,726,768,786,831,852,867,895,951,962,971 'telnet':295 'telnetd':308 'tlnp':136,316,990,994 'token':900 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-coding-assistant' 'topic-automation' 'topic-claude' 'topic-claude-code' 'topic-code-review' 'topic-developer-tools' 'topic-devops' 'topic-productivity' 'topic-prompt-engineering' 'topic-python' 'transport':353 'true':739 'type':411,923 'u':224,261 'u/.ssh/authorized_keys':237,240,243 'ubuntu':493 'ufw':116,759,769,773,777,789,984,985,1029 'ufw/firewalld':1086 'ufw/iptables':605 'uid':164,641,645 'unam':67 'updat':470,715 'upgrad':447,454 'uptim':75 'user':30 'usermod':963 'v':109,186,213,215,331 'verbos':118,987 'version':66 'vsftpd':309 'w':288,410 'wc':241,450 'web':571,659 'wheel':205 'x':343,346,349,496,500,509,511,514,516,519,557,560,563,566,569,573,576,671,913,921,930 'x-content':345 'x-content-type-opt':920 'x-frame':342 'x-frame-opt':670,912 'x-xss':348 'x-xss-protect':929 'x-xx':499 'x.xx':498 'x/100':551,1034 'xss':350,931 'xx':501 'xx.xx':494 'x天':506 'y':721,788 'y/100':1035 'yes':589,594 'yum':467 'yyyi':487 'yyyy-mm-dd':486 'z':1036 '不主动重启':1049 '不修复':701 '不修改':1069 '不删除':1063 '不需要的用户可登录':631 '不需要的用户有':636 '世界可写文件':400 '世界可读的':657 '严格按以下步骤执行':48 '严重':521 '中添加':909 '中等':542 '交互式修复':681 '仅':638 '仅修复严重和高危':694 '仅开放':1031 '仅必要端口开放':624 '仅生成报告':700 '仍可连接':1011 '任何防火墙操作前先确保':1040 '你是一个服务器安全专家':17 '修复前':1019 '修复后':1020 '修复后验证':974 '修复总结':1013,1017 '修复操作库':702 '修复文件权限':845 '修复方案':525,541,545 '修复项':976 '修改':800,809,819,1052 '修改网络配置后立即验证':1043 '值':504 '先从监听端口列表中识别需要放通的端口':761 '先测试':1058 '全部自动修复':690 '关键':791 '内存':510 '内核':497 '再':1059 '减少等待时间':1081 '分值':581 '危险服务检查':293 '参数':23 '参数应为':26 '发现问题':520 '发行版自动适配命令':1084 '只修复红色和黄色标记的问题':695 '可登录用户':180 '可被爆破':532 '后用':1055 '后续所有命令通过':41 '否则会锁死连接':795 '启用':606,758,1030 '启用前必须确保':792 '命令':45 '在每个':906 '多个':644 '如果':1088 '如果有':420 '如果用户没有传入参数':32 '安全':419,556,572,584,660 '安全加固':890 '安全加固时使用':15 '安全响应头':667 '安全审计':13 '安全更新已安装':677 '安全检查':14 '安全规则':1037 '安全评分':550,1033 '安全配置':325 '安全项':546 '安装配置':706 '审计流程':47 '密码登录已禁用':549 '密码登录禁用':586,591 '密钥检查':218 '对于不同的':1082 '将参数赋值给变量':38 '已用':513,518 '帮助用户全面审计':18 '并':804,814,822 '并提供交互式修复':22 '并行执行':53,89,162,248,291 '当前登录用户':283 '当用户说服务器安全':12 '得分':553 '必要时能恢复':1077 '必须':763 '所有修复完成后':1014 '所有监听端口':130 '扣分条件':582 '执行':46 '执行对应的修复操作':704 '扫描':5 '扫描时最大化并行执行命令':1080 '扫描时间':485 '报告输出后':682 '指标':503 '按以下格式生成报告':479 '按优先级依次修复所有发现的问题':692 '推荐':691 '提示用户检查连接信息和网络':1091 '改':1046 '改为':533 '改数据库配置前检查哪些应用在使用它':1074 '敏感文件权限检查':359 '数据库只监听':797 '数据库对外暴露':531 '数据库操作前确认依赖':1073 '数据库文件改为':861 '数据库文件权限合理':655 '数据库未对外暴露':619 '数据库监听':988 '文件改为':848 '文件权限':9,568,648,651,997 '无危险服务暴露':615 '无多余':632 '无多余可登录用户':629 '暴力破解与入侵检测':247 '暴力破解等安全问题':10 '暴露':664 '最后生成结构化报告':50 '最大化并行采集':49 '最近成功登录':275 '最近登录失败记录':250 '有待安装的安全更新':679 '服务':1051 '服务与文件安全':290 '服务器安全审计与加固':4 '服务器安全审计与加固工具':16 '服务器安全审计报告':481 '服务器的安全状况':20 '未启用':1028 '未安装':159,1023 '未安装或未运行':602 '未运行':438 '权限':968 '权限用户':193 '权限过大':654 '核心':508 '根据实际需要放通其他端口':780 '根据用户选择':703 '格式':29 '检查项':580 '每次修改网络配置后都要验证':1009 '每次改防火墙':1045 '每步操作都可回滚':1075 '每项修复完成后立即验证':975 '每项检查按严重程度分类':480 '注意事项':1078 '添加安全头':905 '满分':554 '然后':764 '版本':666 '状态':139,1021 '生成审计报告':477 '生成报告并提供一键修复':11 '生成结构化报告':21 '用':33,683 '用中文输出所有信息':1079 '用户':634,647 '用户与权限审计':161 '用户传入的参数':24 '用户权限':565,627 '登录':1068 '的':640 '的用户':166 '监听':528,622 '目录改为':863 '目标':482 '磁盘':515 '磁盘和内存概况':77 '禁用危险服务':827 '禁用多余用户':958 '移除不必要的':966 '端口':1071 '端口已放通':794 '端口必须始终放通':1039 '端口放通':1042 '端口暴露':8 '端口管理':562,613 '第一步':51 '第七步':476 '第三步':160 '第九步':1012 '第二步':87 '第五步':289 '第八步':680 '第六步':439 '第四步':246 '等':298,674,783,1087 '类别':552,579 '系统':492 '系统基本信息':52 '系统更新':575,675 '系统更新状态':440 '系统概况':502 '系统版本与内核':55 '系统运行时间与负载':70 '综合以上所有信息':478 '缺少':669 '网络安全扫描':88 '让我逐项确认':698 '记录修改前的配置值':1076 '评分规则':578 '询问':35 '询问用户':685 '超级用户':167 '输出对比':1016 '运行中':600,618,1024 '运行时间':505 '这会导致无法':1066 '连接串':28 '连接信息':37 '连接失败':1090 '连通性':1008 '选择性修复':697 '选项':688 '通过检查':547 '配置后都要验证能连上':1048 '配置审计':92 '重新计算安全评分':1015 '问题':523,539,543,686,1018 '防火墙':7,559,603,760,1027 '防火墙未启用':608 '防火墙状态':111 '除非用户明确要求':1072 '隐藏服务器版本':662 '隐藏版本':892 '需立即修复':522 '需要修复哪些问题':687 '非':595 '非必要端口暴露':626 '风险':524,540,544 '验证命令':977 '高危':538 '默认拒绝入站':609 '默认策略非':611","prices":[{"id":"976af789-faf1-4c91-b59c-f193c7301d73","listingId":"c981cbe2-d19b-46ed-beb7-9fee21034c79","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"majiayu000","category":"claude-arsenal","install_from":"skills.sh"},"createdAt":"2026-04-18T22:24:27.861Z"}],"sources":[{"listingId":"c981cbe2-d19b-46ed-beb7-9fee21034c79","source":"github","sourceId":"majiayu000/claude-arsenal/server-security","sourceUrl":"https://github.com/majiayu000/claude-arsenal/tree/main/skills/server-security","isPrimary":false,"firstSeenAt":"2026-04-18T22:24:27.861Z","lastSeenAt":"2026-05-01T07:01:16.534Z"}],"details":{"listingId":"c981cbe2-d19b-46ed-beb7-9fee21034c79","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"majiayu000","slug":"server-security","github":{"repo":"majiayu000/claude-arsenal","stars":29,"topics":["agent-skills","ai-agents","ai-coding-assistant","automation","claude","claude-code","code-review","developer-tools","devops","productivity","prompt-engineering","python","software-development","typescript","workflows"],"license":"mit","html_url":"https://github.com/majiayu000/claude-arsenal","pushed_at":"2026-04-29T04:12:22Z","description":"52 production-ready Claude Code skills and 7 specialized agents for software development, DevOps, product workflows, and automation.","skill_md_sha":"10c686eb81b42c61bf2376ff99fd5d2b1ccdf356","skill_md_path":"skills/server-security/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/majiayu000/claude-arsenal/tree/main/skills/server-security"},"layout":"multi","source":"github","category":"claude-arsenal","frontmatter":{"name":"server-security","description":"服务器安全审计与加固。扫描 SSH、防火墙、端口暴露、文件权限、暴力破解等安全问题，生成报告并提供一键修复。当用户说服务器安全、安全审计、安全检查、安全加固时使用"},"skills_sh_url":"https://skills.sh/majiayu000/claude-arsenal/server-security"},"updatedAt":"2026-05-01T07:01:16.534Z"}}