openclaw 网盘下载
OpenClaw

技能详情(站内镜像,无评论)

首页 > 技能库 > sjht-server-audit

远程服务器安全巡检和环境报告工具。 通过 SSH 免密登录远程主机,全面检查系统信息、运行服务、开放端口、 Web 服务器配置、数据库配置、安全设置(SSH/防火墙/SELinux)、可疑进程和定时任务, 生成结构化的巡检报告。Use when 用户需要检查服务器安全、排查服务器环境、 了解服务器上运行了什么服务...

系统与自动化

许可证:MIT-0

MIT-0 ·免费使用、修改和重新分发。无需归因。

版本:v1.0.0

统计:⭐ 0 · 33 · 0 current installs · 0 all-time installs

0

安装量(当前) 0

🛡 VirusTotal :良性 · OpenClaw :良性

Package:aowind/sjht-server-audit

安全扫描(ClawHub)

  • VirusTotal :良性
  • OpenClaw :良性

OpenClaw 评估

The skill is a coherent SSH-based server-audit tool that runs a remote script to collect system and service information; it contains some implementation/documentation mismatches and a missing declared dependency that you should review before use.

目的

The name/description (remote server security audit via SSH) matches what the script does: it SSH-es into the target and collects system info, services, ports, web/db config, cron entries, and produces a local report. No unrelated credentials, binaries, or external services are requested.

说明范围

The SKILL.md instructs running scripts/server-audit.sh which indeed SSH-es to the target and collects config files and logs — appropriate for an audit. However there are two mismatches: SKILL.md states reports are saved to ~/.openclaw/workspac/audits/<IP>-<date>.md, but the shipped script does not write such a persistent file (it writes to a local temporary file $TMPFILE and the trap removes it on exit). Also SKILL.md lists 'ssh-ops' skill as …

安装机制

Instruction-only skill with an included shell script; no install spec, no external downloads or package installs. Low install-time risk since nothing is fetched/installed automatically.

证书

The skill requests no environment variables or external credentials in metadata. Operationally it requires SSH key-based access to target hosts (private key must be present on the agent or managed by another skill like 'ssh-ops'). This is proportional to its purpose, but the requirement is only documented in SKILL.md (not declared in metadata) so users must ensure their SSH keys are handled securely.

持久

always is false and the skill does not request persistent privileges or modify other skills/config. It executes remotely over SSH and stores output locally in a temp file; no evidence of attempts to persist beyond that or modify agent-wide settings.

综合结论

This script is coherent for performing a remote server audit, but review and test it before running on production. Specifically: - Verify SSH key handling: the skill assumes passwordless SSH; ensure the private key is stored and used securely (or provide it via a known credential manager), and confirm which user/account will be used. - Expect the script to execute commands on the remote host and read config files (e.g., /etc/ssh/sshd_config, /…

安装(复制给龙虾 AI)

将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。

请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「sjht-server-audit」。简介:远程服务器安全巡检和环境报告工具。 通过 SSH 免密登录远程主机,全面检查系统信息、运行服务、开放端口、 Web 服务器配置、数据库配置、安全设置(SSH/…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/aowind/sjht-server-audit/SKILL.md
(来源:yingzhi8.cn 技能库)

SKILL.md

打开原始 SKILL.md(GitHub raw)

---
name: server-audit
description: >
  远程服务器安全巡检和环境报告工具。
  通过 SSH 免密登录远程主机,全面检查系统信息、运行服务、开放端口、
  Web 服务器配置、数据库配置、安全设置(SSH/防火墙/SELinux)、可疑进程和定时任务,
  生成结构化的巡检报告。Use when 用户需要检查服务器安全、排查服务器环境、
  了解服务器上运行了什么服务、生成巡检报告、或提及"巡检"、"安全检查"、"服务器检查"。
---

# server-audit — 远程服务器巡检

通过 SSH 免密登录检查远程服务器环境与安全状况,生成巡检报告。

## 前提条件

- 已通过 `ssh-ops` skill 配置好免密登录
- 或手动配置了 SSH 密钥认证

## 工作流程

### 1. 运行巡检脚本

```bash
bash <skill>/scripts/server-audit.sh <host> [user]
```

脚本会自动收集以下信息并输出快速安全判定:

- **系统信息**: OS、内核、CPU、内存、磁盘、Swap
- **运行服务**: systemd running services
- **开放端口**: 所有 TCP 监听端口
- **防火墙**: firewalld 状态和规则、SELinux 状态
- **Web 服务**: Nginx/PHP-FPM/MariaDB/Node/Docker 版本和状态
- **Nginx 虚拟主机**: server_name、root、listen
- **网站文件**: /www/wwwroot 下的站点检测
- **安全配置**: SSH 配置(密码认证、Root 登录、端口)
- **可疑项目**: 失败登录记录、定时任务、高内存进程

### 2. 基于脚本输出生成详细报告

根据脚本收集的数据,生成结构化的 Markdown 报告。

**⚠️ 报告保存位置:** `~/.openclaw/workspac/audits/<IP>-<日期>.md`

报告只保存在本地 workspace,**不要上传到任何 GitHub 仓库**。

文件命名格式:`119.91.38.151-20260319.md`

报告模板:
```markdown
# 服务器巡检报告
**主机:** <IP>
**检查时间:** <时间>

## 1. 基础信息
## 2. 已安装服务
## 3. 开放端口(标注风险)
## 4. 安全问题(🔴严重/⚠️警告/💡建议)
## 5. 快速修复命令
```

## 安全判定规则

### 🔴 严重(需立即修复)
- 数据库端口(3306/5432)监听 0.0.0.0
- 管理面板端口(宝塔 8888、phpMyAdmin)监听 0.0.0.0
- SSH 允许 root 密码登录

### ⚠️ 警告(建议修复)
- 防火墙未启用
- SELinux 禁用
- SSH 密码认证未禁用
- 无 Swap 分区
- 存在暴力破解尝试
- 可疑定时任务

### 💡 建议(优化项)
- SSH 默认端口 22
- 缺少运行时(Node.js 等)
- 未使用的服务(Postfix 等)
- 无自动备份策略

## 多服务器批量巡检

对多台服务器循环执行:
```bash
for host in 192.168.1.1 192.168.1.2 10.0.0.1; do
  echo "=== $host ==="
  bash <skill>/scripts/server-audit.sh "$host"
  echo ""
done
```