File size: 1,242 Bytes
b367190 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
#!/bin/bash
echo "配置基础安全设置..."
# 设置文件权限
chown -R www-data:www-data /var/www/html
find /var/www/html -type f -exec chmod 644 {} \;
find /var/www/html -type d -exec chmod 755 {} \;
# 保护敏感文件
chmod 600 /var/www/html/wp-config-sample.php 2>/dev/null || true
# 创建 .htaccess 安全文件
cat > /var/www/html/.htaccess << 'EOF'
# 禁用目录列表
Options -Indexes
# 阻止访问敏感文件
<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|inc|bak|backup|old)$">
Require all denied
</FilesMatch>
# 阻止访问 WordPress 配置文件
<Files "wp-config.php">
Require all denied
</Files>
# 安全头
<IfModule mod_headers.c>
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options SAMEORIGIN
Header always set X-XSS-Protection "1; mode=block"
</IfModule>
EOF
# 设置 MySQL 安全配置
mysql -u root -e "
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
FLUSH PRIVILEGES;
" 2>/dev/null || echo "MySQL 安全配置跳过(服务未运行)"
echo "安全配置完成" |