个人中心
今日签到
私信列表
消息中心
搜索全站
q_code

扫码关注官方微信
cell_code

扫码下载APP
返回顶部
技能集市 > AI智能 > security-network-hardening
s

security-network-hardening网络安全加固

Audit and harden an OpenClaw host and its network exposure. Use for security checks, hardening, firewall setup, network exposure review, metrics endpoint restriction, OpenClaw gateway security fixes, or step-by-step remediation on a Linux host running OpenClaw.

作者: admin | 来源: ClawHub
下载
源自
ClawHub
版本
V 1.0.0
安全检测
已通过
407
下载量
免费
免费
0
收藏
概述
安装方式
版本历史

security-network-hardening

技能名称:security-network-hardening

详细描述:

安全 + 网络加固

先审计,获得明确批准后再加固。保持此文件简短;需要时查阅参考资料。

核心规则

  • - 除非用户明确要求修复,否则以只读模式开始。
  • 任何状态变更操作前需获得确认。
  • 保留当前管理访问权限;不要中断SSH/RDP/VNC。
  • 优先提供精确发现,而非泛泛建议。
  • 工作区编辑完成后,提交更改。

只读基线

运行:

bash
uname -a
cat /etc/os-release
id
ss -ltnup 2>/dev/null || ss -ltnp 2>/dev/null
openclaw security audit --deep
openclaw update status
openclaw status --deep

如果防火墙状态相关,还需运行:

bash
ufw status verbose || true
firewall-cmd --state 2>/dev/null || true
nft list ruleset 2>/dev/null || true

优先级

首先检查以下项目:

  1. 1. tools.elevated.allowFrom.* 中的通配符提升访问权限
  2. 可写的凭据目录
  3. 缺少网关认证速率限制
  4. 宽泛或不明确的监听端口
  5. 指标端点暴露范围过广
  6. 无效的自定义 gateway.nodes.denyCommands
  7. 工作区技能符号链接逃逸

修复模式

仅在相关时阅读:

  • - UFW/防火墙工作流程:references/ufw-playbook.md
  • OpenClaw配置修复:references/openclaw-fix-patterns.md

产物生成

当用户需要生成文件时,创建:

  • - firewall-rules.md
  • apply-firewall.sh
  • scripts/rollback-firewall.sh
  • scripts/verify-firewall.sh

安全防火墙顺序

  1. 1. 确认允许的源子网/IP。
  2. 如果使用SSH,首先添加SSH规则。
  3. 应用仅限局域网和单主机规则。
  4. 从预期客户端进行验证。
  5. 重新检查 ufw status verbose 和 ss -ltnp。

验证

修复后,使用以下命令验证:

bash
openclaw security audit --deep
openclaw gateway status
python3 -m json.tool ~/.openclaw/openclaw.json >/dev/null
sudo ufw status verbose
ss -ltnp

成功标准:

  • - 无严重审计发现
  • 实际可行时无警告审计发现
  • 网关可达
  • 所需端口仅从授权来源可达

标签

skill ai

通过对话安装

该技能支持在以下平台通过对话安装:

OpenClaw WorkBuddy QClaw Kimi Claude

方式一:安装 SkillHub 和技能

帮我安装 SkillHub 和 security-network-hardening-1776388862 技能

方式二:设置 SkillHub 为优先技能安装源

设置 SkillHub 为我的优先技能安装源,然后帮我安装 security-network-hardening-1776388862 技能

通过命令行安装

skillhub install security-network-hardening-1776388862

下载

⬇ 下载 security-network-hardening v1.0.0(免费)

文件大小: 4.55 KB | 发布时间: 2026-4-17 16:02

v1.0.0 最新 2026-4-17 16:02
Initial release: OpenClaw security audit, firewall hardening, references, rollback and verify scripts.

相关推荐

s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392958
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392957
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3195 ⬇ 389589
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3177 ⬇ 386644
AI智能

多链集团旗下-闲社网

闲社网热线
免费联系电话
0527-80111111
            qqline

服务时间:周一到周日 8:00-24:00

  • 公众号
    闲社 闲社线报社区
关注闲社网
  • wxkf

    闲社在线客服

  • wx

    关注闲社网微信

  • app

    闲社网APP

Archiver·手机版·闲社网·闲社论坛·羊毛社区· 多链控股集团有限公司 · 苏ICP备2025199260号-1

Powered by Discuz! X5.0   © 2024-2025 闲社网·线报更新论坛·羊毛分享社区·http://xianshe.com

p2p_official_large
返回顶部