\u672c\u6587\u6863\u6c47\u603b\u4e86 Debian 13 \u7cfb\u7edf\u7684\u5b8c\u6574\u914d\u7f6e\u6d41\u7a0b\uff0c\u5305\u542b\u7cfb\u7edf\u66f4\u65b0\u3001\u7f51\u7edc\u52a0\u901f\u3001\u5b89\u5168\u9632\u62a4\u3001\u5f00\u53d1\u73af\u5883\u548c Shell \u7f8e\u5316\u7b49\u6240\u6709\u529f\u80fd\u3002 \u6587\u6863\u7248\u672c<\/strong>: 1.0
\n\u6267\u884c\u987a\u5e8f<\/strong>: \u4ece\u4e0a\u5230\u4e0b\u4f9d\u6b21\u6267\u884c\u5404\u4ee3\u7801\u5757<\/p>\n
\n\u4e00\u3001\u7cfb\u7edf\u66f4\u65b0\u4e0e\u57fa\u7840\u4f18\u5316<\/h2>\n
#!\/bin\/bash\n# Debian 13 \u7cfb\u7edf\u5168\u9762\u66f4\u65b0\u4e0e\u57fa\u7840\u914d\u7f6e\n\n# 1.1 \u66f4\u65b0\u8f6f\u4ef6\u6e90\u5e76\u5347\u7ea7\u7cfb\u7edf\necho "\u3010\u6b65\u9aa41\u3011\u66f4\u65b0\u7cfb\u7edf\u8f6f\u4ef6\u5305..."\nsudo apt update && sudo apt upgrade -y\n\n# 1.2 \u5b89\u88c5\u57fa\u7840\u5de5\u5177\necho "\u3010\u6b65\u9aa42\u3011\u5b89\u88c5\u57fa\u7840\u5de5\u5177..."\nsudo apt install -y \\\n curl wget git vim htop net-tools lsof \\\n apt-transport-https ca-certificates \\\n gnupg lsb-release software-properties-common\n\n# 1.3 \u6e05\u7406\u65e7\u7248\u672c\u8f6f\u4ef6\u5305\necho "\u3010\u6b65\u9aa43\u3011\u6e05\u7406\u7cfb\u7edf..."\nsudo apt autoremove -y\nsudo apt autoclean\n\n# 1.4 \u4fee\u590d\u5df2\u77e5Bug\uff08\u5982\u4e3b\u673a\u540d\u89e3\u6790\u95ee\u9898\uff09\necho "\u3010\u6b65\u9aa44\u3011\u4fee\u590dsudo\u4e3b\u673a\u540d\u89e3\u6790\u95ee\u9898..."\nCURRENT_HOSTNAME=$(hostname)\nif ! grep -q "$CURRENT_HOSTNAME" \/etc\/hosts; then\n echo "127.0.1.1 $CURRENT_HOSTNAME" | sudo tee -a \/etc\/hosts\n echo "\u2705 \u5df2\u6dfb\u52a0\u4e3b\u673a\u540d\u6620\u5c04"\nelse\n echo "\u2705 \u4e3b\u673a\u540d\u6620\u5c04\u5df2\u5b58\u5728"\nfi\n\n# 1.5 \u7cfb\u7edf\u53c2\u6570\u4f18\u5316\necho "\u3010\u6b65\u9aa45\u3011\u7cfb\u7edf\u6027\u80fd\u4f18\u5316..."\nsudo sysctl -w vm.swappiness=10\nsudo bash -c 'cat > \/etc\/sysctl.d\/99-system-optimize.conf << EOF\n# \u7cfb\u7edf\u6027\u80fd\u4f18\u5316\u53c2\u6570\nvm.swappiness = 10\nfs.file-max = 1000000\nfs.inotify.max_user_instances = 8192\nEOF'\nsudo sysctl -p \/etc\/sysctl.d\/99-system-optimize.conf\n\n# 1.6 \u66f4\u65b0GRUB\uff08\u5982\u9700\u8981\uff09\necho "\u3010\u6b65\u9aa46\u3011\u66f4\u65b0GRUB\u5f15\u5bfc..."\nsudo update-grub\nsudo update-initramfs -u\n\necho "\u2705 \u7cfb\u7edf\u66f4\u65b0\u4e0e\u4f18\u5316\u5b8c\u6210\uff01\u5efa\u8bae\u91cd\u542f\u7cfb\u7edf\u4f7f\u90e8\u5206\u66f4\u6539\u751f\u6548"<\/code><\/pre>\n
\n\u4e8c\u3001\u7f51\u7edc\u52a0\u901f\u914d\u7f6e\uff08BBR3\u542f\u7528\uff09<\/h2>\n
#!\/bin\/bash\n# Debian 13 BBR3 \u7f51\u7edc\u52a0\u901f\u914d\u7f6e\n# \u6ce8\u610f\uff1aDebian 13\u5185\u68386.12+\u5df2\u5185\u7f6eBBR v3\uff0c\u65e0\u9700\u5347\u7ea7\u5185\u6838\n\necho "\u3010BBR3\u914d\u7f6e\u3011\u542f\u7528TCP BBR v3\u62e5\u585e\u63a7\u5236\u7b97\u6cd5..."\n\n# 2.1 \u68c0\u67e5\u5185\u6838\u7248\u672c\nKERNEL_VERSION=$(uname -r | cut -d. -f1-2)\necho "\u5f53\u524d\u5185\u6838\u7248\u672c: $KERNEL_VERSION"\nif (( $(echo "$KERNEL_VERSION >= 6.3" | bc -l) )); then\n echo "\u2705 \u5185\u6838\u7248\u672c\u652f\u6301BBR v3"\nelse\n echo "\u26a0\ufe0f \u5185\u6838\u7248\u672c\u8fc7\u4f4e\uff0c\u5efa\u8bae\u5347\u7ea7\u81f36.3+"\nfi\n\n# 2.2 \u521b\u5efaBBR3\u914d\u7f6e\u6587\u4ef6\nsudo bash -c 'cat > \/etc\/sysctl.d\/10-bbr.conf << EOF\n# TCP BBR v3 \u7f51\u7edc\u52a0\u901f\u914d\u7f6e\nnet.core.default_qdisc = fq_pie\nnet.ipv4.tcp_congestion_control = bbr\n\n# \u989d\u5916\u4f18\u5316\u53c2\u6570\nnet.ipv4.tcp_notsent_lowat = 16384\nnet.ipv4.tcp_ecn = 1\nEOF'\n\n# 2.3 \u5e94\u7528\u914d\u7f6e\nsudo sysctl -p \/etc\/sysctl.d\/10-bbr.conf\n\n# 2.4 \u9a8c\u8bc1BBR3\u662f\u5426\u751f\u6548\necho "\u3010\u9a8c\u8bc1\u3011\u68c0\u67e5BBR3\u72b6\u6001..."\nsleep 1\nif sysctl net.ipv4.tcp_congestion_control | grep -q "bbr"; then\n echo "\u2705 BBR\u5df2\u542f\u7528"\nelse\n echo "\u274c BBR\u542f\u7528\u5931\u8d25"\nfi\n\n# 2.5 \u68c0\u67e5BBR\u7248\u672c\necho "\u3010\u9a8c\u8bc1\u3011\u68c0\u67e5BBR\u6a21\u5757\u7248\u672c..."\nif modinfo tcp_bbr 2>\/dev\/null | grep -q "version: 3"; then\n echo "\u2705 BBR v3 \u5df2\u6210\u529f\u52a0\u8f7d"\n modinfo tcp_bbr | grep version\nelse\n echo "\u26a0\ufe0f \u5f53\u524d\u4e3aBBR v1\/v2\uff0c\u4f46\u529f\u80fd\u5df2\u542f\u7528"\nfi\n\n# 2.6 TCP\u7a97\u53e3\u4f18\u5316\uff08\u53ef\u9009\uff09\necho "\u3010\u4f18\u5316\u3011\u8c03\u6574TCP\u7a97\u53e3\u53c2\u6570..."\nsudo bash -c 'cat >> \/etc\/sysctl.d\/10-bbr.conf << EOF\n\n# TCP\u7a97\u53e3\u4f18\u5316\nnet.ipv4.tcp_rmem = 4096 87380 33554432\nnet.ipv4.tcp_wmem = 4096 65536 33554432\nnet.core.rmem_max = 67108864\nnet.core.wmem_max = 67108864\nEOF'\nsudo sysctl -p \/etc\/sysctl.d\/10-bbr.conf\n\necho "\u2705 BBR3\u7f51\u7edc\u52a0\u901f\u914d\u7f6e\u5b8c\u6210\uff01\u5efa\u8bae\u91cd\u542f\u4f7f\u6240\u6709\u53c2\u6570\u751f\u6548"<\/code><\/pre>\n
\n\u4e09\u3001SSH\u5b89\u5168\u9632\u62a4\u914d\u7f6e<\/h2>\n
#!\/bin\/bash\n# Debian 13 SSH\u5b89\u5168\u52a0\u56fa\u4e0e\u9632\u62a4\u8f6f\u4ef6\u5b89\u88c5\n\necho "\u3010SSH\u5b89\u5168\u3011\u914d\u7f6eFail2ban\u548c\u57fa\u7840SSH\u52a0\u56fa..."\n\n# 3.1 \u4fee\u6539SSH\u9ed8\u8ba4\u7aef\u53e3\uff08\u63a8\u8350\uff09\necho "\u3010\u6b65\u9aa41\u3011\u4fee\u6539SSH\u7aef\u53e3..."\nread -p "\u8bf7\u8f93\u5165\u65b0\u7684SSH\u7aef\u53e3 (\u9ed8\u8ba42222): " NEW_SSH_PORT\nNEW_SSH_PORT=${NEW_SSH_PORT:-2222}\nsudo sed -i "s\/#Port 22\/Port $NEW_SSH_PORT\/" \/etc\/ssh\/sshd_config\nsudo sed -i "s\/Port 22\/Port $NEW_SSH_PORT\/" \/etc\/ssh\/sshd_config\necho "\u2705 SSH\u7aef\u53e3\u5df2\u4fee\u6539\u4e3a: $NEW_SSH_PORT"\n\n# 3.2 \u7981\u6b62root\u767b\u5f55SSH\nsudo sed -i 's\/#PermitRootLogin yes\/PermitRootLogin no\/' \/etc\/ssh\/sshd_config\nsudo sed -i 's\/PermitRootLogin yes\/PermitRootLogin no\/' \/etc\/ssh\/sshd_config\necho "\u2705 \u5df2\u7981\u6b62root\u767b\u5f55"\n\n# 3.3 \u5b89\u88c5Fail2ban\necho "\u3010\u6b65\u9aa42\u3011\u5b89\u88c5Fail2ban..."\nsudo apt install -y fail2ban\n\n# 3.4 \u914d\u7f6eFail2ban\nsudo bash -c 'cat > \/etc\/fail2ban\/jail.local << EOF\n[sshd]\nenabled = true\nport = '$NEW_SSH_PORT'\nfilter = sshd\nlogpath = \/var\/log\/auth.log\nmaxretry = 5\nbantime = 3600\nfindtime = 600\nignoreip = 127.0.0.1\/8 ::1\nEOF'\n\n# 3.5 \u542f\u52a8Fail2ban\u670d\u52a1\nsudo systemctl enable fail2ban\nsudo systemctl restart fail2ban\necho "\u2705 Fail2ban\u5df2\u542f\u52a8\u5e76\u914d\u7f6e\u5b8c\u6210"\n\n# 3.6 \u914d\u7f6eUFW\u9632\u706b\u5899\necho "\u3010\u6b65\u9aa43\u3011\u914d\u7f6e\u9632\u706b\u5899..."\nsudo apt install -y ufw\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\nsudo ufw allow $NEW_SSH_PORT\/tcp\nsudo ufw allow 80\/tcp\nsudo ufw allow 443\/tcp\nsudo ufw --force enable\nsudo ufw status verbose\necho "\u2705 \u9632\u706b\u5899\u914d\u7f6e\u5b8c\u6210"\n\n# 3.7 \u63d0\u793a\u91cd\u542fSSH\u670d\u52a1\necho "\u26a0\ufe0f \u9700\u8981\u91cd\u542fSSH\u670d\u52a1\u4ee5\u5e94\u7528\u7aef\u53e3\u66f4\u6539"\nread -p "\u662f\u5426\u7acb\u5373\u91cd\u542fSSH\u670d\u52a1? (y\/n): " RESTART_SSH\nif [[ $RESTART_SSH == "y" ]]; then\n sudo systemctl restart sshd\n echo "\u2705 SSH\u670d\u52a1\u5df2\u91cd\u542f\uff0c\u8bf7\u4f7f\u7528\u65b0\u7aef\u53e3 $NEW_SSH_PORT \u91cd\u65b0\u8fde\u63a5"\nelse\n echo "\u26a0\ufe0f \u8bf7\u7a0d\u540e\u624b\u52a8\u91cd\u542fSSH\u670d\u52a1: sudo systemctl restart sshd"\nfi\n\necho "\u2705 SSH\u5b89\u5168\u9632\u62a4\u914d\u7f6e\u5b8c\u6210\uff01"<\/code><\/pre>\n
\n\u56db\u3001\u7cfb\u7edf\u5b89\u5168\u4e0e\u9632\u75c5\u6bd2<\/h2>\n
#!\/bin\/bash\n# Debian 13 \u7cfb\u7edf\u5b89\u5168\u52a0\u56fa\u4e0eClamAV\u5b89\u88c5\n\necho "\u3010\u7cfb\u7edf\u5b89\u5168\u3011\u5b89\u88c5ClamAV\u9632\u75c5\u6bd2\u8f6f\u4ef6..."\n\n# 4.1 \u5b89\u88c5ClamAV\nsudo apt install -y clamav clamav-daemon clamav-freshclam\n\n# 4.2 \u66f4\u65b0\u75c5\u6bd2\u5e93\nsudo systemctl stop clamav-freshclam\nsudo freshclam\nsudo systemctl start clamav-freshclam\n\n# 4.3 \u542f\u7528ClamAV\u670d\u52a1\nsudo systemctl enable clamav-daemon\nsudo systemctl start clamav-daemon\necho "\u2705 ClamAV\u9632\u75c5\u6bd2\u7cfb\u7edf\u5df2\u5b89\u88c5"\n\n# 4.4 \u8bbe\u7f6e\u6bcf\u5468\u5b9a\u65f6\u626b\u63cf\nsudo bash -c 'cat > \/etc\/cron.weekly\/clamav-scan << EOF\n#!\/bin\/bash\nLOGFILE="\/var\/log\/clamav\/weekly-scan-\\$(date +%Y%m%d).log"\nclamscan -r -i \/home --log=\\$LOGFILE\nEOF'\nsudo chmod +x \/etc\/cron.weekly\/clamav-scan\necho "\u2705 \u5df2\u914d\u7f6e\u6bcf\u5468\u81ea\u52a8\u626b\u63cf"\n\n# 4.5 \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177\uff08\u53ef\u9009\uff09\necho "\u3010\u53ef\u9009\u3011\u5b89\u88c5\u5b89\u5168\u5ba1\u8ba1\u5de5\u5177..."\nsudo apt install -y lynis chkrootkit rkhunter\necho "\u2705 \u5b89\u5168\u5ba1\u8ba1\u5de5\u5177\u5df2\u5b89\u88c5"\n\n# 4.6 \u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7\nsudo apt install -y logwatch\nsudo bash -c 'cat > \/etc\/logwatch\/conf\/logwatch.conf << EOF\nMailTo = root\nDetail = Med\nRange = yesterday\nEOF'\necho "\u2705 \u65e5\u5fd7\u76d1\u63a7\u5df2\u914d\u7f6e"<\/code><\/pre>\n
\n\u4e94\u3001Node.js\u5f00\u53d1\u73af\u5883\u5b89\u88c5<\/h2>\n
#!\/bin\/bash\n# Debian 13 Node.js \u5f00\u53d1\u73af\u5883\u914d\u7f6e\n\necho "\u3010\u5f00\u53d1\u73af\u5883\u3011\u5b89\u88c5Node.js\u548cnpm..."\n\n# 5.1 \u5b89\u88c5Node.js 20.x LTS\uff08\u63a8\u8350\uff09\ncurl -fsSL https:\/\/deb.nodesource.com\/setup_20.x | sudo -E bash -\nsudo apt install -y nodejs\n\n# 5.2 \u9a8c\u8bc1\u5b89\u88c5\nnode --version\nnpm --version\n\n# 5.3 \u66f4\u65b0npm\u5230\u6700\u65b0\u7248\nsudo npm install -g npm@latest\n\n# 5.4 \u914d\u7f6enpm\u5168\u5c40\u5b89\u88c5\u8def\u5f84\uff08\u907f\u514d\u6743\u9650\u95ee\u9898\uff09\nmkdir -p ~\/.npm-global\nnpm config set prefix '~\/.npm-global'\necho 'export PATH=~\/.npm-global\/bin:$PATH' >> ~\/.bashrc\necho 'export PATH=~\/.npm-global\/bin:$PATH' >> ~\/.zshrc\n\n# 5.5 \u5b89\u88c5\u5e38\u7528\u5168\u5c40\u5de5\u5177\nnpm install -g \\\n pm2 \\\n yarn \\\n pnpm \\\n @vue\/cli \\\n create-react-app\n\necho "\u2705 Node.js\u5f00\u53d1\u73af\u5883\u914d\u7f6e\u5b8c\u6210"<\/code><\/pre>\n
\n\u516d\u3001Shell\u73af\u5883\u81ea\u52a8\u5316\u914d\u7f6e\uff08Zsh\uff09<\/h2>\n
#!\/bin\/bash\n# Debian 13 Zsh + Powerlevel10k \u5b8c\u7f8e\u914d\u7f6e\n\necho "\u3010Shell\u914d\u7f6e\u3011\u5378\u8f7dPowerline\u5e76\u5b89\u88c5Zsh..."\n\n# 6.1 \u5378\u8f7dPowerline\uff08\u5982\u679c\u5b58\u5728\uff09\nsudo apt remove -y powerline fonts-powerline\nsudo rm -rf \/usr\/share\/powerline\nsed -i '\/powerline\/d' ~\/.bashrc\nsed -i '\/POWERLINE\/d' ~\/.bashrc\nfc-cache -f -v\necho "\u2705 Powerline\u5df2\u5378\u8f7d"\n\n# 6.2 \u5b89\u88c5Zsh\u548c\u57fa\u7840\u5de5\u5177\nsudo apt install -y zsh git wget curl fonts-firacode\n\n# 6.3 \u5b89\u88c5Oh My Zsh\uff08\u65e0\u4ea4\u4e92\u6a21\u5f0f\uff09\nsh -c "$(wget -O- https:\/\/raw.githubusercontent.com\/ohmyzsh\/ohmyzsh\/master\/tools\/install.sh)" "" --unattended\n\n# 6.4 \u5b89\u88c5Powerlevel10k\u4e3b\u9898\ngit clone --depth=1 https:\/\/github.com\/romkatv\/powerlevel10k.git ${ZSH_CUSTOM:-$HOME\/.oh-my-zsh\/custom}\/themes\/powerlevel10k\n\n# 6.5 \u5b89\u88c5Nerd Font\u5b57\u4f53\nmkdir -p ~\/.local\/share\/fonts\nwget -O ~\/.local\/share\/fonts\/FiraCodeNerdFont-Regular.ttf \\\n https:\/\/github.com\/ryanoasis\/nerd-fonts\/raw\/master\/patched-fonts\/FiraCode\/Regular\/FiraCodeNerdFont-Regular.ttf\nfc-cache -fv\n\n# 6.6 \u5b89\u88c5Oh My Zsh\u63d2\u4ef6\ngit clone --depth=1 https:\/\/github.com\/zsh-users\/zsh-autosuggestions ${ZSH_CUSTOM:-$HOME\/.oh-my-zsh\/custom}\/plugins\/zsh-autosuggestions\ngit clone --depth=1 https:\/\/github.com\/zsh-users\/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-$HOME\/.oh-my-zsh\/custom}\/plugins\/zsh-syntax-highlighting\nsudo apt install -y autojump command-not-found\n\n# 6.7 \u751f\u6210\u5b8c\u6574.zshrc\u914d\u7f6e\ncat > ~\/.zshrc << 'EOF'\n# Enable Powerlevel10k instant prompt\nif [[ -r "${XDG_CACHE_HOME:-$HOME\/.cache}\/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then\n source "${XDG_CACHE_HOME:-$HOME\/.cache}\/p10k-instant-prompt-${(%):-%n}.zsh"\nfi\n\n# Path to Oh My Zsh\nexport ZSH="$HOME\/.oh-my-zsh"\n\n# Theme configuration\nZSH_THEME="powerlevel10k\/powerlevel10k"\n\n# Plugin configuration\nplugins=(\n git\n docker\n docker-compose\n kubectl\n zsh-autosuggestions\n zsh-syntax-highlighting\n autojump\n command-not-found\n colored-man-pages\n extract\n history-substring-search\n)\n\nsource $ZSH\/oh-my-zsh.sh\n\n# History configuration\nexport HISTSIZE=100000\nexport HISTFILESIZE=100000\nexport HISTCONTROL=ignoredups:erasedups\nexport HISTTIMEFORMAT="%F %T "\nsetopt SHARE_HISTORY\n\n# Completion configuration\nautoload -U compinit && compinit\nzstyle ':completion:*' menu select\nzstyle ':completion:*' list-colors "${(@s.:.)LS_COLORS}"\n\n# Aliases\nalias ll='ls -alhF --color=auto'\nalias la='ls -A'\nalias l='ls -CF'\nalias grep='grep --color=auto'\nalias df='df -h'\nalias du='du -sh'\nalias ..='cd ..'\nalias ...='cd ..\/..'\nalias zshconfig='nano ~\/.zshrc'\nalias reloadzsh='source ~\/.zshrc'\n\n# kubectl & Docker completion\n[[ $commands[kubectl] ]] && source <(kubectl completion zsh)\n[[ $commands[docker] ]] && source <(docker completion zsh)\n\n# autojump\n[[ -s \/usr\/share\/autojump\/autojump.sh ]] && source \/usr\/share\/autojump\/autojump.sh\n\n# Powerlevel10k configuration\n[[ ! -f ~\/.p10k.zsh ]] || source ~\/.p10k.zsh\nEOF\n\n# 6.8 \u8bbe\u7f6eZsh\u4e3a\u9ed8\u8ba4Shell\nchsh -s $(which zsh)\n\necho "\u2705 Zsh\u57fa\u7840\u914d\u7f6e\u5b8c\u6210\uff01"\n\n# 6.9 \u63d0\u793a\u7528\u6237\u624b\u52a8\u914d\u7f6ePowerlevel10k\necho "\u26a0\ufe0f \u63a5\u4e0b\u6765\u9700\u8981\u624b\u52a8\u542f\u52a8Zsh\u5b8c\u6210Powerlevel10k\u914d\u7f6e"\necho "\u8bf7\u6267\u884c: zsh"\necho "\u7136\u540e\u6309\u7167Powerlevel10k\u914d\u7f6e\u5411\u5bfc\u7684\u63d0\u793a\u8fdb\u884c\u9009\u62e9"\necho "\u63a8\u8350\u9009\u62e9: Rainbow\u4e3b\u9898, Unicode\u5b57\u7b26\u96c6, 24\u5c0f\u65f6\u5236\u65f6\u95f4"<\/code><\/pre>\n
\n\u4e03\u3001\u7cfb\u7edf\u9a8c\u8bc1\u4e0e\u6d4b\u8bd5<\/h2>\n
#!\/bash\/bash\n# Debian 13 \u914d\u7f6e\u5b8c\u6574\u6027\u9a8c\u8bc1\u811a\u672c\n\necho "\u3010\u7cfb\u7edf\u9a8c\u8bc1\u3011\u68c0\u67e5\u6240\u6709\u914d\u7f6e\u662f\u5426\u751f\u6548..."\n\n# 7.1 \u7cfb\u7edf\u7248\u672c\u9a8c\u8bc1\necho "=== \u7cfb\u7edf\u7248\u672c ==="\ncat \/etc\/os-release\nuname -r\n\n# 7.2 BBR3\u9a8c\u8bc1\necho -e "\\n=== BBR3\u72b6\u6001 ==="\nsysctl net.ipv4.tcp_congestion_control\nsysctl net.core.default_qdisc\nlsmod | grep bbr\n\n# 7.3 SSH\u5b89\u5168\u9a8c\u8bc1\necho -e "\\n=== SSH\u5b89\u5168 ==="\nsudo fail2ban-client status sshd\nsudo ufw status verbose\nsudo grep "Port" \/etc\/ssh\/sshd_config | grep -v "^#"\n\n# 7.4 \u9632\u75c5\u6bd2\u9a8c\u8bc1\necho -e "\\n=== ClamAV\u72b6\u6001 ==="\nsudo systemctl is-active clamav-daemon\nsudo systemctl is-enabled clamav-daemon\nclamscan --version\n\n# 7.5 Node.js\u9a8c\u8bc1\necho -e "\\n=== Node.js\u73af\u5883 ==="\nnode --version\nnpm --version\necho "npm\u5168\u5c40\u8def\u5f84: $(npm config get prefix)"\n\n# 7.6 Zsh\u9a8c\u8bc1\necho -e "\\n=== Zsh\u73af\u5883 ==="\nzsh --version\necho "\u5f53\u524dShell: $SHELL"\nif [ -f ~\/.oh-my-zsh\/oh-my-zsh.sh ]; then\n echo "\u2705 Oh My Zsh\u5df2\u5b89\u88c5"\nelse\n echo "\u274c Oh My Zsh\u672a\u5b89\u88c5"\nfi\n\necho -e "\\n=== \u9a8c\u8bc1\u811a\u672c\u6267\u884c\u5b8c\u6210 ==="\necho "\u5982\u679c\u6240\u6709\u68c0\u67e5\u9879\u90fd\u663e\u793a\u6b63\u5e38\uff0c\u8bf4\u660e\u914d\u7f6e\u6210\u529f\uff01"\necho "\u5efa\u8bae\u6267\u884c 'sudo reboot' \u91cd\u542f\u7cfb\u7edf\u4f7f\u6240\u6709\u66f4\u6539\u5b8c\u5168\u751f\u6548"<\/code><\/pre>\n
\n\u516b\u3001\u4e00\u952e\u6267\u884c\u6240\u6709\u914d\u7f6e\uff08\u4e3b\u811a\u672c\uff09<\/h2>\n
#!\/bin\/bash\n# Debian 13 \u5b8c\u6574\u81ea\u52a8\u5316\u914d\u7f6e\u4e3b\u811a\u672c\n# \u6267\u884c\u65f6\u95f4\uff1a\u7ea615-30\u5206\u949f\uff08\u53d6\u51b3\u4e8e\u7f51\u7edc\u901f\u5ea6\uff09\n\nset -e # \u9047\u5230\u9519\u8bef\u7acb\u5373\u9000\u51fa\n\necho "=========================================="\necho "Debian 13 \u5b8c\u6574\u81ea\u52a8\u5316\u914d\u7f6e\u811a\u672c"\necho "\u6267\u884c\u65f6\u95f4: $(date)"\necho "=========================================="\n\n# \u6b65\u9aa41: \u7cfb\u7edf\u66f4\u65b0\u4e0e\u4f18\u5316\necho "\u3010\u9636\u6bb51\/7\u3011\u7cfb\u7edf\u66f4\u65b0\u4e0e\u4f18\u5316..."\n\/bin\/bash <(curl -s https:\/\/your-domain.com\/config\/01-system-update.sh)\n\n# \u6b65\u9aa42: BBR3\u7f51\u7edc\u52a0\u901f\necho "\u3010\u9636\u6bb52\/7\u3011\u914d\u7f6eBBR3\u7f51\u7edc\u52a0\u901f..."\n\/bin\/bash <(curl -s https:\/\/your-domain.com\/config\/02-bbr3.sh)\n\n# \u6b65\u9aa43: SSH\u5b89\u5168\u9632\u62a4\necho "\u3010\u9636\u6bb53\/7\u3011\u914d\u7f6eSSH\u5b89\u5168\u9632\u62a4..."\n\/bin\/bash <(curl -s https:\/\/your-domain.com\/config\/03-ssh-security.sh)\n\n# \u6b65\u9aa44: \u9632\u75c5\u6bd2\u7cfb\u7edf\necho "\u3010\u9636\u6bb54\/7\u3011\u5b89\u88c5\u9632\u75c5\u6bd2\u8f6f\u4ef6..."\n\/bin\/bash <(curl -s https:\/\/your-domain.com\/config\/04-antivirus.sh)\n\n# \u6b65\u9aa45: Node.js\u73af\u5883\necho "\u3010\u9636\u6bb55\/7\u3011\u5b89\u88c5Node.js\u5f00\u53d1\u73af\u5883..."\n\/bin\/bash <(curl -s https:\/\/your-domain.com\/config\/05-nodejs.sh)\n\n# \u6b65\u9aa46: Zsh\u914d\u7f6e\necho "\u3010\u9636\u6bb56\/7\u3011\u914d\u7f6eZsh Shell\u73af\u5883..."\n\/bin\/bash <(curl -s https:\/\/your-domain.com\/config\/06-zsh.sh)\n\n# \u6b65\u9aa47: \u7cfb\u7edf\u9a8c\u8bc1\necho "\u3010\u9636\u6bb57\/7\u3011\u9a8c\u8bc1\u6240\u6709\u914d\u7f6e..."\n\/bin\/bash <(curl -s https:\/\/your-domain.com\/config\/07-validation.sh)\n\necho "=========================================="\necho "\u2705 \u6240\u6709\u914d\u7f6e\u5df2\u5b8c\u6210\uff01"\necho "\u8bf7\u6267\u884c 'sudo reboot' \u91cd\u542f\u7cfb\u7edf"\necho "\u91cd\u542f\u540e\u6267\u884c 'zsh' \u5b8c\u6210Powerlevel10k\u914d\u7f6e"\necho "=========================================="<\/code><\/pre>\n
\n\u9644\u5f55\uff1a\u5e38\u7528\u7ef4\u62a4\u547d\u4ee4<\/h2>\n
# \u7cfb\u7edf\u66f4\u65b0\nsudo apt update && sudo apt upgrade -y && sudo apt autoremove -y\n\n# BBR3\u72b6\u6001\u68c0\u67e5\nsysctl net.ipv4.tcp_congestion_control\nsysctl net.core.default_qdisc\n\n# Fail2ban\u7ba1\u7406\nsudo fail2ban-client status sshd\nsudo fail2ban-client set sshd unbanip <IP>\n\n# ClamAV\u624b\u52a8\u626b\u63cf\nsudo clamscan -r -i \/home\n\n# Node.js\u7248\u672c\u5207\u6362\uff08\u5982\u4f7f\u7528nvm\uff09\n# nvm install --lts && nvm use --lts\n\n# Zsh\u91cd\u65b0\u914d\u7f6e\np10k configure\n\n# \u67e5\u770b\u7cfb\u7edf\u65e5\u5fd7\nsudo journalctl -xe\ncat \/var\/log\/fail2ban.log<\/code><\/pre>\n
\n
\n\u9002\u7528\u7cfb\u7edf<\/strong>: Debian 13 (Trixie)
\n\u6700\u540e\u66f4\u65b0<\/strong>: 2025\u5e7411\u6708
\n\u6ce8\u610f\u4e8b\u9879<\/strong>: \u751f\u4ea7\u73af\u5883\u5efa\u8bae\u5728\u6d4b\u8bd5\u670d\u52a1\u5668\u9a8c\u8bc1\u540e\u518d\u6267\u884c<\/p>\n","protected":false},"excerpt":{"rendered":"Debian 13 \u81ea\u52a8\u5316\u914d\u7f6e\u6307\u5357\uff1a\u7cfb\u7edf\u66f4\u65b0\u3001\u7f51\u7edc\u52a0\u901f\u4e0e\u5b89\u5168\u52a0\u56fa","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"emotion":"","emotion_color":"","title_style":"","license":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-96","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.rwr.ink\/index.php\/wp-json\/wp\/v2\/posts\/96","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rwr.ink\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rwr.ink\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rwr.ink\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rwr.ink\/index.php\/wp-json\/wp\/v2\/comments?post=96"}],"version-history":[{"count":2,"href":"https:\/\/www.rwr.ink\/index.php\/wp-json\/wp\/v2\/posts\/96\/revisions"}],"predecessor-version":[{"id":98,"href":"https:\/\/www.rwr.ink\/index.php\/wp-json\/wp\/v2\/posts\/96\/revisions\/98"}],"wp:attachment":[{"href":"https:\/\/www.rwr.ink\/index.php\/wp-json\/wp\/v2\/media?parent=96"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rwr.ink\/index.php\/wp-json\/wp\/v2\/categories?post=96"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rwr.ink\/index.php\/wp-json\/wp\/v2\/tags?post=96"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}