Security checks across malware telemetry and agentic risk
This DevOps skill matches its stated purpose, but it should be reviewed because it can make persistent root-level server changes and includes unsafe monitoring and credential examples.
Install only on servers where you intend to allow real deployment, monitoring, backup, and diagnostic changes. Use dry-run first, review every sudo/systemctl/cron command, verify downloaded binaries and repository keys, change Grafana default credentials before API use, bind monitoring tools to localhost or a private network, and inspect generated backup scripts and destinations before scheduling them.
wget "https://github.com/prometheus/prometheus/releases/download/v${PROM_VERSION}/prometheus-${PROM_VERSION}.linux-${ARCH}.tar.gz"
tar xzf prometheus-*.tar.gz
sudo mv prometheus-*/prometheus /usr/local/bin/
sudo mv prometheus-*/promtool /usr/local/bin/
# 创建配置目录和用户wget "https://github.com/prometheus/prometheus/releases/download/v${PROM_VERSION}/prometheus-${PROM_VERSION}.linux-${ARCH}.tar.gz"
tar xzf prometheus-*.tar.gz
sudo mv prometheus-*/prometheus /usr/local/bin/
sudo mv prometheus-*/promtool /usr/local/bin/
# 创建配置目录和用户
sudo useradd --no-create-home --shell /bin/false prometheus 2>/dev/null# Ubuntu/Debian sudo apt-get install -y apt-transport-https software-properties-common wget -q -O - https://apt.grafana.com/gpg.key | sudo apt-key add - echo "deb https://apt.grafana.com stable main" | sudo tee /etc/apt/sources.list.d/grafana.list sudo apt-get update && sudo apt-get install -y grafana sudo systemctl daemon-reload
sudo apt-get install -y apt-transport-https software-properties-common wget -q -O - https://apt.grafana.com/gpg.key | sudo apt-key add - echo "deb https://apt.grafana.com stable main" | sudo tee /etc/apt/sources.list.d/grafana.list sudo apt-get update && sudo apt-get install -y grafana sudo systemctl daemon-reload sudo systemctl enable grafana-server
sudo apt-get install -y apt-transport-https software-properties-common wget -q -O - https://apt.grafana.com/gpg.key | sudo apt-key add - echo "deb https://apt.grafana.com stable main" | sudo tee /etc/apt/sources.list.d/grafana.list sudo apt-get update && sudo apt-get install -y grafana sudo systemctl daemon-reload sudo systemctl enable grafana-server
BACKUP_SCRIPT="/opt/scripts/backup_<target>.sh" # 写入备份脚本 sudo cp generated_backup.sh "$BACKUP_SCRIPT" sudo chmod +x "$BACKUP_SCRIPT" # 添加 cron 任务(先检查是否已存在)
# 写入备份脚本 sudo cp generated_backup.sh "$BACKUP_SCRIPT" sudo chmod +x "$BACKUP_SCRIPT" # 添加 cron 任务(先检查是否已存在) (crontab -l 2>/dev/null | grep -v "$BACKUP_SCRIPT"; echo "$CRON_SCHEDULE $BACKUP_SCRIPT") | crontab -
# 连接数 sudo -u postgres psql -c "SELECT count(*) FROM pg_stat_activity;" 2>/dev/null sudo -u postgres psql -c "SHOW max_connections;" 2>/dev/null # 认证配置 sudo cat /etc/postgresql/*/main/pg_hba.conf 2>/dev/null | grep -v "^#" | grep -v "^$"
sudo -u postgres psql -c "SHOW max_connections;" 2>/dev/null # 认证配置 sudo cat /etc/postgresql/*/main/pg_hba.conf 2>/dev/null | grep -v "^#" | grep -v "^$" # 监听地址 sudo cat /etc/postgresql/*/main/postgresql.conf 2>/dev/null | grep listen_addresses
sudo chmod +x "$BACKUP_SCRIPT" # 添加 cron 任务(先检查是否已存在) (crontab -l 2>/dev/null | grep -v "$BACKUP_SCRIPT"; echo "$CRON_SCHEDULE $BACKUP_SCRIPT") | crontab - ``` #### Step 4: 备份保留策略
```bash sudo systemctl daemon-reload sudo systemctl enable <app-name> sudo systemctl start <app-name> ```
sudo apt-get update && sudo apt-get install -y grafana sudo systemctl daemon-reload sudo systemctl enable grafana-server sudo systemctl start grafana-server ```
echo ""
read -rp "是否添加到 crontab?(y/N): " add_cron
if [ "$add_cron" = "y" ] || [ "$add_cron" = "Y" ]; then
(crontab -l 2>/dev/null | grep -v "$SCRIPT_PATH"; echo "$SCHEDULE $SCRIPT_PATH >> ${LOG_FILE} 2>&1") | crontab -
echo -e "${GREEN}[✓]${NC} cron 任务已添加"
fi
fi```bash # 启用站点(需要 sudo,提前告知用户) sudo ln -s /etc/nginx/sites-available/<domain> /etc/nginx/sites-enabled/ sudo nginx -t && sudo systemctl reload nginx ``` #### Step 5: SSL 证书
sudo apt-get install -y apt-transport-https software-properties-common wget -q -O - https://apt.grafana.com/gpg.key | sudo apt-key add - echo "deb https://apt.grafana.com stable main" | sudo tee /etc/apt/sources.list.d/grafana.list sudo apt-get update && sudo apt-get install -y grafana sudo systemctl daemon-reload sudo systemctl enable grafana-server
```bash # Ubuntu/Debian sudo apt-get install -y apt-transport-https software-properties-common wget -q -O - https://apt.grafana.com/gpg.key | sudo apt-key add - echo "deb https://apt.grafana.com stable main" | sudo tee /etc/apt/sources.list.d/grafana.list sudo apt-get update && sudo apt-get install -y grafana
# Ubuntu/Debian sudo apt-get install -y apt-transport-https software-properties-common wget -q -O - https://apt.grafana.com/gpg.key | sudo apt-key add - echo "deb https://apt.grafana.com stable main" | sudo tee /etc/apt/sources.list.d/grafana.list sudo apt-get update && sudo apt-get install -y grafana sudo systemctl daemon-reload
66/66 vendors flagged this skill as clean.