OpenClaw安全加固实战指南:从基础配置到安全风险运营(详情篇)
{"type":"doc","content":[{"type":"paragraph","attrs":{"id":"778a6030-774b-4939-acaf-311f1e79ce89","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"引言:"}]},{"type":"image","attrs":{"id":"b6efefb8-7635-455c-93ab-5a583c29be8b","src":"https://developer.qcloudimg.com/http-save/audit-7360412/24ecfcf2873ba223772cc071a6115845.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"2.406504","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"7bea9bfa-28ca-42f0-83d3-f410e6e690df","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"根据一些第三方网络测绘数据("},{"type":"text","marks":[{"type":"link","attrs":{"href":"https://platform.censys.io/","target":"_blank","rel":"noopener noreferrer nofollow","class":null}},{"type":"textStyle","attrs":{"color":"rgb(30, 111, 255)","background":""}}],"text":"Censys Platform"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"、"},{"type":"text","marks":[{"type":"link","attrs":{"href":"https://quake.360.net/quake/#/searchResult?searchVal=%28app%3A%22Moltbot%22%29%20AND%20port%3A%20%2218789%22&selectIndex=quake_service&ignore_cache=false&timeRange=&timeRange=&latest=true&t=1770202458248","target":"_blank","rel":"noopener noreferrer nofollow","class":null}},{"type":"textStyle","attrs":{"color":"rgb(30, 111, 255)","background":""}}],"text":"360网络空间测绘 — 因为看见,所以安全"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":")揭示了一个触目惊心的现状:在OpenClaw的火热发展的同时🔥🔥,大量部署OpenClaw(Clawdbot)服务的服务器正将其Web管理界面直接暴露于公网,且未采取有效的访问控制措施。以观测到的实例为例,服务器开放了默认的WebUI管理端口(如18789/TCP),暴露出明显的攻击面。这种“暴露即被控”的风险态势,意味着数量可观的服务器已然成为潜在的攻击目标,甚至可能已在未被察觉的情况下沦为“肉鸡”。"}]},{"type":"image","attrs":{"id":"baae9c08-bf50-45e7-8ed9-c561898da915","src":"https://developer.qcloudimg.com/http-save/audit-7360412/b419509230a8b129b4cf7d725feb0df7.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"2.048000","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"ef17ec47-130a-4c8b-a064-adf84e126cb0","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"面对如此严峻的暴露现状,加强OpenClaw部署的安全加固已非选项,而是保障系统与数据安全的必然要求。本文旨在通过分析当前风险现状,提供几条切实可行的安全加固指引,帮助管理员规避因配置疏漏导致的重大安全事件。"}]},{"type":"paragraph","attrs":{"id":"df8ab2b2-bede-470b-a032-4f66a55c13d3","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"paragraph","attrs":{"id":"80feda88-e381-4208-8370-5a6b9dad6a99","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"特别说明:"}]},{"type":"paragraph","attrs":{"id":"b23b693a-ceb6-4df3-abc0-67eeda973130","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"本文我是以腾讯云轻量应用服务器做示例,实际情况请以自身服务器环境参考操作。"}]},{"type":"paragraph","attrs":{"id":"33fa7e80-0c34-406d-b5c5-b5a7c6e0c019","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"d622d1e7-2f0c-4a30-986e-de8042c0f441","textAlign":"inherit","indent":0,"level":1,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"整体安全加固思路"}]},{"type":"paragraph","attrs":{"id":"de845d48-9616-443d-b5b1-571b617c36c1","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":"下图清晰地展示了针对OpenClaw的核心防御策略,帮助您理解每个环节的关键动作:"}]},{"type":"image","attrs":{"id":"d6042cbc-6146-4ade-b783-d4e57a36f9b7","src":"https://developer.qcloudimg.com/http-save/audit-7360412/b92fcaebe929ded08dc84998ab934cd3.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"3.247986","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"fb2f091f-592f-469b-8b5b-4051aaa58100","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"07d4e539-8143-4adf-8da1-4be4e7249ce1","textAlign":"inherit","indent":0,"level":1,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"🛡️ 一、网络安全加固"}]},{"type":"heading","attrs":{"id":"bdf87766-4de9-4e93-af90-a33eba27ab56","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"1.1 限制OpenClaw默认端口(18789)外网访问(优先操作)"}]},{"type":"paragraph","attrs":{"id":"981d67d5-77cd-4412-86b8-d71a4335e64d","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"说明:"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(255, 0, 0)","background":""}}],"text":"出于安全考虑,腾讯云轻量应用服务器的一键部署OpenClaw应用模版,在默认状态下未支持直接通过公网IP来访问WebUI,这点必须点赞。"}]},{"type":"paragraph","attrs":{"id":"63076596-5553-4fd6-8f70-2471245f5a4c","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"paragraph","attrs":{"id":"21c0dc3d-15b6-45d7-9386-8747f352605b","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"#4EA2EE","background":""}},{"type":"bold"}],"text":"若是自定义安装或其他云接入OpenClaw模式"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":",需要通过如下类似方式进行防火墙规则限制。"}]},{"type":"paragraph","attrs":{"id":"3ebbd4fd-dce4-4f9b-902c-35d0d5820735","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1.登录腾讯云控制台 → 进入「轻量应用服务器」→ 选中部署OpenClaw的服务器实例;"}]},{"type":"paragraph","attrs":{"id":"448cf21d-40df-41f5-a3f3-924b53e25106","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2.左侧导航栏点击「防火墙」→ 「添加规则」标签页,设置端口「18789」仅允许自己常用设备的公网IP访问。"}]},{"type":"image","attrs":{"id":"47e1de9e-26fc-4c8f-866e-4880d20d5a5b","src":"https://developer.qcloudimg.com/http-save/audit-7360412/978be61ff21cf929a806ecea9f60e671.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"2.278184","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"heading","attrs":{"id":"181270c1-e9b7-4517-a2d6-3ef4dda05f64","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"1.2 修改OpenClaw默认端口(可选,进一步降低暴露风险)"}]},{"type":"paragraph","attrs":{"id":"539e1d47-5b9d-407e-beca-700103670a0c","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"若确实要大范围开放Web访问端口,可以将默认端口18789修改为其他端口。"}]},{"type":"paragraph","attrs":{"id":"305edba3-08b9-4988-9682-c0e65ffebcd7","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"paragraph","attrs":{"id":"02e8d702-a189-4eb6-8729-e0c7fdf4cab0","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"1.登录服务器,修改系统服务单元文件"}]},{"type":"paragraph","attrs":{"id":"268977a5-b69a-4054-8f7a-559b811ee8be","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":"您已经找到了服务文件(~/.config/systemd/user/openclaw-gateway.service),这是核心的一步。"}]},{"type":"codeBlock","attrs":{"id":"287d158c-fb96-482c-a580-4f23433315ef","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"#请使用文本编辑器(如 nano或 vim)打开这个文件。\nvim ~/.config/systemd/user/openclaw-gateway.service\n \n#在文件中找到这两行,修改指定端口\nExecStart=/usr/bin/node /path/to/openclaw gateway --port 18789\nEnvironment=OPENCLAW_GATEWAY_PORT=18789\n#将其中的18789修改为1024-65535之间的非默认端口(如28789),避免与其他服务端口冲突,;同时只修改端口号,不要改动其他任何参数,保存后重启服务。"}]},{"type":"paragraph","attrs":{"id":"53a375a6-9187-41a7-9ffb-24efb472d9cd","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"2.修改 OpenClaw 主配置文件"}]},{"type":"paragraph","attrs":{"id":"f349761c-c1c9-46ec-afa7-7df2748565d8","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":"接下来,需要修改主配置文件 ~/.openclaw/openclaw.json,这个文件通常包含网关(Gateway)的配置项。"}]},{"type":"codeBlock","attrs":{"id":"5e963a84-5edd-4c5b-8ed4-c30afa153b4d","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"#编辑主配置文件\nvim ~/.openclaw/openclaw.json\n \n#在文件中寻找与网关(gateway)相关的配置部分\n{\n \"gateway\": {\n \"bind\": \"127.0.0.1\",\n \"port\": 18789, #修改18789为新端口\n // ... 其他配置 ...\n }\n}\n#将 \"port\"的值同样修改为新端口(如28789),保存并退出。"}]},{"type":"paragraph","attrs":{"id":"7b3e871e-1e05-4831-afec-9801972ab426","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"3.重启OpenClaw服务并检查状态"}]},{"type":"codeBlock","attrs":{"id":"028243ab-3dce-47b2-9830-da021b675343","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"#步骤1:重新加载服务配置:这会告知 systemd 服务单元文件已被修改。\nsystemctl --user daemon-reload\n \n#步骤2:重启OpenClaw 网关服务:\nsystemctl --user restart openclaw-gateway.service\n \n#步骤3:检查服务状态:确认服务是否在新端口上正常运行。\nsystemctl --user status openclaw-gateway.service\n#如果输出中显示 active (running),则表示服务已成功启动\n \n#步骤4:检查系统上新服务端口是否正常监听\nnetstat -antp |grep 28792\ntcp 0 0 0.0.0.0:28792 0.0.0.0:* LISTEN 595680/openclaw-gateway"}]},{"type":"paragraph","attrs":{"id":"652481a3-2540-4cc7-a719-b782d553bdc5","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"4.更新安全组或防火墙"}]},{"type":"paragraph","attrs":{"id":"96416482-13c9-4fc6-8982-73f1fc1d7940","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"将原18789端口规则,替换为修改后的新端口,否则无法从外部访问。"}]},{"type":"paragraph","attrs":{"id":"a83564cf-255b-4ff1-b21d-c4770e4a6e04","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"paragraph","attrs":{"id":"ee1f6747-1466-4ae3-8f17-a910186ab7fd","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"5.验证访问"}]},{"type":"paragraph","attrs":{"id":"ac018f08-de08-41f5-8637-15159dba70df","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"完成以上所有步骤后,您就可以使用新端口进行访问了。访问格式为:"}]},{"type":"codeBlock","attrs":{"id":"7b3377f4-e63b-42e0-8076-f65719f35fb2","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"http://x.x.x.x:新端口/?token=您的Token"}]},{"type":"paragraph","attrs":{"id":"5d54bdbb-05c9-450f-9796-ecd20efcc877","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"paragraph","attrs":{"id":"be6bdc4f-e7eb-4dce-a5d2-4681ebc5e2be","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"或者通过 SSH 隧道(如果 WebUI 仅绑定到本地地址):"}]},{"type":"codeBlock","attrs":{"id":"336bbd28-5f53-412e-9ee1-ff7bbd6207ad","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"ssh -N -L 新端口:127.0.0.1:新端口 你的服务器用户名@服务器IP"}]},{"type":"paragraph","attrs":{"id":"99a1ce78-45e4-424e-88e7-60a4eac4623e","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":"然后在浏览器中访问 "},{"type":"text","marks":[{"type":"link","attrs":{"href":"http://localhost:%E6%96%B0%E7%AB%AF%E5%8F%A3/?token=%E6%82%A8%E7%9A%84Token","target":"_blank","rel":"noopener noreferrer nofollow","class":null}},{"type":"textStyle","attrs":{"color":"rgb(0, 0, 0)","background":""}}],"text":"http://localhost:新端口/?token=您的Token"}]},{"type":"paragraph","attrs":{"id":"dd55e7ee-bb3f-452e-8df0-63f48cced310","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"cb8ea4d1-63e0-4663-9133-1513894bfba9","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"1.3 修改SSH默认端口"}]},{"type":"paragraph","attrs":{"id":"797360ac-7dfb-49fd-ab7d-f6a36492fd47","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":"将SSH默认的22端口修改为10000-65535之间不常用的端口,可有效避免全网自动化扫描。操作示例:"}]},{"type":"codeBlock","attrs":{"id":"a8897f0d-1fdb-4fe1-8acc-2da8313de1e4","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"# 编辑SSH配置文件\nsudo vim /etc/ssh/sshd_config\n# 找到 #Port 22,删除注释符#,将22改为新端口,如23456\nPort 23456\n# 保存后重启SSH服务\nsudo systemctl restart sshd"}]},{"type":"paragraph","attrs":{"id":"32598a09-54a4-427e-9736-8925a9fcb0b9","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}},{"type":"bold"}],"text":"重要"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":":在安全组或防火墙中,"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}},{"type":"bold"}],"text":"先放行新的SSH端口(如23456)"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":",再禁用22端口,最后测试新端口连接成功,以免被锁在服务器外。"}]},{"type":"paragraph","attrs":{"id":"e9cfcb71-d2d4-4285-8535-f896585183f6","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"adee7a9d-8256-49cf-a0e7-5d7256493f3d","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"1.4 关闭不必要的外网访问端口"}]},{"type":"paragraph","attrs":{"id":"7de9f141-6a9b-4553-b0cc-88e1d12e0b97","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1.进入腾讯云轻量服务器「安全组」→「入站规则」;"}]},{"type":"paragraph","attrs":{"id":"28a02983-31bb-4e01-bf04-4c31eda48270","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2.删除所有无关端口规则(如默认开放的3389、8080等,仅保留SSH修改后的端口、OpenClaw修改后的端口、必要业务端口);"}]},{"type":"paragraph","attrs":{"id":"f4041057-b40a-4e1e-87f1-073ae6518003","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"3.SSH等必要对外端口建议限制来源(仅允许自身IP访问),配置方式同1.1步骤。"}]},{"type":"paragraph","attrs":{"id":"16abc03c-d599-4f52-be58-4c58891168ed","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"05f7a2fa-2ac9-4294-a6f8-b05ac6e16397","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"1.5 使用密钥认证替代密码登录"}]},{"type":"paragraph","attrs":{"id":"6c929715-5e02-411d-8fe6-d985719baad3","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"在腾讯云控制台的“密钥”管理中创建SSH密钥对,并将公钥绑定到您的服务器实例。登录时使用私钥进行认证,这比传统密码安全得多。务必妥善保管下载的私钥文件。"}]},{"type":"image","attrs":{"id":"026066cd-387b-4919-99a9-81950e0d5305","src":"https://developer.qcloudimg.com/http-save/audit-7360412/5afa8383daec7bd946499e261afcd70b.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"3.747879","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"cdea40fd-919c-4400-942d-c02e442a3b1f","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"ecb5b543-df93-4eeb-80ca-7df145e2b425","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"1.6 使用扫码登录替代密码登录"}]},{"type":"paragraph","attrs":{"id":"88778fdf-5d33-4e7a-b3ef-567c730dee7d","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"前往腾讯云轻量应用服务器控制台,开启扫码登录的OpenClaw实例。"}]},{"type":"image","attrs":{"id":"981392f8-a98b-4c07-96aa-47b73691ccda","src":"https://developer.qcloudimg.com/http-save/audit-7360412/e1efe3f2a1de91941f2906a7d7d27cea.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"1.557087","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"2a63896d-044e-4a13-8ded-f92a02faa73b","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"开启扫码登录后其他用户通过SSH登陆服务器时,会要求用户通过微信扫码进行身份权限验证。相比于使用密码登录的方式,它能最大程度抵御攻击者通过暴力破解来侵入服务器的这种风险。"}]},{"type":"image","attrs":{"id":"c443f6b9-53e8-4064-8d0f-0232635db6ef","src":"https://developer.qcloudimg.com/http-save/audit-7360412/4a9331de262564a0201bde1d4814cc5d.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"1.228758","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"42b12a8a-95fa-4baa-b394-f4cba918fdc4","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"1419cab7-75a7-43cf-940a-8dd22460bb91","textAlign":"inherit","indent":0,"level":1,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"⚙️ 二、系统层面加固 (核心:解决root权限运行问题)"}]},{"type":"heading","attrs":{"id":"37cacf36-0b0b-4275-a90d-b6418a86ca29","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"2.1 降权运行OpenClaw(禁止root权限启动)"}]},{"type":"paragraph","attrs":{"id":"6e911dd0-130c-4531-8640-f70976c7a1a9","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(255, 0, 0)","background":""}}],"text":"注意:本步骤是以腾讯云轻量应用服务器部署的OpenClaw(版本:2026.1.30)作为示例,若是其他安装方式、其他升级版本,请结合自身安装情况调整配置"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":"(建议有相关操作经验的同学操作)。"}]},{"type":"paragraph","attrs":{"id":"1de05fcb-2649-4e79-8153-2e193abba755","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"paragraph","attrs":{"id":"c7bf4d4e-a89c-4e2c-a45b-328b73313d85","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1.停止当前服务"}]},{"type":"codeBlock","attrs":{"id":"5f26c6f0-bf3a-4f88-a730-17fbf1e435c5","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"sudo systemctl --user stop openclaw-gateway.service"}]},{"type":"paragraph","attrs":{"id":"68efda9e-0b96-4997-8476-0d0b860c28d6","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"说明:"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"其他安装方式,可以通过命令:openclaw gateway status查看OpenClaw安装及配置目录"}]},{"type":"paragraph","attrs":{"id":"18d4fdea-81ee-4126-b33d-c0d29d390dde","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2.移动并修改服务文件,我们将使用系统级的 systemd 来管理服务,需要将服务文件移动到系统目录"}]},{"type":"codeBlock","attrs":{"id":"c772fb41-005b-4332-a6b0-e7a95f16fbfc","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"# 将服务文件从用户目录移动到系统目录\nsudo mv ~/.config/systemd/user/openclaw-gateway.service /etc/systemd/system/"}]},{"type":"paragraph","attrs":{"id":"1f476235-ef17-4e47-97ce-da8bebd276d5","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"3.创建普通用户(用于启动OpenClaw),用于启用OpenClaw(用户名可自定义,如:"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":"openclawuser"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":")"}]},{"type":"codeBlock","attrs":{"id":"12419ba1-f032-4c55-ab0b-0f28d395c947","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"useradd -m openclawuser\npasswd openclawuser"}]},{"type":"paragraph","attrs":{"id":"6dc84cb4-6233-40c0-b144-55e066e79d65","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"4.转移文件所有权和设置相关目录读取权限"}]},{"type":"codeBlock","attrs":{"id":"4a4ae749-65af-43cb-93d4-ff8481ae1921","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"sudo chown -R openclawuser:openclawuser /root/.nvm/versions/node/v22.22.0/lib/node_modules/openclaw\nsudo chown -R openclawuser:openclawuser ~/.openclaw # 配置文件目录\n \n# 给openclawuser读取Node.js和OpenClaw文件的权限\nsudo chmod 755 /root/.nvm/versions/node/v22.22.0/bin/node\n \nsudo setfacl -m u:openclawuser:rx /root\nsudo setfacl -m u:openclawuser:rx /root/.nvm\nsudo setfacl -R -m u:openclawuser:rx /root/.nvm/versions/node/v22.22.0\nsudo setfacl -R -m u:openclawuser:rx /root/.nvm/versions/node/v22.22.0/lib/node_modules/openclaw\n "}]},{"type":"paragraph","attrs":{"id":"d67d5417-5404-4f08-96e1-719ef6894ad7","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"5.修改服务文件"}]},{"type":"codeBlock","attrs":{"id":"dce4472a-9ce0-47c5-9c03-8a4f786492cd","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"#编辑文件,修改配置\nvim /etc/systemd/system/openclaw-gateway.service\n \n[Service]\n# 新增或调整如下几个配置项\nUser=openclawuser\nGroup=openclawuser\nExecStart=\"/root/.nvm/versions/node/v22.22.0/bin/node\" \"/root/.nvm/versions/node/v22.22.0/lib/node_modules/openclaw/dist/index.js\" gateway -port 28785\nEnvironment=HOME=/home/openclawuser\nEnvironment=\"PATH=/usr/local/bin:/usr/bin:/usr/sbin:/bin:/usr/sbin\"\n \n...//其他配置\n \n#其他配置保持不变"}]},{"type":"paragraph","attrs":{"id":"cb06ea27-279c-4e1a-b522-1aaa7366bf9f","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"6.可以复制现在配置文件到新用户目录"}]},{"type":"codeBlock","attrs":{"id":"cf2e49e0-cf78-41b2-9de0-74d7f3534a66","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"#1.复制 root 用户的配置文件到 openclawuser\nsudo mkdir -p /home/openclawuser/.openclaw\nsudo cp -r /root/.openclaw/* /home/openclawuser/.openclaw/\n \n#2.修改配置文件所有权\nsudo chown -R openclawuser:openclawuser /home/openclawuser/.openclaw"}]},{"type":"paragraph","attrs":{"id":"3de423ea-aef8-42cd-bacf-c873984036ad","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"7.重新加载并重启服务"}]},{"type":"codeBlock","attrs":{"id":"67468ccb-3287-492f-86be-1ade0b95a23c","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"# 重新加载systemd配置\nsudo systemctl daemon-reload\n# 重启服务\nsudo systemctl restart openclaw-gateway.service\n# 检查服务状态\nsudo systemctl status openclaw-gateway.service "}]},{"type":"paragraph","attrs":{"id":"4669a900-c8c9-4395-9bbb-e51a6c8602a9","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"8.验证OpenClaw进程运行用户"}]},{"type":"codeBlock","attrs":{"id":"497df0d3-d1e0-416f-9d29-031c8e5a491d","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"ps -ef |grep openclaw-gateway\nopencla+ 665481 1 2 15:46 ? 00:01:27 openclaw-gateway"}]},{"type":"paragraph","attrs":{"id":"44dd174e-2a9b-4c72-bfc5-3f7f0a9ffce6","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"其他:查看服务日志,如果服务启动失败,可以通过以下命令查看详细日志来排查问题"}]},{"type":"codeBlock","attrs":{"id":"d06d979d-6413-461d-b1a2-078f2d2ae294","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"sudo journalctl -u openclaw-gateway.service -f "}]},{"type":"paragraph","attrs":{"id":"df046d0f-76b8-4def-9e79-6bd370b06f38","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"通过QQ等IM验证功能是否生效,提问:"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(41, 114, 244)","background":""}}],"text":"请问openclaw是哪个系统用户运行的?"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"输出结果如下,符合安全最佳实践要求。"}]},{"type":"image","attrs":{"id":"944f4ccc-7948-4f03-b68f-4d546ed4bc75","src":"https://developer.qcloudimg.com/http-save/audit-7360412/2028a46aab3b1e42816f0e27fbcf2dcf.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"0.928611","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"82978606-17eb-4cda-8784-2632d8300ae8","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"备注:"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"如果按上述步骤修改完后,在功能使用上有出现一些异常,建议参考/tmp/openclaw/目录下的日志文件进行排查解决。"}]},{"type":"paragraph","attrs":{"id":"45d4e8c6-5d00-4ad3-9296-33f4f715e118","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"c24bf7ec-4dc4-43e1-a01a-46259229594c","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"2.2 禁用root远程登录(避免root被暴力破解)"}]},{"type":"paragraph","attrs":{"id":"610d1c25-29eb-4523-a55a-e8ffae641886","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"按如下步骤进行配置修改并重启SSH服务。"}]},{"type":"codeBlock","attrs":{"id":"731153ca-e523-450d-bdd5-c632373f5a90","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"# 编辑SSH配置文件\nsudo vim /etc/ssh/sshd_config\n# 找到 PermitRootLogin,将yes改为no\nPermitRootLogin yes\n# 保存后重启SSH服务\nsudo systemctl restart sshd"}]},{"type":"paragraph","attrs":{"id":"4f89d4ff-58eb-4914-abda-712a4b897bc5","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"重要:"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"为了确保SSH登陆正常使用,在禁用root用户登陆前,可参见2.1提前创建一个非root用户,后续使用新创建的非root用户登陆成功后再切换到root用户。"}]},{"type":"paragraph","attrs":{"id":"3e59e31b-7c32-47c0-8d2e-22925ab64663","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"c12cde17-90f4-4597-9398-3f9d8098ed52","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"2.3 基础系统加固(低门槛,必做)"}]},{"type":"paragraph","attrs":{"id":"83b1a888-fb6d-4e6d-b7b3-527cba4285c7","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1.更新系统补丁(修复已知漏洞):Linux执行命令:yum update -y(CentOS)或 apt update && apt upgrade -y(Ubuntu);Windows登录服务器,通过「Windows Update」更新补丁;"}]},{"type":"paragraph","attrs":{"id":"5018c749-994f-4516-8ff8-57c2f893bd7d","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2.关闭不必要的系统服务:Linux执行命令:systemctl disable firewalld(若用腾讯云安全组,可关闭系统防火墙)、systemctl disable postfix(邮件服务,无用则关闭);"}]},{"type":"paragraph","attrs":{"id":"13af6957-9947-4c32-914b-22f86beef502","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"3.设置密码复杂度(可选):Linux执行命令:vim /etc/login.defs,修改PASS_MIN_LEN 8(密码最小长度8位),保存即可。"}]},{"type":"paragraph","attrs":{"id":"0d15ed04-d8b7-4451-bdbc-05010ce993e0","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"2942d1e0-9906-4a19-beec-5808ae46203d","textAlign":"inherit","indent":0,"level":1,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"⚙️ 三、"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(0, 0, 0)","background":""}}],"text":"应用安全加固(核心:降低OpenClaw自身漏洞风险)"}]},{"type":"heading","attrs":{"id":"c0399015-8e35-4824-9491-92024804e289","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"3.1 及时更新OpenClaw至最新版本(可选,修复开源漏洞,建议有相关操作经验的同学操作)"}]},{"type":"paragraph","attrs":{"id":"adc8517e-d8d8-4344-9d6c-99298af8f2e8","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1.登录服务器,进入OpenClaw安装目录:cd /root/.openclaw;"}]},{"type":"paragraph","attrs":{"id":"556cf51e-a3ad-4827-860e-0a5fa2fd7283","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2.执行更新命令(参考官方开源文档):git clone "},{"type":"text","marks":[{"type":"link","attrs":{"href":"https://github.com/openclaw/openclaw.git","target":"_blank","rel":"noopener noreferrer nofollow","class":null}},{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"https://github.com/openclaw/openclaw.git"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"(下载最新压缩包);"}]},{"type":"paragraph","attrs":{"id":"40b5676e-f03e-40e3-88fa-a05bdda7ce7f","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"3.解压(若下载压缩包),替换相关配置文件,重新启用"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":"OpenClaw服务"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":";"}]},{"type":"paragraph","attrs":{"id":"426a611d-2c7e-41d1-ac2a-d98957dbdca8","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"4.验证:查看版本号,执行命令:./openclaw -v,确认与官方最新版本一致。"}]},{"type":"paragraph","attrs":{"id":"4ad63dfc-3395-4a9f-b9a8-9ecb9d058a12","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"a1a27baa-07d6-41e7-b4ab-f610599670eb","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"3.2 加固OpenClaw配置文件"}]},{"type":"paragraph","attrs":{"id":"c381fc68-b07e-4fa9-8e53-8273f7a1616f","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1.设置配置文件只读权限:执行命令:chmod 400 /root/.openclaw/openclaw.json(仅允许所有者读取,禁止修改);"}]},{"type":"paragraph","attrs":{"id":"07375307-1b1e-4929-bf8f-63ee79a2f581","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2.编辑openclaw.json,找到「gateway」配置,将相关web端口绑定网卡按需做修改。"}]},{"type":"codeBlock","attrs":{"id":"148ab81b-fbd9-4d86-8fb3-530fafc5c6c2","language":"bash","theme":"atom-one-dark","runtimes":0,"isHoverDragHandle":false,"key":""},"content":[{"type":"text","text":"\"gateway\": {\n \"port\": 18789,\n \"mode\": \"local\",\n \"bind\": \"loopback\",\n \"auth\": {\n \"mode\": \"token\",\n \"token\": \"xxxc9aa55ed427e397c1yyyyyyyyyyyyy\"\n },"}]},{"type":"paragraph","attrs":{"id":"5a9f359e-b359-4eba-8e79-4d68fd125708","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false}},{"type":"heading","attrs":{"id":"3b2796aa-d783-40aa-bb3e-cf9e3ae4238d","textAlign":"inherit","indent":0,"level":1,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"🔒 四、数据安全与隐私保护 (核心:防止数据泄露、丢失)"}]},{"type":"heading","attrs":{"id":"95fff13e-306e-4e1b-8a7a-5666d8163d81","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"4.1 定期备份OpenClaw数据和配置文件"}]},{"type":"paragraph","attrs":{"id":"09b81108-23c4-420f-ad6f-92d360125bec","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1.手动备份(基础用户首选):执行命令:zip -r openclaw_backup.zip /root/.openclaw(将安装目录压缩备份);"}]},{"type":"paragraph","attrs":{"id":"4914302b-705c-48ae-b2a5-4c57a55f8528","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2.将备份文件下载至本地:通过腾讯云轻量控制台「文件管理」,找到备份文件,点击「下载」保存到本地电脑;"}]},{"type":"paragraph","attrs":{"id":"05b37ad3-29fc-4d95-90c7-d7e83035e1d1","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"3.定时自动备份(可选):执行命令:crontab -e,添加内容:0 0 * * * zip -r /root/openclaw_backup_$(date +%Y%m%d).zip /root/.openclaw(每天0点自动备份,保存至服务器),保存退出。"}]},{"type":"paragraph","attrs":{"id":"6732ac8f-5d4f-4198-b82c-9dcbbc99848b","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"ba328589-95b5-439a-bc7b-c6338f4d8ada","textAlign":"inherit","indent":0,"level":1,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"🛡️ "},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(0, 0, 0)","background":""}}],"text":"五、云平台安全加固(核心:利用腾讯云自带安全功能,零门槛)"}]},{"type":"heading","attrs":{"id":"ea88e3bc-bdf4-42cd-8b29-9ffc5022c9d2","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"5.1 开启腾讯云安全中心基础防护"}]},{"type":"paragraph","attrs":{"id":"9448f09b-0784-45ea-be06-1886854f63a9","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1.登录腾讯云控制台 → 搜索「云安全中心」,进入该模块;"}]},{"type":"paragraph","attrs":{"id":"b601e126-9d53-4c38-b05e-0b057ffec7d1","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":"2.启动安"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"全体检:进入「漏洞与风险中心」→「安全体检」→「标准体检」,选择部署OpenClaw的服务器实例,点击「开始体检」;"}]},{"type":"paragraph","attrs":{"id":"7dc34000-201b-4f74-951f-22f9930a77e5","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"3.查看体检报告:体检完成后,根据报告提示,一键修复漏洞(如系统漏洞、配置风险),无需手动操作。"}]},{"type":"image","attrs":{"id":"ec439ac2-107b-41e6-9664-75cb361c3f89","src":"https://developer.qcloudimg.com/http-save/audit-7360412/f5d3f46f2c22074c58fc6a8751679ce5.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"1.617879","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"794695a5-902c-461c-a743-0d2183854228","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"fb47a620-4f7f-4e15-9c37-eab2063a12a2","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"5.2 DDoS基础防护"}]},{"type":"paragraph","attrs":{"id":"0b8afcd6-65ce-43d4-9037-66769af88a0f","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"腾讯云轻量应用服务器实例默认开启DDoS基础防护,最高支持2 Gbps防护,若有更高防护要求建议升级防护专业版本。"}]},{"type":"image","attrs":{"id":"a8d5b0f3-8aad-498c-8444-e3baa88e34f8","src":"https://developer.qcloudimg.com/http-save/audit-7360412/6726f4b3d9a6d2669db0ef1570491d58.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"1.977982","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"552d9a1c-29b6-4f73-b683-a44b78a7bf1f","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"a08dba6f-2308-4f4f-9d6e-b8f867cbcb94","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"5.3 主机安全监测"}]},{"type":"paragraph","attrs":{"id":"a6005382-c5b2-4a36-bd56-13e343cd518c","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"轻量应用服务器默认安装基础版本的主机安全,支持对实例进行最基本的安全监测,可通过登陆「主机安全」控制台,查看对应服务器是否涉及相关风险告警,存在高危风险的异常需要按指引尽快修复。"}]},{"type":"image","attrs":{"id":"518b30b7-d05f-423b-b642-822093475a6f","src":"https://developer.qcloudimg.com/http-save/audit-7360412/a48c25b6695b117176e81c14ac519f2d.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"2.780720","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"5fc0ecd7-03f0-42a1-88ee-0a8512d1a848","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"提醒:"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"腾讯云默认安装的轻量应用服务器只有免费的基础版,对应的安全检测及防护能力相对有限,可以根据需要选择更高版本的安全防护能力;不同版本功能说明参见:"},{"type":"text","marks":[{"type":"link","attrs":{"href":"https://cloud.tencent.com/document/product/296/2222","target":"_blank","rel":"noopener noreferrer nofollow","class":null}},{"type":"textStyle","attrs":{"color":"rgb(30, 111, 255)","background":""}}],"text":"主机安全 功能介绍与版本比较_腾讯云"}]},{"type":"image","attrs":{"id":"351714be-3569-4e0e-b10a-7ccd73b70314","src":"https://developer.qcloudimg.com/http-save/audit-7360412/7c553a542605ef87a9c9d847924daad8.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"0.791565","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"e4afbe35-1ea8-4510-8614-07a14c576a32","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false}},{"type":"heading","attrs":{"id":"a6343e35-676e-4c4a-a9ee-1acb83976215","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"5.4 配置登录保护(防止腾讯云账号被盗)"}]},{"type":"paragraph","attrs":{"id":"7cbada48-cdc6-4678-9315-1fd16eb8f100","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1.登录腾讯云控制台 → 右上角「账号中心」→「安全设置」;"}]},{"type":"paragraph","attrs":{"id":"3dc9f579-a349-4667-a38b-1872a089a4c8","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2.开启「MFA设备验证」(手机令牌),下载腾讯云APP,绑定账号,登录时需验证手机令牌,防止账号被盗;"}]},{"type":"paragraph","attrs":{"id":"ea65a244-4d60-403a-b1af-3fe30eaad0ab","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"开启「登录告警」:设置登录地点异常、登录设备异常时,发送短信和邮箱告警。 "}]},{"type":"paragraph","attrs":{"id":"601da196-9434-41f4-8a53-897843d5086b","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"f1880059-0ffc-4830-9da4-8d721755849d","textAlign":"inherit","indent":0,"level":1,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"📊 六、运营监控与持续维护"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(0, 0, 0)","background":""}}],"text":"(核心:及时发现异常,低门槛)"}]},{"type":"heading","attrs":{"id":"005d4b99-dee0-4908-8f1f-2689f4a8c0b0","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"6.1 监控OpenClaw进程和端口状态"}]},{"type":"paragraph","attrs":{"id":"6b01780e-82d1-4c6f-9a34-59d2295eab39","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"1.手动监控(简单查看):"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"每天执行2次命令,查看进程:ps -ef | grep openclaw(确认进程正常运行,所属用户为普通用户);查看端口:netstat -an | grep 28789(替换为修改后的OpenClaw端口,确认端口仅允许自身IP访问);"}]},{"type":"paragraph","attrs":{"id":"437aa57c-19d4-4b92-83f0-9fc411d9bfa4","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"2.云监控指标(详细指标):"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"通过控制台的监控可以查看到详细CPU、内存、网络、磁盘等占用情况。"}]},{"type":"image","attrs":{"id":"ebc9596a-d906-454f-92f0-3e3be32cbaec","src":"https://developer.qcloudimg.com/http-save/audit-7360412/5d02cceb34f3b3a86193582ce5a7db7d.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"1.673469","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"88a02736-aa73-4c45-814e-33308e6b6a73","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"86c5680b-a68c-40f2-afae-bedc5ebebf01","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"通过"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"“AI分析监控数据”"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"可以对实例自动进行健康度评估,即便是再基础的用户都能看得懂。"}]},{"type":"image","attrs":{"id":"4fd43701-ea21-4645-a294-2e951f23980e","src":"https://developer.qcloudimg.com/http-save/audit-7360412/eb68b4f3bd2bb10c3a5f006075564b89.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"0.957016","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"7f5adaf7-ea5d-4ead-97cd-023c914282ad","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false}},{"type":"heading","attrs":{"id":"312f47ee-bd26-4079-96e4-81365a53371f","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"6.2 监控服务器日志(及时发现异常访问)"}]},{"type":"paragraph","attrs":{"id":"60609dda-e257-4821-b900-c21d34772d36","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":"1.查看OpenClaw运行日志:journalctl -u openclaw-gateway.service -f、tail -f /tmp/openclaw/openclaw-2026-xx-xx.log(查看实时日志,若有异常访问、错误信息,及时处理);"}]},{"type":"paragraph","attrs":{"id":"e0a9d287-79b2-4949-8d86-a354cf44127a","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2.查看系统登录日志:执行命令:tail -f /var/log/secure(Linux),查看是否有异常IP登录服务器,若有,立即在安全组中拉黑该IP;"}]},{"type":"paragraph","attrs":{"id":"873042c8-67fa-42c4-891f-5f92f5541817","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"3.日志留存:设置日志留存7天,执行命令:echo \"find /tmp/openclaw -name '*.log' -mtime +7 -delete\" >> /etc/crontab(每天自动删除7天前的日志,避免占用磁盘空间)。"}]},{"type":"paragraph","attrs":{"id":"ce3b7a83-7635-4788-a272-5032c15c83e0","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(0, 0, 0)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"184d5228-abe8-4dd6-bc83-864f83b5f82e","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"6.3 设置异常告警(零门槛)"}]},{"type":"paragraph","attrs":{"id":"d196bfdc-022c-4a5e-b516-0eaf5d118167","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1.进入腾讯云轻量应用服务器实例详情页 → 左侧「监控告警」→「告警策略」;"}]},{"type":"paragraph","attrs":{"id":"4346bd29-f66b-48c0-8391-2129fbd690e4","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2.点击「新建告警策略」,选择告警指标:CPU使用率(阈值≥80%)、内存使用率(阈值≥80%)、端口占用(OpenClaw端口异常关闭时告警);"}]},{"type":"paragraph","attrs":{"id":"9573b9ec-5761-4c27-9909-6488de0b7279","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"3.设置告警接收方式:绑定手机和邮箱,告警频率设为5分钟一次,当触发阈值时,及时收到告警,便于快速排查问题。"}]},{"type":"paragraph","attrs":{"id":"c03ffbff-b68c-4ac5-874f-0d3545982709","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"4d3c5e1a-69b4-48ec-88e4-52112833b70c","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"6.4 启用审计日志与监控"}]},{"type":"paragraph","attrs":{"id":"6491c119-1212-4701-b52b-5b1f7c6b8ae9","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"定期审查操作日志:"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"OpenClaw应开启详细日志功能。定期检查其操作日志,关注是否有异常指令或未授权的访问尝试。"}]},{"type":"paragraph","attrs":{"id":"0369b9a8-7b66-4ab1-ada6-e600559db4a1","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"利用云平台监控告警:"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"开启腾讯云轻量服务器的"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"主机安全服务器"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"防护服务,并配置安全事件告警。"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"设置服务器CPU、内存的异常阈值告警"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":",以便及时发现资源被恶意占用等异常情况。"}]},{"type":"paragraph","attrs":{"id":"16d746cc-cef2-4826-839f-946a733971e1","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"f249191d-304c-446a-a68f-39645811e235","textAlign":"inherit","indent":0,"level":3,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(26, 26, 26)","background":""}}],"text":"6.4建立备份与恢复流程"}]},{"type":"paragraph","attrs":{"id":"76b7c73c-fcfe-4dc6-af42-df22001aaeaa","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"定期快照备份:"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"在腾讯云控制台为您的轻量应用服务器定期创建云硬盘快照,尤其在进行重大配置变更前。确保在系统被篡改或破坏后能快速回滚到健康状态。"}]},{"type":"paragraph","attrs":{"id":"22e00d77-0667-42c3-8bb2-0fe826b9d237","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"●"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":" "},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"建议一:OpenClaw服务器安装部署、完成初始化配置后可通过"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"制定自定义镜像备份系统初始状态"}]},{"type":"paragraph","attrs":{"id":"d712f2b5-2e9d-4ce5-8ca1-1f0f1a79b5d7","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"●"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":" "},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"建议二:常态的硬盘数据备份使用快照、云硬盘备份"},{"type":"text","marks":[{"type":"link","attrs":{"href":"https://cloud.tencent.com/document/product/1207/76269?from=console_document_search","target":"_blank","rel":"noopener noreferrer nofollow","class":null}},{"type":"textStyle","attrs":{"color":"rgb(30, 111, 255)","background":""}}],"text":"轻量应用服务器 备份点概述_腾讯云"}]},{"type":"paragraph","attrs":{"id":"70dcb97d-34c8-4bde-87f5-d51d502e2b95","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"●"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"","background":""}}],"text":" "},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"建议三:将OpenClaw运行中产生的记忆类数据、结果类数据和运行日志 转存到轻量对象存储 Lighthouse COS,详见:"},{"type":"text","marks":[{"type":"link","attrs":{"href":"https://cloud.tencent.com/developer/article/2626165","target":"_blank","rel":"noopener noreferrer nofollow","class":null}},{"type":"textStyle","attrs":{"color":"rgb(30, 111, 255)","background":""}}],"text":"云上OpenClaw(原Clawdbot)数据持久存储指南-腾讯云开发者社区-腾讯云"}]},{"type":"image","attrs":{"id":"b3ff40cd-e85d-413a-97a8-cb18e0051b59","src":"https://developer.qcloudimg.com/http-save/audit-7360412/bdf3f0467c9aed079cd1a706c4093bb5.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"2.139842","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"d407fd3d-6e65-4d52-9397-86eead84bda1","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"paragraph","attrs":{"id":"ef09f7a9-9d75-427e-9df6-d229b4ce5395","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}},{"type":"bold"}],"text":"隔离测试环境:"},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"强烈建议不要在作为日常工作的“主力机”上直接部署和测试OpenClaw。使用一台独立的服务器或虚拟机专门用于运行OpenClaw,这是最有效的物理隔离方案。"}]},{"type":"paragraph","attrs":{"id":"de4c1252-0456-453b-962e-0e914a971572","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"paragraph","attrs":{"id":"4d27e32e-6226-4923-9c12-5f99895fdb12","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"最后,希望这份手册能帮助您更安全地探索OpenClaw的强大功能。安全是一个持续的过程,养成良好的安全习惯至关重要。希望大家都能有个安全畅游的AI环境。剩下的时间大家尽情发挥你的AI DIY~~"}]},{"type":"image","attrs":{"id":"899f58ae-b211-4d62-acbf-353732a48e32","src":"https://developer.qcloudimg.com/http-save/audit-7360412/dc4848b0992d2255a17eeeeb878ae99f.png","extension":"png","align":"center","alt":"","showAlt":false,"href":"","boxShadow":"","width":1100,"aspectRatio":"1.078224","status":"success","showText":true,"isPercentage":false,"percentage":0,"isHoverDragHandle":false}},{"type":"paragraph","attrs":{"id":"79f44499-4936-4b93-a896-cfca10981f7c","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"paragraph","attrs":{"id":"eebc8e49-486c-48e5-b7c9-be7912d61ef0","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"paragraph","attrs":{"id":"abb01897-d785-4d74-96b9-8817cc7304c2","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"heading","attrs":{"id":"d870ff5f-965e-4430-b47f-996bfc8d5185","textAlign":"inherit","indent":0,"level":1,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(0, 0, 0)","background":""}}],"text":"附则(基础用户必看)"}]},{"type":"paragraph","attrs":{"id":"03ef12d1-c2a1-45f1-b8fc-635d01d970df","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1.本手册所有操作均为通用、低门槛,无需深入技术细节,基础用户可按步骤复制命令、操作控制台即可完成;"}]},{"type":"paragraph","attrs":{"id":"d550f954-cd9a-4bab-aa16-ea291b92e726","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2.核心加固优先级:修改或限制18789端口外网访问 → 降权运行OpenClaw → 开启腾讯云安全中心 → 定期备份数据,这4步为必做操作,可快速降低核心安全风险;"}]},{"type":"paragraph","attrs":{"id":"f0da73ab-36bc-4096-a39b-f99a68ebfbff","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"3.若操作过程中出现问题(如应用无法启动、登录失败),可先恢复备份的配置文件,重启服务器,或参考腾讯云官方文档、OpenClaw开源文档排查;"}]},{"type":"paragraph","attrs":{"id":"f275de41-8309-4ee9-9d5a-957493df5656","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"4.建议每周检查一次安全加固状态(如安全组规则、主机安全检测告警、进程状态、日志),每月更新一次OpenClaw版本和系统补丁,持续保障安全。"}]},{"type":"paragraph","attrs":{"id":"4c6e3f2c-6b01-4c2b-b15d-2fe548dc6d82","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":" "}]},{"type":"paragraph","attrs":{"id":"d4641bdb-4f3d-4d14-9027-fafac874106b","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"参考:"}]},{"type":"paragraph","attrs":{"id":"ebc997fc-0519-49bc-8e9a-c1fea071f0a4","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"1、 "},{"type":"text","text":" "},{"type":"text","marks":[{"type":"link","attrs":{"href":"https://cloud.tencent.com/developer/article/2575019","target":"_blank","rel":"noopener noreferrer nofollow","class":null}},{"type":"textStyle","attrs":{"color":"rgb(30, 111, 255)","background":""}}],"text":"云服务器安全核心策略:从基础加固到高级防御的全方位操作实践-腾讯云开发者社区-腾讯云"}]},{"type":"paragraph","attrs":{"id":"4a3a364d-9463-4ac3-bc21-4a650f4cf480","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"2、 "},{"type":"text","text":" "},{"type":"text","marks":[{"type":"link","attrs":{"href":"https://www.rehiy.com/post/612/?25","target":"_blank","rel":"noopener noreferrer nofollow","class":null}},{"type":"textStyle","attrs":{"color":"rgb(30, 111, 255)","background":""}}],"text":"浅析 OpenClaw 的诱惑与危险 - 技术写真 - 若海"}]},{"type":"paragraph","attrs":{"id":"ff74dcad-ee66-4b47-bdd7-daac277c7caf","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false},"content":[{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(51, 51, 51)","background":""}}],"text":"3、 "},{"type":"text","text":" "},{"type":"text","marks":[{"type":"textStyle","attrs":{"color":"rgb(0, 0, 0)","background":""}}],"text":" "},{"type":"text","marks":[{"type":"link","attrs":{"href":"https://cloud.tencent.com/developer/article/2625602","target":"_blank","rel":"noopener noreferrer nofollow","class":null}},{"type":"textStyle","attrs":{"color":"rgb(30, 111, 255)","background":""}}],"text":"🛡️OpenClaw(Clawdbot)服务器安全配置指南-腾讯云开发者社区-腾讯云"}]},{"type":"paragraph","attrs":{"id":"e430627e-52a6-4c8b-8c61-befbe66313b4","textAlign":"inherit","indent":0,"color":null,"background":null,"isHoverDragHandle":false}}]}
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号