本机安全性审核报告

生成时间：2026-06-17T04:13:29.762327+00:00；审核方式：只读采集，未修改系统状态。

高风险项

中风险项

监听端口记录

220

疑似 world-readable 敏感文件

优先级结论

级别	发现	建议
中	监听端口包含 SSH	见端口表；需确认公网/本地绑定与业务必要性。
信息	监听端口包含 HTTP	见端口表；需确认公网/本地绑定与业务必要性。
信息	监听端口包含 HTTPS	见端口表；需确认公网/本地绑定与业务必要性。
中	fail2ban/关键服务状态需关注	fail2ban inactive 会降低 SSH 暴力破解防护。
高	发现疑似敏感文件 world-readable	需要逐项 chmod/chown，且可能需要轮换已暴露 token。
高	进程参数中疑似包含密钥/密码	进程 argv 可被同机用户读取；应迁移到受保护 EnvironmentFile。
中	存在可升级软件包	需评估安全更新窗口。

建议处置顺序

P0：收紧 world-readable 的 .env/token/auth/config 类文件权限；对已暴露凭据评估轮换。
P0：把进程命令行中的 token/password/api key 迁移到权限 600/640 的 EnvironmentFile，避免 argv 泄露。
P1：确认 fail2ban 是否应启用；若 SSH 暴露公网，建议启用并加 SSH jail。
P1：评估 apt 可升级包，安排安全更新窗口。
P2：逐项复核监听端口与 Nginx/Docker 暴露是否符合“公网入口最小化”。

SSH 配置摘要

字段	值
`port`	22
`permitrootlogin`	without-password
`passwordauthentication`	no
`pubkeyauthentication`	yes
`permitemptypasswords`	no
`x11forwarding`	no
`maxauthtries`	3

监听端口

本地地址	Peer	进程
`0`	127.0.0.54:53	`0.0.0.0:* users:(("systemd-resolve",pid=2433627,fd=16))`
`0`	127.0.0.53%lo:53	`0.0.0.0:* users:(("systemd-resolve",pid=2433627,fd=14))`
`0`	10.0.0.93%enp0s6:68	`0.0.0.0:* users:(("systemd-network",pid=2433666,fd=23))`
`0`	127.0.0.1:323	`0.0.0.0:* users:(("chronyd",pid=1304,fd=5))`
`0`	[::1]:323	`[::]:* users:(("chronyd",pid=1304,fd=6))`
`8192`	127.0.0.1:8045	`0.0.0.0:* users:(("antigravity-too",pid=1301943,fd=10))`
`10`	127.0.0.1:38233	`0.0.0.0:* users:(("chrome",pid=2177851,fd=77))`
`511`	127.0.0.1:5250	`0.0.0.0:* users:(("node",pid=1172,fd=22))`
`2048`	127.0.0.1:5200	`0.0.0.0:* users:(("gunicorn",pid=2433697,fd=3),("gunicorn",pid=2433696,fd=3),("gunicorn",pid=2433682`
`511`	127.0.0.1:5211	`0.0.0.0:* users:(("node",pid=65272,fd=22))`
`2048`	127.0.0.1:5240	`0.0.0.0:* users:(("python",pid=2433694,fd=3),("python",pid=2433692,fd=3),("python",pid=2433684,fd=3)`
`2048`	127.0.0.1:5230	`0.0.0.0:* users:(("python",pid=2433695,fd=3),("python",pid=2433693,fd=3),("python",pid=2433674,fd=3)`
`511`	0.0.0.0:443	`0.0.0.0:* users:(("nginx",pid=2176038,fd=21),("nginx",pid=2176037,fd=21),("nginx",pid=2176036,fd=21)`
`511`	0.0.0.0:80	`0.0.0.0:* users:(("nginx",pid=2176038,fd=18),("nginx",pid=2176037,fd=18),("nginx",pid=2176036,fd=18)`
`8192`	0.0.0.0:22	`0.0.0.0:* users:(("sshd",pid=2433629,fd=3),("systemd",pid=1,fd=378))`
`511`	127.0.0.1:4443	`0.0.0.0:* users:(("nginx",pid=2176038,fd=20),("nginx",pid=2176037,fd=20),("nginx",pid=2176036,fd=20)`
`8192`	127.0.0.1:4444	`0.0.0.0:* users:(("docker-proxy",pid=3563387,fd=8))`
`128`	127.0.0.1:5001	`0.0.0.0:* users:(("python",pid=1170,fd=3))`
`8192`	127.0.0.1:3777	`0.0.0.0:* users:(("docker-proxy",pid=3856323,fd=8))`
`8192`	127.0.0.1:2443	`0.0.0.0:* users:(("xray",pid=1193853,fd=4))`
`8192`	127.0.0.1:35401	`0.0.0.0:* users:(("agent-browser-l",pid=2173548,fd=9))`
`128`	127.0.0.1:18001	`0.0.0.0:* users:(("ssh",pid=2118677,fd=4))`
`8192`	127.0.0.54:53	`0.0.0.0:* users:(("systemd-resolve",pid=2433627,fd=17))`
`8192`	127.0.0.53%lo:53	`0.0.0.0:* users:(("systemd-resolve",pid=2433627,fd=15))`
`8192`	127.0.0.1:25774	`0.0.0.0:* users:(("docker-proxy",pid=4101524,fd=8))`
`8192`	127.0.0.1:8501	`0.0.0.0:* users:(("docker-proxy",pid=2500,fd=8))`
`8192`	127.0.0.1:8317	`0.0.0.0:* users:(("cli-proxy-api",pid=2172890,fd=8))`
`511`	127.0.0.1:8766	`0.0.0.0:* users:(("node",pid=1140,fd=21))`
`2048`	127.0.0.1:8787	`0.0.0.0:* users:(("uvicorn",pid=4192555,fd=7))`
`8192`	127.0.0.1:8820	`0.0.0.0:* users:(("docker-proxy",pid=1234951,fd=8))`
`511`	[::]:443	`[::]:* users:(("nginx",pid=2176038,fd=22),("nginx",pid=2176037,fd=22),("nginx",pid=2176036,fd=22),("`
`511`	[::]:80	`[::]:* users:(("nginx",pid=2176038,fd=19),("nginx",pid=2176037,fd=19),("nginx",pid=2176036,fd=19),("`
`8192`	[::]:22	`[::]:* users:(("sshd",pid=2433629,fd=4),("systemd",pid=1,fd=379))`

疑似敏感文件权限

mode owner:path
`644 root:root /root/upload-demo/venv/lib/python3.11/site-packages/setuptools/_vendor/packaging/_tokenizer.py`
`644 root:root /root/upload-demo/venv/lib/python3.11/site-packages/setuptools/_vendor/packaging/__pycache__/_tokenizer.cpython-311.pyc`
`644 root:root /root/upload-demo/venv/lib/python3.11/site-packages/setuptools/_vendor/wheel/vendored/packaging/_tokenizer.py`
`644 root:root /root/upload-demo/venv/lib/python3.11/site-packages/setuptools/_vendor/wheel/vendored/packaging/__pycache__/_tokenizer.cpython-311.pyc`
`644 root:root /root/upload-demo/venv/lib/python3.11/site-packages/pip/_vendor/pygments/__pycache__/token.cpython-311.pyc`
`644 root:root /root/upload-demo/venv/lib/python3.11/site-packages/pip/_vendor/pygments/token.py`
`644 root:root /root/backups/telegram-codex-bridge-migration-20260505/cc-telegram-bridge-initial/node_modules/postcss/lib/tokenize.js`
`644 root:root /root/backups/decommission-cc-connect-home-cms-20260505-075046/root.projects.home-cms/.venv/lib/python3.12/site-packages/packaging/_tokenizer.py`
`644 root:root /root/backups/decommission-cc-connect-home-cms-20260505-075046/root.projects.home-cms/.venv/lib/python3.12/site-packages/packaging/__pycache__/_tokenizer.cpython-312.pyc`
`644 root:root /root/backups/decommission-cc-connect-home-cms-20260505-075046/root.projects.home-cms/.venv/lib/python3.12/site-packages/bleach/_vendor/html5lib/_tokenizer.py`
`644 root:root /root/backups/decommission-cc-connect-home-cms-20260505-075046/root.projects.home-cms/.venv/lib/python3.12/site-packages/bleach/_vendor/html5lib/__pycache__/_tokenizer.cpython-312.pyc`
`644 root:root /root/backups/decommission-cc-connect-home-cms-20260505-075046/root.projects.home-cms/.venv/lib/python3.12/site-packages/pip/_vendor/pygments/__pycache__/token.cpython-312.pyc`
`644 root:root /root/backups/decommission-cc-connect-home-cms-20260505-075046/root.projects.home-cms/.venv/lib/python3.12/site-packages/pip/_vendor/pygments/token.py`
`644 homecms:homecms /root/backups/decommission-cc-connect-home-cms-20260505-075046/opt.home-cms-venv/lib/python3.12/site-packages/packaging/_tokenizer.py`
`644 homecms:homecms /root/backups/decommission-cc-connect-home-cms-20260505-075046/opt.home-cms-venv/lib/python3.12/site-packages/packaging/__pycache__/_tokenizer.cpython-312.pyc`
`644 homecms:homecms /root/backups/decommission-cc-connect-home-cms-20260505-075046/opt.home-cms-venv/lib/python3.12/site-packages/bleach/_vendor/html5lib/_tokenizer.py`
`644 homecms:homecms /root/backups/decommission-cc-connect-home-cms-20260505-075046/opt.home-cms-venv/lib/python3.12/site-packages/bleach/_vendor/html5lib/__pycache__/_tokenizer.cpython-312.pyc`
`644 homecms:homecms /root/backups/decommission-cc-connect-home-cms-20260505-075046/opt.home-cms-venv/lib/python3.12/site-packages/pip/_vendor/packaging/_tokenizer.py`
`644 homecms:homecms /root/backups/decommission-cc-connect-home-cms-20260505-075046/opt.home-cms-venv/lib/python3.12/site-packages/pip/_vendor/packaging/__pycache__/_tokenizer.cpython-312.pyc`
`644 homecms:homecms /root/backups/decommission-cc-connect-home-cms-20260505-075046/opt.home-cms-venv/lib/python3.12/site-packages/pip/_vendor/pygments/__pycache__/token.cpython-312.pyc`
`644 homecms:homecms /root/backups/decommission-cc-connect-home-cms-20260505-075046/opt.home-cms-venv/lib/python3.12/site-packages/pip/_vendor/pygments/token.py`
`755 root:root /root/.local/state/hermes/gateway-locks/telegram-bot-token-527a363f9555f5ab.lock`
`755 root:root /root/.local/state/hermes/gateway-locks/telegram-bot-token-a86416872dd430b7.lock`
`755 root:root /root/.local/state/hermes/gateway-locks/telegram-bot-token-fb8ec67ddaa8cef8.lock`
`755 root:root /root/.local/state/hermes/gateway-locks/telegram-bot-token-e08fecd0d7bdfb81.lock`
`755 root:root /root/.local/state/hermes/gateway-locks/telegram-bot-token-63c31bbb59f92d98.lock`
`755 root:root /root/.local/state/hermes/gateway-locks/telegram-bot-token-ae26df2183bc87c7.lock`
`755 root:root /root/.local/state/hermes/gateway-locks/telegram-bot-token-322e0f4acbbf166c.lock`
`644 root:root /root/.local/share/pnpm/store/v10/index/3c/41a5030ac6f325c65d18d6df67c66e0eba24094e0306ce6eea95a09a6ffe64-space-separated-tokens@2.0.2.json`
`644 root:root /root/.local/share/pnpm/store/v10/index/5d/02eee79da249cb6f9c47205f0ebe4b1ef919f9403cd103d6ac7b78127ec327-micromark-util-subtokenize@2.1.0.json`
`644 root:root /root/.local/share/pnpm/store/v10/index/16/ee2125dbf37b29427d03e9f5219689da73accb3bb53ae5bba55bf1719a4467-comma-separated-tokens@2.0.3.json`
`644 root:root /root/.local/share/pnpm/store/v10/index/c5/701dec6d8c965e56f2ea37ec6113a50d95ac4f38335f3567bba01c51909c96-args-tokenizer@0.3.0.json`
`644 root:root /root/.local/share/pnpm/store/v10/index/43/150b1c09bb70dbbbdb0f7b25434204538315a5e96c383e74ff1bfe8585019d-@csstools+css-tokenizer@4.0.0.json`
`644 root:root /root/.local/share/pnpm/store/v10/index/45/d2547e5704ddc5332a232a420b02bb4e853eef5474824ed1b7986cf8473789-js-tokens@4.0.0.json`
`644 root:root /root/.local/share/pnpm/store/v10/index/9b/16bd13d21314eb746da9f78fa2f93298f07a01b3ea505098cd4826459e0591-js-tokens@9.0.1.json`
`755 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/lib/python3.11/lib2to3/pgen2/token.py`
`644 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/lib/python3.11/lib2to3/pgen2/tokenize.py`
`644 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/lib/python3.11/site-packages/setuptools/_vendor/packaging/_tokenizer.py`
`644 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/lib/python3.11/site-packages/pip/_vendor/packaging/_tokenizer.py`
`644 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/lib/python3.11/site-packages/pip/_vendor/pygments/token.py`
`644 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/lib/python3.11/__pycache__/token.cpython-311.pyc`
`644 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/lib/python3.11/__pycache__/tokenize.cpython-311.pyc`
`644 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/lib/python3.11/__pycache__/secrets.cpython-311.pyc`
`644 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/lib/python3.11/token.py`
`644 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/lib/python3.11/tokenize.py`
`644 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/lib/python3.11/secrets.py`
`644 root:root /root/.local/share/uv/python/cpython-3.11.15-linux-aarch64-gnu/include/python3.11/token.h`
`644 root:root /root/.local/share/uv/tools/twitter-cli/lib/python3.11/site-packages/yaml/tokens.py`
`644 root:root /root/.local/share/uv/tools/twitter-cli/lib/python3.11/site-packages/yaml/__pycache__/tokens.cpython-311.pyc`
`644 root:root /root/.local/share/uv/tools/twitter-cli/lib/python3.11/site-packages/markdown_it/__pycache__/token.cpython-311.pyc`
`644 root:root /root/.local/share/uv/tools/twitter-cli/lib/python3.11/site-packages/markdown_it/token.py`
`644 root:root /root/.local/share/uv/tools/twitter-cli/lib/python3.11/site-packages/jeepney/tests/secrets_introspect.xml`
`644 root:root /root/.local/share/uv/tools/twitter-cli/lib/python3.11/site-packages/pygments/__pycache__/token.cpython-311.pyc`
`644 root:root /root/.local/share/uv/tools/twitter-cli/lib/python3.11/site-packages/pygments/token.py`
`644 root:root /root/.local/share/uv/tools/xiaohongshu-cli/lib/python3.11/site-packages/yaml/tokens.py`
`644 root:root /root/.local/share/uv/tools/xiaohongshu-cli/lib/python3.11/site-packages/yaml/__pycache__/tokens.cpython-311.pyc`
`644 root:root /root/.local/share/uv/tools/xiaohongshu-cli/lib/python3.11/site-packages/markdown_it/token.py`
`644 root:root /root/.local/share/uv/tools/xiaohongshu-cli/lib/python3.11/site-packages/jeepney/tests/secrets_introspect.xml`
`644 root:root /root/.local/share/uv/tools/xiaohongshu-cli/lib/python3.11/site-packages/pygments/__pycache__/token.cpython-311.pyc`
`644 root:root /root/.local/share/uv/tools/xiaohongshu-cli/lib/python3.11/site-packages/pygments/token.py`
`644 root:root /root/.config/go/telemetry/local/upload.token`
`644 root:root /root/projects/cards-api/.venv/lib/python3.12/site-packages/packaging/_tokenizer.py`
`644 root:root /root/projects/cards-api/.venv/lib/python3.12/site-packages/packaging/__pycache__/_tokenizer.cpython-312.pyc`
`644 root:root /root/projects/cards-api/.venv/lib/python3.12/site-packages/pip/_vendor/packaging/_tokenizer.py`
`644 root:root /root/projects/cards-api/.venv/lib/python3.12/site-packages/pip/_vendor/packaging/__pycache__/_tokenizer.cpython-312.pyc`
`644 root:root /root/projects/cards-api/.venv/lib/python3.12/site-packages/pip/_vendor/pygments/__pycache__/token.cpython-312.pyc`
`644 root:root /root/projects/cards-api/.venv/lib/python3.12/site-packages/pip/_vendor/pygments/token.py`
`644 root:root /root/projects/cards-api/.venv/lib/python3.11/site-packages/setuptools/_vendor/packaging/_tokenizer.py`
`644 root:root /root/projects/cards-api/.venv/lib/python3.11/site-packages/setuptools/_vendor/packaging/__pycache__/_tokenizer.cpython-311.pyc`
`644 root:root /root/projects/cards-api/.venv/lib/python3.11/site-packages/setuptools/_vendor/wheel/vendored/packaging/_tokenizer.py`
`644 root:root /root/projects/cards-api/.venv/lib/python3.11/site-packages/setuptools/_vendor/wheel/vendored/packaging/__pycache__/_tokenizer.cpython-311.pyc`
`644 root:root /root/projects/cards-api/.venv/lib/python3.11/site-packages/pip/_vendor/packaging/_tokenizer.py`
`644 root:root /root/projects/cards-api/.venv/lib/python3.11/site-packages/pip/_vendor/packaging/__pycache__/_tokenizer.cpython-311.pyc`
`644 root:root /root/projects/cards-api/.venv/lib/python3.11/site-packages/pip/_vendor/pygments/__pycache__/token.cpython-311.pyc`
`644 root:root /root/projects/cards-api/.venv/lib/python3.11/site-packages/pip/_vendor/pygments/token.py`
`644 root:root /root/.cache/node/corepack/v1/pnpm/10.30.3/dist/node_modules/node-gyp/gyp/pylib/packaging/_tokenizer.py`
`644 root:root /root/.cache/node/corepack/v1/pnpm/10.33.1/dist/node_modules/node-gyp/gyp/pylib/packaging/_tokenizer.py`
`644 root:root /root/.cache/uv/archive-v0/eKzKHW3quLkSWDN0qiSc5/yaml/tokens.py`
`644 root:root /root/.cache/uv/archive-v0/rA-XIFQl0QMdgVfA2xwNS/setuptools/_vendor/packaging/_tokenizer.py`
`644 root:root /root/.cache/uv/archive-v0/F9hbHLJeFbW0CPEfUXItv/mistralai/azure/client/models/oauth2tokenauth.py`
`644 root:root /root/.cache/uv/archive-v0/F9hbHLJeFbW0CPEfUXItv/mistralai/client/models/oauth2tokenauth.py`
`644 root:root /root/.cache/uv/archive-v0/F9hbHLJeFbW0CPEfUXItv/mistralai/client/models/oauth2token.py`
`644 root:root /root/.cache/uv/archive-v0/F9hbHLJeFbW0CPEfUXItv/mistralai/client/models/messagetokens.py`
`644 root:root /root/.cache/uv/archive-v0/F9hbHLJeFbW0CPEfUXItv/mistralai/client/models/prompttokensdetails.py`
`644 root:root /root/.cache/uv/archive-v0/F9hbHLJeFbW0CPEfUXItv/mistralai/gcp/client/models/oauth2tokenauth.py`
`644 root:root /root/.cache/uv/archive-v0/Z6L6Ra4Q9kgThnNm/packaging/_tokenizer.py`
`644 root:root /root/.hermes/backups/memory-tencentdb-wsh-20260519-214945/worker/config.yaml`
`644 root:root /root/.hermes/backups/memory-tencentdb-wsh-20260519-214945/stock/config.yaml`
`644 root:root /root/.hermes/backups/local-cliproxy-url-20260505-070030/news/config.yaml`
`644 homecms:homecms /root/.hermes/backups/system-audit-fix-20260602T092949Z/.env.before`
`644 root:root /root/.hermes/backups/compression-threshold-20260505-070243/news/config.yaml`
`644 root:root /root/.hermes/restart-context/hermes-usage-ledger-token-口径-20260523-221125.md`
`644 root:root /root/.hermes/restart-context/hermes-github-token-20260510120846.md`
`644 root:root /root/.hermes/restart-context/upload-demo-token-usability-20260507-092720.md`
`644 root:root /root/.hermes/hermes-agent/tests/cli/test_cli_secret_capture.py`
`644 root:root /root/.hermes/hermes-agent/tests/test_env_loader_secret_sources.py`
`644 root:root /root/.hermes/hermes-agent/tests/test_model_forces_max_completion_tokens.py`
`644 root:root /root/.hermes/hermes-agent/tests/test_bitwarden_secrets.py`
`644 root:root /root/.hermes/hermes-agent/tests/run_agent/test_context_token_tracking.py`
`644 root:root /root/.hermes/hermes-agent/tests/run_agent/test_token_persistence_non_cli.py`
`644 root:root /root/.hermes/hermes-agent/tests/tools/test_browser_secret_exfil.py`
`644 root:root /root/.hermes/hermes-agent/tests/agent/test_last_total_tokens.py`
`644 root:root /root/.hermes/hermes-agent/tests/agent/test_compressor_image_tokens.py`
`644 root:root /root/.hermes/hermes-agent/tests/hermes_cli/test_copilot_token_exchange.py`
`644 root:root /root/.hermes/hermes-agent/tests/hermes_cli/test_xai_oauth_pkce_token_exchange.py`
`644 root:root /root/.hermes/hermes-agent/tests/hermes_cli/test_tool_token_estimation.py`
`644 root:root /root/.hermes/hermes-agent/tests/hermes_cli/test_secrets_bitwarden_non_tty.py`
`644 root:root /root/.hermes/hermes-agent/tests/hermes_cli/test_tencent_tokenhub_provider.py`
`644 root:root /root/.hermes/hermes-agent/tests/hermes_cli/test_auth_usable_secret.py`
`644 root:root /root/.hermes/hermes-agent/tests/hermes_cli/test_secret_prompt.py`
`644 root:root /root/.hermes/hermes-agent/tests/gateway/test_gateway_silence_tokens.py`
`644 root:root /root/.hermes/hermes-agent/tests/gateway/test_telegram_webhook_secret.py`
`644 root:root /root/.hermes/hermes-agent/tests/gateway/test_max_tokens_propagation.py`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/youtube_transcript_api/test/assets/youtube_po_token_required.innertube.json.static`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/pydantic_settings/sources/providers/__pycache__/nested_secrets.cpython-311.pyc`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/pydantic_settings/sources/providers/__pycache__/secrets.cpython-311.pyc`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/pydantic_settings/sources/providers/secrets.py`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/pydantic_settings/sources/providers/nested_secrets.py`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/mautrix/util/signed_token.py`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/prompt_toolkit/token.py`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/yaml/tokens.py`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/yaml/__pycache__/tokens.cpython-311.pyc`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/security_and_compliance/v2/model/document_token.py`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/security_and_compliance/v2/model/bitable_app_token.py`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/security_and_compliance/v2/model/__pycache__/bitable_app_token.cpython-311.pyc`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/security_and_compliance/v2/model/__pycache__/doc_token.cpython-311.pyc`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/security_and_compliance/v2/model/__pycache__/minutes_token.cpython-311.pyc`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/security_and_compliance/v2/model/__pycache__/document_token.cpython-311.pyc`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/security_and_compliance/v2/model/doc_token.py`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/security_and_compliance/v2/model/minutes_token.py`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/security_and_compliance/v1/model/download_token.py`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/security_and_compliance/v1/model/__pycache__/download_token.cpython-311.pyc`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`
`644 root:root /root/.hermes/hermes-agent/venv/lib/python3.11/site-packages/lark_oapi/api/auth/[REDACTED]`

疑似进程参数泄露

已脱敏进程行
`2178466 root 8 /snap/chromium/3458/usr/lib/chromium-browser/chrome --password-store=basic --gtk-version=3 --disable-features=TFLiteLanguageDetectionEnabled --remote-debugging-port=0 --no-first-run --no-default-browser-check --disa`
`2178846 root 0 grep -E -i (token\|secret\|password\|apikey\|api_key\|bearer\|AUTH\|WEB_PASSWORD\|API_KEY)`
`2433600 root 624847 /usr/bin/python3 /root/scripts/codex-auth-autosync-watcher.py`

系统/资源

Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sda1      ext4  145G   53G   92G  37% /
/dev/sda16     ext4  891M  179M  650M  22% /boot
/dev/sda1      ext4  145G   53G   92G  37% /
/dev/sda1      ext4  145G   53G   92G  37% /
---INODES---
Filesystem     Inodes IUsed IFree IUse% Mounted on
/dev/sda1         19M  1.4M   18M    8% /
/dev/sda1         19M  1.4M   18M    8% /
---MEM---
               total        used        free      shared  buff/cache   available
Mem:            23Gi       4.5Gi       345Mi        34Mi        18Gi        18Gi
Swap:             0B          0B          0B

防火墙摘要

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                   # SSH
80/tcp                     ALLOW IN    Anywhere                   # HTTP
443/tcp                    ALLOW IN    Anywhere                   # HTTPS
2443/tcp                   ALLOW IN    Anywhere                   # AR Xray Reality
22/tcp (v6)                ALLOW IN    Anywhere (v6)              # SSH
80/tcp (v6)                ALLOW IN    Anywhere (v6)              # HTTP
443/tcp (v6)               ALLOW IN    Anywhere (v6)              # HTTPS
2443/tcp (v6)              ALLOW IN    Anywhere (v6)              # AR Xray Reality

---iptables---
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-BRIDGE
-N DOCKER-CT
-N DOCKER-FORWARD
-N DOCKER-INTERNAL
-N DOCKER-USER
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-FORWARD
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A DOCKER -d 172.22.0.2/32 ! -i br-85bbb2b365d7 -o br-85bbb2b365d7 -p tcp -m tcp --dport 8000 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 25774 -j ACCEPT
-A DOCKER -d 172.20.0.2/32 ! -i br-02c8ebe65544 -o br-02c8ebe65544 -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER -d 172.21.0.3/32 ! -i br-bc9254aba8bf -o br-bc9254aba8bf -p tcp -m tcp --dport 3000 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8501 -j ACCEPT
-A DOCKER ! -i br-bc9254aba8bf -o br-bc9254aba8bf -j DROP
-A DOCKER ! -i br-526670a45ef0 -o br-526670a45ef0 -j DROP
-A DOCKER ! -i br-623bddbbf793 -o br-623bddbbf793 -j DROP
-A DOCKER ! -i br-85bbb2b365d7 -o br-85bbb2b365d7 -j DROP
-A DOCKER ! -i br-88d5a24a33dc -o br-88d5a24a33dc -j DROP
-A DOCKER ! -i docker0 -o docker0 -j DROP
-A DOCKER ! -i br-02c8ebe65544 -o br-02c8ebe65544 -j DROP
-A DOCKER-BRIDGE -o br-bc9254aba8bf -j DOCKER
-A DOCKER-BRIDGE -o br-526670a45ef0 -j DOCKER
-A DOCKER-BRIDGE -o br-623bddbbf793 -j DOCKER
-A DOCKER-BRIDGE -o br-85bbb2b365d7 -j DOCKER
-A DOCKER-BRIDGE -o br-88d5a24a33dc -j DOCKER
-A DOCKER-BRIDGE -o docker0 -j DOCKER
-A DOCKER-BRIDGE -o br-02c8ebe65544 -j DOCKER
-A DOCKER-CT -o br-bc9254aba8bf -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-CT -o br-526670a45ef0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-CT -o br-623bddbbf793 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-CT -o br-85bbb2b365d7 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-CT -o br-88d5a24a33dc -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-CT -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-CT -o br-02c8ebe65544 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-FORWARD -j DOCKER-CT
-A DOCKER-FORWARD -j DOCKER-INTERNAL
-A DOCKER-FORWARD -j DOCKER-BRIDGE
-A DOCKER-FORWARD -i br-bc9254aba8bf -j ACCEPT
-A DOCKER-FORWARD -i br-526670a45ef0 -j ACCEPT
-A DOCKER-FORWARD -i br-623bddbbf793 -j ACCEPT
-A DOCKER-FORWARD -i br-85bbb2b365d7 -j ACCEPT
-A DOCKER-FORWARD -i br-88d5a24a33dc -j ACCEPT
-A DOCKER-FORWARD -i docker0 -j ACCEPT
-A DOCKER-FORWARD -i br-02c8ebe65544 -j ACCEPT
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 443 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 2443 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
---nft---
table ip nat {
	chain DOCKER {
		ip daddr 127.0.0.1 iifname != "docker0" tcp dport 8501 counter packets 0 bytes 0 dnat to 172.17.0.3:8501
		ip daddr 127.0.0.1 iifname != "br-bc9254aba8bf" tcp dport 4444 counter packets 0 bytes 0 dnat to 172.21.0.3:3000
		ip daddr 127.0.0.1 iifname != "br-02c8ebe65544" tcp dport 3777 counter packets 0 bytes 0 dnat to 172.20.0.2:3000
		ip daddr 127.0.0.1 iifname != "docker0" tcp dport 25774 counter packets 0 bytes 0 dnat to 172.17.0.2:25774
		ip daddr 127.0.0.1 iifname != "br-85bbb2b365d7" tcp dport 8820 counter packets 0 bytes 0 dnat to 172.22.0.2:8000
	}

	chain PREROUTING {
		type nat hook prerouting priority dstnat; policy accept;
		fib daddr type local counter packets 790665 bytes 48951008 jump DOCKER
	}

	chain OUTPUT {
		type nat hook output priority dstnat; policy accept;
		ip daddr != 127.0.0.0/8 fib daddr type local counter packets 0 bytes 0 jump DOCKER
	}

	chain POSTROUTING {
		type nat hook postrouting priority srcnat; policy accept;
		ip saddr 172.20.0.0/16 oifname != "br-02c8ebe65544" counter packets 0 bytes 0 masquerade
		ip saddr 172.17.0.0/16 oifname != "docker0" counter packets 398 bytes 26517 masquerade
		ip saddr 172.18.0.0/16 oifname != "br-88d5a24a33dc" counter packets 0 bytes 0 masquerade
		ip saddr 172.22.0.0/16 oifname != "br-85bbb2b365d7" counter packets 1198 bytes 89252 masquerade
		ip saddr 172.24.0.0/16 oifname != "br-623bddbbf793" counter packets 0 bytes 0 masquerade
		ip saddr 172.19.0.0/16 oifname != "br-526670a45ef0" counter packets 0 bytes 0 masquerade
		ip saddr 172.21.0.0/16 oifname != "br-bc9254aba8bf" counter packets 66416 bytes 5114149 masquerade
	}
}
table ip filter {
	chain DOCKER {
		ip daddr 172.22.0.2 iifname != "br-85bbb2b365d7" oifname "br-85bbb2b365d7" tcp dport 8000 counter packets 0 bytes 0 accept
		ip daddr 172.17.0.2 iifname != "docker0" oifname "docker0" tcp dport 25774 counter packets 0 bytes 0 accept
		ip daddr 172.20.0.2 iifname != "br-02c8ebe65544" oifname "br-02c8ebe65544" tcp dport 3000 counter packets 0 bytes 0 accept
		ip daddr 172.21.0.3 iifname != "br-bc9254aba8bf" oifname "br-bc9254aba8bf" tcp dport 3000 counter packets 0 bytes 0 accept
		ip daddr 172.17.0.3 iifname != "docker0" oifname "docker0" tcp dport 8501 counter packets 0 bytes 0 accept
		iifname != "br-bc9254aba8bf" oifname "br-bc9254aba8bf" counter packets 0 bytes 0 drop
		iifname != "br-526670a45ef0" oifname "br-526670a45ef0" counter packets 0 bytes 0 drop
		iifname != "br-623bddbbf793" oifname "br-623bddbbf793" counter packets 0 bytes 0 drop
		iifname != "br-85bbb2b365d7" oifname "br-85bbb2b365d7" counter packets 0 bytes 0 drop
		iifname != "br-88d5a24a33dc" oifname "br-88d5a24a33dc" counter packets 0 bytes 0 drop
		iifname != "docker0" oifname "docker0" counter packets 0 bytes 0 drop
		iifname != "br-02c8ebe65544" oifname "br-02c8ebe65544" counter packets 0 bytes 0 drop
	}

	chain DOCKER-FORWARD {
		counter packets 650085 bytes 351059059 jump DOCKER-CT
		counter packets 372044 bytes 212294798 jump DOCKER-INTERNAL
		counter packets 372044 bytes 212294798 jump DOCKER-BRIDGE
		iifname "br-bc9254aba8bf" counter packets 272420 bytes 174045615 accept
		iifname "br-526670a45ef0" counter packets 0 bytes 0 accept
		iifname "br-623bddbbf793" counter packets 0 bytes 0 accept
		iifname "br-85bbb2b365d7" counter packets 7287 bytes 901993 accept
		iifname "br-88d5a24a33dc" counter packets 0 bytes 0 accept
		iifname "docker0" counter packets 5098 bytes 754726 accept
		iifname "br-02c8ebe65544" counter packets 0 bytes 0 accept
	}

	chain DOCKER-BRIDGE {
		oifname "br-bc9254aba8bf" counter packets 0 bytes 0 jump DOCKER
		oifname "br-526670a45ef0" counter packets 0 bytes 0 jump DOCKER
		oifname "br-623bddbbf793" counter packets 0 bytes 0 jump DOCKER
		oifname "br-85bbb2b365d7" counter packets 0 bytes 0 jump DOCKER
		oifname "br-88d5a24a33dc" counter packets 0 bytes 0 jump DOCKER
		oifname "docker0" counter packets 0 bytes 0 jump DOCKER
		oifname "br-02c8ebe65544" counter packets 0 bytes 0 jump DOCKER
	}

	chain DOCKER-CT {
		oifname "br-bc9254aba8bf" ct state related,established counter packets 257120 bytes 59596990 accept
		oifname "br-526670a45ef0" ct state related,established counter packe

失败服务

UNIT LOAD ACTIVE SUB DESCRIPTION

0 loaded units listed.

安全相关服务状态

active
enabled
active
inactive
active
active

软件更新压力

22 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Inst_count=22
Listing...
alsa-ucm-conf/noble-updates 1.2.10-1ubuntu5.11 all [upgradable from: 1.2.10-1ubuntu5.10]
apparmor-profiles/noble-updates 4.0.1really4.0.1-0ubuntu0.24.04.7 all [upgradable from: 4.0.1really4.0.1-0ubuntu0.24.04.6]
apparmor-utils/noble-updates 4.0.1really4.0.1-0ubuntu0.24.04.7 all [upgradable from: 4.0.1really4.0.1-0ubuntu0.24.04.6]
apparmor/noble-updates 4.0.1really4.0.1-0ubuntu0.24.04.7 arm64 [upgradable from: 4.0.1really4.0.1-0ubuntu0.24.04.6]
ca-certificates/noble-updates,noble-security 20260601~24.04.1 all [upgradable from: 20240203]
cloud-init/noble-updates 26.1-0ubuntu1~24.04.1 all [upgradable from: 25.3-0ubuntu1~24.04.1]
docker-buildx-plugin/noble 0.34.1-1~ubuntu.24.04~noble arm64 [upgradable from: 0.34.0-1~ubuntu.24.04~noble]
docker-ce-cli/noble 5:29.5.3-1~ubuntu.24.04~noble arm64 [upgradable from: 5:29.5.2-1~ubuntu.24.04~noble]
docker-ce-rootless-extras/noble 5:29.5.3-1~ubuntu.24.04~noble arm64 [upgradable from: 5:29.5.2-1~ubuntu.24.04~noble]
docker-ce/noble 5:29.5.3-1~ubuntu.24.04~noble arm64 [upgradable from: 5:29.5.2-1~ubuntu.24.04~noble]
fwupd/noble-updates 2.0.20-1ubuntu2~24.04.1 arm64 [upgradable from: 1.9.34-0ubuntu1~24.04.1]
google-cloud-cli-anthoscli/cloud-sdk 573.0.0-0 arm64 [upgradable from: 569.0.0-0]
google-cloud-cli/cloud-sdk 573.0.0-0 arm64 [upgradable from: 569.0.0-0]
libapparmor1/noble-updates 4.0.1really4.0.1-0ubuntu0.24.04.7 arm64 [upgradable from: 4.0.1really4.0.1-0ubuntu0.24.04.6]
libjcat1/noble-updates 0.2.3-1~ubuntu0.24.04.1 arm64 [upgradable from: 0.2.0-2build3]
librabbitmq4/noble-updates,noble-security 0.11.0-1ubuntu0.1 arm64 [upgradable from: 0.11.0-1build2]
libxmlb2/noble-updates 0.3.24-1~ubuntu0.24.04.1 arm64 [upgradable from: 0.3.18-1]
nodejs/nodistro 22.22.3-1nodesource1 arm64 [upgradable from: 22.22.2-1nodesource1]
python3-apparmor/noble-updates 4.0.1really4.0.1-0ubuntu0.24.04.7 all [upgradable from: 4.0.1really4.0.1-0ubuntu0.24.04.6]
python3-libapparmor/noble-updates 4.0.1really4.0.1-0ubuntu0.24.04.7 arm64 [upgradable from: 4.0.1really4.0.1-0ubuntu0.24.04.6]
snapd/noble-updates 2.75.2+ubuntu24.04 arm64 [upgradable from: 2.74.1+ubuntu24.04.4]
xserver-common/noble-updates 2:21.1.12-1ubuntu1.6 all [upgradable from: 2:21.1.12-1ubuntu1.5]
xvfb/noble-updates 2:21.1.12-1ubuntu1.6 arm64 [upgradable from: 2:21.1.12-1ubuntu1.5]

Docker 暴露摘要

NAMES                 IMAGE                                   PORTS                        STATUS
dsa-long-server       zhulinsen/daily_stock_analysis:latest   127.0.0.1:8820->8000/tcp     Up 40 hours (healthy)
komari                ghcr.io/komari-monitor/komari:latest    127.0.0.1:25774->25774/tcp   Up 4 days
memo-app              memo-app                                127.0.0.1:3777->3000/tcp     Up 4 days (healthy)
antigravity-manager   lbjlaq/antigravity-manager:latest                                    Up 37 hours
prompts-chat-app-1    ghcr.io/f/prompts.chat:latest           127.0.0.1:4444->3000/tcp     Up 5 days (healthy)
prompts-chat-db-1     postgres:17-bookworm                    5432/tcp                     Up 2 weeks (healthy)
sealcut               sealcut-web                             127.0.0.1:8501->8501/tcp     Up 2 weeks
---docker-socket---
660 root:docker /var/run/docker.sock

Nginx 摘要（脱敏/截断）

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
---server-listen---
37:	# server_names_hash_bucket_size 64;
38:	# server_name_in_redirect off;
87:#		listen     localhost:110;
93:#		listen     localhost:143;
99:    map $ssl_preread_server_name $xray_stream_backend {
105:        listen 443;
106:        listen [::]:443;
107:        proxy_pass $xray_stream_backend;
234:    listen 80 default_server;
235:    listen [::]:80 default_server;
236:    server_name _;
238:    # Default deny for the whole site unless a location explicitly allows access.
258:        proxy_pass http://127.0.0.1:5200/;
281:        proxy_pass http://127.0.0.1:5211/;
295:    server_name worker.88665577.xyz; # managed by Certbot
297:    # Default deny for the whole site unless a location explicitly allows access.
317:        proxy_pass http://127.0.0.1:5200/;
340:        proxy_pass http://127.0.0.1:5211/;
354:    # listen [::]:443 ssl http2; # disabled for stream TLS multiplex # managed by Certbot
355:    listen 127.0.0.1:4443 ssl http2; # managed by Certbot
367:    listen 80 ;
368:    listen [::]:80 ;
369:    server_name worker.88665577.xyz;
376:allow 127.0.0.1;        # localhost
377:allow 129.146.59.53;    # AR / local / origin
378:allow 64.118.144.182;   # JP
379:allow 186.241.84.19;   # US
380:allow 38.76.188.244;    # HKA
381:allow 185.155.235.171;  # HKY / manual whitelist
382:allow 52.220.159.135; # SG
383:allow 13.112.210.201; # JPA
384:allow 13.112.231.185; # JPB
385:allow 43.198.253.212; # HKC
386:allow 161.118.141.160; # KRA
387:deny all;
407:    server_name long.loveason.com;
414:        proxy_pass http://127.0.0.1:8820;
427:    # listen [::]:443 ssl http2; # disabled for stream TLS multiplex # managed by Certbot
428:    listen 127.0.0.1:4443 ssl http2; # managed by Certbot
441:    listen 80;
442:    listen [::]:80;
443:    server_name long.loveason.com;
455:    listen 80;
456:    listen [::]:80;
457:    server_name hermes.loveason.com;
469:    listen 127.0.0.1:4443 ssl http2;
470:    # listen [::]:443 ssl http2; # disabled for stream TLS multiplex
471:    server_name hermes.loveason.com;
511:        proxy_pass http://127.0.0.1:16081/usage;
521:        proxy_pass http://127.0.0.1:16081/usage/;
553:    listen 80;
554:    listen [::]:80;
555:    server_name nz.loveason.com;
561:    listen 127.0.0.1:4443 ssl http2;
562:    # listen [::]:443 ssl http2; # disabled for stream TLS multiplex
563:    server_name nz.loveason.com;
575:        proxy_pass http://127.0.0.1:25774;
597:allow 127.0.0.1;        # localhost / AR backend
598:allow ::1;              # localhost
599:allow 129.146.59.53;    # AR (backend + agent)
600:allow 64.118.144.182;   # JP
601:allow 47.254.140.158;   # DE
602:allow 131.186.27.212;   # KR
603:allow 186.241.84.19;    # US
604:allow 38.76.188.244;    # HKA
605:allow 185.155.235.171;  # HKY
606:allow 52.220.159.135;   # SG
607:allow 13.112.210.201;   # JPA
608:allow 13.112.231.185;   # JPB
609:allow 167.71.140.103;   # UK
610:allow 134.199.173.24;   # AU
611:allow 161.118.130.5;    # KRB
612:allow 43.198.253.212; # HKC
613:deny all;
618:    listen 127.0.0.1:80;
619:    server_name localhost;
626:        proxy_pass http://127.0.0.1:4444;
642:    server_name chat.loveason.com;
649:        proxy_pass http://127.0.0.1:4444;
660:    # listen [::]:443 ssl http2; # disabled for stream TLS multiplex # managed by Certbot
661:    listen 127.0.0.1:4443 ssl http2; # managed by Certbot
676:    listen 80;
677:    listen [::]:80;
678:    server_name chat.loveason.com;
686:    listen 80;
687:    listen [::]:80;
688:    server_name status.loveason.com;
693:    listen 127.0.0.1:4443 ssl http2;
694:    # listen [::]:443 ssl http2; # disabled for stream TLS multiplex
695:    server_name status.loveason.com;
705:    server_name worker.loveason.com;
717:        proxy_pass http://127.0.0.1:8317/v1/;
735:    # listen [::]:443 ssl http2; # disabled for stream TLS multiplex # managed by Certbot
736:    listen 127.0.0.1:4443 ssl http2; # managed by Certbot
751:    listen 80;
752:    listen [::]:80;
753:    server_name worker.loveason.com;
760:# Managed by Master: worker.loveason.com only; allow Hermes-installed VPSes from live audit 2026-05-19
761:allow 127.0.0.1;       # localhost
762:allow ::1;             # localhost
763:allow 129.146.59.53;   # AR / local / Hermes active
764:allow 47.254.140.158;  # DE / Hermes installed
765:allow 186.241.84.19;  # US / Hermes installed
766:allow 38.76.188.244;   # HKA / Hermes installed
767:allow 52.220.159.135; # SG
768:allow 13.112.210.201; # JPA
769:allow 43.198.253.212; # HKC
770:allow 161.118.141.160; # KRA
771:deny all;
775:    server_name www.loveason.com loveason.com;
780:    # listen [::]:443 ssl http2; # disabled for stream TLS multiplex
781:    listen 127.0.0.1:4443 ssl http2;
802:        limit_except GET HEAD { deny all; }
803:        proxy_pass http://127.0.0.1:5001/uploads/;
820:        proxy_pass http://127.0.0.1:5001/;
864:        proxy_pass http://127.0.0.1:8317/v1/;
881:        proxy_pass http://127.0.0.1:16081/usage;
891:        proxy_pass http://127.0.0.1:16081/usage/;
908:        limit_except GET HEAD { deny all; }
909:        proxy_pass http://127.0.0.1:8787/exports/;
928:        proxy_pass http://127.0.0.1:8787/;
952:        proxy_pass http://127.0.0.1:8501;
980:        proxy_pass http://127.0.0.1:5200/;
1013:        proxy_pass http://127.0.0.1:5211/;
1032:        proxy_pass http://127.0.0.1:8317/v0/management/;
1084:        proxy_pass http://127.0.0.1:5260/;
1100:        proxy_pass http://127.0.0.1:8766/;
1142:        proxy_pass http://127.0.0.1:8045;
1161:        proxy_pass http://127.0.0.1:8045;
1175:        proxy_pass http://127.0.0.1:8045;
1186:        proxy_pass http://127.0.0.1:8045;
1270:        proxy_pass http://127.0.0.1:3777;
1281:        proxy_pass http://127.0.0.1:3777;
1300:        proxy_pass http://127.0.0.1:8317;
1309:    listen 80;
1310:    listen [::]:80;
1311:    server_name www.loveason.com loveason.com;
1340:        proxy_pass http://127.0.0.1:5240/;
1377:        proxy_pass http://127.0.0.1:5230/;
1402:        proxy_pass http://127.0.0.1:5250/;
1422:        proxy_pass http://127.0.0.1:5250/api/;

最近登录与认证日志摘要

root     pts/1        38.76.188.244    Mon Jun 15 17:06 - 17:09  (00:03)
root     pts/2        13.112.210.201   Sun Jun 14 23:57 - 00:25  (00:27)
root     pts/1        13.112.210.201   Sun Jun 14 23:54 - 00:02  (00:08)
root     pts/1        13.112.210.201   Sun Jun 14 23:50 - 23:53  (00:03)
root     pts/1        13.112.210.201   Sun Jun 14 23:24 - 23:29  (00:04)
root     pts/1        43.198.253.212   Sat Jun 13 15:15 - 15:15  (00:00)
root     pts/1        43.198.253.212   Sat Jun 13 15:15 - 15:15  (00:00)
root     pts/1        185.155.235.171  Sat Jun 13 02:28 - 02:35  (00:06)
root     pts/1        13.112.210.201   Fri Jun 12 12:12 - 12:22  (00:10)
root     pts/1        13.112.210.201   Thu Jun 11 20:10 - 20:10  (00:00)
root     pts/0        13.112.210.201   Thu Jun 11 20:00 - 20:09  (00:09)
root     pts/0        185.155.235.171  Thu Jun 11 19:54 - 19:59  (00:04)
root     pts/0        171.14.142.133   Thu Jun 11 15:46 - 15:49  (00:03)
root     pts/0        171.14.142.133   Thu Jun 11 15:44 - 15:46  (00:01)
root     pts/0        171.14.142.133   Thu Jun 11 09:53 - 09:54  (00:00)
root     pts/0        52.220.159.135   Wed Jun 10 21:04 - 21:22  (00:17)
root     pts/0        13.112.210.201   Tue Jun  9 12:53 - 13:05  (00:11)
root     pts/0        52.220.159.135   Sun Jun  7 19:34 - 20:11  (00:37)
root     pts/2        13.112.210.201   Sun Jun  7 17:25 - 17:35  (00:10)
root     pts/0        13.112.210.201   Sun Jun  7 17:24 - 17:27  (00:03)

wtmp begins Thu Apr 23 09:16:48 2026
---AUTHLOG---
2026-06-17T11:18:52.188564+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl cat unified-monitoring-agent.service
2026-06-17T11:18:52.189075+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:18:52.193970+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:18:52.200459+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent.service
2026-06-17T11:18:52.200950+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:18:52.205338+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:18:52.211651+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent_config_downloader.timer
2026-06-17T11:18:52.212141+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:18:52.216634+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:27:39.112574+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent.service
2026-06-17T11:27:39.113018+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:27:39.118675+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:27:39.125085+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent_config_downloader.timer
2026-06-17T11:27:39.125630+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:27:39.130258+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:28:23.430539+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl cat unified-monitoring-agent.service
2026-06-17T11:28:23.431002+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:28:23.436404+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:28:23.442811+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl cat unified-monitoring-agent.service
2026-06-17T11:28:23.443320+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:28:23.448467+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:28:23.454581+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent.service
2026-06-17T11:28:23.455061+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:28:23.459467+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:28:23.466044+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent_config_downloader.timer
2026-06-17T11:28:23.466330+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:28:23.471081+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:31:08.753849+08:00 instance-20260423-0914 sshd[2153121]: Invalid user AdminGPON from 45.148.10.121 port 41726
2026-06-17T11:32:03.072882+08:00 instance-20260423-0914 sshd[2154038]: Invalid user deisy from 141.98.83.240 port 22916
2026-06-17T11:36:30.827553+08:00 instance-20260423-0914 sshd[2158751]: Invalid user user from 213.209.159.56 port 23922
2026-06-17T11:36:31.123834+08:00 instance-20260423-0914 sshd[2158751]: Disconnecting invalid user user 213.209.159.56 port 23922: Too many authentication failures [preauth]
2026-06-17T11:37:39.084144+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent.service
2026-06-17T11:37:39.084599+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:37:39.089942+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:37:39.096078+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent_config_downloader.timer
2026-06-17T11:37:39.096600+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:37:39.100884+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:40:25.152018+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl cat unified-monitoring-agent.service
2026-06-17T11:40:25.152473+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:40:25.159945+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:40:25.166241+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl cat unified-monitoring-agent.service
2026-06-17T11:40:25.166759+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:40:25.171677+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:40:25.177753+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent.service
2026-06-17T11:40:25.178236+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:40:25.182475+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:40:25.188995+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent_config_downloader.timer
2026-06-17T11:40:25.189276+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:40:25.194008+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:47:20.782771+08:00 instance-20260423-0914 sshd[2164528]: Invalid user eleazar from 2.57.121.112 port 15068
2026-06-17T11:47:39.083032+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent.service
2026-06-17T11:47:39.083499+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:47:39.089219+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:47:39.095505+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent_config_downloader.timer
2026-06-17T11:47:39.095941+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:47:39.100603+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:49:59.319927+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl cat unified-monitoring-agent.service
2026-06-17T11:49:59.320348+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:49:59.325753+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:49:59.332025+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl cat unified-monitoring-agent.service
2026-06-17T11:49:59.332525+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:49:59.337657+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:49:59.344007+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent.service
2026-06-17T11:49:59.344274+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:49:59.349066+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:49:59.355286+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent_config_downloader.timer
2026-06-17T11:49:59.355817+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=584788)
2026-06-17T11:49:59.360649+08:00 instance-20260423-0914 sudo: pam_unix(sudo:session): session closed for user root
2026-06-17T11:56:40.227659+08:00 instance-20260423-0914 sshd[2167958]: Invalid user service from 193.46.255.86 port 53470
2026-06-17T11:57:39.096190+08:00 instance-20260423-0914 sudo: snap_daemon : PWD=/var/snap/oracle-cloud-agent/114 ; USER=root ; COMMAND=/bin/systemctl is-active unified-monitoring-agent.service
2026-06-17T11:57:39.096646+08:00 instance-20260423-0914 sudo: pam_unix(sudo:ses

说明：本报告避免展示密钥内容，仅展示路径、权限、端口和已脱敏进程参数。所有建议均为审核建议；实际修复前应备份并按服务影响窗口执行。