GithubBackup/IP-Sentinel
1
0
Fork 0
mirror of https://github.com/hotyue/IP-Sentinel.git synced 2026-06-04 00:09:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
3e863285d45f859112f9e007c2cabce5c2edb678
IP-Sentinel/core/uninstall.sh

147 lines
7.1 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/bash
# ==========================================================
# 脚本名称: uninstall.sh
# 核心功能: 无痕追踪溯源、全面抹杀幽灵进程、清空宿主脏数据残留与防火墙回缩
# ==========================================================
# ----------------------------------------------------------
# [权限鉴权] 防止非管理员误触导致组件残留挂起
# ----------------------------------------------------------
if [ "$EUID" -ne 0 ]; then
echo -e "\033[31m❌ 权限被拒绝: 卸载 IP-Sentinel 需要最高系统权限。\033[0m"
echo -e "💡 请切换到 root 用户 (执行 su root 或 sudo -i) 后重新运行指令。"
exit 1
fi
INSTALL_DIR="/opt/ip_sentinel"
CONFIG_FILE="${INSTALL_DIR}/config.conf"
echo "========================================================"
echo " 🗑️ 准备卸载 IP-Sentinel (边缘节点 Edge Agent)"
if [ -f "$CONFIG_FILE" ]; then
CURRENT_VER=$(grep "^AGENT_VERSION=" "$CONFIG_FILE" | cut -d'"' -f2)
[ -n "$CURRENT_VER" ] && echo " 📍 目标版本: v${CURRENT_VER}"
fi
echo "========================================================"
# ----------------------------------------------------------
# [进程抹杀] 阻塞并卸除底层 Systemd 强绑定服务单元
# ----------------------------------------------------------
echo "[1/5] 正在停止并删除 Systemd 服务..."
if command -v systemctl >/dev/null 2>&1; then
echo "💡 检测到 Systemd 环境,正在抹除 Systemd 服务单元..."
# 强制压制守护状态,发送 SIGKILL 剥夺其产生遗言及重启的机会
systemctl kill --signal=SIGKILL ip-sentinel-agent-daemon.service >/dev/null 2>&1 || true
systemctl disable --now ip-sentinel-runner.service ip-sentinel-runner.timer \
ip-sentinel-updater.service ip-sentinel-updater.timer \
ip-sentinel-report.service ip-sentinel-report.timer \
ip-sentinel-agent-daemon.service >/dev/null 2>&1
rm -f /etc/systemd/system/ip-sentinel-runner.service
rm -f /etc/systemd/system/ip-sentinel-runner.timer
rm -f /etc/systemd/system/ip-sentinel-updater.service
rm -f /etc/systemd/system/ip-sentinel-updater.timer
rm -f /etc/systemd/system/ip-sentinel-report.service
rm -f /etc/systemd/system/ip-sentinel-report.timer
rm -f /etc/systemd/system/ip-sentinel-agent-daemon.service
systemctl daemon-reload
systemctl reset-failed
else
echo "💡 未检测到 Systemd跳过此步骤..."
fi
# ----------------------------------------------------------
# [内存清洗] 全面追踪并镇压游离状态的挂起业务逻辑
# ----------------------------------------------------------
echo "[2/5] 正在终止后台守护进程与所有养护任务..."
pkill -9 -f "tg_daemon.sh" >/dev/null 2>&1
pkill -9 -f "agent_daemon.sh" >/dev/null 2>&1
pkill -9 -f "python3.*webhook.py" >/dev/null 2>&1
pkill -9 -f "webhook.py" >/dev/null 2>&1
pkill -9 -f "runner.sh" >/dev/null 2>&1
pkill -9 -f "updater.sh" >/dev/null 2>&1
pkill -9 -f "tg_report.sh" >/dev/null 2>&1
pkill -9 -f "mod_google.sh" >/dev/null 2>&1
pkill -9 -f "mod_trust.sh" >/dev/null 2>&1
pkill -9 -f "sentinel_scheduler.sh" >/dev/null 2>&1
# ----------------------------------------------------------
# [任务清洗] 基于内存管道流彻底擦除系统底层调度劫持
# ----------------------------------------------------------
echo "[3/5] 正在清理系统定时任务 (Cron)..."
# 通过管道原位清洗避免落地到 /tmp免疫提权或外部劫持探测
crontab -l 2>/dev/null | grep -v "ip_sentinel" | crontab - >/dev/null 2>&1 || true
# 扫除高受限环境 (如 Alpine) 中的额外触发隐患
for CRON_FILE in "/var/spool/cron/crontabs/root" "/etc/crontabs/root"; do
if [ -f "$CRON_FILE" ]; then
grep -v "ip_sentinel" "$CRON_FILE" > "${CRON_FILE}.tmp" 2>/dev/null || true
cat "${CRON_FILE}.tmp" > "$CRON_FILE" 2>/dev/null || true
rm -f "${CRON_FILE}.tmp" 2>/dev/null
fi
done
rm -f /etc/local.d/ip_sentinel.start 2>/dev/null
rm -f /etc/local.d/ip_sentinel_scheduler.start 2>/dev/null
if grep -q "sentinel_scheduler.sh" /etc/profile 2>/dev/null; then
sed -i '/sentinel_scheduler\.sh/d' /etc/profile 2>/dev/null || true
fi
# ----------------------------------------------------------
# [防线回缩] 读取遗留端口,撤除自动化防火墙挂载点
# ----------------------------------------------------------
echo "[4/5] 正在执行本地防火墙撤防操作..."
if [ -f "$CONFIG_FILE" ]; then
AGENT_PORT=$(grep "^AGENT_PORT=" "$CONFIG_FILE" | cut -d'"' -f2)
if [ -n "$AGENT_PORT" ]; then
if command -v ufw >/dev/null 2>&1 && ufw status | grep -qw active; then
ufw delete allow "$AGENT_PORT"/tcp >/dev/null 2>&1
echo -e " ✅ \033[32mUFW 防火墙双栈撤防成功 (剔除端口: $AGENT_PORT)。\033[0m"
elif command -v firewall-cmd >/dev/null 2>&1 && systemctl is-active firewalld | grep -qw active; then
firewall-cmd --zone=public --remove-port="$AGENT_PORT"/tcp --permanent >/dev/null 2>&1
firewall-cmd --reload >/dev/null 2>&1
echo -e " ✅ \033[32mFirewalld 持久化拦截规则回缩完毕。\033[0m"
else
local fw_removed=false
if command -v iptables >/dev/null 2>&1; then
# 循环清洗,防备由于中途故障引发的复数规则残留
while iptables -C INPUT -p tcp --dport "$AGENT_PORT" -j ACCEPT >/dev/null 2>&1; do
iptables -D INPUT -p tcp --dport "$AGENT_PORT" -j ACCEPT
fw_removed=true
done
fi
if command -v ip6tables >/dev/null 2>&1; then
while ip6tables -C INPUT -p tcp --dport "$AGENT_PORT" -j ACCEPT >/dev/null 2>&1; do
ip6tables -D INPUT -p tcp --dport "$AGENT_PORT" -j ACCEPT
fw_removed=true
done
fi
if [ "$fw_removed" = true ]; then
echo -e " ✅ \033[32m原生 iptables/ip6tables 双轨锚点清理完毕。\033[0m"
else
echo -e " 💡 \033[33m未检测到残留底层拦截规则防线保持默认流转。\033[0m"
fi
fi
else
echo " 💡 未在主核配置内探测到通讯端口配置,跳过清理..."
fi
else
echo " 💡 核心配置文件丢失,未能追溯部署端口状态,放弃网络防御清洗。"
fi
# ----------------------------------------------------------
# [物理销毁] 抹杀持久化特征,销毁系统沙盒痕迹
# ----------------------------------------------------------
echo "[5/5] 正在抹除核心程序、配置文件与系统痕迹..."
if [ -d "$INSTALL_DIR" ]; then
rm -rf "$INSTALL_DIR"
fi
echo "========================================================"
echo "✅ 卸载彻底完成IP-Sentinel 引擎及对空信道已从您的系统中无痕移除。"
echo "💡 提示:如果此前云端控制面板 (如 AWS/阿里云等) 配有入站安全组例外,请手动阻断以确保靶机零敞露。"
echo "👋 感谢您的使用,期待未来再次为您守护资产!"
echo "========================================================"
Reference in New Issue View Git Blame Copy Permalink