#!/bin/bash # Ensure the script is run as root if [ "$(id -u)" != "0" ]; then echo "脚本需要root运行." 1>&2 exit 1 fi ## Text colors and styles info() { echo -e "\e[92m$1\e[0m" } info_2() { echo -e "\e[94m$1\e[0m" } fail() { echo -e "\e[91m$1\e[0m" 1>&2 } seperator() { echo -e "\n" echo $(printf '%*s' "$(tput cols)" | tr ' ' '=') } ## Loading animation BLA_classic=( 0.25 '-' "\\" '|' '/' ) declare -a BLA_active_loading_animation BLA::play_loading_animation_loop() { while true ; do for frame in "${BLA_active_loading_animation[@]}" ; do printf "\r%s" "${frame}" sleep "${BLA_loading_animation_frame_interval}" done done } BLA::start_loading_animation() { BLA_active_loading_animation=( "${@}" ) # Extract the delay between each frame from array BLA_active_loading_animation BLA_loading_animation_frame_interval="${BLA_active_loading_animation[0]}" unset "BLA_active_loading_animation[0]" tput civis # Hide the terminal cursor BLA::play_loading_animation_loop & BLA_loading_animation_pid="${!}" } BLA::stop_loading_animation() { kill "${BLA_loading_animation_pid}" &> /dev/null printf "\n" tput cnorm # Restore the terminal cursor } # Run BLA::stop_loading_animation if the script is interrupted trap BLA::stop_loading_animation SIGINT ## System Info sysinfo_(){ #Linux Distro Version if [ -f /etc/os-release ]; then . /etc/os-release os=$NAME ver=$VERSION_ID elif type lsb_release >/dev/null 2>&1; then os=$(lsb_release -si) ver=$(lsb_release -sr) elif [ -f /etc/lsb-release ]; then . /etc/lsb-release os=$DISTRIB_ID ver=$DISTRIB_RELEASE elif [ -f /etc/debian_version ]; then os=Debian ver=$(cat /etc/debian_version) elif [ -f /etc/redhat-release ]; then os=Redhat else os=$(uname -s) ver=$(uname -r) fi #Virtualization Technology if [ $(systemd-detect-virt) != "none" ]; then virt_tech=$(systemd-detect-virt) fi #Memory Size mem_size=$(free -m | grep Mem | awk '{print $2}') #Network interface nic=$(ip addr | grep 'state UP' | awk '{print $2}' | sed 's/.$//' | cut -d'@' -f1 | head -1) return 0 } ## Update update_() { if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get update -y && apt-get upgrade -y elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum update -y fi return 0 } ## Auto update auto_update_() { if [ -z $(which unattended-upgrades) ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get -y install unattended-upgrades apt-listchanges if [ $? -ne 0 ]; then fail "Unattended-upgrades Installation Failed" return 1 fi elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install unattended-upgrades -y if [ $? -ne 0 ]; then fail "Unattended-upgrades Installation Failed" return 1 fi fi fi echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections dpkg-reconfigure -f noninteractive unattended-upgrades } ## Bandwidth Limit bandwidth_limit_() { # Install vnstat if not already installed if ! [ -x "$(command -v vnstat)" ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get install vnstat -y elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install vnstat -y fi fi if ! [ -x "$(command -v vnstat)" ]; then fail "vnstat 安装失败" return 1 fi # Install bc if not already installed if ! [ -x "$(command -v bc)" ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get install bc -y elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install bc -y fi fi if ! [ -x "$(command -v bc)" ]; then fail "bc 安装失败" return 1 fi sed -i "s/Interface \"\"/Interface \"$nic\"/" /etc/vnstat.conf cat << EOF > /root/.bandwidth_limit.sh #!/bin/bash # Set the monthly limit in GiB monthly_upload_limit=$upload_threshold monthly_download_limit=$download_threshold reset_day=$reset_day while true do # Get the current date and time current_year=\$(date +%Y) current_month=\$(date +%m) current_day=\$(date +%d) # Calculate the begin and end dates for vnStat if [[ \$current_day -ge \$reset_day ]]; then begin_date="\$current_year-\$current_month-\$reset_day" next_month=\$(date -d "\$begin_date +1 month" +%m) next_year=\$(date -d "\$begin_date +1 month" +%Y) end_date="\$next_year-\$next_month-\$reset_day" else end_date="\$current_year-\$current_month-\$reset_day" prev_month=\$(date -d "\$end_date -1 month" +%m) prev_year=\$(date -d "\$end_date -1 month" +%Y) begin_date="\$prev_year-\$prev_month-\$reset_day" fi # Get the current usage current_upload_usage=\$(vnstat --begin \$begin_date --end \$end_date -i "$nic" --oneline | awk -F\; '{print \$10}') current_upload_usage_value=\$(echo \$current_upload_usage| awk '{print \$1}') current_upload_usage_unit=\$(echo \$current_upload_usage | awk '{print \$2}') current_download_usage=\$(vnstat --begin \$begin_date --end \$end_date -i "$nic" --oneline | awk -F\; '{print \$9}') current_download_usage_value=\$(echo \$current_download_usage| awk '{print \$1}') current_download_usage_unit=\$(echo \$current_download_usage | awk '{print \$2}') # Convert usage to GiB case \$current_upload_usage_unit in "KiB") current_upload_usage_in_gib=\$(echo "scale=2; \$current_upload_usage_value / 1048576" | bc) ;; "MiB") current_upload_usage_in_gib=\$(echo "scale=2; \$current_upload_usage_value / 1024" | bc) ;; "GiB") current_upload_usage_in_gib=\$current_upload_usage_value ;; "TiB") current_upload_usage_in_gib=\$(echo "scale=2; \$current_upload_usage_value * 1024" | bc) ;; *) echo "Unknown unit: \$unit" >&2; exit 1 ;; esac case \$current_download_usage_unit in "KiB") current_download_usage_in_gib=\$(echo "scale=2; \$current_download_usage_value / 1048576" | bc) ;; "MiB") current_download_usage_in_gib=\$(echo "scale=2; \$current_download_usage_value / 1024" | bc) ;; "GiB") current_download_usage_in_gib=\$current_download_usage_value ;; "TiB") current_download_usage_in_gib=\$(echo "scale=2; \$current_download_usage_value * 1024" | bc) ;; *) echo "Unknown unit: \$unit" >&2; exit 1 ;; esac # Check if the current usage exceeds the limit if (( \$(echo "\$current_upload_usage_in_gib >= \$monthly_upload_limit" | bc -l) )); then shutdown -h now fi if (( \$(echo "\$current_download_usage_in_gib >= \$monthly_download_limit" | bc -l) )); then shutdown -h now fi sleep 5 done EOF chmod +x .bandwidth_limit.sh #Systemd Service cat << EOF > /etc/systemd/system/bandwidth_limit.service [Unit] Description=Bandwidth Limit After=network.target [Service] Type=simple ExecStart=/root/.bandwidth_limit.sh Restart=always RestartSec=3 StandardOutput=syslog StandardError=syslog SyslogIdentifier=bandwidth_limit [Install] WantedBy=multi-user.target EOF systemctl enable bandwidth_limit systemctl start bandwidth_limit return 0 } ## CPU Abuse shutdown cpu_abuse_shutdown_() { # Install bc if not already installed if ! [ -x "$(command -v bc)" ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get install bc -y elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install bc -y fi fi if ! [ -x "$(command -v bc)" ]; then fail "bc 安装失败" return 1 fi cat << EOF > /root/.cpu_abuse_shutdown.sh #!/bin/bash # Set the CPU usage limit cpu_limit=$cpu_limit while true do # Get the current CPU usage cpu_usage=\$(top -bn2 | grep "Cpu(s)" | sed "s/.*, *\([0-9.]*\)%* id.*/\1/" | awk '{print 100 - \$1}' | tail -1) # Check if the usage exceeds the limit if (( \$(echo "\$cpu_usage >= \$cpu_limit" | bc -l) )); then ((excess_usage_counter++)) else ((excess_usage_counter--)) fi if [[ \$excess_usage_counter -ge 180 ]]; then shutdown -h now fi sleep 10 done EOF chmod +x .cpu_abuse_shutdown.sh #Systemd Service cat << EOF > /etc/systemd/system/cpu_abuse_shutdown.service [Unit] Description=CPU Abuse Shutdown After=network.target [Service] Type=simple ExecStart=/root/.cpu_abuse_shutdown.sh Restart=always RestartSec=3 StandardOutput=syslog StandardError=syslog SyslogIdentifier=cpu_abuse_shutdown [Install] WantedBy=multi-user.target EOF systemctl enable cpu_abuse_shutdown systemctl start cpu_abuse_shutdown return 0 } ## DDoS Auto Shutdown ddos_shutdown_() { # Install vnstat if not already installed if ! [ -x "$(command -v vnstat)" ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get install vnstat -y elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install vnstat -y fi fi if ! [ -x "$(command -v vnstat)" ]; then fail "vnstat 安装失败" return 1 fi # Install jq if not already installed if ! [ -x "$(command -v jq)" ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get install jq -y elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install jq -y fi fi if ! [ -x "$(command -v jq)" ]; then fail "jq 安装失败" return 1 fi cat << EOF > /root/.ddos_shutdown.sh #!/bin/bash byte_limit=\$(($speed_limit * 1000 * 1000 / 8)) packet_limit=\$(($packet_limit)) while true do # Get current bandwidth usage byte_rate=\$(vnstat -tr 30 --json | jq '.rx.bytespersecond + .tx.bytespersecond') # Get current packet rate packet_rate=\$(vnstat -tr 30 --json | jq '.rx.packetspersecond + .tx.packetspersecond') # Check if the usage exceeds the limit if [[ \$byte_rate -gt \$byte_limit ]] || [[ \$packet_rate -gt \$packet_limit ]] ; then ((excess_usage_counter++)) else excess_usage_counter=0 fi # If the usage exceeds the limit for 10 minutes, shut down the server if [[ \$excess_usage_counter -ge 10 ]]; then shutdown -h now fi done EOF chmod +x .ddos_shutdown.sh #Systemd Service cat << EOF > /etc/systemd/system/ddos_shutdown.service [Unit] Description=DDoS Shutdown After=network.target [Service] Type=simple ExecStart=/root/.ddos_shutdown.sh Restart=always RestartSec=3 StandardOutput=syslog StandardError=syslog SyslogIdentifier=ddos_shutdown [Install] WantedBy=multi-user.target EOF systemctl enable ddos_shutdown systemctl start ddos_shutdown return 0 } ## SSH Security Settings ssh_secure_() { # Ask for the new SSH port read -p "新SSH端口: " new_ssh_port # Check if the input is a valid number while ! [[ $new_ssh_port =~ ^[0-9]+$ ]]; do echo "请输入一个有效的端口号" read -p "新SSH端口: " new_ssh_port done # Add the new SSH port without removing the existing one echo "Port $new_ssh_port" >> /etc/ssh/sshd_config # Restart SSH service to apply changes systemctl restart sshd # Make sure the new SSH port is open read -p "你能使用新SSH端口登录吗? (y/n): " can_login while ! [[ $can_login =~ ^[YyNn]$ ]]; do echo "请输入y或n" read -p "你能使用新SSH端口登录吗? (y/n): " can_login done if [[ $can_login =~ ^[Yy]$ ]]; then # Removing the original SSH port sed -i "0,/Port /s//Old&/" /etc/ssh/sshd_config sed -i '/OldPort/d' /etc/ssh/sshd_config # Restart SSH service to apply final changes systemctl restart sshd info_2 "旧SSH端口已关闭" else # Revert the changes sed -i ':a;N;$!ba;s/\(.*\)Port /\1OldPort /' /etc/ssh/sshd_config sed -i '/OldPort/d' /etc/ssh/sshd_config systemctl restart sshd fail "新SSH端口 $new_ssh_port 未打开" fail "旧SSH端口未关闭" return 1 fi #Disble Root Password Login keys="/root/.ssh/authorized_keys" if ! [ -s "$keys" ]; then fail "SSH 钥匙不存在" return 1 else sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config sed -i 's/^PubkeyAuthentication no/PubkeyAuthentication yes/' /etc/ssh/sshd_config unset can_login read -p "你能使用SSH密钥登录吗? (y/n): " can_login while ! [[ $can_login =~ ^[YyNn]$ ]]; do echo "请输入y或n" read -p "你能使用SSH密钥登录吗? (y/n): " can_login done if [[ $can_login =~ ^[Yy]$ ]]; then # Disable password login sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config sed -i 's/^PermitRootLogin yes/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config sed -i 's/^PermitRootLogin without-password/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config systemctl restart sshd info_2 "Root密码登录已禁用" else fail "SSH密钥登录未启用" return 1 fi fi return 0 } ## Fail2ban fail2ban_() { if [ -z $(which fail2ban-client) ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get install fail2ban -y elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install fail2ban -y fi fi if [ -z $(which fail2ban-client) ]; then fail "Fail2ban installation failed" return 1 fi if [ -z $(which iptables) ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get install iptables -y elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install iptables -y fi fi if [ -z $(which iptables) ]; then fail "iptables installation failed" return 1 fi # Check current ssh port ssh_port=$(ss -tlnp | grep sshd | awk '{print $4}' | cut -d':' -f2 | head -1) touch /etc/fail2ban/jail.local cat << EOF > /etc/fail2ban/jail.local [sshd] enabled = true filter = sshd mode = aggressive port = $ssh_port logpath = %(sshd_log)s backend=systemd banaction = iptables-multiport bantime = -1 maxretry = 3 findtime = 24h EOF systemctl restart fail2ban # Check if fail2ban is running if [ -z $(ps -ef | grep fail2ban | grep -v grep) ]; then fail "Fail2ban failed to start" return 1 fi return 0 } ## System tuning #Install Tuned tuned_() { if [ -z $(which tuned) ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get install tuned -y if [ $? -ne 0 ]; then fail "Tuned Installation Failed" return 1 fi elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install tuned -y if [ $? -ne 0 ]; then fail "Tuned Installation Failed" return 1 fi fi fi return 0 } #File Open Limit set_file_open_limit_() { cat << EOF >> /etc/security/limits.conf ## Hard limit for max opened files * soft nofile 655360 ## Soft limit for max opened files * hard nofile 655360 EOF return 0 } #Ring Buffer set_ring_buffer_() { if [ -z $(which ethtool) ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get -y install ethtool if [ $? -ne 0 ]; then fail "Ethtool Installation Failed" return 1 fi elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install ethtool -y if [ $? -ne 0 ]; then fail "Ethtool Installation Failed" return 1 fi fi fi ethtool -G $nic rx 1024 if [ $? -ne 0 ]; then fail "Ring Buffer Setting Failed" return 1 fi sleep 1 ethtool -G $nic tx 2048 if [ $? -ne 0 ]; then fail "Ring Buffer Setting Failed" return 1 fi sleep 1 return 0 } #Disable TSO disable_tso_() { if [ -z $(which ethtool) ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get -y install ethtool if [ $? -ne 0 ]; then fail "Ethtool Installation Failed" return 1 fi elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install ethtool -y if [ $? -ne 0 ]; then fail "Ethtool Installation Failed" return 1 fi fi fi ethtool -K $nic tso off gso off gro off sleep 1 return 0 } #TCP Queue Length set_txqueuelen_() { if [ -z $(which net-tools) ]; then if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then apt-get install net-tools -y if [ $? -ne 0 ]; then fail "Net-tools Installation Failed" return 1 fi elif [[ $os =~ "CentOS" ]] || [[ $os =~ "Redhat" ]]; then yum install net-tools -y if [ $? -ne 0 ]; then fail "Net-tools Installation Failed" return 1 fi fi fi ifconfig $nic txqueuelen 10000 sleep 1 return 0 } #Initial Congestion Window set_initial_congestion_window_() { iproute=$(ip -o -4 route show to default) ip route change $iproute initcwnd 100 initrwnd 100 return 0 } #Kernel Settings kernel_settings_() { # Set variables based on memory size if [ $mem_size -le 128 ]; then # 128MB or less rmem_default=262144 rmem_max=16777216 tcp_rmem="8192 $rmem_default $rmem_max" wmem_default=262144 wmem_max=16777216 tcp_wmem="8192 $wmem_default $wmem_max" background_ratio=5 dirty_ratio=20 writeback_centisecs=100 expire_centisecs=100 swappiness=80 elif [ $mem_size -le 512 ]; then # 512MB or less rmem_default=262144 rmem_max=16777216 tcp_rmem="8192 $rmem_default $rmem_max" wmem_default=262144 wmem_max=16777216 tcp_wmem="8192 $wmem_default $wmem_max" background_ratio=5 dirty_ratio=20 writeback_centisecs=100 expire_centisecs=500 swappiness=60 elif [ $mem_size -le 1024 ]; then # 1GB or less rmem_default=262144 rmem_max=33554432 tcp_rmem="8192 $rmem_default $rmem_max" wmem_default=262144 wmem_max=33554432 tcp_wmem="8192 $wmem_default $wmem_max" background_ratio=5 dirty_ratio=30 writeback_centisecs=100 expire_centisecs=1000 swappiness=20 else # 1GB or more rmem_default=262144 rmem_max=33554432 tcp_rmem="8192 $rmem_default $rmem_max" wmem_default=262144 wmem_max=33554432 tcp_wmem="8192 $wmem_default $wmem_max" background_ratio=5 dirty_ratio=30 writeback_centisecs=100 expire_centisecs=1000 swappiness=10 fi cat << EOF > /etc/sysctl.conf net.core.rmem_default=$rmem_default net.core.rmem_max=$rmem_max net.ipv4.tcp_rmem=$tcp_rmem net.core.wmem_default=$wmem_default net.core.wmem_max=$wmem_max net.ipv4.tcp_wmem=$tcp_wmem net.ipv4.udp_rmem_min=8192 net.ipv4.udp_mem=$tcp_wmem net.ipv4.tcp_mtu_probing = 1 net.ipv4.tcp_slow_start_after_idle = 0 net.ipv4.tcp_early_retrans = 3 net.ipv4.tcp_ecn = 0 net.ipv4.tcp_fastopen = 3 net.ipv4.tcp_fastopen_blackhole_timeout_sec = 0 net.ipv4.tcp_notsent_lowat = 131072 vm.dirty_background_ratio = $background_ratio vm.dirty_ratio = $dirty_ratio vm.dirty_writeback_centisecs = $writeback_centisecs vm.dirty_expire_centisecs = $expire_centisecs vm.swappiness = $swappiness net.core.default_qdisc = fq net.ipv4.tcp_congestion_control = bbr EOF sysctl -p return 0 } tune_() { tuned_ # set_file_open_limit_ kernel_settings_ if [ -z "$virt_tech" ]; then #If not a virtual machine set_ring_buffer_ else disable_tso_ fi if [ -z "$virt_tech" ] || [ "$virt_tech" != "lxc" ]; then #If not a LXC container set_txqueuelen_ set_initial_congestion_window_ fi boot_script_ return 0 } ## Configue Boot Script boot_script_() { touch /root/.boot-script.sh && chmod +x /root/.boot-script.sh cat << EOF > /root/.boot-script.sh #!/bin/bash sleep 120s source <(wget -qO- https://raw.githubusercontent.com/jerry048/Tune/main/tune.sh) # Check if Seedbox Components is successfully loaded if [ \$? -ne 0 ]; then exit 1 fi sysinfo_ if [ -z "\$virt_tech" ]; then #If not a virtual machine set_ring_buffer_ else disable_tso_ fi if [ "\$virt_tech" != "lxc" ]; then #If not a LXC container set_txqueuelen_ set_initial_congestion_window_ fi EOF # Configure the script to run during system startup cat << EOF > /etc/systemd/system/boot-script.service [Unit] Description=boot-script After=network.target [Service] Type=simple ExecStart=/root/.boot-script.sh RemainAfterExit=true [Install] WantedBy=multi-user.target EOF systemctl enable boot-script.service return 0 } ## BBR install_bbrx_() { if [[ "$os" =~ "Debian" ]]; then if [ $(uname -m) == "x86_64" ]; then apt-get -y install linux-image-amd64 linux-headers-amd64 if [ $? -ne 0 ]; then fail "BBR installation failed" return 1 fi elif [ $(uname -m) == "aarch64" ]; then apt-get -y install linux-image-arm64 linux-headers-arm64 if [ $? -ne 0 ]; then fail "BBR installation failed" return 1 fi fi elif [[ "$os" =~ "Ubuntu" ]]; then apt-get -y install linux-image-generic linux-headers-generic if [ $? -ne 0 ]; then fail "BBR installation failed" return 1 fi else fail "Unsupported OS" return 1 fi wget https://raw.githubusercontent.com/jerry048/Seedbox-Components/main/BBR/BBRx/BBRx.sh -O /root/BBRx.sh && chmod +x /root/BBRx.sh # Check if download fail if [ ! -f BBRx.sh ]; then fail "BBR download failed" return 1 fi ## Install tweaked BBR automatically on reboot cat << EOF > /etc/systemd/system/bbrinstall.service [Unit] Description=BBRinstall After=network.target [Service] Type=oneshot ExecStart=/root/BBRx.sh RemainAfterExit=true [Install] WantedBy=multi-user.target EOF systemctl enable bbrinstall.service return 0 } install_bbrv3_() { if [ $(uname -m) == "x86_64" ]; then wget https://raw.githubusercontent.com/jerry048/Seedbox-Components/main/BBR/BBRv3/x86_64/linux-headers-6.4.0+-amd64.deb -O /root/linux-headers-6.4.0+-amd64.deb if [ ! -f /root/linux-headers-6.4.0+-amd64.deb ]; then fail "BBRv3 download failed" return 1 fi wget https://raw.githubusercontent.com/jerry048/Seedbox-Components/main/BBR/BBRv3/x86_64/linux-image-6.4.0+-amd64.deb -O /root/linux-image-6.4.0+-amd64.deb if [ ! -f /root/linux-image-6.4.0+-amd64.deb ]; then fail "BBRv3 download failed" rm /root/linux-headers-6.4.0+-amd64.deb return 1 fi wget https://raw.githubusercontent.com/jerry048/Seedbox-Components/main/BBR/BBRv3/x86_64/linux-libc-dev_-6.4.0-amd64.deb -O /root/linux-libc-dev_-6.4.0-amd64.deb if [ ! -f /root/linux-libc-dev_-6.4.0-amd64.deb ]; then fail "BBRv3 download failed" rm /root/linux-headers-6.4.0+-amd64.deb /root/linux-image-6.4.0+-amd64.deb return 1 fi apt install /root/linux-headers-6.4.0+-amd64.deb /root/linux-image-6.4.0+-amd64.deb /root/linux-libc-dev_-6.4.0-amd64.deb # Clean up rm /root/linux-headers-6.4.0+-amd64.deb /root/linux-image-6.4.0+-amd64.deb /root/linux-libc-dev_-6.4.0-amd64.deb elif [ $(uname -m) == "aarch64" ]; then wget https://raw.githubusercontent.com/jerry048/Seedbox-Components/main/BBR/BBRv3/ARM64/linux-headers-6.4.0+-arm64.deb -O /root/linux-headers-6.4.0+-arm64.deb if [ ! -f /root/linux-headers-6.4.0+-arm64.deb ]; then fail "BBRv3 download failed" return 1 fi wget https://raw.githubusercontent.com/jerry048/Seedbox-Components/main/BBR/BBRv3/ARM64/linux-image-6.4.0+-arm64.deb -O /root/linux-image-6.4.0+-arm64.deb if [ ! -f /root/linux-image-6.4.0+-arm64.deb ]; then fail "BBRv3 download failed" rm /root/linux-headers-6.4.0+-arm64.deb return 1 fi wget https://raw.githubusercontent.com/jerry048/Seedbox-Components/main/BBR/BBRv3/ARM64/linux-libc-dev_-6.4.0-arm64.deb -O /root/linux-libc-dev_-6.4.0-arm64.deb if [ ! -f /root/linux-libc-dev_-6.4.0-arm64.deb ]; then fail "BBRv3 download failed" rm /root/linux-headers-6.4.0+-arm64.deb linux-image-6.4.0+-arm64.deb return 1 fi apt install /root/linux-headers-6.4.0+-arm64.deb /root/linux-image-6.4.0+-arm64.deb /root/linux-libc-dev_-6.4.0-arm64.deb # Clean up rm /root/linux-headers-6.4.0+-arm64.deb /root/linux-image-6.4.0+-arm64.deb /root/linux-libc-dev_-6.4.0-arm64.deb else fail "$(uname -m) is not supported" fi return 0 } ## Main sysinfo_ update_ clear while getopts "abcdstx3h" opt; do case ${opt} in a ) seperator info "自动更新" BLA::start_loading_animation "${BLA_classic[@]}" auto_update_ &> /dev/null if [ $? -eq 0 ]; then auto_update_success=1 else auto_update_success=0 fi BLA::stop_loading_animation if [ $auto_update_success -eq 1 ]; then info "自动更新设置成功" else fail "自动更新设置失败" fi ;; b ) seperator # Set the bandwidth threshold in GB info "设置每月带宽上限" info_2 "输入每月带宽上传上限 (以GB为单位):" read upload_threshold while true do if ! [[ "$upload_threshold" =~ ^[0-9]+$ ]]; then fail "请输入数字" info_2 "输入每月带宽上限 (以GB为单位):" read upload_threshold else break fi done info_2 "输入每月带宽下载上限 (以GB为单位):" read download_threshold while true do if ! [[ "$download_threshold" =~ ^[0-9]+$ ]]; then fail "请输入数字" info_2 "输入每月带宽下载上限 (以GB为单位):" read download_threshold else break fi done # Set the bandwidth reset day info_2 "输入带宽刷新日 (01-31): " read reset_day while true do if ! [[ $reset_day =~ ^[0-9]{1,2}$ ]] || [ $reset_day -lt 1 ] || [ $reset_day -gt 31 ]; then fail "请输入01-31之间的数字" info_2 "输入带宽刷新日 (01-31): " read reset_day else break fi done # Add leading zero if necessary reset_day=$(printf "%02d" $reset_day) BLA::start_loading_animation "${BLA_classic[@]}" bandwidth_limit_ &> /dev/null if [ $? -eq 0 ]; then bandwidth_limit_success=1 else bandwidth_limit_success=0 fi BLA::stop_loading_animation if [ $bandwidth_limit_success -eq 1 ]; then info "每月带宽上限设置成功" else fail "每月带宽上限设置失败" fi ;; c ) seperator info "CPU滥用关机" info_2 "输入CPU滥用阈值 (0-100%):" read cpu_limit while true do if ! [[ "$cpu_limit" =~ ^[0-9]+$ ]]; then fail "请输入数字" info_2 "输入CPU滥用阈值 (0-100%):" read cpu_limit else break fi done BLA::start_loading_animation "${BLA_classic[@]}" cpu_abuse_shutdown_ &> /dev/null if [ $? -eq 0 ]; then cpu_shutdown_success=1 else cpu_shutdown_success=0 fi BLA::stop_loading_animation if [ $cpu_shutdown_success -eq 1 ]; then info "CPU滥用关机设置成功" else fail "CPU滥用关机设置失败" fi ;; d ) seperator info "DDoS 自动关机" info_2 "输入DDoS攻击阈值 (Mbps):" read speed_limit while true do if ! [[ "$speed_limit" =~ ^[0-9]+$ ]]; then fail "请输入数字" info_2 "输入DDoS攻击阈值 (Mbps):" read speed_limit else break fi done info_2 "输入DDoS攻击阈值 (pps):" read packet_limit while true do if ! [[ "$packet_limit" =~ ^[0-9]+$ ]]; then fail "请输入数字" info_2 "输入DDoS攻击阈值 (pps):" read packet_limit else break fi done BLA::start_loading_animation "${BLA_classic[@]}" ddos_shutdown_ &> /dev/null if [ $? -eq 0 ]; then ddos_shutdown_success=1 else ddos_shutdown_success=0 fi BLA::stop_loading_animation if [ $ddos_shutdown_success -eq 1 ]; then info "DDoS 自动关机设置成功" else fail "DDoS 自动关机设置失败" fi ;; s ) seperator info "SSH登录安全設定" ssh_secure_ if [ $? -eq 0 ]; then ssh_secure_success=1 else ssh_secure_success=0 fi if [ $ssh_secure_success -eq 1 ]; then info "SSH登录安全設定成功" else fail "SSH登录安全設定失败" fi BLA::start_loading_animation "${BLA_classic[@]}" fail2ban_ &> /dev/null if [ $? -eq 0 ]; then fail2ban_success=1 else fail2ban_success=0 fi BLA::stop_loading_animation if [ $fail2ban_success -eq 1 ]; then info "Fail2ban安装成功" else fail "Fail2ban安装失败" fi ;; t ) seperator info "调整系统参数" BLA::start_loading_animation "${BLA_classic[@]}" tune_ &> /dev/null if [ $? -eq 0 ]; then tune_success=1 else tune_success=0 fi BLA::stop_loading_animation if [ $tune_success -eq 1 ]; then info "系统参数调整成功" else fail "系统参数调整失败" fi ;; x ) seperator info "安装BBRx" if [[ "$virt_tech" =~ "LXC" ]] || [[ "$virt_tech" =~ "lxc" ]]; then fail "不支持LXC" exit 1 fi #Only support Debian and Ubuntu if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then BLA::start_loading_animation "${BLA_classic[@]}" install_bbrx_ &> /dev/null if [ $? -eq 0 ]; then bbrx_success=1 else bbrx_success=0 fi BLA::stop_loading_animation if [ $bbrx_success -eq 1 ]; then info "重启系统以启用BBRx" else fail "BBRx安装失败" fi else fail "不支持此系统" fi ;; 3 ) seperator info "安装BBRv3" if [[ "$virt_tech" =~ "LXC" ]] || [[ "$virt_tech" =~ "lxc" ]]; then fail "不支持LXC" exit 1 fi #Only support Debian and Ubuntu if [[ $os =~ "Ubuntu" ]] || [[ $os =~ "Debian" ]]; then BLA::start_loading_animation "${BLA_classic[@]}" install_bbrv3_ &> /dev/null if [ $? -eq 0 ]; then bbrv3_success=1 else bbrv3_success=0 fi BLA::stop_loading_animation if [ $bbrv3_success -eq 1 ]; then info "重启系统以启用BBRv3" else fail "BBRv3安装失败" fi else fail "不支持此系统" fi ;; h ) info "用法: ./tune.sh [选项]" info "选项:" info " -b 设置每月带库上限" info " -d DDoS 自动关机" info " -s SSH登录安全設定" info " -t 调整系统参数" info " -x 安装BBRx" info " -3 安装BBRv3" info " -h 显示此帮助信息" exit 0 ;; \? ) info "Invalid Option: -$OPTARG" 1>&2 exit 1 ;; esac done