夜雨聆风引言
OpenClaw 拥有强大的工具和 API 访问能力,但这也意味着安全风险——如果被恶意利用,后果不堪设想。
今天我们来系统学习 OpenClaw 的安全加固方案:权限控制、审计日志、敏感操作保护。
正文
权限模型概述
OpenClaw 采用 RBAC(基于角色的访问控制) 模型:
用户 (User)
↓ 关联角色
角色 (Role)
↓ 关联权限
权限 (Permission)
↓ 允许操作
工具 (Tool) + 资源 (Resource)
# openclaw.yml
security:
rbac:
enabled: true
roles:
- name: admin
permissions:
- "*" # 全部权限
- name: developer
permissions:
- "exec:run"
- "file:read"
- "file:write"
- "browser:*"
- "web_*"
- name: viewer
permissions:
- "file:read"
- "web_fetch"
- name: restricted
permissions:
- "web_fetch"
assignments:
- user: "zhangsan@company.com"
roles: ["developer"]
- user: "lisi@company.com"
roles: ["viewer"]
- user: "intern@company.com"
roles: ["restricted"]
工具级别的权限控制
tools:
exec:
permission: "exec:run"
allowed_commands: # 白名单模式
- "git *"
- "npm *"
- "ls *"
- "cat *"
denied_commands: # 黑名单模式
- "rm -rf /*"
- "ssh *"
- "curl *"
file:
permission: "file:write"
allowed_paths: # 限制可写目录
- "/workspace/projects/*"
- "/tmp/openclaw/*"
denied_paths: # 禁止访问目录
- "/etc/*"
- "/root/*"
- "~/.ssh/*"
- "~/.aws/*"
feishu_doc:
permission: "feishu_doc:write"
allowed_docs: # 限制可操作的文档
- "docx-*workspace*" # 只允许工作区文档
denied_docs:
- "docx-*confidential*" # 禁止机密文档
敏感操作二次确认
security:
confirmation:
enabled: true
# 高危命令黑名单
dangerous_patterns:
- pattern: "rm -rf"
message: "即将删除文件,确认执行?"
require_typing: "DELETE" # 需要输入特定文字确认
- pattern: "drop table"
message: "即将删除数据库表,确认执行?"
require_approval: true
- pattern: "exec.*sudo"
message: "即将执行特权命令,确认?"
require_approval: true
notify_channels: ["security-alerts"]
# 文件操作大小限制
file_operations:
max_file_size: "10MB" # 单文件大小限制
max_total_size: "100MB" # 批量操作总大小限制
scan_on_write: true # 写入前扫描恶意代码
审计日志
security:
audit:
enabled: true
log_level: "detailed" # minimal | standard | detailed
# 日志存储
storage:
type: "elasticsearch" # 或 loki, splunk, file
host: "elk.company.com"
index: "openclaw-audit"
retention: 90d # 保留90天
# 记录的事件类型
events:
- tool_execution # 工具执行
- file_access # 文件访问
- message_sent # 消息发送
- login_logout # 登录登出
- permission_change # 权限变更
- config_change # 配置变更
- subagent_spawn # 子代理创建
# 告警规则
alerts:
- name: "异常批量下载"
condition: "file_read.count > 100 AND duration < 60s"
severity: "high"
action: "notify_security_team"
- name: "未授权访问"
condition: "tool_execution.permission_denied == true"
severity: "critical"
action: "block_and_notify"
// 审计日志格式示例
const auditLog = {
timestamp: "2026-04-08T10:30:45.123Z",
event_type: "tool_execution",
actor: {
user_id: "user_123",
email: "zhangsan@company.com",
roles: ["developer"],
ip: "192.168.1.100"
},
target: {
tool: "exec",
command: "curl https://api.example.com/data",
resource: null
},
result: {
status: "success",
duration_ms: 1250,
output_size: 1024
},
context: {
session_id: "sess_abc123",
channel: "feishu",
agent_id: "agent_main"
},
metadata: {
flags: ["allowed_by_policy"],
warnings: []
}
}
安全最佳实践
1. 最小权限原则
# 给新用户默认最小权限
security:
default_role: "restricted" # 新用户默认只有受限权限
new_user_approval: true # 新用户需要管理员审批
2. API Key 安全
security:
api_keys:
encryption: "AES-256-GCM"
rotation_days: 90
max_per_user: 3
require_description: true
# 只读密钥(限制部分权限)
read_only_keys:
enabled: true
allowed_tools: ["web_fetch", "file:read"]
3. 网络隔离
security:
network:
allowed_outbound: # 允许访问的域名
- "*.company.com"
- "api.openai.com"
- "api.feishu.cn"
blocked_outbound: # 禁止访问的域名
- "*pastebin*"
- "*tunnel*"
- "*.onion"
proxy: # 出站流量代理
enabled: true
endpoint: "http://proxy.company.com:8080"
4. 安全审计查询
// 查询用户的所有操作
const userActivity = await searchAuditLogs({
filter: {
'actor.user_id': 'user_123',
timestamp: { $gte: '2026-04-01', $lte: '2026-04-08' }
},
sort: { timestamp: -1 }
})
// 查询高危操作
const dangerousOps = await searchAuditLogs({
filter: {
event_type: 'tool_execution',
'target.tool': { $in: ['exec', 'file'] },
'result.status': 'success'
},
lookback: '24h'
})
// 异常行为检测
const anomalies = await detectAnomalies({
baseline_user: 'user_123',
current_window: '1h',
thresholds: {
file_operations: { max: 50 },
exec_calls: { max: 20 }
}
})
总结
OpenClaw 安全加固的核心:
RBAC 权限模型:用户 → 角色 → 权限 → 工具
白名单优先:允许名单之外的一切操作
敏感操作二次确认:高危命令需要额外验证
完整审计日志:记录一切,便于追溯
