六、法律与道德合规检查系统

自动化合规检查脚本

#!/usr/bin/env python3

# compliance_checker.py - 物联网安全研究合规检查

import os

import json

import hashlib

import datetime

from pathlib import Path

class IoTSecurityComplianceChecker:

"""物联网安全研究合规检查器"""

def init(self, lab_root="~/iot_lab"):

self.lab_root = os.path.expanduser(lab_root)

self.compliance_log = os.path.join(self.lab_root, "compliance_log.json")

self.results = {

"check_time": datetime.datetime.now().isoformat(),

"checks_passed": 0,

"checks_failed": 0,

"warnings": [],

"details": {}

}

def check_environment_isolation(self):

"""检查环境隔离"""

print("[*] 检查环境隔离...")

checks = {

"network_isolation": self._check_network_isolation(),

"data_separation": self._check_data_separation(),

"access_control": self._check_access_control(),

"log_monitoring": self._check_log_monitoring()

}

self.results["details"]["environment_isolation"] = checks

return all(checks.values())

def _check_network_isolation(self):

"""检查网络隔离"""

try:

# 检查是否使用隔离网络

import netifaces

interfaces = netifaces.interfaces()

# 检查是否有虚拟网络接口

virtual_ifaces = [iface for iface in interfaces

if iface.startswith(('vboxnet', 'vmnet', 'virbr', 'tap'))]

if virtual_ifaces:

print(f" 检测到虚拟网络接口: {virtual_ifaces}")

return True

else:

print(" 未检测到虚拟网络接口，建议使用隔离网络")

return False

except:

print(" 无法检查网络接口")

return False

def _check_data_separation(self):

"""检查数据分离"""

# 检查是否有独立的测试数据目录

test_data_dir = os.path.join(self.lab_root, "test_data")

if os.path.exists(test_data_dir):

print(f" 测试数据目录存在: {test_data_dir}")

return True

else:

print(" 未找到专用测试数据目录")

return False

def _check_access_control(self):

"""检查访问控制"""

# 检查lab目录权限

lab_stat = os.stat(self.lab_root)

if lab_stat.st_uid == os.getuid() and oct(lab_stat.st_mode)[-3:] == "700":

print(" 实验室目录权限正确")

return True

else:

print(" 实验室目录权限可能过宽")

return False

def _check_log_monitoring(self):

"""检查日志监控"""

log_dir = os.path.join(self.lab_root, "logs")

if os.path.exists(log_dir):

print(f" 日志目录存在: {log_dir}")

return True

else:

print(" 未找到日志目录")

return False

def check_firmware_legality(self, firmware_path):

"""检查固件合法性"""

print(f"[*] 检查固件合法性: {firmware_path}")

if not os.path.exists(firmware_path):

print(" 固件文件不存在")

return False

checks = {

"file_exists": True,

"file_size": os.path.getsize(firmware_path),

"file_hash": self._calculate_file_hash(firmware_path),

"source_documented": False,

"authorization_check": False

}

# 询问用户确认

print("\n 法律与道德确认:")

print(" =======================================")

print(" 请确认以下事项:")

print(" 1. 你拥有此固件的合法权限")

print(" 2. 仅用于授权的安全研究")

print(" 3. 不包含他人知识产权")

print(" 4. 研究结果负责任的披露")

print(" =======================================")

response = input(" 确认以上所有事项? (yes/no): ").strip().lower()

if response == "yes":

checks["authorization_check"] = True

print(" 法律确认通过")

else:

print(" 法律确认未通过")

# 记录来源信息

source_info = input(" 固件来源说明（可选）: ").strip()

if source_info:

checks["source_documented"] = True

checks["source_description"] = source_info

self.results["details"]["firmware_check"] = checks

return checks["authorization_check"]

def _calculate_file_hash(self, filepath):

"""计算文件哈希"""

sha256_hash = hashlib.sha256()

try:

with open(filepath, "rb") as f:

for byte_block in iter(lambda: f.read(4096), b""):

sha256_hash.update(byte_block)

return sha256_hash.hexdigest()

except:

return "hash_calculation_failed"

def check_test_scope(self):

"""检查测试范围"""

print("[*] 检查测试范围...")

scope_file = os.path.join(self.lab_root, "test_scope.json")

if os.path.exists(scope_file):

try:

with open(scope_file, 'r') as f:

scope = json.load(f)

required_fields = ["targets", "methods", "duration", "authorization"]

missing_fields = [field for field in required_fields if field not in scope]

if missing_fields:

print(f" 测试范围文件缺少字段: {missing_fields}")

return False

else:

print(" 测试范围文件完整")

self.results["details"]["test_scope"] = scope

return True

except json.JSONDecodeError:

print(" 测试范围文件格式错误")

return False

else:

print(" 未找到测试范围文件，建议创建")

return False

def create_scope_template(self):

"""创建测试范围模板"""

template = {

"project_name": "物联网安全研究项目",

"version": "1.0",

"date": datetime.datetime.now().isoformat(),

"researcher_info": {

"name": "",

"organization": "",

"contact": ""

"legal_authorization": {

"authorized_by": "",

"authorization_date": "",

"authorization_document": "",

"scope_limitations": ""

"targets": {

"device_models": [],

"firmware_versions": [],

"test_copies_count": 1,

"physical_devices": [],

"virtual_instances": []

"testing_methods": {

"static_analysis": True,

"dynamic_analysis": True,

"fuzzing": False,

"reverse_engineering": True,

"network_traffic_analysis": True

"safety_measures": {

"network_isolation": True,

"data_encryption": True,

"access_control": True,

"incident_response_plan": False

"ethical_guidelines": {

"no_production_impact": True,

"data_privacy": True,

"responsible_disclosure": True,

"results_sharing": "内部使用"

"duration": {

"start_date": "",

"end_date": "",

"extensions": []

"deliverables": {

"report": True,

"proof_of_concept": False,

"remediation_guidance": True

}

scope_file = os.path.join(self.lab_root, "test_scope.json")

with open(scope_file, 'w') as f:

json.dump(template, f, indent=2, ensure_ascii=False)

print(f" 测试范围模板创建: {scope_file}")

return True

def generate_compliance_report(self):

"""生成合规报告"""

print("[*] 生成合规报告...")

report = {

"compliance_report": {

"generated_at": datetime.datetime.now().isoformat(),

"lab_root": self.lab_root,

"system_info": {

"hostname": os.uname().nodename,

"user": os.getlogin(),

"python_version": os.sys.version

"summary": {

"total_checks": len(self.results["details"]),

"passed": self.results["checks_passed"],

"failed": self.results["checks_failed"],

"compliance_score": (

self.results["checks_passed"] /

max(len(self.results["details"]), 1) * 100

)

"detailed_results": self.results["details"],

"recommendations": self._generate_recommendations()

}

# 保存报告

report_file = os.path.join(self.lab_root, "compliance_report.json")

with open(report_file, 'w') as f:

json.dump(report, f, indent=2, ensure_ascii=False)

print(f" 合规报告保存: {report_file}")

return report_file

def _generate_recommendations(self):

"""生成改进建议"""

recommendations = []

if not self.results["details"].get("test_scope"):

recommendations.append("创建正式的测试范围文档 (test_scope.json)")

if not self.results["details"].get("environment_isolation", {}).get("network_isolation"):

recommendations.append("配置专用虚拟网络进行隔离")

if self.results["checks_failed"] > 0:

recommendations.append("修复上述失败的检查项目")

return recommendations

def run_full_check(self, firmware_to_check=None):

"""运行完整合规检查"""

print("="*60)

print(" 物联网安全研究合规检查")

print("="*60)

# 检查环境隔离

if self.check_environment_isolation():

self.results["checks_passed"] += 1

else:

self.results["checks_failed"] += 1

# 检查测试范围

if self.check_test_scope():

self.results["checks_passed"] += 1

else:

self.results["checks_failed"] += 1

print("\n[*] 创建测试范围模板...")

self.create_scope_template()

# 检查固件合法性（如果提供）

if firmware_to_check:

if self.check_firmware_legality(firmware_to_check):

self.results["checks_passed"] += 1

else:

self.results["checks_failed"] += 1

self.results["warnings"].append("固件合法性检查未通过")

# 生成报告

report_file = self.generate_compliance_report()

print("\n" + "="*60)

print("检查完成")

print("="*60)

print(f"通过检查: {self.results['checks_passed']}")

print(f"失败检查: {self.results['checks_failed']}")

if self.results["checks_failed"] == 0:

print(" 合规检查全部通过")

else:

print(" 部分检查未通过，请查看报告获取建议")

print(f"\n详细报告: {report_file}")

return self.results

def main():

"""主函数"""

import argparse

parser = argparse.ArgumentParser(

description="物联网安全研究合规检查工具"

)

parser.add_argument(

"--lab-dir",

default="~/iot_lab",

help="实验室根目录路径"

)

parser.add_argument(

"--firmware",

help="要检查的固件文件路径"

)

parser.add_argument(

"--create-template",

action="store_true",

help="仅创建测试范围模板"

)

args = parser.parse_args()

checker = IoTSecurityComplianceChecker(args.lab_dir)

if args.create_template:

checker.create_scope_template()

print("测试范围模板创建完成")

return

checker.run_full_check(args.firmware)

if name == "main":

main()

七、实战演练：智能门锁安全测试环境

完整测试环境搭建示例

#!/bin/bash

# smart_lock_lab_setup.sh - 智能门锁安全测试环境

echo "智能门锁安全测试环境搭建"

echo "=========================================="

# 配置智能家居测试网络

setup_smart_home_network() {

echo "[1] 配置智能家居测试网络..."

# 创建专用VLAN

sudo ip link add link eth0 name eth0.100 type vlan id 100

sudo ip addr add 192.168.200.1/24 dev eth0.100

sudo ip link set eth0.100 up

# 配置DHCP服务器

cat > /tmp/dhcpd.conf << EOF

智能家居测试网络DHCP配置

subnet 192.168.200.0 netmask 255.255.255.0 {

range 192.168.200.100 192.168.200.200;

option routers 192.168.200.1;

option domain-name-servers 8.8.8.8;

default-lease-time 600;

max-lease-time 7200;

}

EOF

# 启动DHCP服务器（如果已安装）

if command -v dhcpd &> /dev/null; then

sudo dhcpd -cf /tmp/dhcpd.conf eth0.100

echo "智能家居测试网络配置完成: 192.168.200.0/24"

}

# 模拟智能门锁设备

setup_virtual_smart_lock() {

echo "[2] 设置虚拟智能门锁..."

# 创建虚拟设备目录

VIRTUAL_LOCK_DIR="$HOME/iot_lab/virtual_devices/smart_lock"

mkdir -p "$VIRTUAL_LOCK_DIR"

# 创建模拟固件

cat > "$VIRTUAL_LOCK_DIR/smart_lock_firmware.bin" << 'EOF'

模拟智能门锁固件（十六进制表示）

这只是一个示例，实际固件会更复杂

:020000040000FA

:100000000C9440000C9468000C9468000C9468005B

:100010000C9468000C9468000C9468000C946800E8

:100020000C9468000C9468000C9468000C946800D8

:100030000C9468000C9468000C9468000C946800C8

:00000001FF

EOF

# 创建模拟服务脚本

cat > "$VIRTUAL_LOCK_DIR/smart_lock_service.py" << 'EOF'

#!/usr/bin/env python3

虚拟智能门锁服务

import socket

import json

import hashlib

from datetime import datetime

class VirtualSmartLock:

def init(self, ip='192.168.200.100', port=8888):

self.ip = ip

self.port = port

self.locked = True

self.pin_code = "1234" # 默认PIN码

self.access_log = []

def start_server(self):

"""启动门锁服务器"""

server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

server.bind((self.ip, self.port))

server.listen(5)

print(f"虚拟智能门锁启动在 {self.ip}:{self.port}")

while True:

client, addr = server.accept()

self.handle_client(client, addr)

def handle_client(self, client, addr):

"""处理客户端连接"""

try:

data = client.recv(1024).decode('utf-8').strip()

if data:

response = self.process_command(data)

client.send(response.encode('utf-8'))

self.log_access(addr[0], data, response)

except Exception as e:

print(f"处理客户端错误: {e}")

finally:

client.close()

def process_command(self, command):

"""处理门锁命令"""

try:

cmd_data = json.loads(command)

cmd = cmd_data.get('command', '')

if cmd == 'status':

return json.dumps({

'status': 'locked' if self.locked else 'unlocked',

'timestamp': datetime.now().isoformat()

})

elif cmd == 'unlock':

pin = cmd_data.get('pin', '')

if pin == self.pin_code:

self.locked = False

return json.dumps({

'result': 'success',

'message': '门锁已打开'

})

else:

return json.dumps({

'result': 'failed',

'message': 'PIN码错误'

})

elif cmd == 'lock':

self.locked = True

return json.dumps({

'result': 'success',

'message': '门锁已锁定'

})

else:

return json.dumps({

'result': 'error',

'message': '未知命令'

})

except json.JSONDecodeError:

return json.dumps({

'result': 'error',

'message': '无效的JSON格式'

})

def log_access(self, client_ip, request, response):

"""记录访问日志"""

log_entry = {

'timestamp': datetime.now().isoformat(),

'client_ip': client_ip,

'request': request,

'response': response

}

self.access_log.append(log_entry)

保存到文件

with open('access_log.json', 'w') as f:

json.dump(self.access_log, f, indent=2)

print(f"访问日志: {log_entry}")

if name == "main":

lock = VirtualSmartLock()

lock.start_server()

EOF

chmod +x "$VIRTUAL_LOCK_DIR/smart_lock_service.py"

# 创建客户端测试脚本

cat > "$VIRTUAL_LOCK_DIR/test_client.py" << 'EOF'

#!/usr/bin/env python3

智能门锁测试客户端

import socket

import json

def test_smart_lock(ip='192.168.200.100', port=8888):

"""测试智能门锁"""

test_cases = [

测试用例1: 检查状态

{

'name': '状态查询',

'command': {'command': 'status'}

测试用例2: 错误PIN码

{

'name': '错误PIN码测试',

'command': {'command': 'unlock', 'pin': '0000'}

测试用例3: 正确PIN码

{

'name': '正确PIN码解锁',

'command': {'command': 'unlock', 'pin': '1234'}

测试用例4: 锁定门锁

{

'name': '锁定门锁',

'command': {'command': 'lock'}

}

]

for test in test_cases:

print(f"\n测试: {test['name']}")

try:

创建连接

client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

client.settimeout(5)

client.connect((ip, port))

发送命令

request = json.dumps(test['command'])

client.send(request.encode('utf-8'))

接收响应

response = client.recv(1024).decode('utf-8')

print(f"请求: {request}")

print(f"响应: {response}")

client.close()

except Exception as e:

print(f"错误: {e}")

if name == "main":

test_smart_lock()

EOF

chmod +x "$VIRTUAL_LOCK_DIR/test_client.py"

# 创建安全测试脚本

cat > "$VIRTUAL_LOCK_DIR/security_tests.sh" << 'EOF'

#!/bin/bash

# 智能门锁安全测试脚本

echo "智能门锁安全测试"

echo "========================"

LOCK_IP="192.168.200.100"

LOCK_PORT=8888

1. 端口扫描测试

echo "[1] 端口扫描..."

nmap -sV -p 1-65535 $LOCK_IP

2. 服务枚举测试

echo "[2] 服务枚举..."

nc -z -v $LOCK_IP 1-1000 2>&1 | grep succeeded

3. 暴力破解测试

echo "[3] PIN码暴力破解测试..."

for pin in {0000..9999}; do

echo "尝试PIN: $pin"

response= $(echo '{"command":"unlock","pin":"'$ pin'"}' | nc -w 1 $LOCK_IP$ LOCK_PORT)

if echo "$response" | grep -q "success"; then

echo " 发现有效PIN码: $pin"

break

done

4. 协议模糊测试

echo "[4] 协议模糊测试..."

python3 -c "

import socket

import random

import string

def fuzz_test(ip, port):

for i in range(100):

生成随机数据

length = random.randint(1, 1000)

data = ''.join(random.choices(string.printable, k=length))

try:

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.settimeout(1)

s.connect((ip, port))

s.send(data.encode())

response = s.recv(1024)

s.close()

print(f'测试 {i}: 发送 {length} 字节，响应长度 {len(response)}')

except Exception as e:

print(f'测试 {i} 失败: {e}')

fuzz_test(' $LOCK_IP',$ LOCK_PORT)

echo "安全测试完成"

EOF

chmod +x "$VIRTUAL_LOCK_DIR/security_tests.sh"

echo " 虚拟智能门锁环境创建完成: $VIRTUAL_LOCK_DIR"

}

# 创建蓝牙智能锁测试环境

setup_bluetooth_lock_test() {

echo "[3] 配置蓝牙智能锁测试环境..."

# 安装蓝牙工具

sudo apt install -y \

bluez bluez-tools \

bluetooth libbluetooth-dev \

python3-bluez python3-pybluez

# 创建蓝牙测试脚本

BLUETOOTH_DIR="$HOME/iot_lab/bluetooth_test"

mkdir -p "$BLUETOOTH_DIR"

cat > "$BLUETOOTH_DIR/ble_scan.py" << 'EOF'

#!/usr/bin/env python3

BLE设备扫描

import asyncio

from bleak import BleakScanner

async def scan_ble_devices(timeout=10):

"""扫描BLE设备"""

print(f"扫描BLE设备，超时: {timeout}秒...")

devices = await BleakScanner.discover(timeout=timeout)

for device in devices:

print(f"设备: {device.name}")

print(f" 地址: {device.address}")

print(f" RSSI: {device.rssi} dBm")

if device.metadata:

print(f" 元数据: {device.metadata}")

print()

async def main():

await scan_ble_devices(10)

if name == "main":

asyncio.run(main())

EOF

cat > "$BLUETOOTH_DIR/ble_lock_emulator.py" << 'EOF'

#!/usr/bin/env python3

虚拟BLE智能锁模拟器

import asyncio

from bleak import BleakGATTCharacteristic, BleakServer

import struct

class VirtualBLELock:

def init(self, name="SmartLock-001"):

self.name = name

self.locked = True

self.pin_code = b"1234"

async def run(self):

"""启动BLE服务器"""

def lock_state_char_callback(characteristic: BleakGATTCharacteristic, data: bytes):

"""处理锁状态读取"""

print(f"读取锁状态: {data}")

return struct.pack('B', 1 if self.locked else 0)

def lock_control_char_callback(characteristic: BleakGATTCharacteristic, data: bytes):

"""处理锁控制命令"""

print(f"收到控制命令: {data}")

if len(data) >= 5 and data[:4] == self.pin_code:

command = data[4]

if command == 0x01: # 解锁

self.locked = False

print("门锁已解锁")

elif command == 0x02: # 锁定

self.locked = True

print("门锁已锁定")

return struct.pack('B', 0x00) # 成功响应

创建BLE服务器

server = BleakServer()

添加服务

lock_service = await server.add_service("6E400001-B5A3-F393-E0A9-E50E24DCCA9E")

添加特征

await lock_service.add_characteristic(

"6E400002-B5A3-F393-E0A9-E50E24DCCA9E",

properties=["read", "notify"],

value_callback=lock_state_char_callback

)

await lock_service.add_characteristic(

"6E400003-B5A3-F393-E0A9-E50E24DCCA9E",

properties=["write"],

value_callback=lock_control_char_callback

)

启动广告

await server.start()

await server.advertise(

name=self.name,

service_uuids=["6E400001-B5A3-F393-E0A9-E50E24DCCA9E"]

)

print(f"虚拟BLE智能锁 '{self.name}' 已启动")

print("按Ctrl+C停止")

try:

await asyncio.Future() # 永久运行

except asyncio.CancelledError:

pass

finally:

await server.stop()

async def main():

lock = VirtualBLELock()

await lock.run()

if name == "main":

asyncio.run(main())

EOF

chmod +x "$BLUETOOTH_DIR"/*.py

echo " 蓝牙智能锁测试环境创建完成: $BLUETOOTH_DIR"

}

# 创建无线信号分析环境

setup_rf_analysis() {

echo "[4] 配置无线信号分析环境..."

RF_ANALYSIS_DIR="$HOME/iot_lab/rf_analysis"

mkdir -p "$RF_ANALYSIS_DIR"

# 安装RF分析工具

sudo apt install -y \

rtl_433 rfcat \

multimon-ng \

inspectrum urh

# 创建433MHz门锁信号分析脚本

cat > "$RF_ANALYSIS_DIR/analyze_433mhz.sh" << 'EOF'

#!/bin/bash

433MHz门锁信号分析

FREQUENCY=433920000 # 433.92 MHz

DURATION=30 # 30秒

OUTPUT_FILE="doorlock_capture_$(date +%Y%m%d_%H%M%S).raw"

echo "捕获433MHz门锁信号..."

echo "频率: $((FREQUENCY/1000000)) MHz"

echo "时长: ${DURATION}秒"

1. 捕获原始信号

echo "[1] 捕获原始信号..."

rtl_sdr -f $FREQUENCY -s 1024000 -n$ ((1024000 * DURATION)) "$OUTPUT_FILE"

2. 使用rtl_433解码

echo "[2] 使用rtl_433解码..."

rtl_433 -f $FREQUENCY -s 1024000 -r "$ OUTPUT_FILE" > "decoded_$(date +%Y%m%d_%H%M%S).txt"

3. 信号可视化

echo "[3] 生成信号可视化..."

python3 -c "

import numpy as np

import matplotlib.pyplot as plt

读取原始数据（I/Q采样）

samples = np.fromfile('$OUTPUT_FILE', dtype=np.complex64)

绘制时域图

plt.figure(figsize=(15, 10))

plt.subplot(3, 1, 1)

plt.plot(np.real(samples[:1000]))

plt.title('I信号分量（前1000个采样点）')

plt.xlabel('采样点')

plt.ylabel('幅度')

plt.subplot(3, 1, 2)

plt.plot(np.imag(samples[:1000]))

plt.title('Q信号分量（前1000个采样点）')

plt.xlabel('采样点')

plt.ylabel('幅度')

plt.subplot(3, 1, 3)

plt.plot(np.abs(samples[:1000]))

plt.title('信号包络（前1000个采样点）')

plt.xlabel('采样点')

plt.ylabel('幅度')

plt.tight_layout()

plt.savefig('signal_analysis.png')

print('信号分析图已保存: signal_analysis.png')

4. 使用inspectrum进行更详细分析

echo "[4] 可以使用inspectrum进行交互式分析:"

echo " inspectrum $OUTPUT_FILE"

echo ""

echo "分析完成"

EOF

chmod +x "$RF_ANALYSIS_DIR/analyze_433mhz.sh"

# 创建重放攻击测试脚本

cat > "$RF_ANALYSIS_DIR/replay_attack_test.py" << 'EOF'

#!/usr/bin/env python3

RF重放攻击测试

import subprocess

import time

import argparse

def record_signal(frequency, duration, output_file):

"""记录RF信号"""

print(f"记录信号: {frequency/1e6} MHz, {duration}秒")

cmd = [

'rtl_sdr',

'-f', str(frequency),

'-s', '1024000',

'-n', str(int(1024000 * duration)),

output_file

]

subprocess.run(cmd, check=True)

print(f"信号记录完成: {output_file}")

def replay_signal(frequency, input_file, repeat=1, interval=1):

"""重放RF信号"""

print(f"重放信号: {frequency/1e6} MHz")

for i in range(repeat):

print(f"重放第 {i+1}/{repeat} 次")

使用rtl_sdr反向发射（需要特殊的发射硬件）

这里只是示例，实际需要支持发射的SDR硬件

cmd = [

'echo',

'注意: 需要支持发射的SDR硬件如HackRF或LimeSDR'

]

subprocess.run(cmd)

if i < repeat - 1:

time.sleep(interval)

def analyze_signal_for_replay(input_file):

"""分析信号是否适合重放攻击"""

print(f"分析信号文件: {input_file}")

检查文件大小

import os

file_size = os.path.getsize(input_file)

print(f"文件大小: {file_size / 1024:.2f} KB")

简单的信号特征分析

cmd = ['file', input_file]

result = subprocess.run(cmd, capture_output=True, text=True)

print(f"文件类型: {result.stdout.strip()}")

检查是否有重复模式（重放攻击的特征）

print("建议手动检查信号是否有重复模式...")

print("使用工具: inspectrum, Audacity, 或UHR")

def main():

parser = argparse.ArgumentParser(description='RF重放攻击测试')

parser.add_argument('--record', action='store_true', help='记录信号')

parser.add_argument('--replay', action='store_true', help='重放信号')

parser.add_argument('--analyze', action='store_true', help='分析信号')

parser.add_argument('--freq', type=float, default=433.92, help='频率(MHz)')

parser.add_argument('--duration', type=int, default=10, help='记录时长(秒)')

parser.add_argument('--file', type=str, default='signal.raw', help='信号文件')

args = parser.parse_args()

frequency = args.freq * 1e6 # 转换为Hz

if args.record:

record_signal(frequency, args.duration, args.file)

elif args.replay:

replay_signal(frequency, args.file)

elif args.analyze:

analyze_signal_for_replay(args.file)

else:

print("请指定操作: --record, --replay, 或 --analyze")

if name == "main":

main()

EOF

chmod +x "$RF_ANALYSIS_DIR/replay_attack_test.py"

echo " 无线信号分析环境创建完成: $RF_ANALYSIS_DIR"

}

# 创建法律合规文档

create_legal_documents() {

echo "[5] 创建法律合规文档..."

LEGAL_DIR="$HOME/iot_lab/legal"

mkdir -p "$LEGAL_DIR"

# 创建研究授权书模板

cat > "$LEGAL_DIR/research_authorization_template.md" << 'EOF'

物联网设备安全研究授权书

授权方信息

设备所有者/制造商: _________________________
联系人: _________________________
联系方式: _________________________

被授权方信息

研究机构/个人: _________________________
研究员姓名: _________________________
联系方式: _________________________

授权设备信息

设备型号: _________________________
设备序列号: _________________________
固件版本: _________________________
硬件版本: _________________________

授权范围

$\] 静态代码分析$
$\] 网络协议分析$
$\] 无线信号分析$
$\] 渗透测试$
开始日期: _________________________
结束日期: _________________________

法律条款

本研究仅用于安全评估和防御技术研究
不得将研究成果用于非法目的
发现的安全漏洞将遵循负责任的披露流程
研究过程中获取的数据将严格保密
测试完成后，所有测试数据将安全删除

签字确认

授权方签字: _________________________ 日期: _________________________

被授权方签字: _________________________ 日期: _________________________

EOF

# 创建道德承诺书

cat > "$LEGAL_DIR/ethical_commitment.md" << 'EOF'

物联网安全研究道德承诺书

本人承诺在进行物联网设备安全研究时遵守以下道德准则：

1. 合法性原则

仅研究自己拥有或获得明确授权的设备
遵守相关法律法规和行业标准
不侵犯他人知识产权和隐私权

2. 最小影响原则

测试活动不影响设备的正常服务
不进行可能造成物理损坏的测试
测试数据与生产数据严格分离

3. 责任披露原则

发现的安全漏洞及时报告给设备厂商
给予厂商合理的修复时间
在厂商修复后才公开披露细节

4. 隐私保护原则

不收集、存储或传播用户隐私数据
测试数据经过脱敏处理
研究成果不包含敏感信息

5. 教育目的原则

研究成果主要用于安全知识传播
促进物联网安全生态建设
帮助厂商改进产品安全性

本人理解并承诺遵守以上道德准则，如有违反愿意承担相应责任。

研究员签名: _________________________

日期: _________________________

EOF

# 创建测试记录模板

cat > "$LEGAL_DIR/test_log_template.csv" << 'EOF'

日期,时间,测试类型,目标设备,测试方法,测试参数,结果,备注,研究员

YYYY-MM-DD,HH:MM:SS,端口扫描,智能门锁001,nmap -sV,1-65535,发现开放端口8888,正常测试记录,张三

YYYY-MM-DD,HH:MM:SS,协议分析,智能门锁001,Wireshark捕获,TCP端口8888,JSON协议通信,发现明文传输,张三

YYYY-MM-DD,HH:MM:SS,漏洞测试,智能门锁001,SQL注入测试,用户名字段,存在注入漏洞,需要修复,张三

EOF

echo " 法律合规文档创建完成: $LEGAL_DIR"

}

main() {

echo "智能门锁安全测试环境搭建"

echo "版本: 1.0 | 仅供授权测试使用"

echo "=========================================="

# 检查权限

if [ "$EUID" -ne 0 ]; then

echo "部分配置需要root权限，请使用sudo运行"

# 执行各步骤

setup_smart_home_network

setup_virtual_smart_lock

setup_bluetooth_lock_test

setup_rf_analysis

create_legal_documents

echo ""

echo "=========================================="

echo " 智能门锁安全测试环境搭建完成！"

echo "=========================================="

echo ""

echo "可用测试环境："

echo " 1. 网络智能门锁: ~/iot_lab/virtual_devices/smart_lock/"

echo " 2. 蓝牙智能门锁: ~/iot_lab/bluetooth_test/"

echo " 3. 无线信号分析: ~/iot_lab/rf_analysis/"

echo " 4. 法律合规文档: ~/iot_lab/legal/"

echo ""

echo "测试步骤建议："

echo " 1. 阅读法律合规文档并签署"

echo " 2. 启动虚拟门锁服务: python3 smart_lock_service.py"

echo " 3. 运行安全测试: ./security_tests.sh"

echo " 4. 记录测试结果"

echo " 5. 遵循责任披露流程"

echo ""

echo " 重要提醒：仅用于授权的安全研究！"

}

main

八、环境维护与最佳实践

日常维护检查清单

#!/usr/bin/env python3

# iot_lab_maintenance.py - 物联网实验室维护工具

import os

import sys

import json

import shutil

import hashlib

from datetime import datetime, timedelta

from pathlib import Path

class IoTLabMaintenance:

"""物联网实验室维护管理"""

def init(self, lab_path="~/iot_lab"):

self.lab_path = Path(lab_path).expanduser()

self.maintenance_log = self.lab_path / "maintenance_log.json"

self.setup_maintenance_structure()

def setup_maintenance_structure(self):

"""设置维护目录结构"""

maintenance_dirs = [

"backups",

"logs/maintenance",

"scripts/cleanup",

"reports"

]

for dir_path in maintenance_dirs:

full_path = self.lab_path / dir_path

full_path.mkdir(parents=True, exist_ok=True)

def daily_maintenance_check(self):

"""日常维护检查"""

print("执行日常维护检查...")

checks = {

"磁盘空间": self.check_disk_space(),

"虚拟机状态": self.check_vm_status(),

"工具更新": self.check_tool_updates(),

"备份完整性": self.check_backup_integrity(),

"安全配置": self.check_security_config()

}

# 记录检查结果

self.record_maintenance_log("daily_check", checks)

return checks

def check_disk_space(self, threshold_gb=10):

"""检查磁盘空间"""

stat = shutil.disk_usage(self.lab_path)

free_gb = stat.free / (1024**3)

status = free_gb > threshold_gb

details = {

"total_gb": round(stat.total / (1024**3), 2),

"used_gb": round(stat.used / (1024**3), 2),

"free_gb": round(free_gb, 2),

"threshold_gb": threshold_gb,

"status": "足够" if status else "不足"

}

print(f"磁盘空间: {details}")

return details

def check_vm_status(self):

"""检查虚拟机状态"""

vms = []

# 检查VirtualBox虚拟机

vbox_vms = self.get_virtualbox_vms()

vms.extend(vbox_vms)

# 检查VMware虚拟机（如果可用）

vmware_vms = self.get_vmware_vms()

vms.extend(vmware_vms)

details = {

"total_vms": len(vms),

"running_vms": len([vm for vm in vms if vm.get("state") == "running"]),

"stopped_vms": len([vm for vm in vms if vm.get("state") == "poweredoff"]),

"vm_list": vms

}

print(f"虚拟机状态: {details['running_vms']}/{details['total_vms']} 运行中")

return details

def get_virtualbox_vms(self):

"""获取VirtualBox虚拟机列表"""

vms = []

try:

import subprocess

result = subprocess.run(

"VBoxManage", "list", "vms"\], capture_output=True, text=True ) for line in result.stdout.split('\\n'): if '"' in line: vm_name = line.split('"')\[1

# 获取虚拟机状态

state_result = subprocess.run(

"VBoxManage", "showvminfo", vm_name, "--machinereadable"\], capture_output=True, text=True ) state = "unknown" for state_line in state_result.stdout.split('\\n'): if 'VMState=' in state_line: state = state_line.split('=')\[1\].strip('"') break vms.append({ "name": vm_name, "provider": "virtualbox", "state": state }) except Exception as e: print(f"获取VirtualBox虚拟机失败: {e}") return vms def get_vmware_vms(self): """获取VMware虚拟机列表""" vms = \[

# VMware 检查（简化实现）

vmware_dirs = [

Path.home() / "Virtual Machines",

Path.home() / "VMware",

Path("/var/lib/vmware")

]

for vm_dir in vmware_dirs:

if vm_dir.exists():

for item in vm_dir.iterdir():

if item.is_dir() and any(item.glob("*.vmx")):

vms.append({

"name": item.name,

"provider": "vmware",

"state": "unknown" # 需要vmrun工具确定状态

})

return vms

def check_tool_updates(self):

"""检查工具更新"""

tools_to_check = [

{"name": "nmap", "check_cmd": ["nmap", "--version"]},

{"name": "wireshark", "check_cmd": ["tshark", "--version"]},

{"name": "binwalk", "check_cmd": ["binwalk", "--version"]},

{"name": "aircrack-ng", "check_cmd": ["aircrack-ng", "--version"]}

]

tool_status = []

for tool in tools_to_check:

try:

import subprocess

result = subprocess.run(

tool["check_cmd"],

capture_output=True,

text=True

)

version = "unknown"

if result.stdout:

first_line = result.stdout.split('\n')[0]

version = first_line.strip()

tool_status.append({

"name": tool["name"],

"installed": True,

"version": version

})

except FileNotFoundError:

tool_status.append({

"name": tool["name"],

"installed": False,

"version": None

})

details = {

"total_tools": len(tools_to_check),

"installed_tools": len([t for t in tool_status if t["installed"]]),

"tool_list": tool_status

}

print(f"工具状态: {details['installed_tools']}/{details['total_tools']} 已安装")

return details

def check_backup_integrity(self):

"""检查备份完整性"""

backup_dir = self.lab_path / "backups"

if not backup_dir.exists():

return {"status": "no_backups", "message": "备份目录不存在"}

backups = []

for backup_file in backup_dir.glob("*.tar.gz"):

backup_info = {

"filename": backup_file.name,

"size_mb": round(backup_file.stat().st_size / (1024*1024), 2),

"modified": datetime.fromtimestamp(backup_file.stat().st_mtime).isoformat(),

"integrity_checked": False

}

# 检查完整性（如果有校验文件）

checksum_file = backup_dir / f"{backup_file.name}.sha256"

if checksum_file.exists():

backup_info["integrity_checked"] = self.verify_backup_integrity(

backup_file, checksum_file

)

backups.append(backup_info)

details = {

"backup_count": len(backups),

"total_size_gb": round(sum(b["size_mb"] for b in backups) / 1024, 2),

"latest_backup": max([b["modified"] for b in backups], default="none"),

"backup_list": backups

}

print(f"备份状态: {details['backup_count']} 个备份，总计 {details['total_size_gb']} GB")

return details

def verify_backup_integrity(self, backup_file, checksum_file):

"""验证备份完整性"""

try:

with open(checksum_file, 'r') as f:

expected_hash = f.read().strip().split()[0]

sha256_hash = hashlib.sha256()

with open(backup_file, 'rb') as f:

for byte_block in iter(lambda: f.read(4096), b""):

sha256_hash.update(byte_block)

actual_hash = sha256_hash.hexdigest()

return expected_hash == actual_hash

except Exception:

return False

def check_security_config(self):

"""检查安全配置"""

security_checks = {

"firewall_enabled": self.check_firewall(),

"ssh_secure": self.check_ssh_config(),

"user_permissions": self.check_user_permissions(),

"log_rotation": self.check_log_rotation()

}

details = {

"checks": security_checks,

"passed_checks": sum(1 for check in security_checks.values() if check),

"total_checks": len(security_checks)

}

print(f"安全配置: {details['passed_checks']}/{details['total_checks']} 项通过")

return details

def check_firewall(self):

"""检查防火墙"""

try:

import subprocess

result = subprocess.run(

"ufw", "status"\], capture_output=True, text=True ) return "Status: active" in result.stdout except: return False def check_ssh_config(self): """检查SSH配置""" ssh_config = Path("/etc/ssh/sshd_config") if not ssh_config.exists(): return False secure_settings = \[ "PasswordAuthentication no", "PermitRootLogin no", "Protocol 2"

try:

with open(ssh_config, 'r') as f:

config_content = f.read()

return all(setting in config_content for setting in secure_settings)

except:

return False

def check_user_permissions(self):

"""检查用户权限"""

lab_stat = self.lab_path.stat()

return oct(lab_stat.st_mode)[-3:] == "700"

def check_log_rotation(self):

"""检查日志轮转"""

logrotate_config = Path("/etc/logrotate.d/iot_lab")

return logrotate_config.exists()

def perform_cleanup(self, days_to_keep=30):

"""执行清理操作"""

print(f"执行清理，保留最近 {days_to_keep} 天的数据...")

cleanup_results = {

"temp_files": self.clean_temp_files(days_to_keep),

"old_backups": self.clean_old_backups(days_to_keep),

"cache_files": self.clean_cache_files(),

"old_logs": self.clean_old_logs(days_to_keep)

}

self.record_maintenance_log("cleanup", cleanup_results)

return cleanup_results

def clean_temp_files(self, days_to_keep):

"""清理临时文件"""

temp_dirs = [

self.lab_path / "temp",

self.lab_path / "tmp",

self.lab_path / ".cache"

]

cleaned_files = []

for temp_dir in temp_dirs:

if temp_dir.exists():

cutoff_time = datetime.now() - timedelta(days=days_to_keep)

for item in temp_dir.rglob("*"):

if item.is_file():

file_time = datetime.fromtimestamp(item.stat().st_mtime)

if file_time < cutoff_time:

try:

item.unlink()

cleaned_files.append(str(item.relative_to(self.lab_path)))

except Exception as e:

print(f"删除文件失败 {item}: {e}")

return {

"cleaned_count": len(cleaned_files),

"cleaned_files": cleaned_files[:10] # 只记录前10个

}

def clean_old_backups(self, days_to_keep):

"""清理旧备份"""

backup_dir = self.lab_path / "backups"

if not backup_dir.exists():

return {"cleaned_count": 0, "message": "备份目录不存在"}

cutoff_time = datetime.now() - timedelta(days=days_to_keep)

cleaned_backups = []

for backup_file in backup_dir.glob("*.tar.gz"):

file_time = datetime.fromtimestamp(backup_file.stat().st_mtime)

if file_time < cutoff_time:

try:

backup_file.unlink()

# 同时删除校验文件

checksum_file = backup_dir / f"{backup_file.name}.sha256"

if checksum_file.exists():

checksum_file.unlink()

cleaned_backups.append(backup_file.name)

except Exception as e:

print(f"删除备份失败 {backup_file}: {e}")

return {

"cleaned_count": len(cleaned_backups),

"cleaned_backups": cleaned_backups[:10]

}

def clean_cache_files(self):

"""清理缓存文件"""

cache_dirs = [

"~/.cache",

"~/.npm/_cacache",

"~/.pip/cache",

"~/.m2/repository"

]

cleaned_size = 0

for cache_dir in cache_dirs:

cache_path = Path(cache_dir).expanduser()

if cache_path.exists():

# 使用系统清理工具

try:

import subprocess

if cache_dir == "~/.cache":

result = subprocess.run(

"du", "-sh", str(cache_path)\], capture_output=True, text=True ) cleaned_size_str = result.stdout.split()\[0

print(f"缓存大小: {cleaned_size_str}")

except Exception as e:

print(f"清理缓存失败 {cache_dir}: {e}")

return {

"cleaned_size": cleaned_size,

"message": "建议使用系统清理工具"

}

def clean_old_logs(self, days_to_keep):

"""清理旧日志"""

log_dir = self.lab_path / "logs"

if not log_dir.exists():

return {"cleaned_count": 0, "message": "日志目录不存在"}

cutoff_time = datetime.now() - timedelta(days=days_to_keep)

cleaned_logs = []

for log_file in log_dir.rglob("*.log"):

if log_file.is_file():

file_time = datetime.fromtimestamp(log_file.stat().st_mtime)

if file_time < cutoff_time:

try:

log_file.unlink()

cleaned_logs.append(str(log_file.relative_to(self.lab_path)))

except Exception as e:

print(f"删除日志失败 {log_file}: {e}")

return {

"cleaned_count": len(cleaned_logs),

"cleaned_logs": cleaned_logs[:10]

}

def create_backup(self, backup_name=None):

"""创建实验室备份"""

if backup_name is None:

timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")

backup_name = f"iot_lab_backup_{timestamp}"

backup_dir = self.lab_path / "backups"

backup_dir.mkdir(exist_ok=True)

backup_file = backup_dir / f"{backup_name}.tar.gz"

checksum_file = backup_dir / f"{backup_name}.tar.gz.sha256"

print(f"创建备份: {backup_file}")

try:

import tarfile

# 排除不需要备份的目录

exclude_patterns = [

"pycache",

"*.pyc",

"*.log",

"*.tmp",

"temp",

"tmp",

".cache",

"backups/*.tar.gz" # 不备份现有的备份文件

]

with tarfile.open(backup_file, "w:gz") as tar:

for item in self.lab_path.iterdir():

# 检查是否需要排除

should_exclude = False

for pattern in exclude_patterns:

if item.match(pattern):

should_exclude = True

break

if not should_exclude and item.name != "backups":

print(f" 添加: {item.name}")

tar.add(item, arcname=item.name)

# 创建校验和

sha256_hash = hashlib.sha256()

with open(backup_file, 'rb') as f:

for byte_block in iter(lambda: f.read(4096), b""):

sha256_hash.update(byte_block)

with open(checksum_file, 'w') as f:

f.write(f"{sha256_hash.hexdigest()} {backup_file.name}\n")

backup_info = {

"filename": backup_file.name,

"size_mb": round(backup_file.stat().st_size / (1024*1024), 2),

"created": datetime.now().isoformat(),

"checksum_verified": True

}

self.record_maintenance_log("backup", backup_info)

print(f" 备份完成: {backup_file.name} ({backup_info['size_mb']} MB)")

return backup_info

except Exception as e:

print(f" 备份失败: {e}")

return {"error": str(e)}

def record_maintenance_log(self, action, data):

"""记录维护日志"""

log_entry = {

"timestamp": datetime.now().isoformat(),

"action": action,

"data": data

}

# 读取现有日志

if self.maintenance_log.exists():

with open(self.maintenance_log, 'r') as f:

try:

log_data = json.load(f)

except json.JSONDecodeError:

log_data = {"entries": []}

else:

log_data = {"entries": []}

# 添加新条目

if "entries" not in log_data:

log_data["entries"] = []

log_data["entries"].append(log_entry)

# 保持最近的1000个条目

if len(log_data["entries"]) > 1000:

log_data["entries"] = log_data["entries"][-1000:]

# 写入日志

with open(self.maintenance_log, 'w') as f:

json.dump(log_data, f, indent=2, ensure_ascii=False)

def generate_maintenance_report(self, days=7):

"""生成维护报告"""

print(f"生成最近 {days} 天的维护报告...")

if not self.maintenance_log.exists():

return {"error": "维护日志不存在"}

with open(self.maintenance_log, 'r') as f:

log_data = json.load(f)

cutoff_time = datetime.now() - timedelta(days=days)

recent_entries = []

for entry in log_data.get("entries", []):

entry_time = datetime.fromisoformat(entry["timestamp"])

if entry_time >= cutoff_time:

recent_entries.append(entry)

# 分析数据

actions_count = {}

for entry in recent_entries:

action = entry["action"]

actions_count[action] = actions_count.get(action, 0) + 1

report = {

"report_generated": datetime.now().isoformat(),

"period_days": days,

"total_entries": len(recent_entries),

"actions_summary": actions_count,

"recent_issues": self.extract_issues(recent_entries),

"recommendations": self.generate_recommendations(recent_entries)

}

# 保存报告

report_file = self.lab_path / "reports" / f"maintenance_report_{datetime.now().strftime('%Y%m%d')}.json"

with open(report_file, 'w') as f:

json.dump(report, f, indent=2, ensure_ascii=False)

print(f" 维护报告已保存: {report_file}")

return report

def extract_issues(self, entries):

"""从日志中提取问题"""

issues = []

for entry in entries:

if entry["action"] == "daily_check":

data = entry["data"]

# 检查磁盘空间问题

if "磁盘空间" in data:

disk_info = data["磁盘空间"]

if disk_info.get("status") == "不足":

issues.append({

"type": "disk_space",

"timestamp": entry["timestamp"],

"details": disk_info

})

# 检查安全配置问题

if "安全配置" in data:

sec_info = data["安全配置"]

passed = sec_info.get("passed_checks", 0)

total = sec_info.get("total_checks", 1)

if passed < total:

issues.append({

"type": "security_config",

"timestamp": entry["timestamp"],

"details": f"{passed}/{total} 项通过"

})

return issues

def generate_recommendations(self, entries):

"""生成建议"""

recommendations = []

# 分析备份频率

backup_actions = [e for e in entries if e["action"] == "backup"]

if len(backup_actions) == 0:

recommendations.append("建议创建定期备份策略")

elif len(backup_actions) < 3: # 少于3次备份

last_backup_time = datetime.fromisoformat(backup_actions[-1]["timestamp"])

days_since_last = (datetime.now() - last_backup_time).days

if days_since_last > 7:

recommendations.append(f"上次备份在 {days_since_last} 天前，建议立即备份")

# 检查清理频率

cleanup_actions = [e for e in entries if e["action"] == "cleanup"]

if len(cleanup_actions) == 0:

recommendations.append("建议执行定期清理以释放磁盘空间")

return recommendations

def run_maintenance_routine(self):

"""运行完整的维护流程"""

print("="*60)

print("物联网实验室维护流程")

print("="*60)

print("\n[1] 执行日常检查...")

daily_check = self.daily_maintenance_check()

print("\n[2] 执行清理操作...")

cleanup_results = self.perform_cleanup(days_to_keep=30)

print("\n[3] 创建备份...")

backup_info = self.create_backup()

print("\n[4] 生成维护报告...")

report = self.generate_maintenance_report(days=7)

print("\n" + "="*60)

print("维护流程完成")

print("="*60)

summary = {

"daily_check": daily_check,

"cleanup": cleanup_results,

"backup": backup_info,

"report_generated": report.get("report_generated")

}

return summary

def main():

"""主函数"""

import argparse

parser = argparse.ArgumentParser(description="物联网实验室维护工具")

parser.add_argument(

"--lab-dir",

default="~/iot_lab",

help="实验室目录路径"

)

parser.add_argument(

"--action",

choices=["check", "cleanup", "backup", "report", "full"],

default="full",

help="执行的操作"

)

args = parser.parse_args()

maintenance = IoTLabMaintenance(args.lab_dir)

if args.action == "check":

result = maintenance.daily_maintenance_check()