~优化nftables检测机制

~优化小闪存模式内存占用 ~修复并屏蔽因部分linux系统不支持&>写法而导致的大量无效输出 ~修复singbox的ntp服务 ~尝试修复部分linux设备因selinux导致使用systemd启动服务失败的问题 ~优化crash -d命令debug功能
2024-11-16 11:42:18 +08:00 · 2024-02-04 16:55:06 +08:00 · 2024-02-04 16:55:06 +08:00 · a6c254e183
commit a6c254e183
parent 905bcc8769
5 changed files with 58 additions and 57 deletions
--- a/scripts/getdate.sh
+++ b/scripts/getdate.sh
@ -7,7 +7,7 @@ error_down(){
 	sleep 1
 }
 dir_avail(){
-	df -h &>/dev/null && h=$2
+	df -h >/dev/null 2>&1 && h=$2
 	df $h $1 |awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' |grep -E 'Ava|可用' |awk '{print $2}'
 	}

@ -1819,7 +1819,7 @@ userguide(){
 			redir_mod="Redir模式"
 			ckcmd nft && {
 				redir_mod="Nft基础"
-				modprobe nft_tproxy &> /dev/null && redir_mod="Nft混合"
+				modprobe nft_tproxy >/dev/null 2>&1 && redir_mod="Nft混合"
 			}
 			setconfig redir_mod "$redir_mod"
 			#自动识别IPV6
@ -1975,7 +1975,7 @@ debug(){
 		$CRASHDIR/start.sh bfstart
 		if [ "$crashcore" = singbox -o "$crashcore" = singboxp ] ;then
 			$TMPDIR/CrashCore run -D $BINDIR -C $TMPDIR/jsons &
-			{ sleep 4 ; kill $! &>/dev/null & }
+			{ sleep 4 ; kill $! >/dev/null 2>&1 & }
 			wait
 		else
 			$TMPDIR/CrashCore -t -d $BINDIR -f $TMPDIR/config.yaml
@ -2091,7 +2091,7 @@ testcommand(){
 		exit;
 	elif [ "$num" = 6 ]; then
 		echo "注意：依赖curl(不支持wget)，且测试结果不保证一定准确！"
-		delay=`curl -kx ${authentication}@127.0.0.1:$mix_port -o /dev/null -s -w '%{time_starttransfer}' 'https://google.tw' & { sleep 3 ; kill $! &>/dev/null & }` > /dev/null 2>&1
+		delay=`curl -kx ${authentication}@127.0.0.1:$mix_port -o /dev/null -s -w '%{time_starttransfer}' 'https://google.tw' & { sleep 3 ; kill $! >/dev/null 2>&1 & }` > /dev/null 2>&1
 		delay=`echo |awk "{print $delay*1000}"` > /dev/null 2>&1
 		echo -----------------------------------------------
 		if [ `echo ${#delay}` -gt 1 ];then
--- a/scripts/init.sh
+++ b/scripts/init.sh
@ -162,8 +162,8 @@ else
 		#创建shellcrash用户
 		sed -i '/0:7890/d' /etc/passwd
 		sed -i '/x:7890/d' /etc/group
-		if type useradd &>/dev/null; then
-			useradd shellcrash -u 7890
+		if type useradd >/dev/null 2>&1; then
+			useradd shellcrash -u 7890 2>/dev/null
 			sed -Ei s/7890:7890/0:7890/g /etc/passwd
 		else
 			echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >> /etc/passwd
@ -178,7 +178,7 @@ else
 		setconfig start_old 已开启
 fi
 #修饰文件及版本号
-command -v bash &>/dev/null && shtype=bash || shtype=sh 
+command -v bash >/dev/null 2>&1 && shtype=bash || shtype=sh 
 for file in start.sh task.sh ;do
 	sed -i "s|/bin/sh|/bin/$shtype|" ${CRASHDIR}/${file}
 	chmod 755 ${CRASHDIR}/${file}
@ -212,7 +212,7 @@ if [ -n "$profile" ];then
 	echo "alias clash=\"$shtype $CRASHDIR/menu.sh\"" >> $profile #设置快捷命令环境变量
 	sed -i '/export CRASHDIR=*/'d $profile
 	echo "export CRASHDIR=\"$CRASHDIR\"" >> $profile #设置路径环境变量
-	source $profile &>/dev/null || echo 运行错误！请使用bash而不是dash运行安装命令！！！
+	source $profile >/dev/null 2>&1 || echo 运行错误！请使用bash而不是dash运行安装命令！！！
 	#适配zsh环境变量
 	[ -n "$(cat /etc/shells 2>/dev/null|grep -oE 'zsh')" ] && [ -z "$(cat ~/.zshrc 2>/dev/null|grep CRASHDIR)" ] && { 
 		sed -i '/alias crash=*/'d ~/.zshrc
@ -222,7 +222,7 @@ if [ -n "$profile" ];then
 		echo "alias clash=\"$shtype $CRASHDIR/menu.sh\"" >> ~/.zshrc
 		sed -i '/export CRASHDIR=*/'d ~/.zshrc
 		echo "export CRASHDIR=\"$CRASHDIR\"" >> ~/.zshrc
-		source ~/.zshrc &>/dev/null
+		source ~/.zshrc >/dev/null 2>&1
 	}
 else
 	echo -e "\033[33m无法写入环境变量！请检查安装权限！\033[0m"
@ -286,7 +286,7 @@ for file in cron task.sh task.list;do
 done
 chmod 755 ${CRASHDIR}/task/task.sh
 #旧版文件清理
-userdel shellclash &>/dev/null
+userdel shellclash >/dev/null 2>&1
 sed -i '/shellclash/d' /etc/passwd
 sed -i '/shellclash/d' /etc/group
 rm -rf /etc/init.d/clash
--- a/scripts/menu.sh
+++ b/scripts/menu.sh
@ -5,8 +5,8 @@ CFG_PATH=${CRASHDIR}/configs/ShellCrash.cfg
 YAMLSDIR=${CRASHDIR}/yamls
 JSONSDIR=${CRASHDIR}/jsons
 #加载执行目录，失败则初始化
-source ${CRASHDIR}/configs/command.env &>/dev/null
-[ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && source ${CRASHDIR}/init.sh &>/dev/null
+source ${CRASHDIR}/configs/command.env >/dev/null 2>&1
+[ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && source ${CRASHDIR}/init.sh >/dev/null 2>&1
 [ ! -f ${TMPDIR} ] && mkdir -p ${TMPDIR}
 [ -n "$(tar --help 2>&1|grep -o 'no-same-owner')" ] && tar_para='--no-same-owner' #tar命令兼容

@ -17,7 +17,7 @@ setconfig(){
 	[ -n "$(grep "${1}=" "$configpath")" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
 }
 ckcmd(){
-	command -v sh &>/dev/null && command -v $1 &>/dev/null || type $1 &>/dev/null
+	command -v sh >/dev/null 2>&1 && command -v $1 >/dev/null 2>&1 || type $1 >/dev/null 2>&1
 }

 #脚本启动前检查
@ -25,9 +25,9 @@ ckstatus(){
 	#检查/读取脚本配置文件
 	if [ -f $CFG_PATH ];then
 		[ -n "$(awk 'a[$0]++' $CFG_PATH)" ] && awk '!a[$0]++' $CFG_PATH > $CFG_PATH #检查重复行并去除
-		source $CFG_PATH &>/dev/null	
+		source $CFG_PATH >/dev/null 2>&1	
 	else
-		source ${CRASHDIR}/init.sh &>/dev/null
+		source ${CRASHDIR}/init.sh >/dev/null 2>&1
 	fi
 	versionsh=$(cat ${CRASHDIR}/init.sh | grep -E ^version= | head -n 1 | sed 's/version=//')
 	[ -n "$versionsh" ] && versionsh_l=$versionsh
@ -253,7 +253,7 @@ log_pusher(){ #日志菜单
 				url_tg=https://api.telegram.org/bot${TOKEN}/getUpdates
 				[ -n "$authentication" ] && auth="$authentication@"
 				export https_proxy="http://${auth}127.0.0.1:$mix_port"
-				if curl --version &> /dev/null;then 
+				if curl --version >/dev/null 2>&1;then 
 					chat=$(curl -kfsSl $url_tg 2>/dev/null| tail -n -1)
 				else
 					chat=$(wget -Y on -q -O - $url_tg | tail -n -1)
@ -344,7 +344,7 @@ log_pusher(){ #日志菜单
 				setconfig push_Po
 				setconfig push_Po_key
 			}
-		elif curl --version &> /dev/null;then 
+		elif curl --version >/dev/null 2>&1;then 
 			#echo -e "\033[33m详细设置指南请参考 https://juewuy.github.io/ \033[0m"
 			echo -e "请先通过 \033[32;4mhttps://pushover.net/\033[0m 注册账号并获取\033[36mUser Key\033[0m"
 			echo -----------------------------------------------
@ -918,7 +918,7 @@ localproxy(){ #本机代理
 	echo -----------------------------------------------
 	[ -n "$local_enh" ] && {
 		ckcmd iptables && [ -n "$(iptables -m owner --help | grep owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐！)"
-		ckcmd nft && modprobe nf_nat &> /dev/null && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐！)"
+		nft add table inet shellcrash 2>/dev/null && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐！)"
 	}
 	echo -e " 3 使用\033[33m环境变量\033[0m方式配置(部分应用可能无法使用,不推荐！)"
 	echo -e " 0 返回上级菜单"
@ -1116,9 +1116,8 @@ normal_set(){ #基础设置
 			echo -e "\033[36m已设为 $redir_mod ！！\033[0m"
 		}
 		[ -n "$(iptables -j TPROXY 2>&1 | grep 'on-port')" ] && sup_tp=1
-		[ -n "$(ls /dev/net/tun)" ] || ip tuntap &>/dev/null && sup_tun=1
-		ckcmd nft && modprobe nf_nat &> /dev/null && sup_nft=1 && modprobe nft_tproxy &> /dev/null && sup_nft=2
-		
+		[ -n "$(ls /dev/net/tun)" ] || ip tuntap >/dev/null 2>&1 && sup_tun=1
+		nft add table inet shellcrash 2>/dev/null && sup_nft=1 && modprobe nft_tproxy >/dev/null 2>&1 && sup_nft=2
 		echo -----------------------------------------------
 		echo -e "当前代理模式为：\033[47;30m $redir_mod \033[0m；Clash核心为：\033[47;30m $crashcore \033[0m"
 		echo -e "\033[33m切换模式后需要手动重启服务以生效！\033[0m"
@ -1926,9 +1925,10 @@ case "$1" in
 	-d)
 		shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash
 		echo -e "正在测试运行！如发现错误请截图后前往\033[32;4mt.me/ShellClash\033[0m咨询"
-		$shtype ${CRASHDIR}/start.sh debug >/dev/null 2>${TMPDIR}/sh_bug
+		$shtype ${CRASHDIR}/start.sh debug >/dev/null 2>${TMPDIR}/debug_sh_bug.log
 		$shtype -x ${CRASHDIR}/start.sh debug >/dev/null 2>${TMPDIR}/debug_sh.log
 		echo -----------------------------------------
+		cat ${TMPDIR}/debug_sh_bug.log | grep 'start\.sh' > ${TMPDIR}/sh_bug
 		if [ -s ${TMPDIR}/sh_bug ];then
 			while read line ;do
 				echo -e "发现错误：\033[33;4m$line\033[0m"
@ -1938,7 +1938,7 @@ case "$1" in
 			rm -rf ${TMPDIR}/sh_bug
 			echo -e  "\033[32m测试完成！\033[0m完整执行记录请查看：\033[36m${TMPDIR}/debug_sh.log\033[0m"
 		else
-			echo -e  "\033[32m测试完成！没有发现问题~\033[0m" 
+			echo -e  "\033[32m测试完成！没有发现问题，请重新启动服务~\033[0m" 
 			rm -rf ${TMPDIR}/debug_sh.log
 		fi
 		${CRASHDIR}/start.sh stop
--- a/scripts/start.sh
+++ b/scripts/start.sh
@ -4,8 +4,8 @@
 #初始化目录
 CRASHDIR=$(cd $(dirname $0);pwd)
 #加载执行目录，失败则初始化
-source ${CRASHDIR}/configs/command.env &>/dev/null
-[ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && source ${CRASHDIR}/init.sh &>/dev/null
+source ${CRASHDIR}/configs/command.env >/dev/null 2>&1
+[ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && source ${CRASHDIR}/init.sh >/dev/null 2>&1
 [ ! -f ${TMPDIR} ] && mkdir -p ${TMPDIR}

 #脚本内部工具
@ -49,7 +49,7 @@ setconfig(){ #脚本配置工具
 	[ -n "$(grep "${1}=" "$configpath")" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
 }
 ckcmd(){ #检查命令是否存在
-	command -v sh &>/dev/null && command -v $1 &>/dev/null || type $1 &>/dev/null
+	command -v sh >/dev/null 2>&1 && command -v $1 >/dev/null 2>&1 || type $1 >/dev/null 2>&1
 }
 ckgeo(){ #查找及下载Geo数据文件
 	[ -n "$(find --help 2>&1|grep -o size)" ] && find_para=' -size +20' #find命令兼容
@ -91,31 +91,31 @@ logger(){ #日志工具
 			url=https://api.telegram.org/bot${push_TG}/sendMessage
 			curl_data="-d chat_id=$chat_ID&text=$log_text"
 			wget_data="--post-data=$chat_ID&text=$log_text"
-			if curl --version &> /dev/null;then 
-				curl -kfsSl --connect-timeout 3 -d "chat_id=$chat_ID&text=$log_text" "$url" &>/dev/null 
+			if curl --version >/dev/null 2>&1;then 
+				curl -kfsSl --connect-timeout 3 -d "chat_id=$chat_ID&text=$log_text" "$url" >/dev/null 2>&1 
 			else
 				wget -Y on -q --timeout=3 -t 1 --post-data="chat_id=$chat_ID&text=$log_text" "$url" 
 			fi
 		}
 		[ -n "$push_bark" ] && {
 			url=${push_bark}/${log_text}${bark_param}
-			if curl --version &> /dev/null;then 
-				curl -kfsSl --connect-timeout 3 "$url" &>/dev/null 
+			if curl --version >/dev/null 2>&1;then 
+				curl -kfsSl --connect-timeout 3 "$url" >/dev/null 2>&1 
 			else
 				wget -Y on -q --timeout=3 -t 1 "$url" 
 			fi
 		}
 		[ -n "$push_Deer" ] && {
 			url=https://api2.pushdeer.com/message/push?pushkey=${push_Deer}
-			if curl --version &> /dev/null;then 
-				curl -kfsSl --connect-timeout 3 "$url"\&text="$log_text" &>/dev/null 
+			if curl --version >/dev/null 2>&1;then 
+				curl -kfsSl --connect-timeout 3 "$url"\&text="$log_text" >/dev/null 2>&1 
 			else
 				wget -Y on -q --timeout=3 -t 1 "$url"\&text="$log_text" 
 			fi
 		}
 		[ -n "$push_Po" ] && {
 			url=https://api.pushover.net/1/messages.json
-			curl -kfsSl --connect-timeout 3 --form-string "token=$push_Po" --form-string "user=$push_Po_key" --form-string "message=$log_text" "$url" &>/dev/null 
+			curl -kfsSl --connect-timeout 3 --form-string "token=$push_Po" --form-string "user=$push_Po_key" --form-string "message=$log_text" "$url" >/dev/null 2>&1 
 		}	
 	} &
 }
@ -329,6 +329,7 @@ get_core_config(){ #下载内核配置文件
 		fi
 		echo -e "\033[32m已成功获取配置文件！\033[0m"
 	fi
+	return 0
 }
 modify_yaml(){ #修饰clash配置文件
 ##########需要变更的配置###########
@ -524,9 +525,9 @@ EOF
 		logger "$(${TMPDIR}/CrashCore -t -d ${BINDIR} -f ${TMPDIR}/config.yaml | grep -Eo 'error.*=.*')" 31
 		logger "自定义配置文件校验失败！将使用基础配置文件启动！" 33
 		logger "错误详情请参考 ${TMPDIR}/error.yaml 文件！" 33
-		mv -f ${TMPDIR}/config.yaml ${TMPDIR}/error.yaml &>/dev/null
+		mv -f ${TMPDIR}/config.yaml ${TMPDIR}/error.yaml >/dev/null 2>&1
 		sed -i "/#自定义策略组开始/,/#自定义策略组结束/d"  ${TMPDIR}/proxy-groups.yaml
-		mv -f ${TMPDIR}/set_bak.yaml ${TMPDIR}/set.yaml &>/dev/null
+		mv -f ${TMPDIR}/set_bak.yaml ${TMPDIR}/set.yaml >/dev/null 2>&1
 		#合并基础配置文件
 		cut -c 1- ${TMPDIR}/set.yaml $yaml_dns $yaml_add > ${TMPDIR}/config.yaml
 		sed -i "/#自定义/d" ${TMPDIR}/config.yaml 
@ -649,7 +650,7 @@ EOF
 }
 EOF
 	#生成ntp.json
-	[ -z "$(grep '自动同步ntp时间' $CRASHDIR/task/afstart 2>/dev/null)" ] && cat > ${TMPDIR}/jsons/ntp.json <<EOF
+	cat > ${TMPDIR}/jsons/ntp.json <<EOF
 {
  "ntp": {
    "enabled": true,
@ -872,7 +873,7 @@ start_redir(){ #iptables-redir
 	iptables -t nat -A PREROUTING -p tcp $ports -j shellcrash
 	[ "$dns_mod" != "redir_host" -a "$common_ports" = "已开启" ] && iptables -t nat -A PREROUTING -p tcp -d 198.18.0.0/16 -j shellcrash
 	#设置ipv6转发
-	if [ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L &>/dev/null;then
+	if [ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L >/dev/null 2>&1;then
 		ip6tables -t nat -N shellcrashv6
 		for ip in $reserve_ipv6 $host_ipv6;do #跳过目标保留地址及目标本机网段
 			ip6tables -t nat -A shellcrashv6 -d $ip -j RETURN
@ -944,7 +945,7 @@ start_ipt_dns(){ #iptables-dns
 start_tproxy(){ #iptables-tproxy
 	#获取局域网host地址
 	getlanip
-	modprobe xt_TPROXY &>/dev/null
+	modprobe xt_TPROXY >/dev/null 2>&1
 	ip rule add fwmark $fwmark table 100
 	ip route add local default dev lo table 100
 	iptables -t mangle -N shellcrash
@ -982,7 +983,7 @@ start_tproxy(){ #iptables-tproxy
 		iptables -I INPUT -p udp --dport 443 -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
 	}
 	#设置ipv6转发
-	[ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L &>/dev/null && {
+	[ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L >/dev/null 2>&1 && {
 		ip -6 rule add fwmark $fwmark table 101
 		ip -6 route add local ::/0 dev lo table 101
 		ip6tables -t mangle -N shellcrashv6
@ -1059,7 +1060,7 @@ start_output(){ #iptables本机代理
 	}
 }
 start_tun(){ #iptables-tun
-	modprobe tun &>/dev/null
+	modprobe tun >/dev/null 2>&1
 	#允许流量
 	iptables -I FORWARD -o utun -j ACCEPT
 	iptables -I FORWARD -s 198.18.0.0/16 -o utun -j RETURN #防止回环
@ -1073,7 +1074,7 @@ start_tun(){ #iptables-tun
 		iptables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1 
 		ip6tables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellCrash-QUIC-REJECT" $set_cn_ip6 -j REJECT >/dev/null 2>&1
 	fi
-	modprobe xt_mark &>/dev/null && {
+	modprobe xt_mark >/dev/null 2>&1 && {
 		i=1
 		while [ -z "$(ip route list |grep utun)" -a "$i" -le 29 ];do
 			sleep 1
@ -1114,7 +1115,7 @@ start_tun(){ #iptables-tun
 			[ "$1" = "all" ] && iptables -t mangle -A PREROUTING -p tcp $ports -j shellcrash
 			
 			#设置ipv6转发
-			[ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L &>/dev/null && [ "$crashcore" != clash ] && {
+			[ "$ipv6_redir" = "已开启" ] && ip6tables -t nat -L >/dev/null 2>&1 && [ "$crashcore" != clash ] && {
 				ip -6 route add default dev utun table 101
 				ip -6 rule add fwmark $fwmark table 101
 				ip6tables -t mangle -N shellcrashv6
@ -1158,7 +1159,7 @@ start_nft(){ #nftables-allinone
 	[ "$redir_mod" = "Nft基础" ] && \
 		nft add chain inet shellcrash prerouting { type nat hook prerouting priority -100 \; }
 	[ "$redir_mod" = "Nft混合" ] && {
-		modprobe nft_tproxy &> /dev/null
+		modprobe nft_tproxy >/dev/null 2>&1
 		nft add chain inet shellcrash prerouting { type filter hook prerouting priority 0 \; }
 	}
 	[ -n "$(echo $redir_mod|grep Nft)" ] && {
@ -1224,7 +1225,7 @@ start_nft(){ #nftables-allinone
 			nft add rule inet shellcrash output meta l4proto tcp mark set $fwmark redirect to $redir_port
 		}
 		#Docker
-		type docker &>/dev/null && {
+		type docker >/dev/null 2>&1 && {
 			nft add chain inet shellcrash docker { type nat hook prerouting priority -100 \; }
 			nft add rule inet shellcrash docker ip saddr != {172.16.0.0/12} return #进代理docker网段
 			nft add rule inet shellcrash docker ip daddr {$RESERVED_IP} return #过滤保留地址
@ -1521,6 +1522,7 @@ core_check(){ #检查及下载内核文件
 			else
 				mv -f ${TMPDIR}/core_new ${TMPDIR}/CrashCore
 				mv -f ${TMPDIR}/CrashCore.tar.gz ${BINDIR}/CrashCore.tar.gz
+				rm -rf ${TMPDIR}/CrashCore.tar.gz #小闪存模式清理文件优化内存占用
 				setconfig COMMAND "$COMMAND" ${CRASHDIR}/configs/command.env && source ${CRASHDIR}/configs/command.env
 				setconfig crashcore $crashcore
 				setconfig core_v $core_v
@ -1595,7 +1597,6 @@ bfstart(){ #启动前
 		if [ -n "$Url" -o -n "$Https" ];then
 			logger "未找到配置文件，正在下载！" 33
 			get_core_config
-			exit 0
 		else
 			logger "未找到配置文件链接，请先导入配置文件！" 31
 			exit 1
@ -1608,7 +1609,6 @@ bfstart(){ #启动前
 	[ ! -s ${BINDIR}/ui/index.html ] && makehtml #如没有面板则创建跳转界面
 	catpac	#生成pac文件
 	#内核及内核配置文件检查
-	[ ! -x ${TMPDIR}/CrashCore ] && chmod +x ${TMPDIR}/CrashCore 2>/dev/null #检测可执行权限
 	if [ "$crashcore" = singbox -o "$crashcore" = singboxp ];then
 		singbox_check	
 		[ -d ${TMPDIR}/jsons ] && rm -rf ${TMPDIR}/jsons/* || mkdir -p ${TMPDIR}/jsons #准备目录
@ -1629,6 +1629,7 @@ bfstart(){ #启动前
 			echo "shellcrash:x:0:7890:::" >> /etc/passwd
 		fi
 	}
+	[ "$start_old" != "已开启" -a "$(cat /proc/1/comm)" = "systemd" ] && ckcmd restorecon && restorecon -rv $CRASHDIR 2>/dev/null #修复selinux权限问题
 	#清理debug日志
 	rm -rf ${TMPDIR}/debug.log
 	return 0
@ -1692,9 +1693,9 @@ afstart(){ #启动后
 		}
 		ckcmd iptables && start_wan #本地防火墙
 		mark_time #标记启动时间
-		[ -s ${CRASHDIR}/configs/web_save -o -s ${CRASHDIR}/configs/web_configs ] && web_restore &>/dev/null & #后台还原面板配置
+		[ -s ${CRASHDIR}/configs/web_save -o -s ${CRASHDIR}/configs/web_configs ] && web_restore >/dev/null 2>&1 & #后台还原面板配置
 		{ sleep 5;logger ShellCrash服务已启动！;} & #推送日志
-		ckcmd mtd_storage.sh && mtd_storage.sh save &>/dev/null & #Padavan保存/etc/storage
+		ckcmd mtd_storage.sh && mtd_storage.sh save >/dev/null 2>&1 & #Padavan保存/etc/storage
 		#加载定时任务
 		[ -s ${CRASHDIR}/task/cron ] && croncmd ${CRASHDIR}/task/cron
 		[ -s ${CRASHDIR}/task/running ] && {
@ -1722,8 +1723,8 @@ start_error(){ #启动报错
 	if [ "$start_old" != "已开启" ] && ckcmd journalctl;then
 		journalctl -u shellcrash > $TMPDIR/core_test.log
 	else
-		${COMMAND} &>${TMPDIR}/core_test.log &
-		sleep 2 ; kill $! &>/dev/null
+		${COMMAND} >${TMPDIR}/core_test.log 2>&1 &
+		sleep 2 ; kill $! >/dev/null 2>&1
 	fi
 	error=$(cat $TMPDIR/core_test.log | grep -Eo 'error.*=.*|.*ERROR.*|.*FATAL.*')
 	logger "服务启动失败！请查看报错信息！详细信息请查看$TMPDIR/core_test.log" 33
@ -1786,7 +1787,7 @@ start)
 			/etc/init.d/shellcrash start 
 		elif [ "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
 			FragmentPath=$(systemctl show -p FragmentPath shellcrash | sed 's/FragmentPath=//')
-			setconfig ExecStart "$COMMAND >/dev/null" "$FragmentPath"
+			[ -f $FragmentPath ] && setconfig ExecStart "$COMMAND >/dev/null" "$FragmentPath"
 			systemctl daemon-reload
 			systemctl start shellcrash.service || start_error
 		else
@ -1804,14 +1805,14 @@ stop)
 		#多种方式结束进程

 		if [ "$start_old" != "已开启" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];then
-			systemctl stop shellcrash.service &>/dev/null
+			systemctl stop shellcrash.service >/dev/null 2>&1
 		elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ];then
-			/etc/init.d/shellcrash stop &>/dev/null
+			/etc/init.d/shellcrash stop >/dev/null 2>&1
 		else
 			stop_firewall #清理路由策略
 			unset_proxy #禁用本机代理
 		fi
-		PID=$(pidof CrashCore) && [ -n "$PID" ] &&  kill -9 $PID &>/dev/null
+		PID=$(pidof CrashCore) && [ -n "$PID" ] &&  kill -9 $PID >/dev/null 2>&1
        ;;
 restart)
        $0 stop
--- a/scripts/task.sh
+++ b/scripts/task.sh
@ -6,7 +6,7 @@
 [ -z "$BINDIR" ] && BINDIR=${CRASHDIR}
 CFG_PATH=${CRASHDIR}/configs/ShellCrash.cfg
 TMPDIR=/tmp/ShellCrash && [ ! -f ${TMPDIR} ] && mkdir -p ${TMPDIR}
-source $CFG_PATH &> /dev/null
+source $CFG_PATH >/dev/null 2>&1
 [ -n "$(tar --help 2>&1|grep -o 'no-same-owner')" ] && tar_para='--no-same-owner' #tar命令兼容

 setconfig(){
@ -15,7 +15,7 @@ setconfig(){
 	[ -n "$(grep ${1} $configpath)" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
 }
 ckcmd(){ #检查命令是否存在
-	command -v sh &>/dev/null && command -v $1 &>/dev/null || type $1 &>/dev/null
+	command -v sh >/dev/null 2>&1 && command -v $1 >/dev/null 2>&1 || type $1 >/dev/null 2>&1
 }

 #任务命令
@ -148,7 +148,7 @@ reset_firewall(){ #重设透明路由防火墙
 	${CRASHDIR}/start.sh afstart
 }
 ntp(){
-	[ "$crashcore" != singbox ] && ckcmd ntpd && ntpd -n -q -p 203.107.6.88 &>/dev/null || exit 0  &
+	[ "$crashcore" != singbox ] && ckcmd ntpd && ntpd -n -q -p 203.107.6.88 >/dev/null 2>&1 || exit 0  &
 }
 #任务工具