diff --git a/backend/app/api/v1/website_ssl.go b/backend/app/api/v1/website_ssl.go
index 3584b5f57..d0420087d 100644
--- a/backend/app/api/v1/website_ssl.go
+++ b/backend/app/api/v1/website_ssl.go
@@ -236,6 +236,7 @@ func (b *BaseApi) DownloadWebsiteSSL(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
 	}
+	defer file.Close()
 	info, err := file.Stat()
 	if err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
diff --git a/backend/app/service/docker.go b/backend/app/service/docker.go
index b0ea6e52d..21418f4d1 100644
--- a/backend/app/service/docker.go
+++ b/backend/app/service/docker.go
@@ -129,13 +129,10 @@ func (u *DockerService) LoadDockerConf() *dto.DaemonJsonConf {
 }
 
 func (u *DockerService) UpdateConf(req dto.SettingUpdate) error {
-	if _, err := os.Stat(constant.DaemonJsonPath); err != nil && os.IsNotExist(err) {
-		if err = os.MkdirAll(path.Dir(constant.DaemonJsonPath), os.ModePerm); err != nil {
-			return err
-		}
-		_, _ = os.Create(constant.DaemonJsonPath)
+	err := createIfNotExistDaemonJsonFile()
+	if err != nil {
+		return err
 	}
-
 	file, err := os.ReadFile(constant.DaemonJsonPath)
 	if err != nil {
 		return err
@@ -217,15 +214,26 @@ func (u *DockerService) UpdateConf(req dto.SettingUpdate) error {
 	}
 	return nil
 }
-
-func (u *DockerService) UpdateLogOption(req dto.LogOption) error {
+func createIfNotExistDaemonJsonFile() error {
 	if _, err := os.Stat(constant.DaemonJsonPath); err != nil && os.IsNotExist(err) {
 		if err = os.MkdirAll(path.Dir(constant.DaemonJsonPath), os.ModePerm); err != nil {
 			return err
 		}
-		_, _ = os.Create(constant.DaemonJsonPath)
+		var daemonFile *os.File
+		daemonFile, err = os.Create(constant.DaemonJsonPath)
+		if err != nil {
+			return err
+		}
+		defer daemonFile.Close()
 	}
+	return nil
+}
 
+func (u *DockerService) UpdateLogOption(req dto.LogOption) error {
+	err := createIfNotExistDaemonJsonFile()
+	if err != nil {
+		return err
+	}
 	file, err := os.ReadFile(constant.DaemonJsonPath)
 	if err != nil {
 		return err
@@ -254,11 +262,9 @@ func (u *DockerService) UpdateLogOption(req dto.LogOption) error {
 }
 
 func (u *DockerService) UpdateIpv6Option(req dto.Ipv6Option) error {
-	if _, err := os.Stat(constant.DaemonJsonPath); err != nil && os.IsNotExist(err) {
-		if err = os.MkdirAll(path.Dir(constant.DaemonJsonPath), os.ModePerm); err != nil {
-			return err
-		}
-		_, _ = os.Create(constant.DaemonJsonPath)
+	err := createIfNotExistDaemonJsonFile()
+	if err != nil {
+		return err
 	}
 
 	file, err := os.ReadFile(constant.DaemonJsonPath)
@@ -300,11 +306,9 @@ func (u *DockerService) UpdateConfByFile(req dto.DaemonJsonUpdateByFile) error {
 		_ = os.Remove(constant.DaemonJsonPath)
 		return nil
 	}
-	if _, err := os.Stat(constant.DaemonJsonPath); err != nil && os.IsNotExist(err) {
-		if err = os.MkdirAll(path.Dir(constant.DaemonJsonPath), os.ModePerm); err != nil {
-			return err
-		}
-		_, _ = os.Create(constant.DaemonJsonPath)
+	err := createIfNotExistDaemonJsonFile()
+	if err != nil {
+		return err
 	}
 	file, err := os.OpenFile(constant.DaemonJsonPath, os.O_WRONLY|os.O_TRUNC, 0640)
 	if err != nil {
diff --git a/backend/app/service/image_repo.go b/backend/app/service/image_repo.go
index 7e906c9b7..e5dad9e90 100644
--- a/backend/app/service/image_repo.go
+++ b/backend/app/service/image_repo.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"path"
 	"strings"
 	"time"
 
@@ -92,6 +91,7 @@ func (u *ImageRepoService) Create(req dto.ImageRepoCreate) error {
 			return errors.New(string(stdout))
 		}
 		ticker := time.NewTicker(3 * time.Second)
+		defer ticker.Stop()
 		ctx, cancel := context.WithTimeout(context.Background(), time.Second*20)
 		if err := func() error {
 			for range ticker.C {
@@ -195,13 +195,10 @@ func (u *ImageRepoService) CheckConn(host, user, password string) error {
 }
 
 func (u *ImageRepoService) handleRegistries(newHost, delHost, handle string) error {
-	if _, err := os.Stat(constant.DaemonJsonPath); err != nil && os.IsNotExist(err) {
-		if err = os.MkdirAll(path.Dir(constant.DaemonJsonPath), os.ModePerm); err != nil {
-			return err
-		}
-		_, _ = os.Create(constant.DaemonJsonPath)
+	err := createIfNotExistDaemonJsonFile()
+	if err != nil {
+		return err
 	}
-
 	daemonMap := make(map[string]interface{})
 	file, err := os.ReadFile(constant.DaemonJsonPath)
 	if err != nil {
diff --git a/backend/app/service/ssh.go b/backend/app/service/ssh.go
index c478a4b1e..74a57f9c8 100644
--- a/backend/app/service/ssh.go
+++ b/backend/app/service/ssh.go
@@ -218,7 +218,7 @@ func (u *SSHService) GenerateSSH(req dto.GenerateSSH) error {
 	}
 	secretFile := fmt.Sprintf("%s/.ssh/id_item_%s", currentUser.HomeDir, req.EncryptionMode)
 	secretPubFile := fmt.Sprintf("%s/.ssh/id_item_%s.pub", currentUser.HomeDir, req.EncryptionMode)
-	authFile := currentUser.HomeDir + "/.ssh/authorized_keys"
+	authFilePath := currentUser.HomeDir + "/.ssh/authorized_keys"
 
 	command := fmt.Sprintf("ssh-keygen -t %s -f %s/.ssh/id_item_%s | echo y", req.EncryptionMode, currentUser.HomeDir, req.EncryptionMode)
 	if len(req.Password) != 0 {
@@ -235,8 +235,12 @@ func (u *SSHService) GenerateSSH(req dto.GenerateSSH) error {
 		_ = os.Remove(secretPubFile)
 	}()
 
-	if _, err := os.Stat(authFile); err != nil {
-		_, _ = os.Create(authFile)
+	if _, err := os.Stat(authFilePath); err != nil && errors.Is(err, os.ErrNotExist) {
+		authFile, err := os.Create(authFilePath)
+		if err != nil {
+			return err
+		}
+		defer authFile.Close()
 	}
 	stdout1, err := cmd.Execf("cat %s >> %s/.ssh/authorized_keys", secretPubFile, currentUser.HomeDir)
 	if err != nil {
diff --git a/backend/init/db/db.go b/backend/init/db/db.go
index 76df4755e..e0cd1bc8b 100644
--- a/backend/init/db/db.go
+++ b/backend/init/db/db.go
@@ -21,9 +21,11 @@ func Init() {
 	}
 	fullPath := global.CONF.System.DbPath + "/" + global.CONF.System.DbFile
 	if _, err := os.Stat(fullPath); err != nil {
-		if _, err := os.Create(fullPath); err != nil {
+		f, err := os.Create(fullPath)
+		if err != nil {
 			panic(fmt.Errorf("init db file failed, err: %v", err))
 		}
+		_ = f.Close()
 	}
 
 	newLogger := logger.New(
@@ -65,9 +67,11 @@ func initMonitorDB(newLogger logger.Interface) {
 	}
 	fullPath := path.Join(global.CONF.System.DbPath, "monitor.db")
 	if _, err := os.Stat(fullPath); err != nil {
-		if _, err := os.Create(fullPath); err != nil {
+		f, err := os.Create(fullPath)
+		if err != nil {
 			panic(fmt.Errorf("init db file failed, err: %v", err))
 		}
+		_ = f.Close()
 	}
 
 	db, err := gorm.Open(sqlite.Open(fullPath), &gorm.Config{
diff --git a/backend/utils/nginx/parser/parser.go b/backend/utils/nginx/parser/parser.go
index 5991be0c5..cd4de3dd6 100644
--- a/backend/utils/nginx/parser/parser.go
+++ b/backend/utils/nginx/parser/parser.go
@@ -27,6 +27,7 @@ func NewParser(filePath string) (*Parser, error) {
 	if err != nil {
 		return nil, err
 	}
+	defer f.Close()
 	l := newLexer(bufio.NewReader(f))
 	l.file = filePath
 	p := NewParserFromLexer(l)
diff --git a/backend/utils/toolbox/fail2ban.go b/backend/utils/toolbox/fail2ban.go
index 0a5e978d5..ce7f9c715 100644
--- a/backend/utils/toolbox/fail2ban.go
+++ b/backend/utils/toolbox/fail2ban.go
@@ -131,9 +131,11 @@ func (f *Fail2ban) ListIgnore() ([]string, error) {
 }
 
 func initLocalFile() error {
-	if _, err := os.Create(defaultPath); err != nil {
+	f, err := os.Create(defaultPath)
+	if err != nil {
 		return err
 	}
+	defer f.Close()
 	initFile := `#DEFAULT-START
 [DEFAULT]
 bantime = 600