首页 博客 娱乐 图库 新闻 体育 视频

Linux 挖矿病毒 khugepageds

最近阿里云服务器经常被攻击、其中一种挖矿病毒、会伪CPU数、即如果用top命令只能看到一个cpu、并且负载不高、实际上整个负载100%。下面分享一下处理脚本:


#!/bin/bash service crond stop busybox rm -f /etc/ld.so.preload busybox rm -f /usr/local/lib/libcset.so chattr -i /etc/ld.so.preload busybox rm -f /etc/ld.so.preload busybox rm -f /usr/local/lib/libcset.so # 清理异常进程 busybox ps -ef | busybox grep -v grep | busybox egrep 'ksoftirqds' | busybox awk '{print $1}' | busybox xargs kill -9 busybox ps -ef | busybox grep -v grep | busybox egrep 'kthrotlds' | busybox awk '{print $1}' | busybox xargs kill -9 busybox ps -ef | busybox grep -v grep | busybox egrep 'kpsmouseds' | busybox awk '{print $1}' | busybox xargs kill -9 busybox ps -ef | busybox grep -v grep | busybox egrep 'kintegrityds' | busybox awk '{print $1}' | busybox xargs kill -9 busybox ps -ef | busybox grep -v grep | busybox egrep 'khugepageds' | busybox awk '{print $1}' | busybox xargs kill -9 busybox rm -f /tmp/kthrotlds busybox rm -f /tmp/kintegrityds busybox rm -f /tmp/khugepageds busybox rm -f /tmp/kpsmouseds busybox rm -f /etc/cron.d/tomcat busybox rm -f /etc/cron.d/root busybox rm -f /var/spool/cron/root busybox rm -f /var/spool/cron/crontabs/root busybox rm -f /etc/rc.d/init.d/kthrotlds busybox rm -f /etc/rc.d/init.d/kpsmouseds busybox rm -f /etc/rc.d/init.d/kintegrityds busybox rm -f /usr/sbin/kthrotlds busybox rm -f /usr/sbin/kintegrityds busybox rm -f /usr/sbin/kpsmouseds busybox rm -f /etc/init.d/netdns busybox rm -f /tmp/ld.so.preload* ldconfig # 再次清理异常进程 busybox ps -ef | busybox grep -v grep | busybox egrep 'ksoftirqds' | busybox awk '{print $1}' | busybox xargs kill -9 busybox ps -ef | busybox grep -v grep | busybox egrep 'kthrotlds' | busybox awk '{print $1}' | busybox xargs kill -9 busybox ps -ef | busybox grep -v grep | busybox egrep 'kpsmouseds' | busybox awk '{print $1}' | busybox xargs kill -9 busybox ps -ef | busybox grep -v grep | busybox egrep 'kintegrityds' | busybox awk '{print $1}' | busybox xargs kill -9 busybox ps -ef | busybox grep -v grep | busybox egrep 'khugepageds' | busybox awk '{print $1}' | busybox xargs kill -9 # 清理开机启动项 chkconfig netdns off chkconfig –del netdns service crond start echo "Done, Please reboot!" # luojie@knowledge.daletripp.com


除非特别注明,本站所有文字均为原创文章,作者:luojie

No Comment

留言

电子邮件地址不会被公开。 必填项已用*标注

感谢你的留言。。。