最近阿里云服务器经常被攻击、其中一种挖矿病毒、会伪CPU数、即如果用top命令只能看到一个cpu、并且负载不高、实际上整个负载100%。下面分享一下处理脚本:
- #!/bin/bash
- service crond stop
- busybox rm -f /etc/ld.so.preload
- busybox rm -f /usr/local/lib/libcset.so
- chattr -i /etc/ld.so.preload
- busybox rm -f /etc/ld.so.preload
- busybox rm -f /usr/local/lib/libcset.so
- # 清理异常进程
- busybox ps -ef | busybox grep -v grep | busybox egrep 'ksoftirqds' | busybox awk '{print $1}' | busybox xargs kill -9
- busybox ps -ef | busybox grep -v grep | busybox egrep 'kthrotlds' | busybox awk '{print $1}' | busybox xargs kill -9
- busybox ps -ef | busybox grep -v grep | busybox egrep 'kpsmouseds' | busybox awk '{print $1}' | busybox xargs kill -9
- busybox ps -ef | busybox grep -v grep | busybox egrep 'kintegrityds' | busybox awk '{print $1}' | busybox xargs kill -9
- busybox ps -ef | busybox grep -v grep | busybox egrep 'khugepageds' | busybox awk '{print $1}' | busybox xargs kill -9
- busybox rm -f /tmp/kthrotlds
- busybox rm -f /tmp/kintegrityds
- busybox rm -f /tmp/khugepageds
- busybox rm -f /tmp/kpsmouseds
- busybox rm -f /etc/cron.d/tomcat
- busybox rm -f /etc/cron.d/root
- busybox rm -f /var/spool/cron/root
- busybox rm -f /var/spool/cron/crontabs/root
- busybox rm -f /etc/rc.d/init.d/kthrotlds
- busybox rm -f /etc/rc.d/init.d/kpsmouseds
- busybox rm -f /etc/rc.d/init.d/kintegrityds
- busybox rm -f /usr/sbin/kthrotlds
- busybox rm -f /usr/sbin/kintegrityds
- busybox rm -f /usr/sbin/kpsmouseds
- busybox rm -f /etc/init.d/netdns
- busybox rm -f /tmp/ld.so.preload*
- ldconfig
- # 再次清理异常进程
- busybox ps -ef | busybox grep -v grep | busybox egrep 'ksoftirqds' | busybox awk '{print $1}' | busybox xargs kill -9
- busybox ps -ef | busybox grep -v grep | busybox egrep 'kthrotlds' | busybox awk '{print $1}' | busybox xargs kill -9
- busybox ps -ef | busybox grep -v grep | busybox egrep 'kpsmouseds' | busybox awk '{print $1}' | busybox xargs kill -9
- busybox ps -ef | busybox grep -v grep | busybox egrep 'kintegrityds' | busybox awk '{print $1}' | busybox xargs kill -9
- busybox ps -ef | busybox grep -v grep | busybox egrep 'khugepageds' | busybox awk '{print $1}' | busybox xargs kill -9
- # 清理开机启动项
- chkconfig netdns off
- chkconfig –del netdns
- service crond start
- echo "Done, Please reboot!"
- # luojie@mayikf.com
发表评论