Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home Operation and Maintenance CentOS How to implement CentOS to continuously send out packages

How to implement CentOS to continuously send out packages

WJ
WJ
Jun 05, 2020 pm 04:07 PM
centos

How to implement CentOS to continuously send out packages

如何实现CentOS不停向外发包?

服务器不停的向外发包,且CPU持续100%,远程登录后查看发现有一长度为10的随机字符串进程,kill掉,会重新生成另外长度为10的字符串进程。删除文件也会重复生成,非常痛苦。查阅crond相关日志,发现实际执行的内容为/lib/libudev.so ,以此为关键字进行查询,找到如下内容:

1.1 工具/原料

Linux系统病毒文件libudev.so

1.2 方法/步骤

1.网络流量暴增,使用 top 观察有至少一個 10 个随机字母組成的程序執行,佔用大量 CPU 使用率。刪除這些程序,馬上又产生新的程序。

2.检查 cat /etc/crontab 发现定时任务 每三分钟执行一个脚本gcc.sh

*/3 * * * * root /etc/cron.hourly/gcc.sh

查看病毒程式 gcc.sh,可以看到病毒本体是 /lib/libudev.so。

[root@deyu ~]# cat /etc/cron.hourly/gcc.sh
#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin
for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done
cp /lib/libudev.so /lib/libudev.so.6
/lib/libudev.so.6
Copy after login

刪除上一行例行工作 gcc.sh,并设定 /etc/crontab无法变动,否则马上又会产生新的文件。

[root@deyu ~]# rm -f /etc/cron.hourly/gcc.sh && chattr +i /etc/crontab
Copy after login

使用 top 查看病毒為 mtyxkeaofa,id 为 16621,不要直接杀掉程序,否则会再次产生新的文件,而是停止其运行。

[root@deyu ~]# kill -STOP 16621
Copy after login

刪除 /etc/init.d 內的档案。

[root@deyu ~]# find /etc -name '*mtyxkeaofa*' | xargs rm -f
Copy after login

刪除 /usr/bin 內的档案。

[root@deyu ~]# rm -f /usr/bin/mtyxkeaofa
Copy after login

查看 /usr/bin 最近变动的档案,如果是病毒也一併刪除,其他可疑的目錄也一樣。

[root@deyu ~]# ls -lt /usr/bin | head
Copy after login

現在杀掉病毒程序,就不會再产生。

[root@deyu ~]# pkill mtyxkeaofa
Copy after login

刪除病毒本体。

[root@deyu ~]# rm -f /lib/libudev.so
Copy after login

使用此方法 可以完全清除此病毒。

1.3 注意事项

/proc里面的东西是可以更改的;lsof还比较忠诚,不直接读取/proc里面的信息,ps看到的就不一定真实,top看到的进程还是正确的。 附:find -o参数就是逻辑运算的or

相关参考:centOS教程



The above is the detailed content of How to implement CentOS to continuously send out packages. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Show More

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Repo: How To Revive Teammates
1 months ago By 尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
How Long Does It Take To Beat Split Fiction?
3 weeks ago By DDD
R.E.P.O. Save File Location: Where Is It & How to Protect It?
3 weeks ago By DDD
Show More

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Where is the login entrance for gmail email?
7338
9
Java Tutorial
1627
14
CakePHP Tutorial
1352
46
Laravel Tutorial
1265
25
PHP Tutorial
1210
29
Show More
Related knowledge
How to input Chinese in centos How to input Chinese in centos Apr 07, 2024 pm 08:21 PM

Methods for using Chinese input in CentOS include: using the fcitx input method: install and enable fcitx, set shortcut keys, press the shortcut keys to switch input methods, and input pinyin to generate candidate words. Use iBus input method: Install and enable iBus, set shortcut keys, press the shortcut keys to switch input methods, and input pinyin to generate candidate words.

How to read USB disk files in centos7 How to read USB disk files in centos7 Apr 07, 2024 pm 08:18 PM

To read U disk files in CentOS 7, you need to first connect the U disk and confirm its device name. Then, use the following steps to read the file: Mount the USB flash drive: mount /dev/sdb1 /media/sdb1 (replace "/dev/sdb1" with the actual device name) Browse the USB flash drive file: ls /media/sdb1; cd /media /sdb1/directory; cat file name

How to enter root permissions in centos7 How to enter root permissions in centos7 Apr 02, 2024 pm 08:57 PM

There are two ways to enter the root authority of CentOS 7: use the sudo command: enter sudo su - in the terminal and enter the current user password. Log in directly as the root user: Select "Other" on the login screen, enter "root" and the root password. Note: Operate carefully with root privileges, perform tasks with sudo privileges, and change the root password regularly.

SCP usage tips-recursively exclude files SCP usage tips-recursively exclude files Apr 22, 2024 am 09:04 AM

One can use the scp command to securely copy files between network hosts. It uses ssh for data transfer and authentication. Typical syntax is: scpfile1user@host:/path/to/dest/scp -r/path/to/source/user@host:/path/to/dest/scp exclude files I don't think you can when using scp command Filter or exclude files. However, there is a good workaround to exclude the file and copy it securely using ssh. This page explains how to filter or exclude files when copying directories recursively using scp. How to use rsync command to exclude files The syntax is: rsyncav-essh-

What to do if you forget your password to log in to centos What to do if you forget your password to log in to centos Apr 07, 2024 pm 07:33 PM

Solutions for forgotten CentOS passwords include: Single-user mode: Enter single-user mode and reset the password using passwd root. Rescue Mode: Boot from CentOS Live CD/USB, mount root partition and reset password. Remote access: Use SSH to connect remotely and reset the password with sudo passwd root.

What should I do if I forget my centos username and password? What should I do if I forget my centos username and password? Apr 02, 2024 pm 08:54 PM

After forgetting your CentOS username and password, there are two ways to restore access: Reset the root password: Restart the server, edit the kernel command line in the GRUB menu, add "rw init=/sysroot/bin/sh" and press Ctrl+x ;Mount the root file system and reset the password in single-user mode. Use rescue mode: Start the server from the CentOS installation ISO image, select rescue mode; mount the root file system, copy the chroot environment from the ISO image, reset the password, exit the chroot environment and restart the server.

How to enable root permissions in centos7 How to enable root permissions in centos7 Apr 07, 2024 pm 08:03 PM

CentOS 7 disables root permissions by default. You can enable it by following the following steps: Temporarily enable it: Enter "su root" on the terminal and enter the root password. Permanently enabled: Edit "/etc/ssh/sshd_config", change "PermitRootLogin no" to "yes", and restart the SSH service.

What should I do if I forget my centos7 password? What should I do if I forget my centos7 password? Apr 02, 2024 pm 08:51 PM

Three solutions for forgotten passwords in CentOS 7: Single-user mode: Restart the system, edit the kernel options, change ro to rw init=/sysroot/bin/sh, and use the passwd command to reset the root password. Rescue mode: Boot from the installation media, select rescue mode, mount the root file system, chroot to the root file system, and use the passwd command to reset the root password. Grub2 command line: Restart the system, press c to enter the command line, load the kernel, mount the root file system, chroot to the root file system, and use the passwd command to reset the root password.

See all articles