解决阿里云主机受到攻击的问题 2
黄威的世界
2016-05-11
1529浏览量
解决阿里云主机受到攻击的问题
详细解决方案
在/etc/profile 文件中添加:
sed -i 's/^\([^#].*scrypt\)/# \1/' /etc/rc.local
sed -i 's/^\(\/mnt\/linsx\)/# \1/' /etc/rc.local
sed -i 's/^\(\/tmp\/\)/# \1/' /etc/rc.local
rm -fr /mnt/linsx
rm -fr /tmp/minerd
rm -fr /tmp/1.sh
ps -ef |grep "/usr/bin/acpid" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/bsd-port/agent" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/usr/bin/.sshd" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/root/.l" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
ps -ef |grep "/mnt/linsx" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
在 /root/.bash_profile 添加相同的代码
定时器执行的脚本:
- #!/bin/sh
- $grep_result
- grep_result=`ps -ef |grep tomcat|grep "/home/whuang/software/apache/apache-tomcat-7.0.53"|grep -v "grep"`
- if [ x"$grep_result" = x"" ];then
- catalina_home2=/home/whuang/software/apache/apache-tomcat-7.0.53
- CATALINA_HOME=$catalina_home2
- cd $catalina_home2/bin
- ./startup.sh
- else
- echo "tomcat is running..."
- fi
- rm -fr /usr/bin/acpid 2>/dev/null
- rm -fr /usr/bin/bsd-port/agent
- rm -fr /usr/bin/.sshd
- rm -fr /mnt/linsx
rm -fr /tmp/minerd
rm -fr /tmp/1.sh
- ps -ef |grep "/usr/bin/acpid" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/usr/bin/bsd-port/agent" |grep -v grep |awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/usr/bin/.sshd" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/root/.l" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
- ps -ef |grep "/mnt/linsx" |grep -v grep|awk -F" " {'print $2'}|xargs -i kill -9 {}
- sed -i 's/^\([^#].*scrypt\)/# \1/' /etc/rc.local
- sed -i 's/^\(\/mnt\/linsx\)/# \1/' /etc/rc.local
- sed -i 's/^\(\/tmp\/\)/# \1/' /etc/rc.local
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
集结各类场景实战经验,助你开发运维畅行无忧
