万恶的minerd挖矿木马,手段很高明,彻底根治比较难,先写个定时脚本压制下。
核心命令
ps -ef|grep "./minerd"|awk '{print $2}'|xargs kill
修改定时任务
# Example of job definition:
# .---------------- minute (0 - 59)
# | .------------- hour (0 - 23)
# | | .---------- day of month (1 - 31)
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ...
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
*/1 * * * * hadoop ps -ef|grep "./minerd"|awk '{print $2}'|xargs kill >> /home/hadoop/minerd.out 2>&1
分发定时任务,解决输入密码,以及弹出主机认证问题。
分发命令
sshpass -p hadoop scp -o "StrictHostKeyChecking no" /etc/crontab root@172.16.31.161:/etc/
因为虚拟机比较多,分发比较麻烦,故写了个脚本
#!/bin/bash
if [ $# -lt 1 ] ; then
echo "USAGE: $0 ips"
echo " e.g.: $0 hadoop164 hadoop165 .."
exit 1;
fi
for var in $@;
do
# cmd="scp $1 $var:$2"
# echo "cmd:" $cmd
echo $var
sshpass -p hadoop scp -o "StrictHostKeyChecking no" /etc/crontab root@$var:/etc/
done
完,效果显著,CPU都从满状态下到20%左右。
实体机CPU从100%,降到80%左右。