1
2
|
killall -9 nginx1
rm
-f
/etc/nginx1
|
1
2
3
4
5
6
7
8
9
10
|
#有无下列文件
cat
/etc/rc
.d
/init
.d
/selinux
cat
/etc/rc
.d
/init
.d
/DbSecuritySpt
ls
/usr/bin/bsd-port
ls
/usr/bin/dpkgd
#查看大小是否正常
ls
-lh
/bin/netstat
ls
-lh
/bin/ps
ls
-lh
/usr/sbin/lsof
ls
-lh
/usr/sbin/ss
|
1
|
ps
netstat
ss
lsof
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
rm
-rf
/usr/bin/dpkgd
(
ps
netstat
lsof
ss)
rm
-rf
/usr/bin/bsd-port
#木马程序
rm
-f
/usr/bin/
.sshd
#木马后门
rm
-f
/tmp/gates
.lod
rm
-f
/tmp/moni
.lod
rm
-f
/etc/rc
.d
/init
.d
/DbSecuritySpt
(启动上述描述的那些木马变种程序)
rm
-f
/etc/rc
.d
/rc1
.d
/S97DbSecuritySpt
rm
-f
/etc/rc
.d
/rc2
.d
/S97DbSecuritySpt
rm
-f
/etc/rc
.d
/rc3
.d
/S97DbSecuritySpt
rm
-f
/etc/rc
.d
/rc4
.d
/S97DbSecuritySpt
rm
-f
/etc/rc
.d
/rc5
.d
/S97DbSecuritySpt
rm
-f
/etc/rc
.d
/init
.d
/selinux
(默认是启动
/usr/bin/bsd-port/getty
)
rm
-f
/etc/rc
.d
/rc1
.d
/S99selinux
rm
-f
/etc/rc
.d
/rc2
.d
/S99selinux
rm
-f
/etc/rc
.d
/rc3
.d
/S99selinux
rm
-f
/etc/rc
.d
/rc4
.d
/S99selinux
rm
-f
/etc/rc
.d
/rc5
.d
/S99selinux
|
1
2
3
4
5
6
7
8
9
10
11
12
|
#ps
/root/chattr
-i -a
/bin/ps
&&
rm
/bin/ps
-f
yum reinstall procps -y 或
cp
/root/ps
/bin
#netstat
/root/chattr
-i -a
/bin/netstat
&&
rm
/bin/netstat
-f
yum reinstall net-tools -y 或
cp
/root/netstat
/bin
#lsof
/root/chattr
-i -a
/bin/lsof
&&
rm
/usr/sbin/lsof
-f
yum reinstall
lsof
-y 或
cp
/root/lsof
/usr/sbin
#ss
/root/chattr
-i -a
/usr/sbin/ss
&&
rm
/usr/sbin/ss
-f
yum -y reinstall iproute 或
cp
/root/ss
/usr/sbin
|
1
|
yum -y
install
clamav clamav-milter
|
1
|
service clamd restart
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@mobile ~]
# freshclam
ClamAV update process started at Sun Jan 31 03:15:52 2016
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): WARNING: main.cvd not found on remote server
WARNING: Can't
read
main.cvd header from db.cn.clamav.net (IP: 185.100.64.62)
Trying again
in
5 secs...
ClamAV update process started at Sun Jan 31 03:16:25 2016
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): Trying host db.cn.clamav.net (200.236.31.1)...
OK
main.cvd is up to
date
(version: 55, sigs: 2424225, f-level: 60, builder: neo)
Reading CVD header (daily.cvd): OK (IMS)
daily.cvd is up to
date
(version: 21325, sigs: 1824133, f-level: 63, builder: neo)
Reading CVD header (bytecode.cvd): OK (IMS)
bytecode.cvd is up to
date
(version: 271, sigs: 47, f-level: 63, builder: anvilleg)
|
1
2
3
4
5
|
clamscan -r
/etc
--max-
dir
-recursion=5 -l
/root/etcclamav
.log
clamscan -r
/bin
--max-
dir
-recursion=5 -l
/root/binclamav
.log
clamscan -r
/usr
--max-
dir
-recursion=5 -l
/root/usrclamav
.log
clamscan -r --remove
/usr/bin/bsd-port
clamscan -r --remove
/usr/bin/
|
-
CPU核数(从/proc/cpuinfo读取)。
-
CPU速度(从/proc/cpuinfo读取)。
-
CPU使用(从/proc/stat读取)。
-
Gate'a的 IP(从/proc/net/route读取)。
-
Gate'a的MAC地址(从/proc/net/arp读取)。
-
网络接口信息(从/proc/net/dev读取)。
-
网络设备的MAC地址。
-
内存(使用/proc/meminfo中的MemTotal参数)。
-
发送和接收的数据量(从/proc/net/dev读取)。
-
操作系统名称和版本(通过调用uname命令)。
1
2
3
4
|
ln
-s
/etc/init
.d
/DbSecuritySpt
/etc/rc1
.d
/S97DbSecuritySpt
ln
-s
/etc/init
.d
/DbSecuritySpt
/etc/rc2
.d
/S97DbSecuritySpt
ln
-s
/etc/init
.d
/DbSecuritySpt
/etc/rc3
.d
/S97DbSecuritySpt
ln
-s
/etc/init
.d
/DbSecuritySpt
/etc/rc4
.d
/S97DbSecuritySpt
|
1
2
3
4
5
6
7
8
9
|
/bin/netstat
/bin/lsof
/bin/ps
/usr/bin/netstat
/usr/bin/lsof
/usr/bin/ps
/usr/sbin/netstat
/usr/sbin/lsof
/usr/sbin/ps
|