歡迎來到Linux教程網
設為首頁 加入收藏
Linux教程網
Linux教程網
Linux教程網
Linux教程網 >> Linux基礎 >> 關於Linux >> 某銷售公司電子商務網站被黑redhat6.1tomcat

某銷售公司電子商務網站被黑redhat6.1tomcat

日期:2017/3/1 13:36:00   编辑:關於Linux

硬件:HP380 2U

OS : redhat6.1

中間件:tomcat

JSP網站。

某公司電子商務網站系統一直不正常

系統總是資源耗盡,然後系統奔潰

\

參考網站服務故障描述:

http://blog.csdn.net/huzia/article/details/18941767

觀察日志發現,郵件日志不正常,入侵病毒不停地給雅虎的某個電子郵件接受端
發送電子郵件

Jan 31 10:36:29 ZMESCMDZSW01 postfix/qmgr[3574]: 07997200A4E: from=<[email protected]>, size=13065, nrcpt=1 (queue active)
Jan 31 10:36:29 ZMESCMDZSW01 postfix/qmgr[3574]: C1E8A200A59: from=<[email protected]>, size=25541, nrcpt=1 (queue active)
Jan 31 10:36:29 ZMESCMDZSW01 postfix/smtp[50358]: C1E8A200A59: to=<[email protected]>, relay=none, delay=378402, delays=378402/0.01/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=yahoo.com type=MX: Host not found, try again)
Jan 31 10:36:29 ZMESCMDZSW01 postfix/smtp[50340]: 07997200A4E: to=<[email protected]>, relay=none, delay=378402, delays=378402/0.06/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=yahoo.com type=MX: Host not found, try again)
Jan 31 11:46:29 ZMESCMDZSW01 postfix/qmgr[3574]: 07997200A4E: from=<[email protected]>, size=13065, nrcpt=1 (queue active)
Jan 31 11:46:29 ZMESCMDZSW01 postfix/qmgr[3574]: C1E8A200A59: from=<[email protected]>, size=25541, nrcpt=1 (queue active)
Jan 31 11:46:29 ZMESCMDZSW01 postfix/smtp[5180]: C1E8A200A59: to=<[email protected]>, relay=none, delay=382603, delays=382603/0.03/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=yahoo.com type=MX: Host not found, try again)
Jan 31 11:46:29 ZMESCMDZSW01 postfix/smtp[5133]: 07997200A4E: to=<[email protected]>, relay=none, delay=382603, delays=382603/0.16/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=yahoo.com type=MX: Host not found, try again)
Jan 31 12:56:29 ZMESCMDZSW01 postfix/qmgr[3574]: 07997200A4E: from=<[email protected]>, size=13065, nrcpt=1 (queue active)
Jan 31 12:56:29 ZMESCMDZSW01 postfix/qmgr[3574]: C1E8A200A59: from=<[email protected]>, size=25541, nrcpt=1 (queue active)
Jan 31 12:56:29 ZMESCMDZSW01 postfix/smtp[45070]: C1E8A200A59: to=<[email protected]>, relay=none, delay=386803, delays=386803/0.01/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=yahoo.com type=MX: Host not found, try again)
Jan 31 12:56:29 ZMESCMDZSW01 postfix/smtp[45054]: 07997200A4E: to=<[email protected]>, relay=none, delay=386803, delays=386803/0.03/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=yahoo.com type=MX: Host not found, try again)
Jan 31 14:06:29 ZMESCMDZSW01 postfix/qmgr[3574]: 07997200A4E: from=<[email protected]>, size=13065, nrcpt=1 (queue active)
Jan 31 14:06:30 ZMESCMDZSW01 postfix/qmgr[3574]: C1E8A200A59: from=<[email protected]>, size=25541, nrcpt=1 (queue active)
Jan 31 14:06:30 ZMESCMDZSW01 postfix/smtp[10303]: C1E8A200A59: to=<[email protected]>, relay=none, delay=391003, delays=391003/0.04/0.02/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=yahoo.com type=MX: Host not found, try again)
^C

查看是否有異常的定時任務

[root@ZMESCMDZSW01 log]# crontab -l
1 1 10 * * ~/.sysdbs
1 1 24 * * perl ~/.sysync.pl
1 1 24 * * perl ~/.sysync.pl
1 1 10 * * ~/.sysdbs

媽的,異常啟動的perl進程,就這幾個家伙倒得鬼。

問題已經基本清楚了。

注銷這幾個自動啟動進程

[root@ESCMDZSW01 ~]# crontab -e

#1 1 10 * * ~/.sysdbs
#1 1 24 * * perl ~/.sysync.pl
#1 1 24 * * perl ~/.sysync.pl
#1 1 10 * * ~/.sysdbs
~
~

[root@ZMESCMDZSW01 log]#

root@ZMESCMDZSW01 ~]# cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin ----------------這裡是對的
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
rtkit:x:499:496:RealtimeKit:/proc:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
saslauth:x:498:495:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
pulse:x:497:494:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
[root@ZMESCMDZSW01 ~]#

top輸出

6:50pm up 1 day, 22:42, 2 users, load average: 0.04, 0.13, 0.30
874 processes: 873 sleeping, 1 running, 0 zombie, 0 stopped
CPU states: 0.0% user, 0.2% system, 0.0% nice, 0.5% idle
Mem: 32843076K av, 3715880K used, 29127196K free, 0K shrd, 269536K buff
Swap: 35078136K av, 0K used, 35078136K free 963532K cached

PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND
32004 root 20 0 2924 1532 844 R 0 5.7 0.0 0:00 top
258 root 20 0 0 0 0 SW 0 0.9 0.0 0:16 ata/21
3177 root 20 0 4060 308 220 S 0 0.9 0.0 5:04 cpuspeed
3181 root 20 0 4060 304 216 S 0 0.9 0.0 5:04 cpuspeed
3185 root 20 0 4060 304 216 S 0 0.9 0.0 5:02 cpuspeed
3191 root 20 0 4060 304 216 S 0 0.9 0.0 5:01 cpuspeed
3209 root 20 0 4060 304 216 S 0 0.9 0.0 5:03 cpuspeed
3212 root 20 0 4060 304 216 S 0 0.9 0.0 5:05 cpuspeed
3214 root 20 0 4060 304 216 S 0 0.9 0.0 5:04 cpuspeed
3217 root 20 0 4060 304 216 S 0 0.9 0.0 5:04 cpuspeed
3300 dbus 20 0 98252 2340 952 S 0 0.9 0.0 0:32 dbus-daemon
12680 root 20 0 1485M 322M 16916 S 0 0.9 1.0 43:19 java
50326 root 20 0 9432 1308 1012 S 0 0.9 0.0 0:07 gam_server
1 root 20 0 19328 1512 1212 S 0 0.0 0.0 0:04 init
2 root 20 0 0 0 0 SW 0 0.0 0.0 0:00 kthreadd
3 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 migration/0
4 root 20 0 0 0 0 SW 0 0.0 0.0 0:00 ksoftirqd/0
5 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 migration/0
6 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 watchdog/0
7 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 migration/1
8 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 migration/1
9 root 20 0 0 0 0 SW 0 0.0 0.0 0:00 ksoftirqd/1
10 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 watchdog/1
11 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 migration/2
12 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 migration/2
13 root 20 0 0 0 0 SW 0 0.0 0.0 0:00 ksoftirqd/2
14 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 watchdog/2
15 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 migration/3
16 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 migration/3
17 root 20 0 0 0 0 SW 0 0.0 0.0 0:00 ksoftirqd/3
18 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 watchdog/3
19 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 migration/4
20 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 migration/4
21 root 20 0 0 0 0 SW 0 0.0 0.0 0:00 ksoftirqd/4
22 root 0K 0 0 0 0 SW 0 0.0 0.0 0:00 watchdog/4

下面是正常的top輸出,上面和下面明顯不對
[root@ZMESCMDZSW01 ~]#top
top - 18:51:49 up 1 day, 22:31, 2 users, load average: 0.17, 0.40, 0.43
Tasks: 823 total, 1 running, 822 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.2%sy, 0.0%ni, 99.6%id, 0.2%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 32843076k total, 1445164k used, 31397912k free, 95348k buffers
Swap: 35078136k total, 0k used, 35078136k free, 232384k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
56598 root 20 0 15548 1692 820 R 4.7 0.0 0:00.16 top
3133 root 20 0 4060 276 180 S 1.6 0.0 5:01.02 cpuspeed
3134 root 20 0 4060 312 216 S 1.6 0.0 5:01.69 cpuspeed
3140 root 20 0 4060 276 180 S 1.6 0.0 5:01.39 cpuspeed
3144 root 20 0 4060 276 180 S 1.6 0.0 5:01.30 cpuspeed
3146 root 20 0 4060 312 216 S 1.6 0.0 5:01.32 cpuspeed
3149 root 20 0 4060 312 216 S 1.6 0.0 5:01.16 cpuspeed
3155 root 20 0 4060 312 216 S 1.6 0.0 5:01.39 cpuspeed
3167 root 20 0 4060 276 180 S 1.6 0.0 5:01.86 cpuspeed
1 root 20 0 19324 1512 1212 S 0.0 0.0 0:03.17 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.02 kthreadd
3 root RT 0 0 0 0 S 0.0 0.0 0:00.01 migration/0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/0
5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
6 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
7 root RT 0 0 0 0 S 0.0 0.0 0:00.01 migration/1
8 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/1
9 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/1
10 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/1
11 root RT 0 0 0 0 S 0.0 0.0 0:00.01 migration/2
12 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/2
13 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/2
14 root RT 0 0 0 0 S 0.0 0.0 0:00.01 watchdog/2
15 root RT 0 0 0 0 S 0.0 0.0 0:00.02 migration/3
16 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/3
17 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/3
18 root RT 0 0 0 0 S 0.0 0.0 0:00.02 watchdog/3
19 root RT 0 0 0 0 S 0.0 0.0 0:00.01 migration/4
20 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/4
21 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/4
22 root RT 0 0 0 0 S 0.0 0.0 0:00.01 watchdog/4
23 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/5
24 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/5
25 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ksoftirqd/5
26 root RT 0 0 0 0 S 0.0 0.0 0:00.09 watchdog/5
[root@ZMESCMDZSW02 log]#

第一行:前面有個空格
第三行:cpu顯示
第五行:swap顯示
還有字體,上面部分與下面進程 顯示部分完全不是一個字體
立刻想到的就是系統命令被人替換了
查看top命令的信息
-rwxr-xr-x 1 122 114 33992 Mar 31 2010 /usr/bin/top

屬主、屬組都是那麼的詭異,122類似這樣的用戶一般為上傳文件所擁有
具體看一下文件大小
[root@ZMESCMDZSW01 ~]# ll -ha /usr/bin/top
ls:無效選項 -- h
Try `ls --help' for more information.
[root@ZMESCMDZSW01 ~]#

find / -user 122 | xargs ls -l
[root@ZMESCMDZSW01 ~]# find / -user 122 | xargs ls -l
find: “/proc/33319/task/33319/fd/5”: 沒有那個文件或目錄
find: “/proc/33319/task/33319/fdinfo/5”: 沒有那個文件或目錄
find: “/proc/33319/fd/5”: 沒有那個文件或目錄
find: “/proc/33319/fdinfo/5”: 沒有那個文件或目錄
-rwxr-xr-x 1 122 114 39696 Mar 10 2011 /bin/ls
-rwxr-xr-x 1 122 114 54152 Mar 15 2011 /bin/netstat
-rwxr-xr-x 1 122 114 62920 Mar 17 2011 /bin/ps
-rwx------ 1 122 114 525 Apr 17 2003 /lib/libsh.so/shhk
-rwx------ 1 122 114 329 Apr 17 2003 /lib/libsh.so/shhk.pub
-rwx------ 1 122 114 512 Jan 27 01:29 /lib/libsh.so/shrs
-rwxr-xr-x 1 122 114 31504 Mar 15 2011 /sbin/ifconfig
-rwxr-xr-x 1 122 114 212747 Mar 10 2011 /sbin/ttyload
-rwxrwxr-x 1 122 114 93476 Mar 10 2011 /sbin/ttymon
-rwxr-xr-x 1 122 114 39696 Mar 10 2011 /usr/bin/dir
-rwxr-xr-x 1 122 114 59536 Jun 16 2010 /usr/bin/find
-rwxr-xr-x 1 122 114 31452 Mar 10 2011 /usr/bin/md5sum
-rwxr-xr-x 1 122 114 12340 Jan 12 2011 /usr/bin/pstree
-rwxr-xr-x 1 122 114 33992 Mar 17 2011 /usr/bin/top
-rwxr-xr-x 1 122 114 1206 Apr 18 2003 /usr/lib/libsh/.bashrc
-rwxr-xr-x 1 122 114 7578 Mar 10 2011 /usr/lib/libsh/.sniff/shp
-rwxr-xr-x 1 122 114 16070 Mar 10 2011 /usr/lib/libsh/.sniff/shsniff
-rwxr-xr-x 1 122 114 2000 Mar 10 2011 /usr/lib/libsh/hide
-rwxr-xr-x 1 122 114 1345 Mar 10 2011 /usr/lib/libsh/shsb
-rwxr-xr-x 1 122 114 82628 Jun 28 2010 /usr/sbin/lsof
[root@ZMESCMDZSW01 ~]#

find / -user 122 | xargs lsattr
[root@ZMESCMDZSW01 ~]# cd /bin/ls
-bash: cd: /bin/ls: 不是目錄
[root@ZMESCMDZSW01 ~]# cd /bin
[root@ZMESCMDZSW01 bin]# mv ls ls_bak
[root@ZMESCMDZSW01 bin]# cd /sbin/ttyload
-bash: cd: /sbin/ttyload: 不是目錄
[root@ZMESCMDZSW01 bin]# cd /sbin
[root@ZMESCMDZSW01 sbin]# mv ttyload ttyload20140208
[root@ZMESCMDZSW01 sbin]# mv ttyload ttymon20140208
mv: 無法獲取"ttyload" 的文件狀態(stat): 沒有那個文件或目錄
[root@ZMESCMDZSW01 sbin]# mv ttyload ttymon20140208
mv: 無法獲取"ttyload" 的文件狀態(stat): 沒有那個文件或目錄
[root@ZMESCMDZSW01 sbin]# ls tty*
-bash: /bin/ls: 沒有那個文件或目錄
[root@ZMESCMDZSW01 sbin]# ls *
-bash: /bin/ls: 沒有那個文件或目錄
[root@ZMESCMDZSW01 sbin]# cd /bin
[root@ZMESCMDZSW01 bin]# sftp [email protected]
Connecting to 192.168.1.72...
[email protected]'s password:
sftp> cd bin
Couldn't canonicalise: No such file or directory
sftp> cd /bin
sftp> get ls
Fetching /bin/ls to ls
/bin/ls 100% 114KB 114.3KB/s 00:00
sftp> exit
[root@ZMESCMDZSW01 bin]# ls
alsaunmute csh env kill mv rvi traceroute6
arch cut ex link nano rview true
awk dash false ln netstat sed ulockmgr_server
basename date fgrep loadkeys nice setfont umount
bash dbus-cleanup-sockets find login nisdomainname setserial uname
cat dbus-daemon findmnt ls ping sh unicode_start
cgclassify dbus-monitor fusermount ls_bak ping6 sleep unicode_stop
cgcreate dbus-send gawk lsblk plymouth sort unlink
cgdelete dbus-uuidgen gettext lscgroup ps stty usleep
cgexec dd grep lssubsys pwd su vi
cgget df gtar mail raw sync view
cgset dmesg gunzip mailx readlink tar ypdomainname
cgsnapshot dnsdomainname gzip mkdir red taskset zcat
chgrp domainname hostname mknod redhat_lsb_init tcsh
chmod dumpkeys ipcalc mktemp rm touch
chown echo iptables-xml more rmdir tracepath
cp ed kbd_mode mount rnano tracepath6
cpio egrep keyctl mountpoint rpm traceroute

如下所示ls命令已經修復。

[root@ZMESCMDZSW01 bin]# ls
alsaunmute csh env kill mv rvi traceroute6
arch cut ex link nano rview true
awk dash false ln netstat sed ulockmgr_server
basename date fgrep loadkeys nice setfont umount
bash dbus-cleanup-sockets find login nisdomainname setserial uname
cat dbus-daemon findmnt ls ping sh unicode_start
cgclassify dbus-monitor fusermount ls_bak ping6 sleep unicode_stop
cgcreate dbus-send gawk lsblk plymouth sort unlink
cgdelete dbus-uuidgen gettext lscgroup ps stty usleep
cgexec dd grep lssubsys pwd su vi
cgget df gtar mail raw sync view
cgset dmesg gunzip mailx readlink tar ypdomainname
cgsnapshot dnsdomainname gzip mkdir red taskset zcat
chgrp domainname hostname mknod redhat_lsb_init tcsh
chmod dumpkeys ipcalc mktemp rm touch
chown echo iptables-xml more rmdir tracepath
cp ed kbd_mode mount rnano tracepath6
cpio egrep keyctl mountpoint rpm traceroute

root@ZMESCMDZSW01 bin]# ls -alt ls
-rwxr-xr-x. 1 root root 117024 2月 13 19:01 ls
[root@ZMESCMDZSW01 bin]#

ls命令已經回到正常

修復top命令

[root@ZMESCMDZSW01 bin]# sftp [email protected]
Connecting to 192.168.1.72...
[email protected]'s password:
sftp> cd /usr/bin
sftp> get top
Fetching /usr/bin/top to top
/usr/bin/top 100% 67KB 66.8KB/s 00:00
sftp> exit
[root@ZMESCMDZSW01 bin]# top---已經修復如下

top - 19:06:03 up 1 day, 22:58, 2 users, load average: 0.08, 0.20, 0.23
Tasks: 874 total, 2 running, 872 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.1%us, 0.3%sy, 0.0%ni, 99.6%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 32843076k total, 3720472k used, 29122604k free, 269876k buffers
Swap: 35078136k total, 0k used, 35078136k free, 964400k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
12680 root 20 0 1486m 322m 16m S 1.3 1.0 43:38.99 java
35593 root 20 0 15552 1884 952 R 1.3 0.0 0:00.11 top
242 root 20 0 0 0 0 S 0.3 0.0 0:15.04 ata/5
835 root 20 0 0 0 0 S 0.3 0.0 0:57.63 scsi_eh_1
3172 root 20 0 4060 304 216 S 0.3 0.0 5:05.42 cpuspeed
3175 root 20 0 4060 304 216 S 0.3 0.0 5:05.21 cpuspeed
3176 root 20 0 4060 304 216 S 0.3 0.0 5:05.23 cpuspeed
3179 root 20 0 4060 304 216 S 0.3 0.0 5:06.07 cpuspeed
3181 root 20 0 4060 304 216 S 0.3 0.0 5:06.50 cpuspeed
3183 root 20 0 4060 304 216 S 0.3 0.0 5:06.16 cpuspeed
3185 root 20 0 4060 304 216 S 0.3 0.0 5:04.56 cpuspeed
3188 root 20 0 4060 304 216 S 0.3 0.0 5:04.85 cpuspeed
3191 root 20 0 4060 304 216 S 0.3 0.0 5:03.31 cpuspeed
3192 root 20 0 4060 304 216 S 0.3 0.0 5:06.38 cpuspeed
3196 root 20 0 4060 304 216 S 0.3 0.0 5:06.70 cpuspeed
3208 root 20 0 4060 304 216 S 0.3 0.0 5:06.21 cpuspeed
3211 root 20 0 4060 304 216 S 0.3 0.0 5:06.61 cpuspeed
3212 root 20 0 4060 304 216 S 0.3 0.0 5:06.69 cpuspeed
3213 root 20 0 4060 304 216 S 0.3 0.0 5:04.78 cpuspeed
3215 root 20 0 4060 304 216 S 0.3 0.0 5:05.38 cpuspeed
3216 root 20 0 4060 304 216 S 0.3 0.0 5:06.55 cpuspeed
3217 root 20 0 4060 304 216 S 0.3 0.0 5:06.61 cpuspeed
3218 root 20 0 4060 304 216 S 0.3 0.0 5:06.26 cpuspeed
3219 root 20 0 4060 304 216 S 0.3 0.0 5:04.76 cpuspeed
3222 root 20 0 4060 304 216 S 0.3 0.0 5:06.65 cpuspeed
3223 root 20 0 4060 304 216 S 0.3 0.0 5:05.19 cpuspeed
3936 root 18 -2 12532 2844 584 S 0.3 0.0 4:34.98 udevd
26162 root 20 0 97636 3724 2892 S 0.3 0.0 0:00.41 sshd
39219 root 20 0 11.6g 260m 20m S 0.3 0.8 0:48.77 java
1 root 20 0 19328 1512 1212 S 0.0 0.0 0:04.12 init
2 root 20 0 0 0 0 S 0.0 0.0 0:00.17 kthreadd
3 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
4 root 20 0 0 0 0 S 0.0 0.0 0:00.21 ksoftirqd/0
5 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
6 root RT 0 0 0 0 S 0.0 0.0 0:00.00 watchdog/0
[root@ZMESCMDZSW01 bin]#

搞壞這兩病毒命令

[root@ZMESCMDZSW01 bin]# cd /sbin
[root@ZMESCMDZSW01 sbin]# ls tty*
ttyload20140208 ttymon
[root@ZMESCMDZSW01 sbin]# ls -alt tty*
-rwxr-xr-x. 1 122 114 212747 3月 10 2011 ttyload20140208
-rwxrwxr-x. 1 122 114 93476 3月 10 2011 ttymon
[root@ZMESCMDZSW01 sbin]# mv ttymon ttymon20140208
[root@ZMESCMDZSW01 sbin]# l
-bash: l: command not found
[root@ZMESCMDZSW01 sbin]#

find / -user 122 | xargs chown root:root

其他命令已經修復,等待觀察。

相應的安全策略還在思考與制定中

關於Linux

在Ubuntu 6.10上安裝Lotus Notes 7

Lotus Notes 從版本 7 開始正式支持 Linux 平台,但是官方只支持 Red Ha

Linux多任務編程(五) wait()、waitpid()函數及其基礎實驗

Linux操作系統內核啟動參數詳細解析

Centos升級php mysql

國內開源社區發展迅猛 MeeGo備受關注

Linux下的C語言開發(網絡編程)

Linux解決文件刪除了但磁盤可利用率沒變

CentOS安裝注意事項(備忘)

Liunx雙網卡綁定實現高可用性

Linux教程網

Linux系統故障排除

實驗環境:RHEL5.8 32BitLinux系統故障詳解・常見的系統故障排除 在我們的

應用Linux下兩種中文輸入法

自動分區、格式化、掛載腳本

Ubuntu系統裡設置鼠標靈敏度

linux shell 的 $

Fedora10 使用Git管理版本配置

Android流量監測的實現原理

Linux配置

簡述Linux操作系統文件搜索

相关文章
Linux基礎知識Linux入門Linux技術Linux教程Linux服務器關於Linux
文章推荐
Linux Mint 15路線圖:將帶來3個新特性

Linux Mint 14 (
開源展望:Linux逐漸成為企業應用的主流

  又到歲末,也到了我們回顧過去,展
slab內存管理源代碼分析

學習計算機原理,最好是實踐或看
Linux分區注意事項

1.

热点聚焦

關於ubuntu發熱大,風扇狂轉的解決方案

CentOS 6.X 安裝node

Tomcat下搭建同IP不同端口的多站點

linux shell編程中date命令的用法

makefile變量賦值

中標麒麟系統進行雙網卡綁定

linux RHEL修改網卡名稱

1.1 (Linux系統安裝)安裝centos5 系統

linux系統之間互傳文件

Linux系統管理與維護之-ls命令

Copyright © Linux教程網 All Rights Reserved