前言

阿里云安全提示服务器存在挖矿程序
程序路径为 /tmp/watchdog

  • 进入 /tmp 目录,删除挖矿程序

    1. $ cd /tmp && ls
    2. ...
    3. watchdog
    4. ...
    5. $ rm -f watchdog

  • 通过 top 命令看到 watchdog 进程,占用较多系统资源

    1. $ top
    2. top - 10:51:41 up 21 days, 22:55,  2 users,  load average: 1.00, 1.01, 1.05
    3. Tasks: 149 total,   2 running, 147 sleeping,   0 stopped,   0 zombie
    4. %Cpu(s): 50.5 us,  0.4 sy,  0.0 ni, 49.1 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
    5. KiB Mem :  7862344 total,   149808 free,  6658780 used,  1053756 buff/cache
    6. KiB Swap:        0 total,        0 free,        0 used.   875480 avail Mem 
    8. PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND     
    9. 2939 root      20   0 2437144   2.0g   1376 S  99.6 27.1   6239:00 watchdog
    10. 1042 root      20   0   32540   2100    652 S   0.4  0.0   5:39.17 AliYunDunUpdate
    11. 1108 redis     20   0  168052   8164   1128 S   0.4  0.1  25:15.01 redis-server
    12. 1805 root      10 -10  180644  55244   4996 S   0.4  0.7 251:10.31 AliYunDun
    13. 3155 root      20   0  162128   2284   1584 R   0.4  0.0   0:00.01 top
    14. 25411 root      20   0 4688580 933304  13628 S   0.4 11.9   1:02.56 java
    15.   1 root      20   0   52408   3380   1360 S   0.0  0.0   4:34.87 systemd 
    16.   2 root      20   0       0      0      0 S   0.0  0.0   0:00.07 kthreadd  
    17.   4 root       0 -20       0      0      0 S   0.0  0.0   0:00.00 kworker/0:0H 
    18.   6 root      20   0       0      0      0 S   0.0  0.0   0:15.19 ksoftirqd/0 
    19.   7 root      rt   0       0      0      0 S   0.0  0.0   0:05.19 migration/0  
    20.   8 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcu_bh     
    21.   9 root      20   0       0      0      0 R   0.0  0.0   6:51.73 rcu_sched  
    22.  10 root       0 -20       0      0      0 S   0.0  0.0   0:00.00 lru-add-drain   
    23.  11 root      rt   0       0      0      0 S   0.0  0.0   0:03.71 watchdog/0
    24.  12 root      rt   0       0      0      0 S   0.0  0.0   0:01.98 watchdog/1 
    25.  13 root      rt   0       0      0      0 S   0.0  0.0   0:04.15 migration/1

  • 用 kill 强制结束进程 ```shell $ kill -9 2939

$ top top - 10:53:21 up 21 days, 22:57, 2 users, load average: 0.21, 0.74, 0.94 Tasks: 147 total, 1 running, 146 sleeping, 0 stopped, 0 zombie %Cpu(s): 0.2 us, 0.2 sy, 0.0 ni, 99.3 id, 0.3 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem : 7862344 total, 2286232 free, 4524812 used, 1051300 buff/cache KiB Swap: 0 total, 0 free, 0 used. 3009400 avail Mem PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 1805 root 10 -10 180644 55244 4996 S 0.3 0.7 251:10.69 AliYunDun 16671 root 20 0 42144 2812 2016 S 0.3 0.0 0:57.44 aliyun-service 28646 root 20 0 480332 52544 6992 S 0.3 0.7 0:04.04 BT-Panel 1 root 20 0 52408 3380 1360 S 0.0 0.0 4:34.88 systemd 2 root 20 0 0 0 0 S 0.0 0.0 0:00.07 kthreadd 4 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H 6 root 20 0 0 0 0 S 0.0 0.0 0:15.19 ksoftirqd/0 7 root rt 0 0 0 0 S 0.0 0.0 0:05.19 migration/0 8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh 9 root 20 0 0 0 0 S 0.0 0.0 6:51.74 rcu_sched 10 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 lru-add-drain 11 root rt 0 0 0 0 S 0.0 0.0 0:03.71 watchdog/0 12 root rt 0 0 0 0 S 0.0 0.0 0:01.98 watchdog/1 13 root rt 0 0 0 0 S 0.0 0.0 0:04.15 migration/1 14 root 20 0 0 0 0 S 0.0 0.0 0:18.40 ksoftirqd/1 ```