操屁眼的视频在线免费看,日本在线综合一区二区,久久在线观看免费视频,欧美日韩精品久久综

新聞資訊

    里云一臺ECS中招,中招原因可能為版本底,并且WEB界面允許外部訪問,因為我們有外部程序員需要上傳代碼。

    受影響的版本:


    現(xiàn)像:

    CPU一直50%,很聰明?。?!




    查看進程,有一個GIT用戶運行的exe程序持續(xù)占有50%的CPU,程序結(jié)束后會馬上自動拉起。

    處理過程:

    切換到Gti用戶下,查看計劃任務(wù):

    計劃任務(wù)為空

    /tmp/目錄下,沒有發(fā)現(xiàn)和阿里提示相同的文件夾。

    通過lsof -p查看進程,發(fā)現(xiàn)境外連接地址,通過IPTABLES禁止訪問此地址后,會自動更換其它地址進行自動連接。

    [root@~]# lsof -p 9119
    COMMAND  PID USER   FD      TYPE     DEVICE SIZE/OFF       NODE NAME
    exe     9119  git  cwd       DIR      253,1     4096          2 /
    exe     9119  git  rtd       DIR      253,1     4096          2 /
    exe     9119  git  txt       REG      253,1  1709100    1179650 /tmp/kami (deleted)
    exe     9119  git    0r      CHR        1,3      0t0       1028 /dev/null
    exe     9119  git    1w      CHR        1,3      0t0       1028 /dev/null
    exe     9119  git    2w      CHR        1,3      0t0       1028 /dev/null
    exe     9119  git    3r      CHR        1,3      0t0       1028 /dev/null
    exe     9119  git    4u      REG      253,1        4    1188868 /tmp/.x11-unix (deleted)
    exe     9119  git    5u  a_inode       0,10        0       6387 [eventpoll]
    exe     9119  git    6r     FIFO        0,9      0t0 1319801218 pipe
    exe     9119  git    7w     FIFO        0,9      0t0 1319801218 pipe
    exe     9119  git    8r     FIFO        0,9      0t0 1319801219 pipe
    exe     9119  git    9w     FIFO        0,9      0t0 1319801219 pipe
    exe     9119  git   10u  a_inode       0,10        0       6387 [eventfd]
    exe     9119  git   11u  a_inode       0,10        0       6387 [eventfd]
    exe     9119  git   12u  a_inode       0,10        0       6387 [eventfd]
    exe     9119  git   13r      CHR        1,3      0t0       1028 /dev/null
    exe     9119  git   14u     IPv4 1319801220      0t0        TCP nexus.****.com:48948->504e189a.host.njalla.net:https (ESTABLISHED)
    
    iptables -I OUTPUT -d 80.78.24.154 -j DROP
    
    Chain OUTPUT (policy ACCEPT 108 packets, 114K bytes)
     pkts bytes target     prot opt in     out     source               destination         
        6   372 DROP       all  --  *      *       0.0.0.0/0            80.78.24.154 
    

    因為本人處理過一起類似的問題,所以知道系統(tǒng)里本身的默認(rèn)命令應(yīng)該是無法查看到此程序,使用busybox來可以很容易的清理,因為時間有限,我給大家一個小妙招,如果找到busybox,可以下載一個docker鏡像,拉起來后,把busybox復(fù)制到本機,然后通過busybox進行病毒的清理工作,就易如反掌。

    • 清空整個/tmp目錄
    • 結(jié)束所有已經(jīng)打上deleted標(biāo)記的進程,通過busybox可以很容易的發(fā)現(xiàn)進程信息,阿里的提示是準(zhǔn)確的,只不過系統(tǒng)被感染,所以不易查看到相關(guān)信息。
    [root@ ~]# busybox lsof -p |grep 9459
    9459	/tmp/kami (deleted)	0	/dev/null
    9459	/tmp/kami (deleted)	1	/dev/null
    9459	/tmp/kami (deleted)	2	/dev/null
    9459	/tmp/kami (deleted)	3	/dev/null
    9459	/tmp/kami (deleted)	4	/tmp/.x11-unix (deleted)
    9459	/tmp/kami (deleted)	5	anon_inode:[eventpoll]
    9459	/tmp/kami (deleted)	6	pipe:[1319802797]
    9459	/tmp/kami (deleted)	7	pipe:[1319802797]
    9459	/tmp/kami (deleted)	8	pipe:[1319802798]
    9459	/tmp/kami (deleted)	9	pipe:[1319802798]
    9459	/tmp/kami (deleted)	10	anon_inode:[eventfd]
    9459	/tmp/kami (deleted)	11	anon_inode:[eventfd]
    9459	/tmp/kami (deleted)	12	anon_inode:[eventfd]
    9459	/tmp/kami (deleted)	13	/dev/null
    9459	/tmp/kami (deleted)	14	socket:[1319806273]
    9459	/tmp/kami (deleted)	15	socket:[1319803995]
    

    至此,進程再也不會被拉起來。

    接下來是升級工作。

    • 備份
    gitlab-rake gitlab:backup:create  #自動備份代碼相關(guān)內(nèi)容
    手動備份下面文件
     /etc/gitlab/gitlab.rb                  #配置文件須備份
     /var/opt/gitlab/nginx/conf       #nginx配置文件
     /etc/postfix/main.cfpostfix        #郵件配置備份
     /etc/gitlab/gitlab-secrets.json   #存儲了gitlab的db secret信息
    • 準(zhǔn)備gitlab源,本機為Centos7
    [gitlab-ce]
    name=gitlab-ce
    baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el7/
    repo_gpgcheck=0
    gpgcheck=0
    enable=1
    gpgkey=https://packages.gitlab.com/gpg.key 
    • 停相關(guān)服務(wù)
    gitlab-ctl stop unicorn
    gitlab-ctl stop sidekiq
    gitlab-ctl stop nginx
    • yum安裝升級
    yum install -y gitlab-10.8.7
    yum install -y gitlab-11.3.4
    • 啟動服務(wù)
    gitlab-ctl restart

    查看可升級的路線圖

    8.11.Z -> 8.12.0 -> 8.17.7 -> 9.5.10 -> 10.8.7 -> 11.11.8 -> 12.0.12 -> 12.1.17 -> 12.10.14 -> 13.0.14 -> 13.1.11 -> 13.8.8 -> 13.12.15 -> 14.0.12 -> 14.3.6 -> 14.9.5 -> 14.10.Z -> 15.0.Z -> 15.4.0 -> latest 15.Y.Z


    上圖為gitlab官網(wǎng)公司的升級路線圖。

    因為時間關(guān)系,我司的Gitlab暫升級到11.3.4,其間升到了10.8.7和11.3.4二個版本。升級后,代碼訪問正常。

    #安裝java環(huán)境

    下載jdk-8u202-linux-x64.rpm

    地址 https://www.oracle.com/java/technologies/javase/javase8-archive-downloads.html

    一鍵命令

    ```powershell

    rpm -ivh /root/jdk-8u202-linux-x64.rpm

    wait

    sed -r -i '/java|CLASSPATH|JAVA_HOME|LD_LIBRARY_PATH/ s/^/#&/' /etc/profile

    echo "#set java environment

    JAVA_HOME=/usr/java/jdk1.8.0_202-amd64

    CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

    PATH=$JAVA_HOME/bin:$PATH

    LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH

    export JAVA_HOME CLASSPATH PATH LD_LIBRARY_PATH" >> /etc/profile

    echo -e "\e3[33m jdk_rpm install ok! \e[0m"

    ldconfig

    source /etc/profile && java -version

    ```

    安裝 libzmq v4.3.4

    #java 環(huán)境上一步已配置

    #首先安裝構(gòu)建zeromq的依賴工具:

    yum install libtool gcc gcc-c++ make libuuid-devel autoconf automake

    yum -y install git

    git clone https://github.com/zeromq/libzmq.git

    #切換目錄

    cd libzmq/

    #查看tag

    git tag

    tag只是快照,檢出到本地自定義分支libzmqv4.3.4

    git checkout -b libzmqv4.3.4 v4.3.4

    #查看是否切換成功

    git branch

    #配置、構(gòu)建、安裝、驗證:

    ./autogen.sh

    ./configure

    make -j4 && sudo make install

    #驗證 進入目錄

    cd /root/libzmq/perf/

    ./local_lat tcp://127.0.0.1:65432 1 100

    #打開另一個終端 進入目錄

    cd /root/libzmq/perf/

    ./remote_lat tcp://127.0.0.1:65432 1 100

    #返回 message size: 1 [B] roundtrip count: 100 average latency: 24.860 [us] 表示成功

    #安裝jzmq (雷同上面)

    git clone https://github.com/zeromq/jzmq.git

    git tag

    #tag只是快照,檢出到本地自定義分支jzmq3.1.0

    git checkout -b jzmq3.1.0 v3.1.0

    #查看branch 返回jzmq3.1.0 master

    git branch

    ##編輯Event.cpp ,參考代碼對比 https://github.com/zeromq/jzmq/commit/eb40d6db43ce3545e623dad6cc6721a90885b5ba 替換不然make install報錯

    報錯內(nèi)容如下

    ```powershell

    Event.cpp: In function '_jobject* Java_org_zeromq_ZMQ_00024Event_recv(JNIEnv*, jclass, jlong, jint)':

    Event.cpp:60:5: error: 'zmq_event_t' was not declared in this scope

    zmq_event_t event;

    ^

    Event.cpp:60:17: error: expected ';' before 'event'

    zmq_event_t event;

    ^

    Event.cpp:72:13: error: 'event' was not declared in this scope

    memcpy(&event.event, data, sizeof(event.event));

    ^

    Event.cpp:148:1: warning: control reaches end of non-void function [-Wreturn-type]

    }

    ^

    make[2]: *** [libjzmq_la-Event.lo] Error 1

    make[2]: Leaving directory `/root/jzmq/src/main/c++'

    make[1]: *** [install] Error 2

    make[1]: Leaving directory `/root/jzmq/src/main/c++'

    make: *** [install-recursive] Error 1

    ```

    #raw格式查看https://raw.githubusercontent.com/zeromq/jzmq/eb40d6db43ce3545e623dad6cc6721a90885b5ba/src/main/c%2B%2B/Event.cpp 復(fù)制 編輯到 src/main/c++/Event.cpp

    vim src/main/c++/Event.cpp

    ./autogen.sh

    ./configure

    make -j4 && sudo make install

    #編譯后文件位置

    #so文件

    #/usr/local/lib

    #jar

    #/usr/local/share/java/zmq.jar

    ```powershell

    [root@iZuf6hegfy8iwwureeshuiZ jzmq]# cd /usr/local/lib

    [root@iZuf6hegfy8iwwureeshuiZ lib]# ll

    total 48944

    -rw-r--r-- 1 root root 626664 May 15 11:57 libjzmq.a

    -rwxr-xr-x 1 root root 957 May 15 11:57 libjzmq.la

    lrwxrwxrwx 1 root root 16 May 15 11:57 libjzmq.so -> libjzmq.so.0.0.0

    lrwxrwxrwx 1 root root 16 May 15 11:57 libjzmq.so.0 -> libjzmq.so.0.0.0

    -rwxr-xr-x 1 root root 277312 May 15 11:57 libjzmq.so.0.0.0

    -rw-r--r-- 1 root root 36889226 May 15 10:39 libzmq.a

    -rwxr-xr-x 1 root root 925 May 15 10:39 libzmq.la

    lrwxrwxrwx 1 root root 15 May 15 10:39 libzmq.so -> libzmq.so.5.2.4

    lrwxrwxrwx 1 root root 15 May 15 10:39 libzmq.so.5 -> libzmq.so.5.2.4

    -rwxr-xr-x 1 root root 12304192 May 15 10:39 libzmq.so.5.2.4

    drwxr-xr-x 2 root root 4096 May 15 10:39 pkgconfig

    drwxr-xr-x 3 root root 4096 Apr 20 12:07 python3.6

    [root@iZuf6hegfy8iwwureeshuiZ lib]# stat /usr/local/share/java/zmq.jar

    File: ‘/usr/local/share/java/zmq.jar’

    Size: 49293 Blocks: 104 IO Block: 4096 regular file

    Device: fd01h/64769d Inode: 928023 Links: 1

    Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)

    Access: 2021-05-15 11:57:22.744031172 +0800

    Modify: 2021-05-15 11:57:22.744031172 +0800

    ```

    Change: 2021-05-15 11:57:22.744031172 +0800

    參考鏈接

    http://guangfei.win/2016/04/06/jzmq%E7%BC%96%E8%AF%91/

    https://blog.csdn.net/lianshaohua/article/details/92556208

網(wǎng)站首頁   |    關(guān)于我們   |    公司新聞   |    產(chǎn)品方案   |    用戶案例   |    售后服務(wù)   |    合作伙伴   |    人才招聘   |   

友情鏈接: 餐飲加盟

地址:北京市海淀區(qū)    電話:010-     郵箱:@126.com

備案號:冀ICP備2024067069號-3 北京科技有限公司版權(quán)所有