linux 无敌kill -KILL processID
浏览数:33 /
时间:2015年06月20日
发现服务器被黑,果断把IP给禁了,
但发现黑我的进程一直处于sleeping,用什么kill、pkill都不管用
root@min:/proc# ps -ef|grep zl root 22229 1 0 19:19 ? 00:00:00 sh -c (chmod -R 777 /tmp) ; (rm -f /tmp/.lz*) ; (echo yes|cp -p /etc/.zl /tmp/.lz1429615177) root 22232 22229 0 19:19 ? 00:00:00 sh -c (chmod -R 777 /tmp) ; (rm -f /tmp/.lz*) ; (echoyes|cp -p /etc/.zl /tmp/.lz1429615177) root 22234 22232 0 19:19 ? 00:00:00 cp -p /etc/.zl /tmp/.lz1429615177 root 28406 16879 0 20:14 pts/3 00:00:00 grep --color=auto zl
在proc里看下
root@min:/proc# cat /proc/22229/status Name: sh State: S (sleeping) Tgid: 22229 Pid: 22229 PPid: 1 TracerPid: 0 Uid: 0 0 0 0 Gid: 0 0 0 0 FDSize: 64 Groups: 0 VmPeak: 4400 kB VmSize: 4400 kB VmLck: 0 kB VmPin: 0 kB VmHWM: 604 kB VmRSS: 604 kB VmData: 188 kB VmStk: 136 kB VmExe: 104 kB VmLib: 1884 kB VmPTE: 28 kB VmSwap: 0 kB Threads: 1 SigQ: 2/15879 SigPnd: 0000000000000000 ShdPnd: 0000000000000000 SigBlk: 0000000000000004 SigIgn: 0000000000001007 SigCgt: 0000000000010000 CapInh: 0000000000000000 CapPrm: ffffffffffffffff CapEff: ffffffffffffffff CapBnd: ffffffffffffffff Cpus_allowed: 7fff Cpus_allowed_list: 0-14 Mems_allowed: 00000000,00000001 Mems_allowed_list: 0 voluntary_ctxt_switches: 3 nonvoluntary_ctxt_switches: 0
这种进程直接删除试试
#rm /proc/22229 rm: cannot remove`22229/task/22229/syscall‘: Permission denied rm: cannot remove`22229/task/22229/cmdline‘: Permission denied rm: cannot remove`22229/task/22229/stat‘: Permission denied rm: cannot remove`22229/task/22229/statm‘: Permission denied rm: cannot remove`22229/task/22229/maps‘: Permission denied rm: cannot remove`22229/task/22229/numa_maps‘: Permission denied rm: cannot remove`22229/task/22229/mem‘: Permission denied rm: cannot remove`22229/task/22229/cwd‘: Permission denied rm: cannot remove`22229/task/22229/root‘: Permission denied rm: cannot remove`22229/task/22229/exe‘: Permission denied rm: cannot remove`22229/task/22229/mounts‘: Permission denied rm: cannot remove`22229/task/22229/mountinfo‘: Permission denied rm: cannot remove`22229/task/22229/clear_refs‘: Permission denied rm: cannot remove`22229/task/22229/smaps‘: Permission denied rm: cannot remove`22229/task/22229/pagemap‘: Permission denied rm: cannot remove`22229/task/22229/attr/current‘: Operation not permitted rm: cannot remove`22229/task/22229/attr/prev‘: Operation not permitted rm: cannot remove`22229/task/22229/attr/exec‘: Operation not permitted rm: cannot remove `22229/task/22229/attr/fscreate‘:Operation not permitted rm: cannot remove`22229/task/22229/attr/keycreate‘: Operation not permitted rm: cannot remove`22229/task/22229/attr/sockcreate‘: Operation not permitted rm: cannot remove`22229/task/22229/wchan‘: Permission denied rm: cannot remove`22229/task/22229/stack‘: Permission denied rm: cannot remove`22229/task/22229/schedstat‘: Permission denied rm: cannot remove`22229/task/22229/latency‘: Permission denied rm: cannot remove`22229/task/22229/cpuset‘: Permission denied rm: cannot remove`22229/task/22229/cgroup‘: Permission denied rm: cannot remove`22229/task/22229/oom_score‘: Permission denied rm: cannot remove`22229/task/22229/oom_adj‘: Permission denied rm: cannot remove`22229/task/22229/oom_score_adj‘: Permission denied rm: cannot remove`22229/task/22229/loginuid‘: Permission denied rm: cannot remove`22229/task/22229/sessionid‘: Permission denied rm: cannot remove`22229/task/22229/io‘: Permission denied rm: cannot remove `22229/fd/0‘:Operation not permitted rm: cannot remove `22229/fd/1‘:Operation not permitted rm: cannot remove `22229/fd/2‘:Operation not permitted rm: cannot remove `22229/fd/3‘:Operation not permitted rm: cannot remove `22229/fd/4‘:Operation not permitted rm: cannot remove `22229/fdinfo/0‘:Operation not permitted rm: cannot remove`22229/fdinfo/1‘: Operation not permitted rm: cannot remove`22229/fdinfo/2‘: Operation not permitted rm: cannot remove`22229/fdinfo/3‘: Operation not permitted rm: cannot remove`22229/fdinfo/4‘: Operation not permitted rm: cannot remove `22229/ns/net‘:Operation not permitted rm: cannot remove `22229/ns/uts‘:Operation not permitted rm: cannot remove `22229/ns/ipc‘:Operation not permitted rm: cannot remove`22229/net/ip_tables_targets‘: Operation not permitted rm: cannot remove`22229/net/ip_tables_matches‘: Operation not permitted rm: cannot remove`22229/net/ip_tables_names‘: Operation not permitted rm: cannot remove`22229/net/ip6_tables_targets‘: Operation not permitted rm: cannot remove `22229/net/ip6_tables_matches‘:Operation not permitted rm: cannot remove`22229/net/ip6_tables_names‘: Operation not permitted rm: cannot remove`22229/net/packet‘: Operation not permitted rm: cannot remove`22229/net/ip6_flowlabel‘: Operation not permitted rm: cannot remove`22229/net/rt6_stats‘: Operation not permitted rm: cannot remove`22229/net/ipv6_route‘: Operation not permitted rm: cannot remove`22229/net/if_inet6‘: Operation not permitted rm: cannot remove`22229/net/dev_snmp6/eth1‘: Operation not permitted rm: cannot remove`22229/net/dev_snmp6/eth0‘: Operation not permitted rm: cannot remove`22229/net/dev_snmp6/lo‘: Operation not permitted rm: cannot remove`22229/net/snmp6‘: Operation not permitted rm: cannot remove`22229/net/sockstat6‘: Operation not permitted rm: cannot remove`22229/net/udplite6‘: Operation not permitted rm: cannot remove`22229/net/raw6‘: Operation not permitted
还是不行啊
后来找啊找,相关资料终于发现了 kill -KILL
kill -KILL processID
果然无敌
kill -KILL 22229
发现终于被干掉了,这个命令强大
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
