사용자 정의된 Linux 시스템에 이상한 프로세스가 나타납니까?

tag-icon tag-icon linux
사용자 정의된 Linux 시스템에 이상한 프로세스가 나타납니까?

6.4.0저는 Linux 커널과 패치를 사용하여 Linux 실시간 시스템을 사용자 정의하고 있습니다 patch-6.4.6-rt8. 이유는 모르겠지만 실행 중에 top이런 이상한 프로세스를 발견했고 그 수가 증가하는 추세를 보였습니다. 검색했지만 관련 문서를 찾을 수 없습니다.#1#2grep "head -v -n 8" / -r

#1

sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc

#2

head -v -n 2 /proc/stat /proc/version /proc/uptime /proc/loadavg /proc/sys/fs/file-nr /proc/sys/kernel/hostname

맨 위:

#top
CPU:  0.4% usr  0.4% sys  0.0% nic 99.0% idle  0.0% io  0.0% irq  0.0% sirq
Load average: 0.60 0.95 1.15 3/144 2667
  PID  PPID USER     STAT   VSZ %VSZ CPU %CPU COMMAND
  285   279 root     S     3748  0.0   3  0.0 dropbear
30677   279 root     S     3492  0.0   0  0.0 dropbear
30761 30709 root     R     2580  0.0   1  0.0 top
 1321 30677 root     S     2580  0.0   3  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
 2612   285 root     S     2580  0.0   0  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
   39     2 root     SW       0  0.0   2  0.0 [ksoftirqd/2]
   38     2 root     SW       0  0.0   2  0.0 [ktimers/2]
   19     2 root     SW       0  0.0   0  0.0 [rcuc/0]
   17     2 root     IW       0  0.0   2  0.0 [rcu_preempt]
   69     2 root     IW       0  0.0   2  0.0 [kworker/2:1-eve]
  230     1 root     S     3920  0.0   3  0.0 /usr/sbin/plymouthd --mode=boot --attach-to-session --pid-file=/run/plymouth/pid
30708   279 root     S     3056  0.0   3  0.0 dropbear
  279     1 root     S     3056  0.0   2  0.0 dropbear
29321   286 root     S     2996  0.0   0  0.0 grep head -v -n 8 / -r
  567   285 root     S     2580  0.0   2  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
    1     0 root     S     2580  0.0   0  0.0 init
26445   285 root     S     2580  0.0   2  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
  325 30677 root     S     2580  0.0   2  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
32339 30677 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
31760 30677 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
32191   285 root     S     2580  0.0   0  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
32752   285 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
 1260   285 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
28728   285 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
31494   285 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
  289   285 root     S     2580  0.0   2  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
28446   285 root     S     2580  0.0   2  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
  286   285 root     S     2580  0.0   0  0.0 -sh
30210   285 root     S     2580  0.0   3  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
30806   285 root     S     2580  0.0   1  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
30712 30677 root     S     2580  0.0   0  0.0 sh -c while true; do sleep 1;head -v -n 8 /proc/meminfo; head -v -n 2 /proc/stat /proc/version /proc/uptime /proc
  282     1 root     S     2580  0.0   0  0.0 -/bin/sh
 1175 31760 root     S     2580  0.0   3  0.0 tail -v -n 16 /proc/net/dev
 1230   289 root     S     2580  0.0   3  0.0 head -v -n 8 /proc/meminfo
 1653 32339 root     S     2580  0.0   0  0.0 tail -v -n 16 /proc/net/dev
 1780 32752 root     S     2580  0.0   2  0.0 head -v -n 2 /proc/stat /proc/version /proc/uptime /proc/loadavg /proc/sys/fs/file-nr /proc/sys/kernel/hostname
 2311  1260 root     S     2580  0.0   3  0.0 head -v -n 2 /proc/stat /proc/version /proc/uptime /proc/loadavg /proc/sys/fs/file-nr /proc/sys/kernel/hostname

트리 추가:

#pstree
init-+-dropbear-+-dropbear-+-sh---grep
     |          |          |-8*[sh---head]
     |          |          |-5*[sh]
     |          |          `-sh---tail
     |          |-dropbear-+-3*[sh]
     |          |          |-2*[sh---head]
     |          |          |-3*[sh---tail]
     |          |          `-sh---pstree
     |          `-dropbear
     |-plymouthd
     `-sh

Morbucks 용어:

#m1

여기에 이미지 설명을 입력하세요.

#평방 미터

여기에 이미지 설명을 입력하세요.

#m3

여기에 이미지 설명을 입력하세요.

#m4

여기에 이미지 설명을 입력하세요.

#m5

여기에 이미지 설명을 입력하세요.

답변1

누군가(또는 일부 자동화된 장치)가 SSH를 사용하여 시스템에 로그인하고 이러한 명령을 실행하고 있습니다. 강조 표시된 명령은 무해하며 사람들이 시스템 메모리 사용량을 모니터링하기 위해 실행하는 명령입니다.

귀하의 경우에는 명령입니다"원격 모니터링" 기능을 사용하여 MobaXterm으로 실행. 비활성화하면 더 이상 볼 수 없습니다.

관련 정보