저는 Linux를 처음 접했고 연구실에 CentOS 7.9를 설치했습니다. 이유는 모르겠지만 가끔 팬 소음이 너무 커서 top어떤 것이 원인인지 알아보려고 입력했는데 "dhclient"가 심지어 CPU의 700% 이상을 소비한다는 사실을 발견했습니다. (제 CPU에는 코어가 8개인가요?)
15967 sshd 30 10 3707632 2.4g 4692 S 784.7 16.0 158:32.13 dhclient
4134 ring 20 0 4258860 326992 113188 S 9.1 2.0 38:51.93 gnome-shell
2495 root 20 0 599888 223084 95240 S 1.4 1.4 5:20.28 X
4780 ring 20 0 681880 41128 19908 S 1.4 0.3 0:31.30 gnome-terminal-
11130 root 20 0 39476 1276 988 S 1.4 0.0 8:44.93 monitor
9 root 20 0 0 0 0 S 0.3 0.0 0:20.52 rcu_sched
728 root -51 0 0 0 0 S 0.3 0.0 0:03.63 irq/141-iwlwifi
4102 ring 20 0 68396 2496 1860 S 0.3 0.0 0:00.47 dbus-daemon
18583 ring 20 0 2828144 168724 62708 S 0.3 1.1 1:52.56 Isolated Web Co
18806 ring 20 0 2768992 126664 60628 S 0.3 0.8 1:17.29 Isolated Web Co
24739 ring 20 0 58680 2484 1532 R 0.3 0.0 0:00.15 top
1 root 20 0 194644 7792 4236 S 0.0 0.0 0:07.88 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.05 kthreadd
그런 다음 을 사용합니다 cat /var/log/messages | grep dhclient. 이것이 메시지입니다. 누구든지 무슨 일이 일어나고 있는지 파악하는 데 도움을 줄 수 있습니까? 이 문제를 해결하려면 어떻게 해야 합니까?
Jan 1 20:22:51 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 15 (xid=0x6ae2ab58)
Jan 1 20:22:54 eda dhclient: [2024-01-01 20:22:54.479] net new job from 3389.xiao.my.id:3389 diff 8910K algo rx/0 height 154453
Jan 1 20:23:06 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 9 (xid=0x6ae2ab58)
Jan 1 20:23:15 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 11 (xid=0x6ae2ab58)
Jan 1 20:23:26 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 10 (xid=0x6ae2ab58)
Jan 1 20:23:36 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 7 (xid=0x6ae2ab58)
Jan 1 20:23:42 eda dhclient: [2024-01-01 20:23:42.031] net new job from 3389.xiao.my.id:3389 diff 9061K algo rx/0 height 154454
Jan 1 20:23:42 eda dhclient: [2024-01-01 20:23:42.956] miner speed 10s/60s/15m 1220.6 1257.6 n/a H/s max 2571.8 H/s
Jan 1 20:23:43 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:23:43 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:24:43 eda dhclient: [2024-01-01 20:24:43.326] miner speed 10s/60s/15m 1151.4 1164.1 n/a H/s max 2571.8 H/s
Jan 1 20:25:43 eda dhclient: [2024-01-01 20:25:43.586] miner speed 10s/60s/15m 1205.5 1283.1 n/a H/s max 2571.8 H/s
Jan 1 20:26:31 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 6 (xid=0x364db7a7)
Jan 1 20:26:37 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 11 (xid=0x364db7a7)
Jan 1 20:26:43 eda dhclient: [2024-01-01 20:26:43.948] miner speed 10s/60s/15m 1326.5 1178.2 n/a H/s max 2571.8 H/s
Jan 1 20:26:48 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 9 (xid=0x364db7a7)
Jan 1 20:26:57 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 14 (xid=0x364db7a7)
Jan 1 20:27:11 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 14 (xid=0x364db7a7)
Jan 1 20:27:25 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0x364db7a7)
Jan 1 20:27:32 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:27:32 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:27:44 eda dhclient: [2024-01-01 20:27:44.309] miner speed 10s/60s/15m 1342.5 1264.8 n/a H/s max 2571.8 H/s
Jan 1 20:28:44 eda dhclient: [2024-01-01 20:28:44.574] miner speed 10s/60s/15m 1427.7 1411.3 n/a H/s max 2571.8 H/s
Jan 1 20:29:04 eda dhclient: [2024-01-01 20:29:04.105] net new job from 3389.xiao.my.id:3389 diff 9216K algo rx/0 height 154455
Jan 1 20:29:32 eda dhclient: [2024-01-01 20:29:32.452] net new job from 3389.xiao.my.id:3389 diff 9216K algo rx/0 height 154456
Jan 1 20:29:44 eda dhclient: [2024-01-01 20:29:44.895] miner speed 10s/60s/15m 1118.9 1353.9 n/a H/s max 2571.8 H/s
Jan 1 20:30:13 eda dhclient: [2024-01-01 20:30:13.226] net new job from 3389.xiao.my.id:3389 diff 9118K algo rx/0 height 154457
Jan 1 20:30:45 eda dhclient: [2024-01-01 20:30:45.234] miner speed 10s/60s/15m 1296.6 1291.8 n/a H/s max 2571.8 H/s
Jan 1 20:30:54 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 5 (xid=0x611c174c)
Jan 1 20:30:59 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 12 (xid=0x611c174c)
Jan 1 20:31:11 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 14 (xid=0x611c174c)
Jan 1 20:31:14 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0x31c502a2)
Jan 1 20:31:21 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0x31c502a2)
Jan 1 20:31:25 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 21 (xid=0x611c174c)
Jan 1 20:31:28 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 15 (xid=0x31c502a2)
Jan 1 20:31:43 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 16 (xid=0x31c502a2)
Jan 1 20:31:45 eda dhclient: [2024-01-01 20:31:45.554] miner speed 10s/60s/15m 769.6 1097.3 n/a H/s max 2571.8 H/s
Jan 1 20:31:46 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 9 (xid=0x611c174c)
Jan 1 20:31:55 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:31:55 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:31:59 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 8 (xid=0x31c502a2)
Jan 1 20:32:07 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 8 (xid=0x31c502a2)
Jan 1 20:32:15 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:32:15 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:32:45 eda dhclient: [2024-01-01 20:32:45.899] miner speed 10s/60s/15m 998.0 1224.7 n/a H/s max 2571.8 H/s
Jan 1 20:33:46 eda dhclient: [2024-01-01 20:33:46.186] miner speed 10s/60s/15m 1248.5 1226.1 n/a H/s max 2571.8 H/s
Jan 1 20:34:46 eda dhclient: [2024-01-01 20:34:46.456] miner speed 10s/60s/15m 1401.2 1338.0 n/a H/s max 2571.8 H/s
Jan 1 20:35:03 eda dhclient: [2024-01-01 20:35:03.174] net new job from 3389.xiao.my.id:3389 diff 9118K algo rx/0 height 154458
전체 뉴스는 다음과 같습니다. ChatGPT에서는 "benchmk"가 암호화폐와 관련이 있다고 말합니다. !
Jan 1 21:02:29 eda dhclient: [2024-01-01 21:02:29.421] cpu READY threads 16/16 (16) huge pages 0% 0/16 memory 4096 KB (8 ms)
Jan 1 21:02:38 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 11 (xid=0x50f8e063)
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.419] benchmk Algo rx/arq hashrate: 5719.956009
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.419] benchmk Algo panthera Preparation
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.420] cpu stopped (1 ms)
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.420] randomx init dataset algo panthera (8 threads) seed 0000000000000000...
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.784] randomx dataset ready (365 ms)
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.785] cpu use profile panthera (4 threads) scratchpad 256 KB
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.792] benchmk Algo panthera Starting test
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.799] cpu READY threads 4/4 (4) huge pages 0% 0/4 memory 1024 KB (15 ms)
Jan 1 21:02:49 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 12 (xid=0x50f8e063)
Jan 1 21:02:49 eda dhclient: [2024-01-01 21:02:49.794] benchmk Algo panthera hashrate: 1384.323135
Jan 1 21:02:49 eda dhclient: [2024-01-01 21:02:49.794] benchmk ALGO PERFORMANCE CALIBRATION COMPLETE
Jan 1 21:02:49 eda dhclient: [2024-01-01 21:02:49.908] net 3389.xiao.my.id:3389 read error: "end of file"
Jan 1 21:02:57 eda dhclient: [2024-01-01 21:02:57.191] net 3389.xiao.my.id:3389 read error: "connection reset by peer"
Jan 1 21:03:01 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 10 (xid=0x50f8e063)
Jan 1 21:03:04 eda dhclient: [2024-01-01 21:03:04.333] net 3389.xiao.my.id:3389 read error: "connection reset by peer"
Jan 1 21:03:05 eda dhclient: [2024-01-01 21:03:05.258] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:03:11 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 21:03:11 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 21:03:29 eda dhclient: [2024-01-01 21:03:29.739] net 3389.xiao.my.id:3389 34.126.66.198 connect error: "operation canceled"
Jan 1 21:03:34 eda dhclient: [2024-01-01 21:03:34.861] net 3389.xiao.my.id:3389 read error: "end of file"
Jan 1 21:04:05 eda dhclient: [2024-01-01 21:04:05.419] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:05:05 eda dhclient: [2024-01-01 21:05:05.630] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:06:05 eda dhclient: [2024-01-01 21:06:05.877] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:07:06 eda dhclient: [2024-01-01 21:07:06.089] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:07:39 eda kernel: Bluetooth: hci0: Hardware error 0x0c
Jan 1 21:07:39 eda kernel: Bluetooth: hci0: Retrieving Intel exception info failed (-16)
Jan 1 21:08:06 eda dhclient: [2024-01-01 21:08:06.299] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:09:06 eda dhclient: [2024-01-01 21:09:06.494] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:09:31 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0xc3a3862)
Jan 1 21:09:38 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 14 (xid=0xc3a3862)
Jan 1 21:09:52 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 12 (xid=0xc3a3862)
여기서 새 일을 시작하시나요? 이게 정상인가요?
Jan 1 21:32:13 eda dhclient: [2024-01-01 21:32:13.299] net new job from 3389.xiao.my.id:3389 diff 8819K algo rx/0 height 154489
답변1
예, 누군가 귀하의 컴퓨터에서 사용자 이름으로 암호화폐 채굴 프로그램을 실행한 것 같습니다 sshd. 그건 작동하지 않습니다. 실제로는 컴퓨터가 대부분의 네트워크에 연결되어야 하기 때문에 프로세스 이름을 사용하여 dhclient경고 빈도를 줄일 수도 있습니다. dhclient다른 사람들은 SSH 데몬과 상호 작용할 수 있는 수준에서 귀하의 컴퓨터에 액세스할 수 있습니다. 여기에는 사람들이 보내는 비밀번호를 읽는 것과 같은 작업이 포함될 가능성이 높습니다.
간단히 말해서 시스템이 손상되었습니다. 멀웨어와 유사한 것을 성공적으로 제거했다고 생각하더라도 더 이상 신뢰할 수 없습니다.
이런 일이 발생해서 죄송합니다. 어떻게 이런 일이 발생했는지 모르겠습니다(CentOS.org가 아닌 다른 웹사이트에서 CentOS를 설치했거나, 신뢰할 수 없는 소프트웨어를 설치했거나, sudo권한 있는 사용자인 경우는 제외). 취약한 비밀번호는 다음과 같습니다. 사용되었으며 sudo사용자는 SSH 또는 유사한 방법을 통해 로그인이 허용되었습니다.)
정직한 방법은 시스템에서 필요한 데이터를 수집한 다음 새로 다운로드하고 신뢰할 수 있는 운영 체제를 설치하고 현재 CentOS를 제거하는 것입니다.