Linux is kdevtmpfsi mining viruses
I. error message
II. Troubleshooting
1. First stopped kdevtmpfsi program
2. Delete abnormal timed tasks under Linux
3. End kdevtmpfsi process and the occupied port
4. deleted kdevtmpfsi relevant documents
III. how to deal with this virus prevention
a. the error message
to the alarm message on Ali cloud. There is a big question is: top command to view the server CPU to run their own situation, you will find kdevtmpfsi processes, CPU usage is 100% clean kdevtmpfsi first remove the program, after a few minutes did not wanted, there have been second warning. Use netstat -antp command to view port usage, has emerged kdevtmpfsi shown in Figure III
netstat -antp
II. To solve the problem
usually occurs kdevtmpfsi virus will be accompanied by regular tasks, will be processed once after I said above, will continue to appear, repeatedly treated is not clean.
1. First, the program stopped kdevtmpfsi
ps aux
Find kdevtmpfsi process
deleted kdevtmpfsi process associated with
the kill -9 20267
the kill -9 20367
2. delete abnormal timed tasks under Linux
crontab the -l to view the scheduled tasks
crontab -r means to delete the user's regular tasks, when this command is executed, the following timing of all user tasks are deleted
as shown in FIG.
3. End the occupation kdevtmpfsi process and the port
netstat -antp
find me here kdevtmpfsi port 28244 is in a third map you can see. Do not directly kill, because there is a daemon thread will reboot.
-aux PS | grep kinsing
PS -aux | grep kdevtmpfsi
28244 -9 the kill
the kill -9 28 829
4. deleted kdevtmpfsi relevant documents
cd / tmp
LS
RM -rf kdevtmpfsi
RM -rf / var / tmp / kinsing
finally they can then check to see if there kdevtmpfsi relevant documents, any We will continue to remove
the Find / -name kdevtmpfsi
the Find / -name kinsing
III. how to deal with this virus prevention
the most fundamental reason is their redis 6379 due to improper configuration. You can refer to Redis Ali cloud services security reinforcement
Ali Redis service security reinforcement
Disclaimer: This article is the original article CSDN bloggers' fat fat jar fall ", follow CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source link and this statement.
Original link: https: //blog.csdn.net/qq_45186545/java/article/details/103853601