The server's external network opened the remote 2375 port of docker. The
result was that an inexplicable number of ubuntu and centos containers were received at the same time as an Alibaba Cloud server mining warning. The management side saw that the cpu usage rate has been stable at 50% during this period test machine cpu usage was normal
troubleshooting steps
- Delete mining container
- Through the top view, it is found that a process named sshd -n takes up too much resources
- View sshd -n named location
whereis 'sshd -n'
- The step of deleting the sshd -n file reports an error Operation not permitted, basically chattr can't be used, you can copy chattr from other servers and then operate or recompile the chattr source code
cd /usr/sbin && chattr -ia 'sshd -n' && rm 'sshd -n'
5. After restarting the server, I found that the CPU usage directly occupied 100%. The
top command could not see it, and vmstat could see the value of us 100.
According to Alibaba Cloud monitoring, the process systemd-host was found.
根据名称找到相关文件,
find / -name systemd-host
#去掉执行权限
chmod -x
#增加不可修改属性
chattr +i systemd-host
#重启
reboot
So far the problem is solved
other
The timed task has also been added a thing that you don't know what it is, just change it and comment it out
#查看文件隐藏属性
lsattr filename
#去除隐藏属性
chattr -i filename