1. problems found
[root@zwlbs3 ~]# top
. I found a process CPU usage is actually 700%, COMMAND is some random strings, ~ over bid; the first thought is to give me on it, kill command "sand sculpture."
[root@zwlbs3 ~]# kill -9 "PID"
ii. But the process is found to kill calm for a while and then started.
Note: reuse old map, there are changes in PID, COMMAND.
2. Review process details
[root @ zwlbs3 ~] # cd / proc / 748 /
[root @ zwlbs3 748 ] # LS - IAL
# " 748 " is the PID of the process, according to your PID view can be.
Figure:
It found that the process is under / dev / shm directory, / dev / shm is what directory it?
We picked from the Internet for a solution at / dev / shm
1) First, you can see / dev / shm is a device file, you can put / dev / shm seen as entrance system memory, it can be seen as a physical storage device, a tmp filesystem, you can use this device to memory read-write file, to speed up some of the high I / O operations, such as a large file to frequent open, write, read.
2) It is said that oracle on the use of / dev / shm (shitou not used oracle), you can list the mounted file system is currently the / dev / shm The mount command.
3) 既然是基于内存的文件系统,系统重启后/dev/shm下的文件就不存在了。Linux默认(CentOS)/dev/shm分区的大小是系统物理内存的50%, 虽说使用/dev/shm对文件操作的效率会高很多。但是目前各发行软件中却很少有使用它的(除了前面提到的Oracle), 可以通过ls /dev/shm查看下面是否有文件, 如果没有就说明当前系统并没有使用该设备。
查看 /dev/shm 目录的有没有相关文件
[root@zwlbs3 ~]# ls -a /dev/shm/
. ..
# 没有任何相关的文件,奇怪了。
- crontab 也没有相关计划任务。
- 使用 which 命令也没有找到相关的文件。
- 查看系统日志也是正常,非常奇怪。
- 几乎没有找到该进程相关的文件。
3. 解决办法
i. 查看某个进程内部线程占用情况分析
[root@zwlbs3 ~]# top -H -p "PID"
ii. 原来有这么多相关的进程,全部 kill 掉
iii. 过来几分钟再次检查,发现系统负载恢复正常
本以为解决了,结果过了几个小时检查发现又出现了,该死的。
由于生产环境不方便重启服务器,被逼无奈情况下只好试试 重启大法 了。
4. 重启大法
重启服务器后一个小时,再次检查已经恢复正常了,还是 重启大法 好使。
- 该恶意程序有什么作用?为何只消耗CPU资源?由于未找到相关文件信息,原因也暂时未清楚。
- 知道的大佬麻烦告诉我一下,非常感谢!