Last active
March 11, 2026 13:11
-
-
Save bio-punk/b1ee4c173e6f0977d8a00a630077d7d5 to your computer and use it in GitHub Desktop.
ban hidden proc #anti-virus
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| LOGFILE="/var/log/virus_kill.log" | |
| unhide proc 2>&1 | tee /tmp/virus.txt | |
| if grep -q "HIDDEN PID" /tmp/virus.txt; then | |
| PIDS=$(grep "HIDDEN PID" /tmp/virus.txt | awk '{print $4}') | |
| if [ -n "$PIDS" ]; then | |
| echo "$(date '+%F %T') Killing hidden PIDs: $PIDS" >> ${LOGFILE} | |
| echo "$PIDS" | xargs -r kill -9 | |
| fi | |
| # 确认 /usr/bin/.sel 是恶意文件再删除 | |
| [ -e /usr/bin/.sel ] && rm -rf /usr/bin/.sel | |
| rm /tmp/virus.txt | |
| echo "$(date '+%F %T') try to kill virus" >> ${LOGFILE} | |
| else | |
| echo "$(date '+%F %T') no virus" >> ${LOGFILE} | |
| fi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/crontab: system-wide cron configuration file | |
| # 每一行格式: 分 时 日 月 周 用户 命令 | |
| # 环境变量 | |
| SHELL=/bin/bash | |
| PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin | |
| 0 */4 * * * /usr/local/bin/kill_hidden_proc.sh >> /var/log/kill_hidden_proc.log 2>&1 | |
| # /etc/logrotate.d/kill_hidden_proc | |
| /var/log/kill_hidden_proc.log { | |
| daily # 每天切分 | |
| rotate 30 # 保留 30 个旧日志 | |
| compress # 压缩旧日志 | |
| delaycompress # 延迟压缩,避免影响最近日志查看 | |
| missingok # 如果日志不存在,不报错 | |
| notifempty # 如果日志为空,不切分 | |
| create 0640 root root | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment