- 论坛徽章:
- 0
|
最近服务器被黑客破解了,因为激动又第一时间删除了新建用户的名称,不知道他在服务上干了什么坏事,导致系统有诸多问题,请大侠们帮个忙.
具体症状如下:
1.系统启动有时不成功,需要重启
2.执行cp、chown、chmod命令时会出现:Segmentation Fault错误
3.执行某些命令如:ls -al -crt /data/*.gz | awk '{print $9}' | head -1将不能正确退出
4.ps后发现很多进程无故僵死
ps -aux结果如下:
------------------------------------------------------------------
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 08:03 ? 00:00:01 init [5]
root 2 1 0 08:03 ? 00:00:00 [migration/0]
root 3 1 0 08:03 ? 00:00:00 [ksoftirqd/0]
root 4 1 0 08:03 ? 00:00:00 [migration/1]
root 5 1 0 08:03 ? 00:00:00 [ksoftirqd/1]
root 6 1 0 08:03 ? 00:00:00 [events/0]
root 7 1 0 08:03 ? 00:00:00 [events/1]
root 8 6 0 08:03 ? 00:00:00 [khelper]
root 9 6 0 08:03 ? 00:00:00 [kacpid]
root 62 6 0 08:03 ? 00:00:00 [kblockd/0]
root 63 6 0 08:03 ? 00:00:00 [kblockd/1]
root 64 1 0 08:03 ? 00:00:00 [khubd]
root 73 6 0 08:03 ? 00:00:00 [pdflush]
root 74 6 0 08:03 ? 00:00:00 [pdflush]
root 76 6 0 08:03 ? 00:00:00 [aio/0]
root 77 6 0 08:03 ? 00:00:00 [aio/1]
root 75 1 0 08:03 ? 00:00:00 [kswapd0]
root 150 1 0 08:03 ? 00:00:00 [kseriod]
root 212 1 0 08:03 ? 00:00:00 [scsi_eh_0]
root 213 1 0 08:03 ? 00:00:00 [aacraid]
root 224 1 0 08:03 ? 00:00:00 [kjournald]
root 517 8 0 08:03 ? 00:00:00 /bin/sh /sbin/hotplug vc
root 530 517 0 08:03 ? 00:00:00 /bin/bash /etc/hotplug.d/default/default.hotplug vc
root 541 1 0 08:03 ? 00:00:00 uname -r
root 543 541 0 08:03 ? 00:00:00 [uname] <defunct>
root 1295 1 0 08:04 ? 00:00:00 udevd
root 2036 1 0 08:04 ? 00:00:00 [kjournald]
root 2065 1 0 08:04 ? 00:00:00 chgrp utmp /var/run/utmp /var/log/wtmp
root 2326 1 0 08:04 ? 00:00:00 syslogd -m 0
root 2330 1 0 08:04 ? 00:00:00 klogd -x
root 2341 1 0 08:04 ? 00:00:00 irqbalance
rpc 2352 1 0 08:04 ? 00:00:00 portmap
rpcuser 2374 1 0 08:04 ? 00:00:00 rpc.statd
root 2402 1 0 08:04 ? 00:00:00 rpc.idmapd
oracle 2498 1 0 08:04 ? 00:00:00 /oradb/app/oracle/10g/bin/tnslsnr LISTENER -inherit
oracle 2505 1 0 08:04 ? 00:00:00 ora_pmon_spsc
oracle 2507 1 0 08:04 ? 00:00:00 ora_mman_spsc
oracle 2509 1 0 08:04 ? 00:00:00 ora_dbw0_spsc
oracle 2511 1 0 08:04 ? 00:00:00 ora_lgwr_spsc
oracle 2513 1 0 08:04 ? 00:00:01 ora_ckpt_spsc
oracle 2515 1 0 08:04 ? 00:00:00 ora_smon_spsc
oracle 2517 1 0 08:04 ? 00:00:00 ora_reco_spsc
oracle 2519 1 0 08:04 ? 00:00:00 ora_cjq0_spsc
oracle 2521 1 0 08:04 ? 00:00:00 ora_d000_spsc
oracle 2523 1 0 08:04 ? 00:00:00 ora_s000_spsc
oracle 2533 1 0 08:04 ? 00:00:00 ora_qmnc_spsc
oracle 2535 1 0 08:04 ? 00:00:02 ora_mmon_spsc
oracle 2537 1 0 08:04 ? 00:00:00 ora_mmnl_spsc
root 2546 1 0 08:04 ? 00:00:00 /usr/sbin/acpid
oracle 2556 1 0 08:04 ? 00:00:04 ora_j000_spsc
oracle 2558 1 0 08:04 ? 00:00:09 ora_j001_spsc
root 2562 1 0 08:04 ? 00:00:00 cupsd
root 2587 1 0 08:04 ? 00:00:00 /usr/sbin/sshd
root 2602 1 0 08:04 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root 2612 1 0 08:04 ? 00:00:00 gpm -m /dev/input/mice -t imps2
htt 2642 1 0 08:04 ? 00:00:00 /usr/sbin/htt -retryonerror 0
htt 2643 2642 0 08:04 ? 00:00:00 htt_server -nodaemon
root 2653 1 0 08:04 ? 00:00:00 crond
xfs 2675 1 0 08:04 ? 00:00:00 xfs -droppriv -daemon
daemon 2694 1 0 08:04 ? 00:00:00 /usr/sbin/atd
dbus 2724 1 0 08:05 ? 00:00:00 dbus-daemon-1 --system
root 2738 1 0 08:05 ? 00:00:00 cups-config-daemon
root 2749 1 0 08:05 ? 00:00:00 hald
root 2756 1 0 08:05 ? 00:00:00 /bin/sh /oradb/esoms/orabak
root 2760 1 0 08:05 tty1 00:00:00 /sbin/mingetty tty1
root 2761 1 0 08:05 tty2 00:00:00 /sbin/mingetty tty2
root 2762 1 0 08:05 tty3 00:00:00 /sbin/mingetty tty3
root 2763 1 0 08:05 tty4 00:00:00 /sbin/mingetty tty4
root 2801 1 0 08:05 tty5 00:00:00 /sbin/mingetty tty5
root 2802 1 0 08:05 tty6 00:00:00 /sbin/mingetty tty6
root 2803 1 0 08:05 ? 00:00:00 /usr/bin/gdm-binary -nodaemon
root 2804 1 0 08:05 ? 00:00:00 /bin/su -l oracle -c exec /oradb/app/oracle/10g/bin/ocssd
root 3236 2803 0 08:05 ? 00:00:00 /usr/bin/gdm-binary -nodaemon
root 3241 3236 0 08:05 ? 00:00:10 /usr/X11R6/bin/X :0 -audit 0 -auth /var/gdm/:0.Xauth -nolisten tcp vt7
oracle 3381 2804 0 08:05 ? 00:00:00 /bin/sh /oradb/app/oracle/10g/bin/ocssd
oracle 3421 1 0 08:05 ? 00:00:00 /bin/uname
oracle 3422 3421 0 08:05 ? 00:00:00 [uname] <defunct>
root 3639 1 0 08:05 ? 00:00:00 /usr/bin/ssh-agent -s
root 3759 1 0 08:05 ? 00:00:00 /usr/bin/python /usr/bin/system-control-network
root 3760 3759 0 08:05 ? 00:00:00 /bin/sh -c find /lib/modules/$(uname -r)/{kernel,unsupported}/drivers/isdn -name '*.?o' -print
root 3764 1 0 08:05 ? 00:00:00 uname -r
root 3823 1 0 08:06 ? 00:00:00 sleep 2
root 3829 3823 0 08:06 ? 00:00:00 [sleep] <defunct>
root 3881 1 0 08:06 ? 00:00:00 sleep 2
root 3886 3881 0 08:06 ? 00:00:00 [sleep] <defunct>
root 3909 8 0 08:10 ? 00:00:00 /bin/sh /sbin/hotplug input
root 3910 8 0 08:10 ? 00:00:00 /bin/sh /sbin/hotplug input
root 3918 3909 0 08:10 ? 00:00:00 /bin/sh /etc/hotplug/input.agent
root 3935 3910 0 08:10 ? 00:00:00 /bin/bash /etc/hotplug.d/default/default.hotplug input
root 3947 1 0 08:10 ? 00:00:00 uname -r
root 3949 3947 0 08:10 ? 00:00:00 [uname] <defunct>
root 3953 8 0 08:10 ? 00:00:00 /bin/sh /sbin/hotplug usb
root 3959 3953 0 08:10 ? 00:00:00 /bin/sh /etc/hotplug/usb.agent
root 3976 1 0 08:10 ? 00:00:00 uname -r
root 3978 3976 0 08:10 ? 00:00:00 [uname] <defunct>
root 3986 1 0 08:10 ? 00:00:00 uname -r
root 3990 3986 0 08:10 ? 00:00:00 [uname] <defunct>
oracle 3997 1 0 08:10 ? 00:00:00 oraclespsc (LOCAL=NO)
oracle 4031 1 0 08:51 ? 00:00:00 oraclespsc (LOCAL=NO)
oracle 4033 1 0 08:51 ? 00:00:03 oraclespsc (LOCAL=NO)
oracle 4047 1 0 09:01 ? 00:00:03 oraclespsc (LOCAL=NO)
oracle 4049 1 0 09:01 ? 00:00:00 oraclespsc (LOCAL=NO)
oracle 4517 1 0 09:34 ? 00:00:03 oraclespsc (LOCAL=NO)
root 4542 1 0 10:05 ? 00:00:00 sleep 3600
root 4543 4542 0 10:05 ? 00:00:00 [sleep] <defunct>
oracle 4565 1 0 10:29 ? 00:00:01 oraclespsc (LOCAL=NO)
root 4588 1 0 11:05 ? 00:00:00 sleep 3600
root 4589 4588 0 11:05 ? 00:00:00 [sleep] <defunct>
root 4627 8 0 11:37 ? 00:00:00 /bin/sh /sbin/hotplug input
root 4630 8 0 11:37 ? 00:00:00 /bin/sh /sbin/hotplug input
root 4638 4627 0 11:37 ? 00:00:00 /bin/bash /etc/hotplug.d/default/default.hotplug input
root 4644 4630 0 11:37 ? 00:00:00 /bin/bash /etc/hotplug.d/default/default.hotplug input
root 4648 1 0 11:37 ? 00:00:00 uname -r
root 4649 1 0 11:37 ? 00:00:00 uname -r
root 4650 4648 0 11:37 ? 00:00:00 [uname] <defunct>
root 4651 4649 0 11:37 ? 00:00:00 [uname] <defunct>
root 4753 1 0 11:38 ? 00:00:00 /usr/bin/ssh-agent -s
root 4956 1 0 11:39 ? 00:00:00 /usr/bin/ssh-agent -s
gdm 5108 3236 0 11:39 ? 00:00:00 /usr/bin/gdmgreeter
root 5109 8 0 11:42 ? 00:00:00 /bin/sh /sbin/hotplug input
root 5110 8 0 11:42 ? 00:00:00 /bin/sh /sbin/hotplug input
root 5111 8 0 11:42 ? 00:00:00 /bin/sh /sbin/hotplug input
root 5116 8 0 11:42 ? 00:00:00 /bin/sh /sbin/hotplug usb
root 5128 5109 0 11:42 ? 00:00:00 /bin/sh /etc/hotplug/input.agent
root 5134 5110 0 11:42 ? 00:00:00 /bin/bash /etc/hotplug.d/default/default.hotplug input
root 5140 5111 0 11:42 ? 00:00:00 /bin/bash /etc/hotplug.d/default/default.hotplug input
root 5141 5116 0 11:42 ? 00:00:00 /bin/bash /etc/hotplug.d/default/default.hotplug usb
root 5148 1 0 11:42 ? 00:00:00 uname -r
root 5154 5148 0 11:42 ? 00:00:00 [uname] <defunct>
root 5155 1 0 11:42 ? 00:00:00 uname -r
root 5156 1 0 11:42 ? 00:00:00 uname -r
root 5157 5155 0 11:42 ? 00:00:00 [uname] <defunct>
root 5158 5156 0 11:42 ? 00:00:00 [uname] <defunct>
root 5170 1 0 11:42 ? 00:00:00 uname -r
root 5173 5170 0 11:42 ? 00:00:00 [uname] <defunct>
root 5204 1 0 12:05 ? 00:00:00 sleep 3600
root 5205 5204 0 12:05 ? 00:00:00 [sleep] <defunct>
root 5272 1 0 13:05 ? 00:00:00 sleep 3600
root 5273 5272 0 13:05 ? 00:00:00 [sleep] <defunct>
oracle 5283 1 0 13:19 ? 00:00:00 oraclespsc (LOCAL=NO)
root 5323 2756 0 14:05 ? 00:00:00 sleep 3600
root 5324 5323 0 14:05 ? 00:00:00 [sleep] <defunct>
oracle 5341 1 0 14:34 ? 00:00:00 oraclespsc (LOCAL=NO)
root 5342 2587 0 14:36 ? 00:00:00 sshd: oracle [priv]
oracle 5344 5342 0 14:36 ? 00:00:00 sshd: oracle@pts/1
oracle 5345 5344 0 14:36 pts/1 00:00:00 -bash
oracle 5378 1 10 14:36 pts/1 00:00:04 ls --color=tty
oracle 5380 1 0 14:36 ? 00:00:00 ora_q000_spsc
oracle 5383 5345 0 14:37 pts/1 00:00:00 ps -eaf |
|