So, I have been working on a project for class, and I have half of it down, but the second half I have been googling and am unsure how to go about it. Here is the question: You suspect that there is a "bad" program (called “badprog” that launches at odd times on your server and does nefarious things such as logging onto a remote machine via ssh/sftp and copying files off of your server. A) Write a script that does this (you need not schedule it, just run it in the background). B) Next, write a script to detect “badprog", and shut it down.
所以,我一直在为一个项目上班,我有一半下来,但下半年我一直在谷歌搜索,我不确定如何去做。这是一个问题:你怀疑有一个“坏”程序(称为“badprog”,它在你的服务器上奇怪的时间启动,并做了各种各样的事情,比如通过ssh / sftp登录远程机器并从你的服务器上复制文件A)编写一个执行此操作的脚本(您无需安排它,只需在后台运行它)。 B)接下来,编写一个脚本来检测“badprog”,并将其关闭。
I have finished part A (pretty much just using the scp command), but I am unsure how to do part B. any help would be appreciated! (I am using Linux Mint)
我已完成A部分(几乎只是使用scp命令),但我不确定如何做B部分。任何帮助将不胜感激! (我正在使用Linux Mint)
3 个解决方案
#1
If you're looking for whether a process is running pgrep is probably your friend, and pkill as well. You can also look at the ps command and it's myriad options.
如果你正在寻找一个进程是否正在运行pgrep可能是你的朋友,也可能是pkill。您还可以查看ps命令,它是无数的选项。
pgrep badprog will give you the PID of any processes with the executable badprog
pgrep badprog将为您提供可执行badprog的任何进程的PID
#2
You can lookup a PID for a process using pgrep badprog and you could shut it down using e.g.:
你可以使用pgrep badprog查找进程的PID,你可以使用例如:
for pid in `pgrep badprog`; do
kill -9 $pid
done
This will loop over every PID pgrep gives you and will send the signal SIGTERM (shutdown immediately) to the command.
这将遍历每个PID pgrep给你,并将信号SIGTERM(立即关闭)发送到命令。
#3
This is a pretty complicated question. Can you assume that you would know the name of the "bad program"? If not, then you will need to identify all "bad" behaviors and create a function to test for them. Each function would probably use a different low-level command, like "ps -ef" for processes, and netstat for network connection.
这是一个非常复杂的问题。你能否认为你会知道“坏程序”的名称?如果没有,那么您将需要识别所有“坏”行为并创建一个函数来测试它们。每个函数可能使用不同的低级命令,如进程的“ps -ef”和网络连接的netstat。
#1
If you're looking for whether a process is running pgrep is probably your friend, and pkill as well. You can also look at the ps command and it's myriad options.
如果你正在寻找一个进程是否正在运行pgrep可能是你的朋友,也可能是pkill。您还可以查看ps命令,它是无数的选项。
pgrep badprog will give you the PID of any processes with the executable badprog
pgrep badprog将为您提供可执行badprog的任何进程的PID
#2
You can lookup a PID for a process using pgrep badprog and you could shut it down using e.g.:
你可以使用pgrep badprog查找进程的PID,你可以使用例如:
for pid in `pgrep badprog`; do
kill -9 $pid
done
This will loop over every PID pgrep gives you and will send the signal SIGTERM (shutdown immediately) to the command.
这将遍历每个PID pgrep给你,并将信号SIGTERM(立即关闭)发送到命令。
#3
This is a pretty complicated question. Can you assume that you would know the name of the "bad program"? If not, then you will need to identify all "bad" behaviors and create a function to test for them. Each function would probably use a different low-level command, like "ps -ef" for processes, and netstat for network connection.
这是一个非常复杂的问题。你能否认为你会知道“坏程序”的名称?如果没有,那么您将需要识别所有“坏”行为并创建一个函数来测试它们。每个函数可能使用不同的低级命令,如进程的“ps -ef”和网络连接的netstat。