The script will look for the presence of #!/ in any file ( which is used as the start line for any perl or cgi or executable malicious cripts) and then first kill all process associated with that file and the remove the files.
root@server [/dev/shm]# cat /root/cleantmp
cd /dev/shm;
for x in `ls` ;
do
fuser -k $x ;
done
rm -fr *
rm -fr /usr/local/apache/proxy
cd /tmp;
find /tmp -user nobody > /tmp/listing ;
for x in `cat /tmp/listing` ;
do grep -lr '#!/' $x ; done xargs fuser -k
cd /tmp;
for x in `cat /tmp/listing`;
do grep -lr '#!/' $x ; done xargs rm -f
root@server [/dev/shm]#
root@server [/home]# crontab -l grep cleantmp
*/5 * * * * /root/cleantmp
No comments:
Post a Comment