殺進程什麽的, 沒有用的。你根本殺不掉。
卸載阿裡雲盾監控的腳本命令
# 卸載雲盾 wget "http://update2.aegis.aliyun.com/download/uninstall.sh" && chmod +x uninstall.sh && ./uninstall.sh # 除了雲盾之外, 還有個雲監控, 佔你内存玩 /usr/local/cloudmonitor/CmsGoAgent.linux-amd64 stop && /usr/local/cloudmonitor/CmsGoAgent.linux-amd64 uninstall && rm -rf /usr/local/cloudmonitor
早期的方法, 實測已失效, 但先留在這裡參考:
wget http://update.aegis.aliyun.com/download/uninstall.sh chmod +x uninstall.sh ./uninstall.sh wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh chmod +x quartz_uninstall.sh ./quartz_uninstall.sh
刪除殘留
pkill aliyun-service rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service rm -rf /usr/local/aegis*
報錯wait AliYunDun process exit fail, possibly due to self-protection, please uninstall aegis or disable self-protection from the aegis console.
報錯全文類似這樣:
Stopping aegis [ OK ] wait aegis exit wait AliYunDun process exit fail, possibly due to self-protection, please uninstall aegis or disable self-protection from the aegis console.
這是阿裡故意安排的一個坑, 讓你到網頁控制台裡面關。沒有辦法,只好在阿裡雲控制台裡搜索“雲盾”二字,找到雲盾控制台,然後找到左邊的資産中心->主機資産, 挨個找到要關掉雲盾的主機, 把防禦狀態選項卡裡的這個保護那個保護, 尤其是客戶耑自我保護, 全關掉, 不然這東西和360安全衛士一樣,你別想弄干淨。
找不到雲盾控制台在哪? https://yundun.console.aliyun.com/
你是否顧慮“雲盾”刪了,沒人確保你服務器安全?相信看這篇文章的人已經非常了解自己在干什麽。
屏蔽雲盾 IP
iptables -I INPUT -s 140.205.201.0/28 -j DROP iptables -I INPUT -s 140.205.201.16/29 -j DROP iptables -I INPUT -s 140.205.201.32/28 -j DROP iptables -I INPUT -s 140.205.225.192/29 -j DROP iptables -I INPUT -s 140.205.225.200/30 -j DROP iptables -I INPUT -s 140.205.225.184/29 -j DROP iptables -I INPUT -s 140.205.225.183/32 -j DROP iptables -I INPUT -s 140.205.225.206/32 -j DROP iptables -I INPUT -s 140.205.225.205/32 -j DROP iptables -I INPUT -s 140.205.225.195/32 -j DROP iptables -I INPUT -s 140.205.225.204/32 -j DROP
後記
如果是debian系統呢? 可以試試這個, 未必對你的系統有用。
apt autoremove aliyun-assist
貼一下阿裡官方的雲盾卸載腳本:
#!/bin/bash
# -i : uninstall before install, do not delete domaincfg.ini
AEGIS_INSTALL_DIR="/usr/local/aegis"
AEGIS_SYSTEMD_SERVICE_PATH="/etc/systemd/system/aegis.service"
UNINSTALL_FOR_INSTALL=1 # 1 is false, 0 is true, default is false
UUID=""
#check linux Gentoo os
var=`lsb_release -a | grep Gentoo`
if [ -z "${var}" ]; then
var=`cat /etc/issue | grep Gentoo`
fi
checkCoreos=`cat /etc/os-release 2>/dev/null | grep coreos`
if [ -d "/etc/runlevels/default" -a -n "${var}" ]; then
LINUX_RELEASE="GENTOO"
elif [ -f "/etc/os-release" -a -n "${checkCoreos}" ]; then
LINUX_RELEASE="COREOS"
AEGIS_INSTALL_DIR="/opt/aegis"
else
LINUX_RELEASE="OTHER"
fi
AEGIS_UPDATE_SITE_ARRAY[0]="update2.aegis.aliyun.com"
AEGIS_UPDATE_SITE_ARRAY[1]="update4.aegis.aliyun.com"
AEGIS_UPDATE_SITE_ARRAY[2]="update5.aegis.aliyun.com"
AEGIS_UPDATE_SITE_ARRAY[3]="update.aegis.aliyun.com"
stop_aegis_pkill(){
pkill -9 AliHips >/dev/null 2>&1
/usr/local/aegis/alihips/AliHips --stopdriver
pkill -9 AliYunDun >/dev/null 2>&1
pkill -9 AliYunDunMonitor >/dev/null 2>&1
pkill -9 AliYunDunUpdate >/dev/null 2>&1
pkill -9 AliNet >/dev/null 2>&1
# TODO: do not kill AliSecGuard to avoid soft lock bug for old version
# pkill -9 AliSecGuard >/dev/null 2>&1
pkill -9 AliDetect >/dev/null 2>&1
pkill -9 AliScriptEngine >/dev/null 2>&1
/usr/local/aegis/AliNet/AliNet --stopdriver
# /usr/local/aegis/AliSecGuard/AliSecGuard --stopdriver
DRIVER_OWNER_FILE_PATH="/usr/local/aegis/AliSecGuard/driver_owner.txt"
if [ -f "${DRIVER_OWNER_FILE_PATH}" ]; then
DRIVER_OWNER_PATH=$(cat "${DRIVER_OWNER_FILE_PATH}")
"${DRIVER_OWNER_PATH}" --stopdriver
fi
printf "%-40s %40s\n" "Stopping aegis" "[ OK ]"
}
# can not remove all aegis folder, because there is backup file in globalcfg
remove_aegis(){
kprobeArr=(
"/sys/kernel/debug/tracing/instances/aegis_do_sys_open/set_event"
"/sys/kernel/debug/tracing/instances/aegis_inet_csk_accept/set_event"
"/sys/kernel/debug/tracing/instances/aegis_tcp_connect/set_event"
"/sys/kernel/debug/tracing/instances/aegis/set_event"
"/sys/kernel/debug/tracing/instances/aegis_/set_event"
"/sys/kernel/debug/tracing/instances/aegis_accept/set_event"
"/sys/kernel/debug/tracing/kprobe_events"
"/usr/local/aegis/aegis_debug/tracing/set_event"
"/usr/local/aegis/aegis_debug/tracing/kprobe_events"
)
for value in ${kprobeArr[@]}
do
if [ -f "$value" ]; then
echo > $value
fi
done
if [ -d "${AEGIS_INSTALL_DIR}" ];then
umount ${AEGIS_INSTALL_DIR}/aegis_debug
if [ -d "${AEGIS_INSTALL_DIR}/cgroup/cpu" ];then
umount ${AEGIS_INSTALL_DIR}/cgroup/cpu
fi
if [ -d "${AEGIS_INSTALL_DIR}/cgroup" ];then
umount ${AEGIS_INSTALL_DIR}/cgroup
fi
rm -rf ${AEGIS_INSTALL_DIR}/aegis_client
rm -rf ${AEGIS_INSTALL_DIR}/aegis_update
rm -rf ${AEGIS_INSTALL_DIR}/alihids
# when uninstall.sh call by AliAqsInstall_64, it can not delete domaincfg.ini, because it may create new domaincfg.ini for install
# UNINSTALL_FOR_INSTALL is 0 when call by AliAqsInstall_64
if [ ${UNINSTALL_FOR_INSTALL} == 1 ]; then
echo "remove domaincfg.ini"
rm -f ${AEGIS_INSTALL_DIR}/globalcfg/domaincfg.ini
fi
fi
}
uninstall_systemd_service()
{
if [ -f "$AEGIS_SYSTEMD_SERVICE_PATH" ]; then
systemctl stop aegis 2>/dev/null
systemctl disable aegis 2>/dev/null
rm -f "$AEGIS_SYSTEMD_SERVICE_PATH"
fi
return 0
}
uninstall_service() {
if [ -f "/etc/init.d/aegis" ]; then
/etc/init.d/aegis stop >/dev/null 2>&1
rm -f /etc/init.d/aegis
fi
if [ $LINUX_RELEASE = "GENTOO" ]; then
rc-update del aegis default 2>/dev/null
if [ -f "/etc/runlevels/default/aegis" ]; then
rm -f "/etc/runlevels/default/aegis" >/dev/null 2>&1;
fi
elif [ -f /etc/init.d/aegis ]; then
/etc/init.d/aegis uninstall
for ((var=2; var<=5; var++)) do
if [ -d "/etc/rc${var}.d/" ];then
rm -f "/etc/rc${var}.d/S80aegis"
elif [ -d "/etc/rc.d/rc${var}.d" ];then
rm -f "/etc/rc.d/rc${var}.d/S80aegis"
fi
done
fi
# uninstall systemd service
uninstall_systemd_service
}
wait_aegis_exit()
{
var=1
limit=10
echo "wait aegis exit";
while [[ $var -lt $limit ]]; do
if [ -n "$(ps -ef|grep aegis_client|grep -v grep)" ]; then
sleep 1
else
return
fi
((var++))
done
echo "wait AliYunDun process exit fail, possibly due to self-protection, please uninstall aegis or disable self-protection from the aegis console."
exit 6
}
report_uninstall_result()
{
echo "start report uninstall"
checkValue=0
for((; checkValue < ${#AEGIS_UPDATE_SITE_ARRAY[@]}; checkValue++))
do
echo "${AEGIS_UPDATE_SITE_ARRAY[checkValue]}"
curl --retry 2 --connect-timeout 5 -m 30 --header "Content-Type: application/json" --request POST --data "{\"version\": 4,\"data\": {\"uuid\": \"${UUID}\", \"type\": \"uninstall\"}}" "https://${AEGIS_UPDATE_SITE_ARRAY[checkValue]}/update"
if [ $? == 0 ]; then
return $checkValue
fi
done;
echo "report uninstall result error" 1>&2
exit 1
}
# entry
if [ `id -u` -ne "0" ]; then
echo "ERROR: This script must be run as root." 1>&2
exit 8
fi
#parse argument
for arg in "$@"
do
argkey="${arg:0:2}"
argvalue="${arg#*=}"
if [ "${argkey}" == "-i" ]; then
UNINSTALL_FOR_INSTALL=0
echo "uninstall for install"
elif [ "${argkey}" == "-d" ]; then
UUID=${argvalue}
elif [ "${argkey}" == "-u" ]; then
AEGIS_UPDATE_SITE_ARRAY=(${argvalue//|/ })
echo "specify udpate domain argument is ${argvalue}"
else
# old AliYunDun just send uuid as argument
UUID="${arg}"
fi
done
echo "uuid is ${UUID}"
stop_aegis_pkill
wait_aegis_exit
uninstall_service
remove_aegis
umount ${AEGIS_INSTALL_DIR}/aegis_debug
printf "%-40s %40s\n" "Uninstalling aegis" "[ OK ]"
# report uninstall result
if [ -n "${UUID}" -a "${UNINSTALL_FOR_INSTALL}" != 0 ]; then
report_uninstall_result
fi
