Last active
May 10, 2019 04:03
-
-
Save ezirmusitua/1e0e500e7884bab350bfd4b9f5859626 to your computer and use it in GitHub Desktop.
[Remove Surveillance In VPS] remove surveillance while using aliyun & qcloud #vps #security
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source https://51.ruyo.net/5369.html | |
| # For Aliyun | |
| ## vim remove-aegis.sh | |
| #!/bin/bash | |
| ## check linux Gentoo os | |
| var=`lsb_release -a | grep Gentoo` | |
| if [ -z "${var}" ]; then | |
| var=`cat /etc/issue | grep Gentoo` | |
| fi | |
| if [ -d "/etc/runlevels/default" -a -n "${var}" ]; then | |
| LINUX_RELEASE="GENTOO" | |
| else | |
| LINUX_RELEASE="OTHER" | |
| fi | |
| stop_aegis(){ | |
| killall -9 aegis_cli >/dev/null 2>&1 | |
| killall -9 aegis_update >/dev/null 2>&1 | |
| killall -9 aegis_cli >/dev/null 2>&1 | |
| printf "%-40s %40s\n" "Stopping aegis" "[ OK ]" | |
| } | |
| stop_quartz(){ | |
| killall -9 aegis_quartz >/dev/null 2>&1 | |
| printf "%-40s %40s\n" "Stopping quartz" "[ OK ]" | |
| } | |
| remove_aegis(){ | |
| if [ -d /usr/local/aegis ];then | |
| rm -rf /usr/local/aegis/aegis_client | |
| rm -rf /usr/local/aegis/aegis_update | |
| fi | |
| } | |
| remove_quartz(){ | |
| if [ -d /usr/local/aegis ];then | |
| rm -rf /usr/local/aegis/aegis_quartz | |
| fi | |
| } | |
| uninstall_service() { | |
| if [ -f "/etc/init.d/aegis" ]; then | |
| /etc/init.d/aegis stop >/dev/null 2>&1 | |
| rm -f /etc/init.d/aegis | |
| fi | |
| if [ $LINUX_RELEASE = "GENTOO" ]; then | |
| rc-update del aegis default 2>/dev/null | |
| if [ -f "/etc/runlevels/default/aegis" ]; then | |
| rm -f "/etc/runlevels/default/aegis" >/dev/null 2>&1; | |
| fi | |
| elif [ -f /etc/init.d/aegis ]; then | |
| /etc/init.d/aegis uninstall | |
| for ((var=2; var<=5; var++)) do | |
| if [ -d "/etc/rc${var}.d/" ];then | |
| rm -f "/etc/rc${var}.d/S80aegis" | |
| elif [ -d "/etc/rc.d/rc${var}.d" ];then | |
| rm -f "/etc/rc.d/rc${var}.d/S80aegis" | |
| fi | |
| done | |
| fi | |
| } | |
| stop_aegis | |
| stop_quartz | |
| uninstall_service | |
| remove_aegis | |
| printf "%-40s %40s\n" "Uninstalling aegis" "[ OK ]" | |
| remove_quartz | |
| printf "%-40s %40s\n" "Uninstalling aegis_quartz" "[ OK ]" | |
| ## :wq | |
| ## bash remove-aegis.sh | |
| ## Forbid aegis ip | |
| ## sudo vim /etc/ufw/before.rules | |
| ## Add following line after `# End Required Line` | |
| -A ufw-before-input -s 140.205.201.0/28 -j DROP | |
| -A ufw-before-input -s 140.205.201.16/29 -j DROP | |
| -A ufw-before-input -s 140.205.201.32/28 -j DROP | |
| -A ufw-before-input -s 140.205.225.192/29 -j DROP | |
| -A ufw-before-input -s 140.205.225.200/30 -j DROP | |
| -A ufw-before-input -s 140.205.225.184/29 -j DROP | |
| -A ufw-before-input -s 140.205.225.183/32 -j DROP | |
| -A ufw-before-input -s 140.205.225.206/32 -j DROP | |
| -A ufw-before-input -s 140.205.225.205/32 -j DROP | |
| -A ufw-before-input -s 140.205.225.195/32 -j DROP | |
| -A ufw-before-input -s 140.205.225.204/32 -j DROP | |
| ## :wq | |
| # For Aliyun | |
| ## vim remove-qcloud.sh | |
| #!/bin/bash | |
| #fuck tx process | |
| rm -rf /usr/local/sa | |
| rm -rf /usr/local/agenttools | |
| rm -rf /usr/local/qcloud | |
| process=(sap100 secu-tcs-agent sgagent64 barad_agent agent agentPlugInD pvdriver ) | |
| for i in ${process[@]} | |
| do | |
| for A in $(ps aux | grep $i | grep -v grep | awk '{print $2}') | |
| do | |
| kill -9 $A | |
| done | |
| done | |
| chkconfig --level 35 postfix off | |
| service postfix stop | |
| echo ''>/var/spool/cron/root | |
| echo '#!/bin/bash' >/etc/rc.local | |
| ## :wq |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment