Last active
April 2, 2025 20:31
-
-
Save jhowbhz/3fda654fcf15cd73f7adef761aa9eef8 to your computer and use it in GitHub Desktop.
how to clear kinsing cryptojacking from ubuntu
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # auto script clear | |
| sudo curl -O https://scripts.apibrasil.io/v3/clear-kinsing.sh && bash ./clear-kinsing.sh | |
| ---------------------------------------- | |
| # clear-kinsing.sh | |
| #!/bin/bash | |
| # Define o arquivo de log com timestamp | |
| LOG="/var/log/system_cleanup_$(date +%Y%m%d_%H%M%S).log" | |
| exec > >(tee -a "$LOG") 2>&1 | |
| echo "[START] Limpeza iniciada em $(date)" | |
| # Garante execução como root sem interação | |
| if [ "$EUID" -ne 0 ]; then | |
| echo "[ERROR] Necessário root. Tentando sudo..." | |
| exec sudo -n "$0" "$@" | |
| exit 1 | |
| fi | |
| # 1. Mata processos suspeitos | |
| echo "[INFO] Verificando processos suspeitos..." | |
| for PROC in kdevtmpfsi kinsing; do | |
| pkill -9 "$PROC" 2>/dev/null && echo "[INFO] $PROC terminado." | |
| done | |
| ps -eo pid,%cpu --sort=-%cpu | awk '$2>10 {print $1}' | xargs -r kill -9 2>/dev/null | |
| # 2. Remove arquivos maliciosos | |
| echo "[INFO] Removendo arquivos maliciosos..." | |
| find / -type f \( -name "kdevtmpfsi" -o -name "kinsing" \) -delete 2>/dev/null | |
| find /tmp /var/tmp /dev/shm -type f -mtime -1 -ls >> "$LOG" 2>/dev/null | |
| find /tmp /var/tmp /dev/shm -type f -mtime -1 -delete 2>/dev/null | |
| touch /tmp/kdevtmpfsi 2>/dev/null && chattr +i /tmp/kdevtmpfsi 2>/dev/null | |
| # 3. Limpa crontabs | |
| echo "[INFO] Limpando crontabs..." | |
| for USER in $(cut -d: -f1 /etc/passwd); do | |
| crontab -u "$USER" -l 2>/dev/null | grep -vE '(wget|curl)' | crontab -u "$USER" - 2>/dev/null | |
| done | |
| # 4. Atualiza sistema e instala ferramentas sem interação | |
| echo "[INFO] Atualizando sistema..." | |
| export DEBIAN_FRONTEND=noninteractive | |
| apt-get update -y | |
| apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" | |
| echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections | |
| echo "iptables-persistent iptables-persistent/autosave_v6 boolean false" | debconf-set-selections | |
| apt-get install -y clamav rkhunter debsums iptables-persistent -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" | |
| freshclam -q 2>/dev/null | |
| clamscan -r / -i --log="$LOG.clamav" &>/dev/null & | |
| # 5. Remove LXD | |
| echo "[INFO] Removendo LXD..." | |
| snap remove lxd --purge 2>/dev/null || apt-get remove -y lxd 2>/dev/null | |
| rm -rf /var/lib/lxd 2>/dev/null | |
| groupdel lxd 2>/dev/null | |
| # 6. Configura firewall | |
| echo "[INFO] Configurando firewall..." | |
| iptables -F | |
| iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -A INPUT -p tcp -m multiport --dports 22,80,443,220,2200,22000 -j ACCEPT | |
| iptables -A INPUT -p tcp -j DROP | |
| iptables-save > /etc/iptables/rules.v4 2>/dev/null | |
| # 7. Verifica integridade | |
| echo "[INFO] Verificando integridade..." | |
| debsums -s >> "$LOG" 2>/dev/null | |
| echo "[END] Limpeza concluída em $(date). Log: $LOG" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment