如何卸载阿里云&腾讯云官方的监控软件服务?
国内用户数比较大云服务商还属于阿里云和腾讯云。相对来说阿里云的相关产品最完善了!
当然阿里云的云服务也算是ZF重点监控对象。其中阿里提供了云盾(安骑士)监控服务,虽然功能是好的,但是......
使用阿里云ECS(尤其是海外的)之前得先把监控软件干掉,要不然啥都给阿里云监控了,一点隐私都没了。博主的女装照被爆出去可不好啦~~~
下面转载一篇卸载过程的日志,以后用得上。
卸载云盾(安骑士)
curl -sSL http://update.aegis.aliyun.com/download/quartz_uninstall.sh | sudo bash sudo rm -rf /usr/local/aegis sudo rm /usr/sbin/aliyun-service sudo rm /lib/systemd/system/aliyun.service
代码备份↓↓↓
bash #!/bin/bash #check linux Gentoo os var=`lsb_release -a | grep Gentoo` if [ -z "${var}" ]; then var=`cat /etc/issue | grep Gentoo` fi if [ -d "/etc/runlevels/default" -a -n "${var}" ]; then LINUX_RELEASE="GENTOO" else LINUX_RELEASE="OTHER" fi stop_aegis(){ killall -9 aegis_cli >/dev/null 2>&1 killall -9 aegis_update >/dev/null 2>&1 killall -9 aegis_cli >/dev/null 2>&1 printf "%-40s %40s\n" "Stopping aegis" "[ OK ]" } stop_quartz(){ killall -9 aegis_quartz >/dev/null 2>&1 printf "%-40s %40s\n" "Stopping quartz" "[ OK ]" } remove_aegis(){ if [ -d /usr/local/aegis ];then rm -rf /usr/local/aegis/aegis_client rm -rf /usr/local/aegis/aegis_update fi } remove_quartz(){ if [ -d /usr/local/aegis ];then rm -rf /usr/local/aegis/aegis_quartz fi } uninstall_service() { if [ -f "/etc/init.d/aegis" ]; then /etc/init.d/aegis stop >/dev/null 2>&1 rm -f /etc/init.d/aegis fi if [ $LINUX_RELEASE = "GENTOO" ]; then rc-update del aegis default 2>/dev/null if [ -f "/etc/runlevels/default/aegis" ]; then rm -f "/etc/runlevels/default/aegis" >/dev/null 2>&1; fi elif [ -f /etc/init.d/aegis ]; then /etc/init.d/aegis uninstall for ((var=2; var<=5; var++)) do if [ -d "/etc/rc${var}.d/" ];then rm -f "/etc/rc${var}.d/S80aegis" elif [ -d "/etc/rc.d/rc${var}.d" ];then rm -f "/etc/rc.d/rc${var}.d/S80aegis" fi done fi } stop_aegis stop_quartz uninstall_service remove_aegis printf "%-40s %40s\n" "Uninstalling aegis" "[ OK ]" remove_quartz printf "%-40s %40s\n" "Uninstalling aegis_quartz" "[ OK ]"
或者用网友简单粗暴版本:
#!/bin/bash rm -rf /usr/local/aegis for A in $(ps aux | grep Ali | grep -v grep | awk '{print $2}') do kill -9 $A; done
屏蔽云盾 IP
而后检查服务器记录时发现一堆 Alibaba.Security.Heimdall
的访问记录。网上查询发现是云盾。
根据官方介绍:
云盾会通过公网模拟黑客入侵攻击,进行安全扫描。所以服务器有安全防护时,需要对云盾扫描ip进行放行。
赶快屏蔽!
此处使用 UFW,iptables
用户请自己找一下添加方法。注意:如果已有接受 80 端口之类的规则,新增的拒绝 IP 规则在其后将不会生效。所以要在 /etc/ufw/before.rules
设置。
sudo nano
编辑此文件并找到 # End required lines
,在其后添加:
# Block Ali Yun Dun https://help.aliyun.com/knowledge_detail/37436.html -A ufw-before-input -s 140.205.201.0/28 -j DROP -A ufw-before-input -s 140.205.201.16/29 -j DROP -A ufw-before-input -s 140.205.201.32/28 -j DROP -A ufw-before-input -s 140.205.225.192/29 -j DROP -A ufw-before-input -s 140.205.225.200/30 -j DROP -A ufw-before-input -s 140.205.225.184/29 -j DROP -A ufw-before-input -s 140.205.225.183/32 -j DROP -A ufw-before-input -s 140.205.225.206/32 -j DROP -A ufw-before-input -s 140.205.225.205/32 -j DROP -A ufw-before-input -s 140.205.225.195/32 -j DROP -A ufw-before-input -s 140.205.225.204/32 -j DROP
保存后运行 sudo ufw reload
。完毕!
腾讯云解决方案
据说腾讯云也有类似问题:转:
#!/bin/bash #fuck tx process rm -rf /usr/local/sa rm -rf /usr/local/agenttools rm -rf /usr/local/qcloud process=(sap100 secu-tcs-agent sgagent64 barad_agent agent agentPlugInD pvdriver ) for i in ${process[@]} do for A in $(ps aux | grep $i | grep -v grep | awk '{print $2}') do kill -9 $A done done chkconfig --level 35 postfix off service postfix stop echo ''>/var/spool/cron/root echo '#!/bin/bash' >/etc/rc.local
文章转载:
https://www.cmsky.com/uninstall-aliyun-monitoring
https://blog.whe.me/post/uninstall-aliyun-monitoring.html
参考文献:
版权声明:
作者:我是小马甲~
链接:https://fandai.gezi.workers.dev/5369.html
来源:如有乐享
文章版权归作者所有,未经允许请勿转载。
littleplus
我是小马甲~@littleplus
surge
majia
admin@majia
Twang
情醉中国风