求助：linux中木马了

weixin_38050048 2005-03-16 02:47:35

在redhat7.2 上安装了sendmail(sendmail-8.11.6-27.72)邮件
当机器重新安装后，把邮件用户的数据（用户邮件）恢复后，运行半天之后就会出现这些现象：执行的基本命令系统不能自动释放，当机器重启时，就会在set hostname 处停机

root    1886    1  0 08:48 tty1    00:00:00 login -- root
root    2327  1861  0 08:56 ?       00:00:01 /usr/sbin/sshd
root    2378  2327  0 08:56 pts/1 00:00:00 -bash
root    2760    1  0 09:08 pts/1 00:00:00 /bin/sh /usr/bin/safe_mysqld --defaults-file=/tcmail/services/mysqld/conf/m
mysql    2787  2760  0 09:08 pts/1 00:00:00 /usr/libexec/mysqld --defaults-file=/tcmail/services/mysqld/conf/mysql.conf
mysql    2789  2787  0 09:08 pts/1 00:00:00 /usr/libexec/mysqld --defaults-file=/tcmail/services/mysqld/conf/mysql.conf
mysql    2790  2789  0 09:08 pts/1 00:00:00 /usr/libexec/mysqld --defaults-file=/tcmail/services/mysqld/conf/mysql.conf
mysql    2791  2789  0 09:08 pts/1 00:00:00 /usr/libexec/mysqld --defaults-file=/tcmail/services/mysqld/conf/mysql.conf
501    2793  1523  0 09:08 ?       00:00:00 /usr/sbin/httpsd -f /tcmail/services/httpd/conf/httpsd.conf -D HAVE_DAV -D
501    2813  1523  0 09:11 ?       00:00:00 /usr/sbin/httpsd -f /tcmail/services/httpd/conf/httpsd.conf -D HAVE_DAV -D
501    2842  1523  0 09:14 ?       00:00:00 /usr/sbin/httpsd -f /tcmail/services/httpd/conf/httpsd.conf -D HAVE_DAV -D
root    3033    1  0 09:17 ?       00:00:00 xinetd -stayalive -reuse -pidfile /var/run/xinetd.pid
root    20090    1  0 09:55 ?       00:00:00 sendmail: accepting connections
root    22133  1886  0 11:55 tty1    00:00:00 -bash
root    22192 22133  0 11:58 tty1    00:00:22 top
root    23060    1  0 13:19 pts/1 00:00:00 chmod 700 cat bash cpio cut ed kill hostname ls more pwd ps rmdir sh touch uname vi
root    23061 23060  0 13:19 pts/1 00:00:00 [chmod <defunct>;]
root    23078    1  0 13:20 pts/1 00:00:00 chmod 700 tar gzip gunzip
root    23079 23078  0 13:20 pts/1 00:00:00 [chmod <defunct>;]
root    23217    1  0 13:27 ?       00:00:00 minilogd
500    23293  1349  0 13:30 ?       00:00:01 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
500    23385  1349  0 13:32 ?       00:00:04 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
500    23389  1349  0 13:32 ?       00:00:01 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
500    23404  1349  0 13:32 ?       00:00:00 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
root    23790    1  0 13:44 tty1    00:00:00 cp -i -arf shizuru /uncvms_members/njda/mail
root    23791 23790  0 13:44 tty1    00:00:00 [cp <defunct>;]
500    23829  1349  0 13:45 ?       00:00:00 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
root    23841 22133  0 13:46 tty1    00:00:07 top
500    24737  1349  0 14:14 ?       00:00:00 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
root    24775  2378  0 14:17 pts/1 00:00:02 find / -type f ( -perm -04000 -o -perm -02000 ) -print
root    24776  2378  0 14:17 pts/1 00:00:00 less
root    24782  1861  0 14:18 ?       00:00:00 /usr/sbin/sshd
root    24795 24782  0 14:18 pts/0 00:00:00 -bash
root    24828 24795  0 14:20 pts/0 00:00:00 bash
500    24885  1349  0 14:22 ?       00:00:00 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
root    24911 24828  0 14:22 pts/0 00:00:00 ps -ef

...全文