求助:linux中木马了
在redhat7.2 上安装了sendmail(sendmail-8.11.6-27.72)邮件
当机器重新安装后,把邮件用户的数据(用户邮件)恢复后,运行半天之后就会出现这些现象:执行的基本命令系统不能自动释放,当机器重启时,就会在set hostname 处停机
root 1886 1 0 08:48 tty1 00:00:00 login -- root
root 2327 1861 0 08:56 ? 00:00:01 /usr/sbin/sshd
root 2378 2327 0 08:56 pts/1 00:00:00 -bash
root 2760 1 0 09:08 pts/1 00:00:00 /bin/sh /usr/bin/safe_mysqld --defaults-file=/tcmail/services/mysqld/conf/m
mysql 2787 2760 0 09:08 pts/1 00:00:00 /usr/libexec/mysqld --defaults-file=/tcmail/services/mysqld/conf/mysql.conf
mysql 2789 2787 0 09:08 pts/1 00:00:00 /usr/libexec/mysqld --defaults-file=/tcmail/services/mysqld/conf/mysql.conf
mysql 2790 2789 0 09:08 pts/1 00:00:00 /usr/libexec/mysqld --defaults-file=/tcmail/services/mysqld/conf/mysql.conf
mysql 2791 2789 0 09:08 pts/1 00:00:00 /usr/libexec/mysqld --defaults-file=/tcmail/services/mysqld/conf/mysql.conf
501 2793 1523 0 09:08 ? 00:00:00 /usr/sbin/httpsd -f /tcmail/services/httpd/conf/httpsd.conf -D HAVE_DAV -D
501 2813 1523 0 09:11 ? 00:00:00 /usr/sbin/httpsd -f /tcmail/services/httpd/conf/httpsd.conf -D HAVE_DAV -D
501 2842 1523 0 09:14 ? 00:00:00 /usr/sbin/httpsd -f /tcmail/services/httpd/conf/httpsd.conf -D HAVE_DAV -D
root 3033 1 0 09:17 ? 00:00:00 xinetd -stayalive -reuse -pidfile /var/run/xinetd.pid
root 20090 1 0 09:55 ? 00:00:00 sendmail: accepting connections
root 22133 1886 0 11:55 tty1 00:00:00 -bash
root 22192 22133 0 11:58 tty1 00:00:22 top
root 23060 1 0 13:19 pts/1 00:00:00 chmod 700 cat bash cpio cut ed kill hostname ls more pwd ps rmdir sh touch uname vi
root 23061 23060 0 13:19 pts/1 00:00:00 [chmod <defunct>;]
root 23078 1 0 13:20 pts/1 00:00:00 chmod 700 tar gzip gunzip
root 23079 23078 0 13:20 pts/1 00:00:00 [chmod <defunct>;]
root 23217 1 0 13:27 ? 00:00:00 minilogd
500 23293 1349 0 13:30 ? 00:00:01 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
500 23385 1349 0 13:32 ? 00:00:04 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
500 23389 1349 0 13:32 ? 00:00:01 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
500 23404 1349 0 13:32 ? 00:00:00 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
root 23790 1 0 13:44 tty1 00:00:00 cp -i -arf shizuru /uncvms_members/njda/mail
root 23791 23790 0 13:44 tty1 00:00:00 [cp <defunct>;]
500 23829 1349 0 13:45 ? 00:00:00 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
root 23841 22133 0 13:46 tty1 00:00:07 top
500 24737 1349 0 14:14 ? 00:00:00 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
root 24775 2378 0 14:17 pts/1 00:00:02 find / -type f ( -perm -04000 -o -perm -02000 ) -print
root 24776 2378 0 14:17 pts/1 00:00:00 less
root 24782 1861 0 14:18 ? 00:00:00 /usr/sbin/sshd
root 24795 24782 0 14:18 pts/0 00:00:00 -bash
root 24828 24795 0 14:20 pts/0 00:00:00 bash
500 24885 1349 0 14:22 ? 00:00:00 /usr/sbin/httpd -f /tcmail/services/httpd/conf/httpd.conf -D HAVE_DAV -D HA
root 24911 24828 0 14:22 pts/0 00:00:00 ps -ef