国内用户数比较大云服务商还属于阿里云和腾讯云。相对来说阿里云的相关产品最完善了!
当然阿里云的云服务也算是ZF重点监控对象。其中阿里提供了云盾(安骑士)监控服务,虽然功能是好的,但是……
使用阿里云ECS(尤其是海外的)之前得先把监控软件干掉,要不然啥都给阿里云监控了,一点隐私都没了。博主的女装照被爆出去可不好啦~~~
下面转载一篇卸载过程的日志,以后用得上。
卸载云盾(安骑士)
1
2
3
4
5
6
7
|
curl –sSL http://update.aegis.aliyun.com/download/quartz_uninstall.sh | sudo bash
sudo rm –rf /usr/local/aegis
sudo rm /usr/sbin/aliyun–service
sudo rm /lib/systemd/system/aliyun.service
|
代码备份↓↓↓
或者用网友简单粗暴版本:
1
2
3
4
5
6
|
#!/bin/bash
rm –rf /usr/local/aegis
for A in $(ps aux | grep Ali | grep –v grep | awk ‘{print $2}’)
do
kill –9 $A;
done
|
屏蔽云盾 IP
而后检查服务器记录时发现一堆 Alibaba.Security.Heimdall 的访问记录。网上查询发现是云盾。
根据官方介绍:
云盾会通过公网模拟黑客入侵攻击,进行安全扫描。所以服务器有安全防护时,需要对云盾扫描ip进行放行。
赶快屏蔽!
此处使用 UFW, iptables 用户请自己找一下添加方法。注意:如果已有接受 80 端口之类的规则,新增的拒绝 IP 规则在其后将不会生效。所以要在 /etc/ufw/before.rules 设置。
sudo nano 编辑此文件并找到 # End required lines,在其后添加:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
# Block Ali Yun Dun https://help.aliyun.com/knowledge_detail/37436.html
–A ufw–before–input –s 140.205.201.0/28 –j DROP
–A ufw–before–input –s 140.205.201.16/29 –j DROP
–A ufw–before–input –s 140.205.201.32/28 –j DROP
–A ufw–before–input –s 140.205.225.192/29 –j DROP
–A ufw–before–input –s 140.205.225.200/30 –j DROP
–A ufw–before–input –s 140.205.225.184/29 –j DROP
–A ufw–before–input –s 140.205.225.183/32 –j DROP
–A ufw–before–input –s 140.205.225.206/32 –j DROP
–A ufw–before–input –s 140.205.225.205/32 –j DROP
–A ufw–before–input –s 140.205.225.195/32 –j DROP
–A ufw–before–input –s 140.205.225.204/32 –j DROP
|
保存后运行 sudo ufw reload。完毕!
腾讯云解决方案
据说腾讯云也有类似问题:转:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
#!/bin/bash
#fuck tx process
rm –rf /usr/local/sa
rm –rf /usr/local/agenttools
rm –rf /usr/local/qcloud
process=(sap100 secu–tcs–agent sgagent64 barad_agent agent agentPlugInD pvdriver )
for i in ${process[@]}
do
for A in $(ps aux | grep $i | grep –v grep | awk ‘{print $2}’)
do
kill –9 $A
done
done
chkconfig —level 35 postfix off
service postfix stop
echo ”>/var/spool/cron/root
echo ‘#!/bin/bash’ >/etc/rc.local
|
文章转载:
https://www.cmsky.com/uninstall-aliyun-monitoring
https://blog.whe.me/post/uninstall-aliyun-monitoring.html
参考文献: