如何将良心云的良心功能清理干净

首先是明面上有的卸载脚本：

1
sudo /usr/local/qcloud/stargate/admin/uninstall.sh
2
sudo /usr/local/qcloud/monitor/barad/admin/uninstall.sh

然后是藏起来的自动化助手：

1
cd /tmp && mkdir tmp && cd tmp && wget https://tat-gz-1258344699.cos.ap-guangzhou.myqcloud.com/tat_agent_linux_x86_64.zip && unzip tat_agent_linux_x86_64.zip && ./uninstall.sh

最后是最神秘的 secu-tcs-agent。首先先把维持它运转的 crontab 和 rc.local 清一下：

1
sudo vim /var/spool/cron/crontabs/root
2
sudo vim /etc/rc.d/rc.local

删除这两个文件的对应部分，默认是最后两行。然后 root 执行下面的脚本：

1
#!/bin/bash
2
###ver=5.0.0
3

4
PATH="/usr/local/bin:/usr/bin:/sbin:/usr/X11R6/bin:/usr/sbin:/bin:/usr/games"
5
export PATH
6

7
# 20%
8
CPU_LIMIT=2000
9
# uint: KB, 50M
10
RSS_LIMIT=51200
11

12
SCRIPT_PATH=/usr/local/sa/agent/kill.sh
13
BASE_DIR=/usr/local/sa/agent
14

15
PROC_NAME=secu-tcs-agent
16

17
PS_INFO=$BASE_DIR/secubase/secu-tcs-ps.info
18
MON_LOG=$BASE_DIR/secubase/secu-tcs-ps.log
19
LIMIT_FILE=$BASE_DIR/secubase/secu-tcs-ps.lmt
20
RESTART_FILE=$BASE_DIR/secubase/secu-tcs-restart.cnt
21

22
# 检查日志, 如果大小超过限制就删除
23
if [ -e ${MON_LOG} ]; then
24
        LOG_FILE_SIZE=`stat --format=%s ${MON_LOG}`
25
        # limit 10K
26
        if [ $LOG_FILE_SIZE -gt 10240 ]; then
27
                rm -f ${MON_LOG}
28
        fi
29
fi
30

31
# 获取pid为1的进程的mnt namespace inode
32
PID1_MNT_NS_INODE=""
33
if [ -L /proc/1/ns/mnt ]; then
34
        PID1_MNT_NS_INODE=$(readlink /proc/1/ns/mnt)
35
fi
36

37

38
function DoLog()
39
{
40
        CUR_TIME=`date +"%Y-%m-%d %H:%M:%S"`
41
        echo "[$CUR_TIME] $1" >> $MON_LOG
42
}
43

44
function DoStop()
45
{
46
        if [ -z "$PID1_MNT_NS_INODE" ]; then
47
                LIST_WATCH_DOG_PID=`ps -efw | grep "watchdog\.sh" | grep $BASE_DIR | grep -v grep | awk -F ' ' '{print $2}'`
48
                for watchdog_pid in $LIST_WATCH_DOG_PID
49
                do
50
                        kill -9 $watchdog_pid
51
                done
52

53
                LIST_AGENT_PID=`ps -efw | grep -E "${PROC_NAME}($|[[:space:]]+)" | grep $BASE_DIR | grep -v grep | awk -F ' ' '{print $2}'`
54
                for agent_pid in $LIST_AGENT_PID
55
                do
56
                        kill -9 $agent_pid
57
                done
58
        else
59
                LIST_WATCH_DOG_PID=`ps -efw | grep "watchdog\.sh" | grep $BASE_DIR | grep -v grep | awk -F ' ' '{print $2}'`
60
                for watchdog_pid in $LIST_WATCH_DOG_PID
61
                do
62
                        WATCHDOG_MNT_NS_INODE=$(readlink /proc/${watchdog_pid}/ns/mnt)
63
                        if [ "$WATCHDOG_MNT_NS_INODE" = "$PID1_MNT_NS_INODE" ]; then
64
                                kill -9 $watchdog_pid
65
                        fi
66
                done
67

68
                LIST_AGENT_PID=`ps -efw | grep -E "${PROC_NAME}($|[[:space:]]+)" | grep $BASE_DIR | grep -v grep | awk -F ' ' '{print $2}'`
69
                for agent_pid in $LIST_AGENT_PID
70
                do
71
                        AGENT_MNT_NS_INODE=$(readlink /proc/${agent_pid}/ns/mnt)
72
                        if [ "$AGENT_MNT_NS_INODE" = "$PID1_MNT_NS_INODE" ]; then
73
                                kill -9 $agent_pid
74
                        fi
75
                done
76
        fi
77
}
78

79
DoStop

最后移除这两个目录：

1
sudo rm -rf /usr/local/qcloud/
2
sudo rm -rf /usr/local/sa/

終わり！