Skip to content

如何将良心云的良心功能清理干净

Published: at 20:23

首先是明面上有的卸载脚本:

Terminal window
1
sudo /usr/local/qcloud/stargate/admin/uninstall.sh
2
sudo /usr/local/qcloud/monitor/barad/admin/uninstall.sh

然后是藏起来的自动化助手

Terminal window
1
cd /tmp && mkdir tmp && cd tmp && wget https://tat-gz-1258344699.cos.ap-guangzhou.myqcloud.com/tat_agent_linux_x86_64.zip && unzip tat_agent_linux_x86_64.zip && ./uninstall.sh

最后是最神秘的 secu-tcs-agent。首先先把维持它运转的 crontabrc.local 清一下:

Terminal window
1
sudo vim /var/spool/cron/crontabs/root
2
sudo vim /etc/rc.d/rc.local

删除这两个文件的对应部分,默认是最后两行。然后 root 执行下面的脚本:

1
#!/bin/bash
2
###ver=5.0.0
3
4
PATH="/usr/local/bin:/usr/bin:/sbin:/usr/X11R6/bin:/usr/sbin:/bin:/usr/games"
5
export PATH
6
7
# 20%
8
CPU_LIMIT=2000
9
# uint: KB, 50M
10
RSS_LIMIT=51200
11
12
SCRIPT_PATH=/usr/local/sa/agent/kill.sh
13
BASE_DIR=/usr/local/sa/agent
14
15
PROC_NAME=secu-tcs-agent
16
17
PS_INFO=$BASE_DIR/secubase/secu-tcs-ps.info
18
MON_LOG=$BASE_DIR/secubase/secu-tcs-ps.log
19
LIMIT_FILE=$BASE_DIR/secubase/secu-tcs-ps.lmt
20
RESTART_FILE=$BASE_DIR/secubase/secu-tcs-restart.cnt
21
22
# 检查日志, 如果大小超过限制就删除
23
if [ -e ${MON_LOG} ]; then
24
LOG_FILE_SIZE=`stat --format=%s ${MON_LOG}`
25
# limit 10K
26
if [ $LOG_FILE_SIZE -gt 10240 ]; then
27
rm -f ${MON_LOG}
28
fi
29
fi
30
31
# 获取pid为1的进程的mnt namespace inode
32
PID1_MNT_NS_INODE=""
33
if [ -L /proc/1/ns/mnt ]; then
34
PID1_MNT_NS_INODE=$(readlink /proc/1/ns/mnt)
35
fi
36
37
38
function DoLog()
39
{
40
CUR_TIME=`date +"%Y-%m-%d %H:%M:%S"`
41
echo "[$CUR_TIME] $1" >> $MON_LOG
42
}
43
44
function DoStop()
45
{
46
if [ -z "$PID1_MNT_NS_INODE" ]; then
47
LIST_WATCH_DOG_PID=`ps -efw | grep "watchdog\.sh" | grep $BASE_DIR | grep -v grep | awk -F ' ' '{print $2}'`
48
for watchdog_pid in $LIST_WATCH_DOG_PID
49
do
50
kill -9 $watchdog_pid
51
done
52
53
LIST_AGENT_PID=`ps -efw | grep -E "${PROC_NAME}($|[[:space:]]+)" | grep $BASE_DIR | grep -v grep | awk -F ' ' '{print $2}'`
54
for agent_pid in $LIST_AGENT_PID
55
do
56
kill -9 $agent_pid
57
done
58
else
59
LIST_WATCH_DOG_PID=`ps -efw | grep "watchdog\.sh" | grep $BASE_DIR | grep -v grep | awk -F ' ' '{print $2}'`
60
for watchdog_pid in $LIST_WATCH_DOG_PID
61
do
62
WATCHDOG_MNT_NS_INODE=$(readlink /proc/${watchdog_pid}/ns/mnt)
63
if [ "$WATCHDOG_MNT_NS_INODE" = "$PID1_MNT_NS_INODE" ]; then
64
kill -9 $watchdog_pid
65
fi
66
done
67
68
LIST_AGENT_PID=`ps -efw | grep -E "${PROC_NAME}($|[[:space:]]+)" | grep $BASE_DIR | grep -v grep | awk -F ' ' '{print $2}'`
69
for agent_pid in $LIST_AGENT_PID
70
do
71
AGENT_MNT_NS_INODE=$(readlink /proc/${agent_pid}/ns/mnt)
72
if [ "$AGENT_MNT_NS_INODE" = "$PID1_MNT_NS_INODE" ]; then
73
kill -9 $agent_pid
74
fi
75
done
76
fi
77
}
78
79
DoStop

最后移除这两个目录:

Terminal window
1
sudo rm -rf /usr/local/qcloud/
2
sudo rm -rf /usr/local/sa/

終わり!