During this period of time, the CPU load on the server is still very high without a process. I suspect that the server has been hijacked. I
Code:
cat /etc/ld.so.preload
, Found the following line:
Code:
/usr/local/lib/libprocesshider.so
According to the forum, I should modify the ld.so.preload file to delete this line, but I found that I did not have permission. I found that my lsattr and chattr commands all failed, even if I repeatedly installed e2fsprogs.I recompiled chattr using the forum method, and
Code:
sudo ./chattr -ia /etc/ld.so.preload
. And got the following:
Code:
leelee@ubuntu-PowerEdge-T440:~/tools$ sudo ./chattr -ia /etc/ld.so.preload
cur attrs: 0x00080030, mask: 0x00000030
new attrs: 0x00080000
But I still cannot edit this file because
Code:
W10: Warning: Changing a readonly file
. How can I solve this problem?
Bookmarks