我是一个test
/usr/local/clamav/bin/clamscan -r --remove (查杀当前目录并删除感染的文件)
/usr/local/clamav/bin/clamscan -r --bell -i / (扫描所有文件并且显示有问题的文件的扫描结果)
--move [路径] 移动病毒文件至
--------扫描摘要--------------------------------------------------------------
已知病毒:6688978
引擎版本:0.100.1
扫描目录:785
扫描文件:8281
感染档案:0
数据扫描:373.42兆字节
数据读取:780.10毫巴(比0.48∶1)
时间:82.357秒(1米22秒)
二、更新病毒库
执行更新命令,下载病毒库
# /opt/clamav/bin/freshclam
一般都下载不了
可以wget到本地来
#cd /usr/local/clamav/share/clamav
#wget http://database.clamav.net/main.cvd
#wget http://database.clamav.net/daily.cvd
#wget http://database.clamav.net/bytecode.cvd
# chown clamav:clamav *
三、命令扫描
clamav有两个命令:clamdscan、clamscan
clamdscan命令一般用yum安装才能使用,需要启动clamd服务,执行速度快
clamscan命令通用,不依赖服务,命令参数较多,执行速度稍慢
clamdscan:
#service clamd start
用clamdscan扫描,需要开始服务才能使用。速度快,不用带-r,默认会递归扫描子目录
#clamdscan /usr
clamscan:
用clamscan扫描,不需要开始服务就能使用。速度慢,要带-r,才会递归扫描子目录
#clamscan -r /usr
这个命令不仅会显示找到的病毒,正常的扫描文件也会显示出来。
可以用下面这个命令,只显示找到的病毒信息
# clamscan --no-summary -ri /tmp
-r 递归扫描子目录
-i 只显示发现的病毒文件
--no-summary 不显示统计信息
可以写个脚本,用这句命令定期扫描,有返回值即触发告警。
https://cloud.tencent.com/info/73642eeb3d8cc861934a8fdde1ef6772.html
http://www.cnblogs.com/kerrycode/p/4754820.html
/usr/lib64/libgcj_bc.so.1.0.0: Heuristics.Broken.Executable FOUND 1.
/usr/bin/yutfutudgf: Unix.Trojan.Xorddos-1 FOUND
/lib/libudev4.so: Unix.Trojan.Xorddos-1 FOUND
/boot/vmlinuz-redhat-upgrade-tool: Heuristics.Broken.Executable FOUND
/boot/efi/EFI/redhat/grub.efi: Heuristics.Broken.Executable FOUND 2.
- hosts: ip
remote_user: 用户
vars:
admin: 'yes'
bao: '20181024'
roles:
- update
default files handlers tasks templates vars
- name: stop admin
shell: aa stop admin && touch /tmp/admin.ok
when: admin == "yes"
- name: rm aa files
shell: ls /tmp/admin.ok && rm -rf /aa/app/admin
register: rmfile
when: aa == "yes"
- name: unarchive_aa
unarchive:
src: ansible/{{ bao }}/aa.tar.gz
dest: /aa/app/
copy: yes
owner: aa
group: aa
creates: /aa/app/admin
#when: rmfile | succeeded
- name: aa start
shell: aa start admin
- name: Print debug infomation eg
hosts: test2
tasks:
- name: Command run line
shell: date
register: result
- name: Show debug info
debug: var=result.stdout verbosity=0
xiaoma ge
增加用户
---
- hosts: xxx
sudo: yes
remote_user: root
tasks:
- name: add 组
group: name=组名称 state=present
- name: add 用户
user: name={{ item }} state=present group=组名称
with_items:
- 用户名
- name : add authorized_key
authorized_key: user=用户名 state=present key="{{ lookup('file', '/xxxx/公钥地址.id_rsa.pub') }}"
- name : add sudo
lineinfile: dest=/etc/sudoers state=present line="{{ item.name }} ALL=(ALL) {{ item.nopasswd }} ALL"
with_items:
- { name: '用户名', nopasswd: 'NOPASSWD:' }
cd /opt/pdmi-jumpserver
cat config.py
use jumpserver
select id,role,name,username from users_user;
update users_user set role='Admin' where name="wuyantao";
commit;
nohup python run_server.py > /dev/null 2>&1 &
ps -ef |grep 19615
tail -f nohup.out.bak
source /opt/venv/bin/activate
nohup python run_server.py > /dev/null 2>&1 &
ps -ef |grep 19709
location /magiclink {
proxy_connect_timeout 300;
proxy_read_timeout 300;
proxy_send_timeout 300;
proxy_buffer_size 64k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
rewrite ^\/magiclink\/?(.*)$ /$1 break;
proxy_pass http://127.0.0.1:8888;
}
---
- hosts: test
gather_facts: false
tasks:
- name: Change password
user: name={{ username }} password={{ password | password_hash('sha512') }} update_password=always
ansible-playbook userpasswd.yml -e "username=aa password=123456"
转载于:https://blog.51cto.com/shaonian/2300680