标题:[实践OK]docker容器被入侵?下午发现服务器风扇一直转,然后 top 看了下,发现一个叫'systemdd-dev'的程序把 cpu 跑满了。 出处:向东博客 专注WEB应用 构架之美 --- 构架之美,在于尽态极妍 | 应用之美,在于药到病除 时间:Thu, 28 Jul 2022 23:02:25 +0000 作者:jackxiang 地址:https://jackxiang.com/post/11444/ 内容: 下午发现服务器风扇一直转,然后 top 看了下,发现一个叫'systemdd-dev'的程序把 cpu 跑满了。 #uptime 22:53:21 up 46 days, 3:57, 1 user, load average: 10.48, 10.73, 10.82 top看到: 一个叫'systemdd-dev'的程序把 cpu 跑满了。 polkitd 1310107 7584 99 7月23 ? 55-10:12:06 /tmp/.lib/systemdd-dev ls /tmp/.lib/systemdd-dev ls: 无法访问'/tmp/.lib/systemdd-dev': 没有那个文件或目录 strace -f -p 1310107 [pid 1366321] sched_yield() = 0 [pid 1366320] sched_yield() = 0 [pid 1366325] sched_yield() = 0 [pid 1366328] sched_yield() = 0 polkitd 1310107 7584 99 7月23 ? 55-09:43:59 /tmp/.lib/systemdd-dev polkitd:x:998:996:User for polkitd:/:/sbin/nologin #cat /proc/1310107/status Name: systemdd-dev Umask: 0022 State: S (sleeping) Tgid: 1310107 Ngid: 0 Pid: 1310107 PPid: 7584 TracerPid: 0 Uid: 998 998 998 998 Gid: 998 998 998 998 Mems_allowed_list: 0 voluntary_ctxt_switches: 1498969 nonvoluntary_ctxt_switches: 119 解决办法: 从上面进程的父亲进程号:7584得知是git,于是定位到容器。 #ps -ef|grep 7584 root 7584 7541 0 6月12 ? 00:00:00 /bin/bash /assets/wrapper root 8523 7584 0 6月12 ? 00:00:18 runsvdir -P /opt/gitlab/service log: ......................................................................................................................... root 11249 7584 0 6月12 ? 00:00:00 /bin/bash /opt/gitlab/bin/gitlab-ctl tail root 925975 898775 0 22:52 pts/4 00:00:00 grep --color=auto 7584 polkitd 1309744 7584 0 7月23 ? 00:03:21 /bin/bash /tmp/.lib/systemdd-udevd polkitd 1309748 7584 0 7月23 ? 00:00:17 /var/opt/gitlab/gitlab-workhorse/java polkitd 1310107 7584 99 7月23 ? 55-10:12:06 /tmp/.lib/systemdd-dev docker ps -a 1b1a3af4b528 gitlab/gitlab-ce "/assets/wrapper" 15 months ago Up 6 weeks (healthy) 0.0.0.0:8226->22/tcp, 0.0.0.0:8341->80/tcp, 0.0.0.0:8848->443/tcp gitlab docker stop 1b1a3af4b528 uptime #负载下来了 23:01:18 up 46 days, 4:05, 1 user, load average: 0.09, 2.41, 6.67 可能有黑客入住容器? Generated by Jackxiang's Bo-blog 2.1.1 Release