我是 Linux 新手,我在实验室安装了 CentOS 7.9。我不知道为什么,有时风扇噪音很大,然后我输入top
看看是哪一个造成的,我发现“dhclient”甚至消耗了700%+的CPU(我的CPU有8核?)
15967 sshd 30 10 3707632 2.4g 4692 S 784.7 16.0 158:32.13 dhclient
4134 ring 20 0 4258860 326992 113188 S 9.1 2.0 38:51.93 gnome-shell
2495 root 20 0 599888 223084 95240 S 1.4 1.4 5:20.28 X
4780 ring 20 0 681880 41128 19908 S 1.4 0.3 0:31.30 gnome-terminal-
11130 root 20 0 39476 1276 988 S 1.4 0.0 8:44.93 monitor
9 root 20 0 0 0 0 S 0.3 0.0 0:20.52 rcu_sched
728 root -51 0 0 0 0 S 0.3 0.0 0:03.63 irq/141-iwlwifi
4102 ring 20 0 68396 2496 1860 S 0.3 0.0 0:00.47 dbus-daemon
18583 ring 20 0 2828144 168724 62708 S 0.3 1.1 1:52.56 Isolated Web Co
18806 ring 20 0 2768992 126664 60628 S 0.3 0.8 1:17.29 Isolated Web Co
24739 ring 20 0 58680 2484 1532 R 0.3 0.0 0:00.15 top
1 root 20 0 194644 7792 4236 S 0.0 0.0 0:07.88 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.05 kthreadd
然后我使用cat /var/log/messages | grep dhclient
,这些是消息,有人可以帮助找出发生了什么吗?我应该怎么做才能解决这个问题?
Jan 1 20:22:51 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 15 (xid=0x6ae2ab58)
Jan 1 20:22:54 eda dhclient: [2024-01-01 20:22:54.479] net new job from 3389.xiao.my.id:3389 diff 8910K algo rx/0 height 154453
Jan 1 20:23:06 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 9 (xid=0x6ae2ab58)
Jan 1 20:23:15 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 11 (xid=0x6ae2ab58)
Jan 1 20:23:26 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 10 (xid=0x6ae2ab58)
Jan 1 20:23:36 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 7 (xid=0x6ae2ab58)
Jan 1 20:23:42 eda dhclient: [2024-01-01 20:23:42.031] net new job from 3389.xiao.my.id:3389 diff 9061K algo rx/0 height 154454
Jan 1 20:23:42 eda dhclient: [2024-01-01 20:23:42.956] miner speed 10s/60s/15m 1220.6 1257.6 n/a H/s max 2571.8 H/s
Jan 1 20:23:43 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:23:43 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:24:43 eda dhclient: [2024-01-01 20:24:43.326] miner speed 10s/60s/15m 1151.4 1164.1 n/a H/s max 2571.8 H/s
Jan 1 20:25:43 eda dhclient: [2024-01-01 20:25:43.586] miner speed 10s/60s/15m 1205.5 1283.1 n/a H/s max 2571.8 H/s
Jan 1 20:26:31 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 6 (xid=0x364db7a7)
Jan 1 20:26:37 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 11 (xid=0x364db7a7)
Jan 1 20:26:43 eda dhclient: [2024-01-01 20:26:43.948] miner speed 10s/60s/15m 1326.5 1178.2 n/a H/s max 2571.8 H/s
Jan 1 20:26:48 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 9 (xid=0x364db7a7)
Jan 1 20:26:57 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 14 (xid=0x364db7a7)
Jan 1 20:27:11 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 14 (xid=0x364db7a7)
Jan 1 20:27:25 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0x364db7a7)
Jan 1 20:27:32 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:27:32 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:27:44 eda dhclient: [2024-01-01 20:27:44.309] miner speed 10s/60s/15m 1342.5 1264.8 n/a H/s max 2571.8 H/s
Jan 1 20:28:44 eda dhclient: [2024-01-01 20:28:44.574] miner speed 10s/60s/15m 1427.7 1411.3 n/a H/s max 2571.8 H/s
Jan 1 20:29:04 eda dhclient: [2024-01-01 20:29:04.105] net new job from 3389.xiao.my.id:3389 diff 9216K algo rx/0 height 154455
Jan 1 20:29:32 eda dhclient: [2024-01-01 20:29:32.452] net new job from 3389.xiao.my.id:3389 diff 9216K algo rx/0 height 154456
Jan 1 20:29:44 eda dhclient: [2024-01-01 20:29:44.895] miner speed 10s/60s/15m 1118.9 1353.9 n/a H/s max 2571.8 H/s
Jan 1 20:30:13 eda dhclient: [2024-01-01 20:30:13.226] net new job from 3389.xiao.my.id:3389 diff 9118K algo rx/0 height 154457
Jan 1 20:30:45 eda dhclient: [2024-01-01 20:30:45.234] miner speed 10s/60s/15m 1296.6 1291.8 n/a H/s max 2571.8 H/s
Jan 1 20:30:54 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 5 (xid=0x611c174c)
Jan 1 20:30:59 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 12 (xid=0x611c174c)
Jan 1 20:31:11 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 14 (xid=0x611c174c)
Jan 1 20:31:14 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0x31c502a2)
Jan 1 20:31:21 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0x31c502a2)
Jan 1 20:31:25 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 21 (xid=0x611c174c)
Jan 1 20:31:28 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 15 (xid=0x31c502a2)
Jan 1 20:31:43 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 16 (xid=0x31c502a2)
Jan 1 20:31:45 eda dhclient: [2024-01-01 20:31:45.554] miner speed 10s/60s/15m 769.6 1097.3 n/a H/s max 2571.8 H/s
Jan 1 20:31:46 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 9 (xid=0x611c174c)
Jan 1 20:31:55 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:31:55 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:31:59 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 8 (xid=0x31c502a2)
Jan 1 20:32:07 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 8 (xid=0x31c502a2)
Jan 1 20:32:15 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:32:15 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:32:45 eda dhclient: [2024-01-01 20:32:45.899] miner speed 10s/60s/15m 998.0 1224.7 n/a H/s max 2571.8 H/s
Jan 1 20:33:46 eda dhclient: [2024-01-01 20:33:46.186] miner speed 10s/60s/15m 1248.5 1226.1 n/a H/s max 2571.8 H/s
Jan 1 20:34:46 eda dhclient: [2024-01-01 20:34:46.456] miner speed 10s/60s/15m 1401.2 1338.0 n/a H/s max 2571.8 H/s
Jan 1 20:35:03 eda dhclient: [2024-01-01 20:35:03.174] net new job from 3389.xiao.my.id:3389 diff 9118K algo rx/0 height 154458
这是完整的消息,ChatGPT 说“benchmk”与加密货币有关?!
Jan 1 21:02:29 eda dhclient: [2024-01-01 21:02:29.421] cpu READY threads 16/16 (16) huge pages 0% 0/16 memory 4096 KB (8 ms)
Jan 1 21:02:38 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 11 (xid=0x50f8e063)
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.419] benchmk Algo rx/arq hashrate: 5719.956009
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.419] benchmk Algo panthera Preparation
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.420] cpu stopped (1 ms)
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.420] randomx init dataset algo panthera (8 threads) seed 0000000000000000...
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.784] randomx dataset ready (365 ms)
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.785] cpu use profile panthera (4 threads) scratchpad 256 KB
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.792] benchmk Algo panthera Starting test
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.799] cpu READY threads 4/4 (4) huge pages 0% 0/4 memory 1024 KB (15 ms)
Jan 1 21:02:49 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 12 (xid=0x50f8e063)
Jan 1 21:02:49 eda dhclient: [2024-01-01 21:02:49.794] benchmk Algo panthera hashrate: 1384.323135
Jan 1 21:02:49 eda dhclient: [2024-01-01 21:02:49.794] benchmk ALGO PERFORMANCE CALIBRATION COMPLETE
Jan 1 21:02:49 eda dhclient: [2024-01-01 21:02:49.908] net 3389.xiao.my.id:3389 read error: "end of file"
Jan 1 21:02:57 eda dhclient: [2024-01-01 21:02:57.191] net 3389.xiao.my.id:3389 read error: "connection reset by peer"
Jan 1 21:03:01 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 10 (xid=0x50f8e063)
Jan 1 21:03:04 eda dhclient: [2024-01-01 21:03:04.333] net 3389.xiao.my.id:3389 read error: "connection reset by peer"
Jan 1 21:03:05 eda dhclient: [2024-01-01 21:03:05.258] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:03:11 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 21:03:11 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 21:03:29 eda dhclient: [2024-01-01 21:03:29.739] net 3389.xiao.my.id:3389 34.126.66.198 connect error: "operation canceled"
Jan 1 21:03:34 eda dhclient: [2024-01-01 21:03:34.861] net 3389.xiao.my.id:3389 read error: "end of file"
Jan 1 21:04:05 eda dhclient: [2024-01-01 21:04:05.419] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:05:05 eda dhclient: [2024-01-01 21:05:05.630] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:06:05 eda dhclient: [2024-01-01 21:06:05.877] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:07:06 eda dhclient: [2024-01-01 21:07:06.089] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:07:39 eda kernel: Bluetooth: hci0: Hardware error 0x0c
Jan 1 21:07:39 eda kernel: Bluetooth: hci0: Retrieving Intel exception info failed (-16)
Jan 1 21:08:06 eda dhclient: [2024-01-01 21:08:06.299] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:09:06 eda dhclient: [2024-01-01 21:09:06.494] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:09:31 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0xc3a3862)
Jan 1 21:09:38 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 14 (xid=0xc3a3862)
Jan 1 21:09:52 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 12 (xid=0xc3a3862)
从这里开始新工作?这是正常的吗?
Jan 1 21:32:13 eda dhclient: [2024-01-01 21:32:13.299] net new job from 3389.xiao.my.id:3389 diff 8819K algo rx/0 height 154489
答案1
是的,这看起来像是有人设法以用户名在您的计算机上运行加密货币挖矿程序sshd
。那不行。它可能只是使用进程名称dhclient
来不那么频繁地发出警报,因为真实的dhclient
是您的计算机实际上需要连接到大多数网络的东西。其他人可以访问您的计算机,其级别允许他们与 SSH 守护进程交互 - 这很可能包括读取人们发送的密码之类的内容。
长话短说:您的系统已受到损害。即使您认为自己成功清除了任何类似恶意软件的内容,它也不再可信。
很抱歉这件事发生在你身上,我不知道它是如何发生的(除非你从非 CentOS.org 的网站安装 CentOS,或者你使用安装了一些不受信任的软件,sudo
或者你对拥有特权的用户使用了弱密码sudo
,并且允许该用户通过 SSH 或类似的方式登录)。
诚实的出路是从系统中收集所需的数据,然后安装新下载的、值得信赖的操作系统,删除当前的 CentOS。