版权声明:Bobit https://blog.csdn.net/wanlixingzhe/article/details/82799296
原因:
使用docker时,被下载挖矿镜像,随docker服务启动,自动运行,导致server被挖矿,所挖虚拟币貌似为XMR(门罗币)。
解决:
kill掉进程,删除镜像。
分析过程:
- 查看进程
ps -e -o ‘pid,comm,args,pcpu,rsz,vsz,stime,user,uid’
找出CPU占有率高的陌生进程,我的是这样的,怀疑某个容器有问题。
[root@2018 ~]# ps -e -o ‘pid,comm,args,pcpu,rsz,vsz,stime,user,uid’
PID COMMAND COMMAND %CPU RSZ VSZ STIME USER UID
9857 docker-entrypoi ./docker-entrypoint -o xmr. 179 5844 78620 10:34 100 100 - 查看运行的容器信息
列出所有在运行的容器信息,我的是这样的,这个镜像不是自己的。
[root@2018 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2c4bdfa7b385 jritter/first "./docker-entrypoint " 4 months ago Up 6 minutes kickass_perlman - 停止运行中的容器
[root@2018 ~]# docker stop 2c4bdfa7b385
2c4bdfa7b385 - 删除已经停止的容器
[root@2018 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2c4bdfa7b385 jritter/first "./docker-entrypoint " 4 months ago Exited (1) 35 minutes ago kickass_perlman
[root@2018 ~]# docker rm 2c4bdfa7b385
2c4bdfa7b385 - 删除镜像
[root@2018 ~]# docker rmi c6901df04aaf
Untagged: docker.io/jritter/first:latest
Untagged: docker.io/jritter/first@sha256:2ca90fcd06227403c96277868d2d7c8b1c3aa42077dc43e5560381d9a8582b94
Deleted: sha256:c6901df04aaf516faaf466f72d07390b86b16006a93538b69af836844dacd731
Deleted: sha256:f50efcfba233a29635373686ac587e633f052d9597e01de7932b560dbfff2769
Deleted: sha256:cd7100a72410606589a54b932cabd804a17f9ae5b42a1882bd56d263e02b6215 - 重启docker
cpu恢复正常,问题解决。
[root@2018 ~]# systemctl restart docker