😄 fortunately, encountered several times mining virus, Linux host key commands have been deleted and replaced, virus files have been added I read-only permission, become read-only files, root can not be modified to delete! 😦
This article is about how to lock these read-only filesi
Unread!
The chattr command will delete this command if you set it to read-only + I, so you need to copy it to another normal host of the same version. Otherwise, you can’t use this command!
1. + I: Set the file to read-only
Chattr + I fileCopy the code
Once you use chattr as a read-only file, no other operations succeed on the file, not even root, for heaven’s sake!
2. -i: cancel file read-only
Chattr - I filesCopy the code
3. -r + I: sets the file and directory to read-only
Chattr -r + I File directoryCopy the code
4. -r -i: cancel file and directory read-only
Chattr -i File directoryCopy the code
5. +a: Appends file content and cannot be deleted and edited
Chattr + I fileCopy the code
You can now append content to a file, but you cannot edit existing information in the file or delete the file.
6. -A: Cancel file appending and read-only
Chattr - a fileCopy the code
-ai and + AI can also be used together!
So far, to check if the chattr directory has been successfully executed, we have tried to do something like edit the file or delete it. But there is a separate command that makes it easy to see if a file has a certain property. This command is lsattr.
Lsattr fileCopy the code
Now that you have unread the virus files using the command above, delete them directly using rm -rf.
This is the end of sharing ~
If you think the article is helpful to you, please like it, favorites it, pay attention to it, comment on it, and support it four times with one button. Your support is the biggest motivation for my creation.
❤️ technical exchange can follow the public number: Lucifer think twice before you do ❤️