linux 上进程被随机kill掉,如何监测和查询;谁杀了我的进程;Who sends a SIGKILL to my process mysteriously on ubuntu server
2022/2/25 7:27:34
本文主要是介绍linux 上进程被随机kill掉,如何监测和查询;谁杀了我的进程;Who sends a SIGKILL to my process mysteriously on ubuntu server,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
今天跑实验,发现进程被随机kill。咨询了服务器上的其他同学,他们说之前也发生过,一直存在。看来可能有可能不是我自己程序的原因,只能自己动手解决了。
在 Who sends a SIGKILL to my process mysteriously on ubuntu server 中,提到一个简单的方法,使用audit。
Linux 审计系统:audit
Audit does not provide additional security to your system; rather, it can be used to discover violations of security policies used on your system. These violations can further be prevented by additional security measures such as SELinux.
The Linux Audit system provides a way to track security-relevant information on your system. Based on pre-configured rules, Audit generates log entries to record as much information about the events that are happening on your system as possible. This information is crucial for mission-critical environments to determine the violator of the security policy and the actions they performed.
关于系统的更多内容,可参考 redhat 管理员手册。
安装很简单:sudo apt install auditd
启动服务并查看状态: systemctl enable auditd.service; systemctl restart auditd.service
然后通过auditctrl添加规则: auditctl -a exit,always -F arch=b64 -S kill -F a1=9
测试:
启动然后kill掉Python程序; 查看日志,即可发现kill发起的程序和用户;
sudo ausearch -sc kill
time->Thu Feb 24 04:00:08 2022 type=PROCTITLE msg=audit(1645675208.403:201): proctitle="htop" type=OBJ_PID msg=audit(1645675208.403:201): opid=40099 oauid=1016 ouid=1016 oses=12951 obj==unconfined ocomm="nvtop" type=SYSCALL msg=audit(1645675208.403:201): arch=c000003e syscall=62 success=yes exit=0 a0=9ca3 a1=9 a2=c1 a3=8 items=0 ppid=45939 pid=40129 auid=1016 uid=1016 gid=1016 euid=1016 suid=1016 fsuid=1016 egid=1016 sgid=1016 fsgid=1016 tty=pts4 ses=18035 comm="htop" exe="/usr/bin/htop" subj==unconfined key=(null)
下面开始守株待兔了, 再跑一下程序,找到被kill的原因;
# 2022年02月24日12:30:12, 被我找到了,应该是一个恶意程序。。
参考链接:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-system_auditing
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/auditing-the-system_security-hardening
https://documentation.suse.com/sles/12-SP4/html/SLES-all/cha-audit-comp.html
https://stackoverflow.com/questions/26285133/who-sends-a-sigkill-to-my-process-mysteriously-on-ubuntu-server
https://www.cnblogs.com/xybaby/p/8098229.html
保持更新;cnblogs.com/xuyaowen;
这篇关于linux 上进程被随机kill掉,如何监测和查询;谁杀了我的进程;Who sends a SIGKILL to my process mysteriously on ubuntu server的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-11-12如何创建可引导的 ESXi USB 安装介质 (macOS, Linux, Windows)
- 2024-11-08linux的 vi编辑器中搜索关键字有哪些常用的命令和技巧?-icode9专业技术文章分享
- 2024-11-08在 Linux 的 vi 或 vim 编辑器中什么命令可以直接跳到文件的结尾?-icode9专业技术文章分享
- 2024-10-22原生鸿蒙操作系统HarmonyOS NEXT(HarmonyOS 5)正式发布
- 2024-10-18操作系统入门教程:新手必看的基本操作指南
- 2024-10-18初学者必看:操作系统入门全攻略
- 2024-10-17操作系统入门教程:轻松掌握操作系统基础知识
- 2024-09-11Linux部署Scrapy学习:入门级指南
- 2024-09-11Linux部署Scrapy:入门级指南
- 2024-08-21【Linux】分区向左扩容的方法