forked from aaPanel/BaoTa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbtkill.py
79 lines (66 loc) · 3.46 KB
/
btkill.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#coding: utf-8
# +-------------------------------------------------------------------
# | Linux异常进程专杀
# +-------------------------------------------------------------------
# | Copyright (c) 2015-2019 宝塔软件(https://bt.cn) All rights reserved.
# +-------------------------------------------------------------------
# | Author: 黄文良 <[email protected]>
# +-------------------------------------------------------------------
#使用示例:
# 1、将此文件重命名为btkill.py , 然后上传到服务器/root目录
# 2、执行 python /root/btkill.py
import psutil,time,os
class btkill:
__limit = 10; #Cpu使用率触发上限
__vmsize = 1048576/4; #虚拟内存触发上限(字节)
def checkMain(self):
pids = psutil.pids()
num = 0;
for pid in pids:
try:
p = psutil.Process(pid);
if p.exe() == "": continue;
name = p.name()
if self.whiteList(name): continue;
cputimes = p.cpu_times()
if cputimes.user < 0.1: continue;
percent = p.cpu_percent(interval = 0.1);
vm = p.memory_info().vms
if percent > self.__limit or vm > self.__vmsize:
log = time.strftime('%Y-%m-%d %X',time.localtime()) + " (PID=" + str(pid) + ", NAME=" + name + ", VMS=" + str(vm) + ", PERCENT=" + str(percent) + "%)";
p.kill();
num += 1
print log + " >> killed\n";
except Exception as ex:print str(ex)
return num
#检查白名单
def whiteList(self,name):
wlist = ['yum','apt-get','apt','redis-cli','memcached','sshd','vm','vim','htop','top','sh','bash','zip','gzip','rsync',
'tar','unzip','php','composer','pkill','mongo','mongod','php-fpm','nginx','httpd','lsof','ps','redis-server',
'mysqld','mysqld_safe','mysql','pure-ftpd','sparse_dd','stunnel','squeezed','vncterm','awk','ruby','postgres',
'mpathalert','vncterm','multipathd','fe','elasticsyslog','syslogd','v6d','xapi','screen','runsvdir','svlogd',
'java','udevd','ntpd','irqbalance','qmgr','wpa_supplicant','mysqld_safe','sftp-server','lvmetad','gitlab-web',
'pure-ftpd','auditd','master','dbus-daemon','tapdisk','sshd','init','ksoftirqd','kworker','kmpathd',
'kmpath_handlerd','python','kdmflush','bioset','crond','kthreadd','migration','rcu_sched','kjournald',
'gcc','gcc++','nginx','mysqld','php-cgi','login','firewalld','iptables','systemd','network','dhclient',
'systemd-journald','NetworkManager','systemd-logind','systemd-udevd','polkitd','tuned','rsyslogd','AliYunDunUpdate','AliYunDun','sendmail']
wslist = ['vif','qemu','scsi_eh','xcp','xen','docker','yunsuo','aliyun','PM2']
for key in wlist:
if key == name: return True
for key in wslist:
if name.find(key) != -1: return True
return False
#开始处理
def start(self):
num = 0;
while True:
num += self.checkMain();
time.sleep(3);
print '======================================='
print "查杀完成, 共查杀["+str(num)+"]个异常进程!"
print "官网: https://www.bt.cn/bbs"
if __name__ == "__main__":
print "正在检测异常进程..."
print '======================================='
c = btkill();
c.start();