私はLinuxに初めてアクセスし、研究室にCentOS 7.9をインストールしました。理由はわかりませんが、時々ファンの騒音が大きすぎてtop
何が原因なのかを調べようと入力しましたが、「dhclient」がCPUの700%以上を消費するという事実を発見しました。 (私のCPUにはコアが8つですか?)
15967 sshd 30 10 3707632 2.4g 4692 S 784.7 16.0 158:32.13 dhclient
4134 ring 20 0 4258860 326992 113188 S 9.1 2.0 38:51.93 gnome-shell
2495 root 20 0 599888 223084 95240 S 1.4 1.4 5:20.28 X
4780 ring 20 0 681880 41128 19908 S 1.4 0.3 0:31.30 gnome-terminal-
11130 root 20 0 39476 1276 988 S 1.4 0.0 8:44.93 monitor
9 root 20 0 0 0 0 S 0.3 0.0 0:20.52 rcu_sched
728 root -51 0 0 0 0 S 0.3 0.0 0:03.63 irq/141-iwlwifi
4102 ring 20 0 68396 2496 1860 S 0.3 0.0 0:00.47 dbus-daemon
18583 ring 20 0 2828144 168724 62708 S 0.3 1.1 1:52.56 Isolated Web Co
18806 ring 20 0 2768992 126664 60628 S 0.3 0.8 1:17.29 Isolated Web Co
24739 ring 20 0 58680 2484 1532 R 0.3 0.0 0:00.15 top
1 root 20 0 194644 7792 4236 S 0.0 0.0 0:07.88 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.05 kthreadd
次に、を使用しますcat /var/log/messages | grep dhclient
。これがメッセージです。誰もが何が起こっているのかを理解するのに役立ちますか?この問題を解決するにはどうすればよいですか?
Jan 1 20:22:51 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 15 (xid=0x6ae2ab58)
Jan 1 20:22:54 eda dhclient: [2024-01-01 20:22:54.479] net new job from 3389.xiao.my.id:3389 diff 8910K algo rx/0 height 154453
Jan 1 20:23:06 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 9 (xid=0x6ae2ab58)
Jan 1 20:23:15 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 11 (xid=0x6ae2ab58)
Jan 1 20:23:26 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 10 (xid=0x6ae2ab58)
Jan 1 20:23:36 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 7 (xid=0x6ae2ab58)
Jan 1 20:23:42 eda dhclient: [2024-01-01 20:23:42.031] net new job from 3389.xiao.my.id:3389 diff 9061K algo rx/0 height 154454
Jan 1 20:23:42 eda dhclient: [2024-01-01 20:23:42.956] miner speed 10s/60s/15m 1220.6 1257.6 n/a H/s max 2571.8 H/s
Jan 1 20:23:43 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:23:43 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:24:43 eda dhclient: [2024-01-01 20:24:43.326] miner speed 10s/60s/15m 1151.4 1164.1 n/a H/s max 2571.8 H/s
Jan 1 20:25:43 eda dhclient: [2024-01-01 20:25:43.586] miner speed 10s/60s/15m 1205.5 1283.1 n/a H/s max 2571.8 H/s
Jan 1 20:26:31 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 6 (xid=0x364db7a7)
Jan 1 20:26:37 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 11 (xid=0x364db7a7)
Jan 1 20:26:43 eda dhclient: [2024-01-01 20:26:43.948] miner speed 10s/60s/15m 1326.5 1178.2 n/a H/s max 2571.8 H/s
Jan 1 20:26:48 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 9 (xid=0x364db7a7)
Jan 1 20:26:57 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 14 (xid=0x364db7a7)
Jan 1 20:27:11 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 14 (xid=0x364db7a7)
Jan 1 20:27:25 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0x364db7a7)
Jan 1 20:27:32 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:27:32 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:27:44 eda dhclient: [2024-01-01 20:27:44.309] miner speed 10s/60s/15m 1342.5 1264.8 n/a H/s max 2571.8 H/s
Jan 1 20:28:44 eda dhclient: [2024-01-01 20:28:44.574] miner speed 10s/60s/15m 1427.7 1411.3 n/a H/s max 2571.8 H/s
Jan 1 20:29:04 eda dhclient: [2024-01-01 20:29:04.105] net new job from 3389.xiao.my.id:3389 diff 9216K algo rx/0 height 154455
Jan 1 20:29:32 eda dhclient: [2024-01-01 20:29:32.452] net new job from 3389.xiao.my.id:3389 diff 9216K algo rx/0 height 154456
Jan 1 20:29:44 eda dhclient: [2024-01-01 20:29:44.895] miner speed 10s/60s/15m 1118.9 1353.9 n/a H/s max 2571.8 H/s
Jan 1 20:30:13 eda dhclient: [2024-01-01 20:30:13.226] net new job from 3389.xiao.my.id:3389 diff 9118K algo rx/0 height 154457
Jan 1 20:30:45 eda dhclient: [2024-01-01 20:30:45.234] miner speed 10s/60s/15m 1296.6 1291.8 n/a H/s max 2571.8 H/s
Jan 1 20:30:54 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 5 (xid=0x611c174c)
Jan 1 20:30:59 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 12 (xid=0x611c174c)
Jan 1 20:31:11 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 14 (xid=0x611c174c)
Jan 1 20:31:14 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0x31c502a2)
Jan 1 20:31:21 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0x31c502a2)
Jan 1 20:31:25 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 21 (xid=0x611c174c)
Jan 1 20:31:28 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 15 (xid=0x31c502a2)
Jan 1 20:31:43 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 16 (xid=0x31c502a2)
Jan 1 20:31:45 eda dhclient: [2024-01-01 20:31:45.554] miner speed 10s/60s/15m 769.6 1097.3 n/a H/s max 2571.8 H/s
Jan 1 20:31:46 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 9 (xid=0x611c174c)
Jan 1 20:31:55 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:31:55 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:31:59 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 8 (xid=0x31c502a2)
Jan 1 20:32:07 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 8 (xid=0x31c502a2)
Jan 1 20:32:15 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 20:32:15 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 20:32:45 eda dhclient: [2024-01-01 20:32:45.899] miner speed 10s/60s/15m 998.0 1224.7 n/a H/s max 2571.8 H/s
Jan 1 20:33:46 eda dhclient: [2024-01-01 20:33:46.186] miner speed 10s/60s/15m 1248.5 1226.1 n/a H/s max 2571.8 H/s
Jan 1 20:34:46 eda dhclient: [2024-01-01 20:34:46.456] miner speed 10s/60s/15m 1401.2 1338.0 n/a H/s max 2571.8 H/s
Jan 1 20:35:03 eda dhclient: [2024-01-01 20:35:03.174] net new job from 3389.xiao.my.id:3389 diff 9118K algo rx/0 height 154458
全体のニュースは次のとおりです。 ChatGPTでは、「benchmk」は暗号通貨に関連していると言います。 !
Jan 1 21:02:29 eda dhclient: [2024-01-01 21:02:29.421] cpu READY threads 16/16 (16) huge pages 0% 0/16 memory 4096 KB (8 ms)
Jan 1 21:02:38 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 11 (xid=0x50f8e063)
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.419] benchmk Algo rx/arq hashrate: 5719.956009
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.419] benchmk Algo panthera Preparation
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.420] cpu stopped (1 ms)
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.420] randomx init dataset algo panthera (8 threads) seed 0000000000000000...
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.784] randomx dataset ready (365 ms)
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.785] cpu use profile panthera (4 threads) scratchpad 256 KB
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.792] benchmk Algo panthera Starting test
Jan 1 21:02:39 eda dhclient: [2024-01-01 21:02:39.799] cpu READY threads 4/4 (4) huge pages 0% 0/4 memory 1024 KB (15 ms)
Jan 1 21:02:49 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 12 (xid=0x50f8e063)
Jan 1 21:02:49 eda dhclient: [2024-01-01 21:02:49.794] benchmk Algo panthera hashrate: 1384.323135
Jan 1 21:02:49 eda dhclient: [2024-01-01 21:02:49.794] benchmk ALGO PERFORMANCE CALIBRATION COMPLETE
Jan 1 21:02:49 eda dhclient: [2024-01-01 21:02:49.908] net 3389.xiao.my.id:3389 read error: "end of file"
Jan 1 21:02:57 eda dhclient: [2024-01-01 21:02:57.191] net 3389.xiao.my.id:3389 read error: "connection reset by peer"
Jan 1 21:03:01 eda dhclient[15264]: DHCPDISCOVER on virbr0 to 255.255.255.255 port 67 interval 10 (xid=0x50f8e063)
Jan 1 21:03:04 eda dhclient: [2024-01-01 21:03:04.333] net 3389.xiao.my.id:3389 read error: "connection reset by peer"
Jan 1 21:03:05 eda dhclient: [2024-01-01 21:03:05.258] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:03:11 eda dhclient[15264]: No DHCPOFFERS received.
Jan 1 21:03:11 eda dhclient[15264]: No working leases in persistent database - sleeping.
Jan 1 21:03:29 eda dhclient: [2024-01-01 21:03:29.739] net 3389.xiao.my.id:3389 34.126.66.198 connect error: "operation canceled"
Jan 1 21:03:34 eda dhclient: [2024-01-01 21:03:34.861] net 3389.xiao.my.id:3389 read error: "end of file"
Jan 1 21:04:05 eda dhclient: [2024-01-01 21:04:05.419] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:05:05 eda dhclient: [2024-01-01 21:05:05.630] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:06:05 eda dhclient: [2024-01-01 21:06:05.877] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:07:06 eda dhclient: [2024-01-01 21:07:06.089] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:07:39 eda kernel: Bluetooth: hci0: Hardware error 0x0c
Jan 1 21:07:39 eda kernel: Bluetooth: hci0: Retrieving Intel exception info failed (-16)
Jan 1 21:08:06 eda dhclient: [2024-01-01 21:08:06.299] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:09:06 eda dhclient: [2024-01-01 21:09:06.494] miner speed 10s/60s/15m n/a n/a n/a H/s max 1474.6 H/s
Jan 1 21:09:31 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 7 (xid=0xc3a3862)
Jan 1 21:09:38 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 14 (xid=0xc3a3862)
Jan 1 21:09:52 eda dhclient[15264]: DHCPDISCOVER on virbr0-nic to 255.255.255.255 port 67 interval 12 (xid=0xc3a3862)
ここで新しいことを始めますか?これは普通ですか?
Jan 1 21:32:13 eda dhclient: [2024-01-01 21:32:13.299] net new job from 3389.xiao.my.id:3389 diff 8819K algo rx/0 height 154489
答え1
はい、誰かがあなたのコンピュータ上のユーザー名で暗号通貨採掘プログラムを実行しているようですsshd
。それは動作しません。実際、コンピュータはほとんどのネットワークに接続する必要があるため、プロセス名を使用してdhclient
警告の頻度を減らすこともできます。dhclient
他の人はSSHデーモンと対話できるレベルでコンピュータにアクセスできます。これには、人々が送信するパスワードを読むなどの操作が含まれる可能性が高くなります。
簡単に言えば、システムが破損しています。マルウェアに似たものを正常に削除したと思っても信頼できなくなります。
こんな事が起きてすみません。どうすればこれが起こったのかわかりません(CentOS.org以外のWebサイトからCentOSをインストールしたり、信頼できないソフトウェアをインストールしたり、sudo
特権ユーザーである場合を除く)。脆弱なパスワードは次のとおりです。使用されsudo
、ユーザーはSSHまたは同様の方法でログインが許可されました.)
正直な方法は、システムから必要なデータを収集し、新しくダウンロードし、信頼できるオペレーティングシステムをインストールし、現在のCentOSをアンインストールすることです。