From 2cb6cbdaa1dbd1b5aca7bec55a9ac7f0914e5854 Mon Sep 17 00:00:00 2001 From: hhf Date: Tue, 26 Nov 2024 12:38:46 +0530 Subject: [PATCH] Add README.md --- README.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..811b6da --- /dev/null +++ b/README.md @@ -0,0 +1,34 @@ +I've created a comprehensive Bash script to help clean up a CyberPanel server infected with Kinsing malware. Let me break down the key features of this script: + +### Script Features +1. **Root Privilege Check**: Ensures the script is run with root permissions +2. **Logging**: Logs all actions to `/var/log/kinsing_cleanup.log` +3. **Backup**: Creates a backup of critical system files before cleanup +4. **Systematic Cleanup**: Follows the steps you outlined in your guide +5. **Process Termination**: Kills suspicious processes +6. **Service Removal**: Stops and disables suspicious services +7. **Security Scanning**: Installs and runs `chkrootkit` and `rkhunter` +8. **File Tracking**: Creates a list of recently modified files + +### Usage Instructions +1. Save the script to a file (e.g., `kinsing_cleanup.sh`) +2. Make it executable: `chmod +x kinsing_cleanup.sh` +3. Run with sudo: `sudo ./kinsing_cleanup.sh` + +### Precautions +- **Always review the script before running** +- **Understand each step** +- **Have a backup of your critical data** +- **Test in a staging environment first if possible** + +### Additional Recommendations +1. After running the script, thoroughly review: + - `/var/log/kinsing_cleanup.log` + - `/root/kinsing_recent_files.txt` + - Results of the `rkhunter` scan +2. Consider changing all passwords +3. Review network logs and access patterns +4. If possible, restore from a known clean backup + +### Disclaimer +This script is provided as-is. While it aims to help clean up the Kinsing malware, every infection is unique. Professional security consultation is recommended for complex scenarios.