34 lines
1.6 KiB
Markdown
34 lines
1.6 KiB
Markdown
I've created a comprehensive Bash script to help clean up a CyberPanel server infected with Kinsing malware. Let me break down the key features of this script:
|
|
|
|
### Script Features
|
|
1. **Root Privilege Check**: Ensures the script is run with root permissions
|
|
2. **Logging**: Logs all actions to `/var/log/kinsing_cleanup.log`
|
|
3. **Backup**: Creates a backup of critical system files before cleanup
|
|
4. **Systematic Cleanup**: Follows the steps you outlined in your guide
|
|
5. **Process Termination**: Kills suspicious processes
|
|
6. **Service Removal**: Stops and disables suspicious services
|
|
7. **Security Scanning**: Installs and runs `chkrootkit` and `rkhunter`
|
|
8. **File Tracking**: Creates a list of recently modified files
|
|
|
|
### Usage Instructions
|
|
1. Save the script to a file (e.g., `kinsing_cleanup.sh`)
|
|
2. Make it executable: `chmod +x kinsing_cleanup.sh`
|
|
3. Run with sudo: `sudo ./kinsing_cleanup.sh`
|
|
|
|
### Precautions
|
|
- **Always review the script before running**
|
|
- **Understand each step**
|
|
- **Have a backup of your critical data**
|
|
- **Test in a staging environment first if possible**
|
|
|
|
### Additional Recommendations
|
|
1. After running the script, thoroughly review:
|
|
- `/var/log/kinsing_cleanup.log`
|
|
- `/root/kinsing_recent_files.txt`
|
|
- Results of the `rkhunter` scan
|
|
2. Consider changing all passwords
|
|
3. Review network logs and access patterns
|
|
4. If possible, restore from a known clean backup
|
|
|
|
### Disclaimer
|
|
This script is provided as-is. While it aims to help clean up the Kinsing malware, every infection is unique. Professional security consultation is recommended for complex scenarios.
|