搞了两台低配 ECS 做测试,发现 top 资源占用最高的尽然是 AliYunDun,由于是测试用途,用不到阿里云盾(安骑士),故关闭之。

关闭方法

由于我用的是 Ubuntu 系统,可以直接使用 service aegis status 命令看到安骑士的状态:

root@m01:~# service aegis status
● aegis.service - LSB: aegis update.
   Loaded: loaded (/etc/init.d/aegis; generated)
   Active: active (running) since Fri 2020-04-17 15:09:29 CST; 3s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 1732 ExecStop=/etc/init.d/aegis stop (code=exited, status=0/SUCCESS)
  Process: 1764 ExecStart=/etc/init.d/aegis start (code=exited, status=0/SUCCESS)
    Tasks: 24 (limit: 2338)
   CGroup: /system.slice/aegis.service
           └─1801 /usr/local/aegis/aegis_client/aegis_10_77/AliYunDun
Apr 17 15:09:28 m01 systemd[1]: Starting LSB: aegis update....
Apr 17 15:09:29 m01 aegis[1764]: Aegis is running
Apr 17 15:09:29 m01 systemd[1]: Started LSB: aegis update..

那么关闭的命令显然就是 service aegis stop 了。

关闭后如下:

root@m01:~# service aegis stop
root@m01:~# service aegis status
● aegis.service - LSB: aegis update.
   Loaded: loaded (/etc/init.d/aegis; generated)
   Active: inactive (dead) since Fri 2020-04-17 15:10:49 CST; 4s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 2107 ExecStop=/etc/init.d/aegis stop (code=exited, status=0/SUCCESS)
    Tasks: 35 (limit: 2338)
   CGroup: /system.slice/aegis.service
           ├─1848 /usr/local/aegis/aegis_update/AliYunDunUpdate
           ├─1881 /usr/local/aegis/PythonLoader/AliSecureCheckAdvanced Rtap9956778151587107377
           └─1899 /usr/local/aegis/aegis_client/aegis_10_79/AliYunDun
Apr 17 15:10:33 m01 systemd[1]: Starting LSB: aegis update....
Apr 17 15:10:34 m01 aegis[1991]: /etc/init.d/aegis: line 91:  1994 Killed                  "${AEGIS_INSTALL_DIR}"/aegis_update/AliYunDunUpdate
Apr 17 15:10:34 m01 aegis[1991]: Aegis is running
Apr 17 15:10:34 m01 systemd[1]: Started LSB: aegis update..
Apr 17 15:10:49 m01 systemd[1]: Stopping LSB: aegis update....
Apr 17 15:10:49 m01 aegis[2107]: Disable Stop Aegis
Apr 17 15:10:49 m01 aegis[2107]: Aegis is running
Apr 17 15:10:49 m01 systemd[1]: Stopped LSB: aegis update..

当然,如果需要彻底删除,需要做一些额外的工作。

根据这个帖子的方法,操作如下:

1、卸载阿里云盾监控

wget http://update.aegis.aliyun.com/download/uninstall.sh
sh uninstall.sh
wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
sh quartz_uninstall.sh

2、删除残留

pkill aliyun-service
rm -fr /etc/init.d/agentwatch /usr/sbin/aliyun-service
rm -rf /usr/local/aegis*

3、屏蔽云盾 IP

PS:这步有点狠,谨慎操作。

iptables -I INPUT -s 140.205.201.0/28 -j DROP
iptables -I INPUT -s 140.205.201.16/29 -j DROP
iptables -I INPUT -s 140.205.201.32/28 -j DROP
iptables -I INPUT -s 140.205.225.192/29 -j DROP
iptables -I INPUT -s 140.205.225.200/30 -j DROP
iptables -I INPUT -s 140.205.225.184/29 -j DROP
iptables -I INPUT -s 140.205.225.183/32 -j DROP
iptables -I INPUT -s 140.205.225.206/32 -j DROP
iptables -I INPUT -s 140.205.225.205/32 -j DROP
iptables -I INPUT -s 140.205.225.195/32 -j DROP
iptables -I INPUT -s 140.205.225.204/32 -j DROP