阿里云卸载 “安全守护”及善后方案
现在阿里云的安全守护需要去控制台关,具体是打开云安全中心控制台-->主机资产-基本信息-防御状态 将防御全部关闭。你以为这就完了吗,我不明白为啥国内厂商内置的镜像就存在那么多条条框框,甚至是得浪费自己的流量(轻量)去dd。
总之要想接着用这个系统,还是得做一些善后
首先需要使用ssh访问服务器,如果是轻量请用wget “http://update.aegis.aliyun.com/download/uninstall.sh” && chmod +x uninstall.sh && ./uninstall.shECS服务器执行wget “http://update2.aegis.aliyun.com/download/uninstall.sh” && chmod +x uninstall.sh && ./uninstall.sh之后我们新建一个脚本nano /root/aegis_all_in_one.sh
#!/usr/bin/env bash
# Alibaba Cloud Aegis / Aliyun Assist 一键卸载 + 强力清理 + 验收检测
# 适配 Debian/Ubuntu;需 root
set -euo pipefail
LOG="/root/aegis-all-in-one-$(date +%Y%m%d-%H%M%S).log"
exec > >(tee -a "$LOG") 2>&1
# ---------- UI ----------
if [[ -t 1 ]] && command -v tput >/dev/null 2>&1; then
GREEN=$(tput setaf 2); RED=$(tput setaf 1); YEL=$(tput setaf 3); BLUE=$(tput setaf 4)
BOLD=$(tput bold); RESET=$(tput sgr0)
else
GREEN=""; RED=""; YEL=""; BLUE=""; BOLD=""; RESET=""
fi
step(){ echo -e "${BOLD}${BLUE}==> $*${RESET}"; }
pass(){ echo -e "${GREEN}${RESET} $*"; }
warn(){ echo -e "${YEL}${RESET} $*"; }
fail(){ echo -e "${RED}${RESET} $*"; }
try(){ "$@" 2>/dev/null || true; }
AEGIS_DIR="/usr/local/aegis"
# ---------- 验收函数(集成自我们 v1.2 的校验逻辑) ----------
verify_all(){
local failed=0
step "进程检查"
if pgrep -fa 'AliYunDun|/usr/local/aegis' >/dev/null; then
pgrep -fa 'AliYunDun|/usr/local/aegis' | sed 's/^//'
fail "仍有 Aegis 相关进程在运行"
failed=1
else
pass "未发现 Aegis 相关进程"
fi
echo
step "systemd 单元与软链"
local wants="/etc/systemd/system/multi-user.target.wants/aegis.service"
local unit="/etc/systemd/system/aegis.service"
if [[ -L "$wants" || -e "$wants" ]]; then
ls -l "$wants"; fail "存在 wants 软链(应删除)"; failed=1
else
pass "无 wants 软链"
fi
if [[ -L "$unit" ]]; then
local tgt; tgt=$(realpath "$unit" || echo "")
if [[ "$tgt" == "/dev/null" ]]; then
pass "aegis.service 已 mask(指向 /dev/null)"
else
ls -l "$unit"; fail "aegis.service 存在且未 mask(建议删除或 mask)"; failed=1
fi
elif [[ -e "$unit" ]]; then
ls -l "$unit"; fail "aegis.service 存在且未 mask(建议删除或 mask)"; failed=1
else
pass "未发现 aegis.service"
fi
echo
step "目录与文件"
local left=0
for d in /usr/local/aegis /etc/aegis /var/log/aegis; do
if [[ -e "$d" ]]; then
if find "$d" -mindepth 1 -print -quit 2>/dev/null | grep -q .; then
echo "$d 存在且非空"; left=1
else
echo "$d 存在但为空"; left=1
fi
fi
done
if [[ "$left" -eq 0 ]]; then pass "未发现 Aegis 残留目录"; else fail "存在 Aegis 残留目录"; failed=1; fi
echo
step "网络连接"
if command -v ss >/dev/null 2>&1 && ss -tpna | grep -qi 'AliYunDun'; then
ss -tpna | grep -i 'AliYunDun' | sed 's/^//'
fail "仍有 AliYunDun 相关网络连接"; failed=1
else
pass "未发现 AliYunDun 相关网络连接"
fi
echo
step "dpkg 包(通常无)"
if dpkg -l 2>/dev/null | awk '$1=="ii"{print $2}' | grep -qiE '(aegis|aliyun|aliyundun)'; then
dpkg -l | grep -iE '(aegis|aliyun|aliyundun)'
warn "检测到相关包(考虑 apt purge)"
else
pass "未发现相关包"
fi
echo
if [[ "$failed" -eq 0 ]]; then
echo -e "${GREEN}${BOLD}验收通过:未发现 Aegis 残留。${RESET}"
return 0
else
echo -e "${RED}${BOLD}验收未通过:上方 FAIL 项需处理。${RESET}"
return 1
fi
}
# ---------- 准备依赖 ----------
step "安装必要工具(静默失败不影响)"
export DEBIAN_FRONTEND=noninteractive
try apt-get update -y
try apt-get install -y e2fsprogs psmisc wget
echo
# ---------- 0. 优先调用官方卸载脚本 ----------
step "官方卸载脚本(Aegis)"
if wget -O /tmp/aegis_uninstall.sh "http://update.aegis.aliyun.com/download/uninstall.sh"; then
chmod +x /tmp/aegis_uninstall.sh
try bash /tmp/aegis_uninstall.sh
pass "已尝试执行官方卸载脚本"
else
warn "下载官方卸载脚本失败,跳过此步"
fi
echo
# ---------- 1. 清理 Aliyun Assist 包(如有) ----------
step "清理 aliyun-assist 包(如存在)"
try apt-get purge -y aliyun-assist
try apt-get autoremove -y
echo
# ---------- 2. systemd:停用/删除/屏蔽 ----------
step "处理 systemd 单元与 wants 软链"
try systemctl stop aegis.service
try systemctl disable aegis.service
try chattr -i /etc/systemd/system/multi-user.target.wants/aegis.service
try chattr -i /etc/systemd/system/aegis.service
try rm -f /etc/systemd/system/multi-user.target.wants/aegis.service
try rm -f /etc/systemd/system/aegis.service
try systemctl daemon-reload
try systemctl reset-failed aegis.service
# 屏蔽(mask 到 /dev/null)
try systemctl mask aegis.service
echo
# ---------- 3. 冻结看门狗 ----------
step "冻结 Aegis 看门狗(SIGSTOP)"
try pkill -STOP -f 'AliYunDunMonitor|AliYunDunUpdate|AliYunDun|/usr/local/aegis'
echo
# ---------- 4. 替换关键二进制为 /bin/true(阻断自拉起) ----------
step "替换关键二进制为 /bin/true"
for b in \
"$AEGIS_DIR/aegis_update/AliYunDunUpdate" \
"$AEGIS_DIR/aegis_client"/*/AliYunDun \
"$AEGIS_DIR/aegis_client"/*/AliYunDunMonitor
do
[[ -f "$b" ]] || continue
try chattr -i "$b"
mv "$b" "${b}.disabled" 2>/dev/null || true
install -m0755 /bin/true "$b" 2>/dev/null || true
echo "patched: $b -> /bin/true"
done
echo
# ---------- 5. 强杀直到消失 ----------
step "强杀 Aegis 相关进程"
for i in {1..60}; do
try pkill -9 -f 'AliYunDunMonitor|AliYunDunUpdate|AliYunDun|/usr/local/aegis'
sleep 0.2
if ! pgrep -f 'AliYunDun|/usr/local/aegis' >/dev/null; then
echo "processes gone"
break
fi
echo "still present, retry $i/60"
done
echo
# ---------- 6. 卸载挂在 /usr/local/aegis 下的所有挂载点(cgroup 等) ----------
step "卸载 /usr/local/aegis 下的挂载点(从深到浅)"
awk '$2 ~ "^/usr/local/aegis(/|$)" {print $2}' /proc/self/mounts | sort -r | while read -r m; do
echo "umount -l $m"
umount -l "$m" 2>/dev/null || true
done
# 若曾对根目录 bind 过,再卸一次
if mountpoint -q "$AEGIS_DIR"; then
echo "umount -l $AEGIS_DIR"
umount -l "$AEGIS_DIR" 2>/dev/null || true
fi
echo
# ---------- 7. 去保护位、删目录 ----------
step "去不可变/仅追加属性并删除目录"
try chattr -R -ia "$AEGIS_DIR"
try chmod -R u+rwX "$AEGIS_DIR"
try rm -rf "$AEGIS_DIR" /etc/aegis /var/log/aegis
echo
# ---------- 8. APT Pin(防回装,非破坏性) ----------
step "设置 APT Pin(防止相关包回装)"
cat >/etc/apt/preferences.d/hold-aliyun.pref <<'PREF'
Package: *aliyun* *cloudmonitor* *ilogtail* *aegis* *sas* *yundun*
Pin: release *
Pin-Priority: -1
PREF
echo "/etc/apt/preferences.d/hold-aliyun.pref 已写入(如需恢复可手动删除)"
echo
# ---------- 9. 最终验收 ----------
if verify_all; then
exit 0
else
echo
warn "如仅剩 /usr/local/aegis 空目录删不掉,复查是否仍有挂载:"
echo "awk '\$2 ~ \"^/usr/local/aegis(/|$)\" {print \$2}' /proc/self/mounts | sort -r"
exit 1
fi
随后Ctrl+O写入nano,在Ctrl+X退出nano。接着赋予权限并执行chmod +x /root/aegis_all_in_one.sh sudo /root/aegis_all_in_one.sh显示==> 进程检查
未发现 Aegis 相关进程
==> systemd 单元与软链
无 wants 软链
aegis.service 已 mask(指向 /dev/null)
==> 目录与文件
未发现 Aegis 残留目录
==> 网络连接
未发现 AliYunDun 相关网络连接
==> dpkg 包(通常无)
未发现相关包
验收通过:未发现 Aegis 残留。替换阿里云镜像源为官方源(可选,海外机器建议)sed -i 's#http://mirrors.cloud.aliyuncs.com/debian#http://deb.debian.org/debian#g' /etc/apt/sources.list
sed -i 's#http://mirrors.cloud.aliyuncs.com/debian-security#http://security.debian.org/debian-security#g' /etc/apt/sources.list
apt update引用自:https://cbrblog.eu.org/2025/09/01/%E9%98%BF%E9%87%8C%E4%BA%91%E8%BD%BB%E9%87%8F%E5%BA%94%E7%94%A8%E6%9C%8D%E5%8A%A1%E5%99%A8%E5%8D%B8%E8%BD%BD%E5%AE%89%E5%85%A8%E5%AE%88%E6%8A%A4/
页:
[1]