今天好朋友的NAS发现不幸中了
XMRig
挖矿病毒...
原因出现在OpenVSCode
页面没有做任何鉴权操作,任何人都可以直接访问...
所以还是一定要做好鉴权工作!所以还是一定要做好鉴权工作!所以还是一定要做好鉴权工作!
那么怎样通过PID查询到具体是哪个容器运行的呢?
好朋友提供的解决方案
- 使用
cat /proc/{pid}/cgroup
能够获取到容器ID信息, 如下
1234567891011121312:blkio:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b11:memory:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b10:hugetlb:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b9:cpuset:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b8:devices:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b7:net_cls,net_prio:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b6:pids:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b5:perf_event:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b4:cpu,cpuacct:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b3:rdma:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b2:freezer:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b1:name=systemd:/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b0::/docker/bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b - docker/后面的
bce034706d8fef47bda4605f3133708b7324b4de4d606c97a54e12124edfa78b
就是dockerID信息了,取前面的12位,即bce034706d8f
, 使用docker ps | grep bce034706d8f
就能查看到具体属于哪个docker