linux ldd中毒

ldd /usr/bin/top
/usr/local/lib/sshd.so
/usr/local/lib/pnscan.so
/usr/local/lib/masscan.so
/usr/local/lib/httpd.so
/usr/local/lib/bioset.so

vi /etc/ld.so.preload
/usr/local/lib/sshd.so
/usr/local/lib/pnscan.so
/usr/local/lib/masscan.so
/usr/local/lib/httpd.so
/usr/local/lib/bioset.so

rm: cannot remove '/etc/ld.so.preload': Operation not permitted

如果你的文件被加锁，而chattr又被替换
在原主机执行
echo > /etc/ld.so.preload Operation not permitted
-----i--------e----- /etc/ld.so.preload
chattr -i /etc/ld.so.preload chattr 被更改已无作用
----i--------e----- /etc/ld.so.preload

```

解决办法：
```shell
docker run --privileged --network=host -it --rm -v /etc:/home/tmp:rw -v /usr/bin:/home/usr/bin:rw -v /proc:/proc ubuntu:18.0.4 bash
chattr -i /home/tmp/ld.so.preload
------------e----- /etc/ld.so.preload
echo > /etc/ld.so.preload

apt -y install clamAV
yum install epel-release
yum install clamav

clamscan -r / --max-dir-recursion=5 -l /root/rootscan.log

grep -i FOUND rootscan.log

相关日志