正文
阿里云服务器卸载–AliYunDun阿里云盾
阿里云服务器默认都给安装的有AliYunDun监控进程,占用资源其实也不高。不过在服务器里跑着总是有些碍眼的,下面给大家发下卸载步骤。
本文目录
相关链接
阿里云官方教程:https://help.aliyun.com/zh/security-center/user-guide/uninstall-the-security-center-agent
阿里云云安全中心控制台:https://yundun.console.aliyun.com/?spm=a2c4g.11186623.0.0.33d52fa03TJMV1&p=sas
卸载步骤
下面是2个卸载方式。
1.阿里云控制台卸载
打开阿里云云安全中心控制台,左侧下拉
系统配置–功能设置–客户端–卸载
在此处选择你的服务器然后点击卸载即可。
2.服务器内脚本卸载
Linux:
阿里云服务器
wget "http://update2.aegis.aliyun.com/download/uninstall.sh" && chmod +x uninstall.sh && ./uninstall.sh
非阿里云服务器
wget "http://update.aegis.aliyun.com/download/uninstall.sh" && chmod +x uninstall.sh && ./uninstall.sh
Windows:
下载卸载脚本,运行即可。管理员权限运行。
卸载脚本:https://update.aegis.aliyun.com/download/uninstall.bat?spm=a2c4g.11186623.0.0.33d52fa03TJMV1&file=uninstall.bat
脚本备份
Linux
#!/bin/bash # -i : uninstall before install, do not delete domaincfg.ini AEGIS_INSTALL_DIR="/usr/local/aegis" AEGIS_SYSTEMD_SERVICE_PATH="/etc/systemd/system/aegis.service" UNINSTALL_FOR_INSTALL=1 # 1 is false, 0 is true, default is false UUID="" #check linux Gentoo os var=`lsb_release -a | grep Gentoo` if [ -z "${var}" ]; then var=`cat /etc/issue | grep Gentoo` fi checkCoreos=`cat /etc/os-release 2>/dev/null | grep coreos` if [ -d "/etc/runlevels/default" -a -n "${var}" ]; then LINUX_RELEASE="GENTOO" elif [ -f "/etc/os-release" -a -n "${checkCoreos}" ]; then LINUX_RELEASE="COREOS" AEGIS_INSTALL_DIR="/opt/aegis" else LINUX_RELEASE="OTHER" fi AEGIS_UPDATE_SITE_ARRAY[0]="update2.aegis.aliyun.com" AEGIS_UPDATE_SITE_ARRAY[1]="update4.aegis.aliyun.com" AEGIS_UPDATE_SITE_ARRAY[2]="update5.aegis.aliyun.com" AEGIS_UPDATE_SITE_ARRAY[3]="update.aegis.aliyun.com" stop_aegis_pkill(){ pkill -9 AliHips >/dev/null 2>&1 /usr/local/aegis/alihips/AliHips --stopdriver pkill -9 AliYunDun >/dev/null 2>&1 pkill -9 AliYunDunMonitor >/dev/null 2>&1 pkill -9 AliYunDunUpdate >/dev/null 2>&1 pkill -9 AliNet >/dev/null 2>&1 # TODO: do not kill AliSecGuard to avoid soft lock bug for old version # pkill -9 AliSecGuard >/dev/null 2>&1 pkill -9 AliDetect >/dev/null 2>&1 pkill -9 AliScriptEngine >/dev/null 2>&1 /usr/local/aegis/AliNet/AliNet --stopdriver # /usr/local/aegis/AliSecGuard/AliSecGuard --stopdriver DRIVER_OWNER_FILE_PATH="/usr/local/aegis/AliSecGuard/driver_owner.txt" if [ -f "${DRIVER_OWNER_FILE_PATH}" ]; then DRIVER_OWNER_PATH=$(cat "${DRIVER_OWNER_FILE_PATH}") "${DRIVER_OWNER_PATH}" --stopdriver fi printf "%-40s %40s\n" "Stopping aegis" "[ OK ]" } # can not remove all aegis folder, because there is backup file in globalcfg remove_aegis(){ kprobeArr=( "/sys/kernel/debug/tracing/instances/aegis_do_sys_open/set_event" "/sys/kernel/debug/tracing/instances/aegis_inet_csk_accept/set_event" "/sys/kernel/debug/tracing/instances/aegis_tcp_connect/set_event" "/sys/kernel/debug/tracing/instances/aegis/set_event" "/sys/kernel/debug/tracing/instances/aegis_/set_event" "/sys/kernel/debug/tracing/instances/aegis_accept/set_event" "/sys/kernel/debug/tracing/kprobe_events" "/usr/local/aegis/aegis_debug/tracing/set_event" "/usr/local/aegis/aegis_debug/tracing/kprobe_events" ) for value in ${kprobeArr[@]} do if [ -f "$value" ]; then echo > $value fi done if [ -d "${AEGIS_INSTALL_DIR}" ];then umount ${AEGIS_INSTALL_DIR}/aegis_debug if [ -d "${AEGIS_INSTALL_DIR}/cgroup/cpu" ];then umount ${AEGIS_INSTALL_DIR}/cgroup/cpu fi if [ -d "${AEGIS_INSTALL_DIR}/cgroup" ];then umount ${AEGIS_INSTALL_DIR}/cgroup fi rm -rf ${AEGIS_INSTALL_DIR}/aegis_client rm -rf ${AEGIS_INSTALL_DIR}/aegis_update rm -rf ${AEGIS_INSTALL_DIR}/alihids # when uninstall.sh call by AliAqsInstall_64, it can not delete domaincfg.ini, because it may create new domaincfg.ini for install # UNINSTALL_FOR_INSTALL is 0 when call by AliAqsInstall_64 if [ ${UNINSTALL_FOR_INSTALL} == 1 ]; then echo "remove domaincfg.ini" rm -f ${AEGIS_INSTALL_DIR}/globalcfg/domaincfg.ini fi fi } uninstall_systemd_service() { if [ -f "$AEGIS_SYSTEMD_SERVICE_PATH" ]; then systemctl stop aegis 2>/dev/null systemctl disable aegis 2>/dev/null rm -f "$AEGIS_SYSTEMD_SERVICE_PATH" fi return 0 } uninstall_service() { if [ -f "/etc/init.d/aegis" ]; then /etc/init.d/aegis stop >/dev/null 2>&1 rm -f /etc/init.d/aegis fi if [ $LINUX_RELEASE = "GENTOO" ]; then rc-update del aegis default 2>/dev/null if [ -f "/etc/runlevels/default/aegis" ]; then rm -f "/etc/runlevels/default/aegis" >/dev/null 2>&1; fi elif [ -f /etc/init.d/aegis ]; then /etc/init.d/aegis uninstall for ((var=2; var<=5; var++)) do if [ -d "/etc/rc${var}.d/" ];then rm -f "/etc/rc${var}.d/S80aegis" elif [ -d "/etc/rc.d/rc${var}.d" ];then rm -f "/etc/rc.d/rc${var}.d/S80aegis" fi done fi # uninstall systemd service uninstall_systemd_service } wait_aegis_exit() { var=1 limit=10 echo "wait aegis exit"; while [[ $var -lt $limit ]]; do if [ -n "$(ps -ef|grep aegis_client|grep -v grep)" ]; then sleep 1 else return fi ((var++)) done echo "wait AliYunDun process exit fail, possibly due to self-protection, please uninstall aegis or disable self-protection from the aegis console." exit 6 } report_uninstall_result() { echo "start report uninstall" checkValue=0 for((; checkValue < ${#AEGIS_UPDATE_SITE_ARRAY[@]}; checkValue++)) do echo "${AEGIS_UPDATE_SITE_ARRAY[checkValue]}" curl --retry 2 --connect-timeout 5 -m 30 --header "Content-Type: application/json" --request POST --data "{\"version\": 4,\"data\": {\"uuid\": \"${UUID}\", \"type\": \"uninstall\"}}" "https://${AEGIS_UPDATE_SITE_ARRAY[checkValue]}/update" if [ $? == 0 ]; then return $checkValue fi done; echo "report uninstall result error" 1>&2 exit 1 } # entry if [ `id -u` -ne "0" ]; then echo "ERROR: This script must be run as root." 1>&2 exit 8 fi #parse argument for arg in "$@" do argkey="${arg:0:2}" argvalue="${arg#*=}" if [ "${argkey}" == "-i" ]; then UNINSTALL_FOR_INSTALL=0 echo "uninstall for install" elif [ "${argkey}" == "-d" ]; then UUID=${argvalue} elif [ "${argkey}" == "-u" ]; then AEGIS_UPDATE_SITE_ARRAY=(${argvalue//|/ }) echo "specify udpate domain argument is ${argvalue}" else # old AliYunDun just send uuid as argument UUID="${arg}" fi done echo "uuid is ${UUID}" stop_aegis_pkill wait_aegis_exit uninstall_service remove_aegis umount ${AEGIS_INSTALL_DIR}/aegis_debug printf "%-40s %40s\n" "Uninstalling aegis" "[ OK ]" # report uninstall result if [ -n "${UUID}" -a "${UNINSTALL_FOR_INSTALL}" != 0 ]; then report_uninstall_result fi
Windows
:: -i : uninstall before install, do not delete domaincfg.ini echo off taskkill /F /IM AliHips.exe "C:\Program Files (x86)\Alibaba\Aegis\AliHips\AliHips.exe" --stopdriver sc stop "Alibaba Security Aegis Detect Service" sc delete "Alibaba Security Aegis Detect Service" taskkill /F /IM AliYunDunUpdate.exe taskkill /F /IM AliYunDun.exe taskkill /F /IM AliYunDunMonitor.exe taskkill /F /IM AliSecGuard.exe taskkill /F /IM AliNetFilter.exe taskkill /F /IM AliDetect.exe taskkill /F /IM AliScriptEngine.exe ::wait aegis exit echo "begin to wait AliYunDun.exe exit" timeout 10 > NUL tasklist|find /i "AliYunDun.exe" if %errorlevel% == 0 ( echo "wait AliYunDun.exe exit fail, possibly due to self-protection, please uninstall or disable self-protection from the aegis console." exit /b 1 ) sc stop "Alibaba Security Aegis Update Service" sc delete "Alibaba Security Aegis Update Service" "C:\Program Files (x86)\Alibaba\Aegis\AliNet\AliNetFilter.exe" --stopdriver set driver_onwer_file_path="C:\Program Files (x86)\Alibaba\Aegis\AliSecGuard\driver_owner.txt" set driver_onwer_path="C:\Program Files (x86)\Alibaba\Aegis\AliSecGuard\AliSecGuard.exe" if exist %driver_onwer_file_path% ( for /f "usebackq delims=" %%i in (%driver_onwer_file_path%) do (set driver_onwer_path="%%i") ) ::echo %driver_onwer_path% %driver_onwer_path% --stopdriver rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\aegis_client" rmdir /s /q "C:\Program Files\Alibaba\Aegis\aegis_client" timeout 3 > NUL rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\aegis_client" rmdir /s /q "C:\Program Files\Alibaba\Aegis\aegis_client" rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\aegis_update" rmdir /s /q "C:\Program Files\Alibaba\Aegis\aegis_update" rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\alihids" rmdir /s /q "C:\Program Files\Alibaba\Aegis\alihids" del /f "C:\Windows\temp\singleApp_aegisClient" del /f "C:\Windows\temp\single_app_yun_dun_monitor" if not "%1" == "-i" ( del /f "C:\Program Files\Alibaba\Aegis\globalcfg\domaincfg.ini" del /f "C:\Program Files (x86)\Alibaba\Aegis\globalcfg\domaincfg.ini" ) else ( exit /b ) if "%1" == "" ( exit /b ) ::Invoke-WebRequest is supported from powershell 3.0, so server 2008 and below is not support set uuid=%1 powershell -executionpolicy bypass -c "Invoke-WebRequest -Uri https://update.aegis.aliyun.com/update -Method POST -ContentType 'application/json' -Body '{\"version\": 4,\"data\": {\"uuid\": \"%uuid%\", \"type\": \"uninstall\"}}'"