阿里云服务器卸载–AliYunDun阿里云盾

2023年12月19日教程大全AliYunDun,阿里云,阿里云盾

阿里云服务器默认都给安装的有AliYunDun监控进程，占用资源其实也不高。不过在服务器里跑着总是有些碍眼的，下面给大家发下卸载步骤。

本文目录1. 相关链接2. 卸载步骤2.1. 1.阿里云控制台卸载2.2. 2.服务器内脚本卸载2.2.1. Linux：2.2.2. Windows：3. 脚本备份3.1. Linux3.2. Windows

相关链接阿里云官方教程：https://help.aliyun.com/zh/security-center/user-guide/uninstall-the-security-center-agent

阿里云云安全中心控制台：https://yundun.console.aliyun.com/?spm=a2c4g.11186623.0.0.33d52fa03TJMV1&p=sas

卸载步骤下面是2个卸载方式。

1.阿里云控制台卸载打开阿里云云安全中心控制台，左侧下拉

系统配置–功能设置–客户端–卸载

在此处选择你的服务器然后点击卸载即可。

2.服务器内脚本卸载Linux：阿里云服务器

wget "http://update2.aegis.aliyun.com/download/uninstall.sh" && chmod +x uninstall.sh && ./uninstall.sh非阿里云服务器

wget "http://update.aegis.aliyun.com/download/uninstall.sh" && chmod +x uninstall.sh && ./uninstall.sh

Windows：下载卸载脚本，运行即可。管理员权限运行。

卸载脚本：https://update.aegis.aliyun.com/download/uninstall.bat?spm=a2c4g.11186623.0.0.33d52fa03TJMV1&file=uninstall.bat

脚本备份Linux#!/bin/bash

# -i : uninstall before install, do not delete domaincfg.ini

AEGIS_INSTALL_DIR="/usr/local/aegis"

AEGIS_SYSTEMD_SERVICE_PATH="/etc/systemd/system/aegis.service"

UNINSTALL_FOR_INSTALL=1 # 1 is false, 0 is true, default is false

UUID=""

#check linux Gentoo os

var=`lsb_release -a | grep Gentoo`

if [ -z "${var}" ]; then

var=`cat /etc/issue | grep Gentoo`

fi

checkCoreos=`cat /etc/os-release 2>/dev/null | grep coreos`

if [ -d "/etc/runlevels/default" -a -n "${var}" ]; then

LINUX_RELEASE="GENTOO"

elif [ -f "/etc/os-release" -a -n "${checkCoreos}" ]; then

LINUX_RELEASE="COREOS"

AEGIS_INSTALL_DIR="/opt/aegis"

else

LINUX_RELEASE="OTHER"

fi

AEGIS_UPDATE_SITE_ARRAY[0]="update2.aegis.aliyun.com"

AEGIS_UPDATE_SITE_ARRAY[1]="update4.aegis.aliyun.com"

AEGIS_UPDATE_SITE_ARRAY[2]="update5.aegis.aliyun.com"

AEGIS_UPDATE_SITE_ARRAY[3]="update.aegis.aliyun.com"

stop_aegis_pkill(){

pkill -9 AliHips >/dev/null 2>&1

/usr/local/aegis/alihips/AliHips --stopdriver

pkill -9 AliYunDun >/dev/null 2>&1

pkill -9 AliYunDunMonitor >/dev/null 2>&1

pkill -9 AliYunDunUpdate >/dev/null 2>&1

pkill -9 AliNet >/dev/null 2>&1

# TODO: do not kill AliSecGuard to avoid soft lock bug for old version

# pkill -9 AliSecGuard >/dev/null 2>&1

pkill -9 AliDetect >/dev/null 2>&1

pkill -9 AliScriptEngine >/dev/null 2>&1

/usr/local/aegis/AliNet/AliNet --stopdriver

# /usr/local/aegis/AliSecGuard/AliSecGuard --stopdriver

DRIVER_OWNER_FILE_PATH="/usr/local/aegis/AliSecGuard/driver_owner.txt"

if [ -f "${DRIVER_OWNER_FILE_PATH}" ]; then

DRIVER_OWNER_PATH=$(cat "${DRIVER_OWNER_FILE_PATH}")

"${DRIVER_OWNER_PATH}" --stopdriver

fi

printf "%-40s %40s\n" "Stopping aegis" "[ OK ]"

}

# can not remove all aegis folder, because there is backup file in globalcfg

remove_aegis(){

kprobeArr=(

"/sys/kernel/debug/tracing/instances/aegis_do_sys_open/set_event"

"/sys/kernel/debug/tracing/instances/aegis_inet_csk_accept/set_event"

"/sys/kernel/debug/tracing/instances/aegis_tcp_connect/set_event"

"/sys/kernel/debug/tracing/instances/aegis/set_event"

"/sys/kernel/debug/tracing/instances/aegis_/set_event"

"/sys/kernel/debug/tracing/instances/aegis_accept/set_event"

"/sys/kernel/debug/tracing/kprobe_events"

"/usr/local/aegis/aegis_debug/tracing/set_event"

"/usr/local/aegis/aegis_debug/tracing/kprobe_events"

)

for value in ${kprobeArr[@]}

do

if [ -f "$value" ]; then

echo > $value

fi

done

if [ -d "${AEGIS_INSTALL_DIR}" ];then

umount ${AEGIS_INSTALL_DIR}/aegis_debug

if [ -d "${AEGIS_INSTALL_DIR}/cgroup/cpu" ];then

umount ${AEGIS_INSTALL_DIR}/cgroup/cpu

fi

if [ -d "${AEGIS_INSTALL_DIR}/cgroup" ];then

umount ${AEGIS_INSTALL_DIR}/cgroup

fi

rm -rf ${AEGIS_INSTALL_DIR}/aegis_client

rm -rf ${AEGIS_INSTALL_DIR}/aegis_update

rm -rf ${AEGIS_INSTALL_DIR}/alihids

# when uninstall.sh call by AliAqsInstall_64, it can not delete domaincfg.ini, because it may create new domaincfg.ini for install

# UNINSTALL_FOR_INSTALL is 0 when call by AliAqsInstall_64

if [ ${UNINSTALL_FOR_INSTALL} == 1 ]; then

echo "remove domaincfg.ini"

rm -f ${AEGIS_INSTALL_DIR}/globalcfg/domaincfg.ini

fi

fi

}

uninstall_systemd_service()

{

if [ -f "$AEGIS_SYSTEMD_SERVICE_PATH" ]; then

systemctl stop aegis 2>/dev/null

systemctl disable aegis 2>/dev/null

rm -f "$AEGIS_SYSTEMD_SERVICE_PATH"

fi

return 0

}

uninstall_service() {

if [ -f "/etc/init.d/aegis" ]; then

/etc/init.d/aegis stop >/dev/null 2>&1

rm -f /etc/init.d/aegis

fi

if [ $LINUX_RELEASE = "GENTOO" ]; then

rc-update del aegis default 2>/dev/null

if [ -f "/etc/runlevels/default/aegis" ]; then

rm -f "/etc/runlevels/default/aegis" >/dev/null 2>&1;

fi

elif [ -f /etc/init.d/aegis ]; then

/etc/init.d/aegis uninstall

for ((var=2; var<=5; var++)) do

if [ -d "/etc/rc${var}.d/" ];then

rm -f "/etc/rc${var}.d/S80aegis"

elif [ -d "/etc/rc.d/rc${var}.d" ];then

rm -f "/etc/rc.d/rc${var}.d/S80aegis"

fi

done

fi

# uninstall systemd service

uninstall_systemd_service

}

wait_aegis_exit()

{

var=1

limit=10

echo "wait aegis exit";

while [[ $var -lt $limit ]]; do

if [ -n "$(ps -ef|grep aegis_client|grep -v grep)" ]; then

sleep 1

else

return

fi

((var++))

done

echo "wait AliYunDun process exit fail, possibly due to self-protection, please uninstall aegis or disable self-protection from the aegis console."

exit 6

}

report_uninstall_result()

{

echo "start report uninstall"

checkValue=0

for((; checkValue < ${#AEGIS_UPDATE_SITE_ARRAY[@]}; checkValue++))

do

echo "${AEGIS_UPDATE_SITE_ARRAY[checkValue]}"

curl --retry 2 --connect-timeout 5 -m 30 --header "Content-Type: application/json" --request POST --data "{\"version\": 4,\"data\": {\"uuid\": \"${UUID}\", \"type\": \"uninstall\"}}" "https://${AEGIS_UPDATE_SITE_ARRAY[checkValue]}/update"

if [ $? == 0 ]; then

return $checkValue

fi

done;

echo "report uninstall result error" 1>&2

exit 1

}

# entry

if [ `id -u` -ne "0" ]; then

echo "ERROR: This script must be run as root." 1>&2

exit 8

fi

#parse argument

for arg in "$@"

do

argkey="${arg:0:2}"

argvalue="${arg#*=}"

if [ "${argkey}" == "-i" ]; then

UNINSTALL_FOR_INSTALL=0

echo "uninstall for install"

elif [ "${argkey}" == "-d" ]; then

UUID=${argvalue}

elif [ "${argkey}" == "-u" ]; then

AEGIS_UPDATE_SITE_ARRAY=(${argvalue//|/ })

echo "specify udpate domain argument is ${argvalue}"

else

# old AliYunDun just send uuid as argument

UUID="${arg}"

fi

done

echo "uuid is ${UUID}"

stop_aegis_pkill

wait_aegis_exit

uninstall_service

remove_aegis

umount ${AEGIS_INSTALL_DIR}/aegis_debug

printf "%-40s %40s\n" "Uninstalling aegis" "[ OK ]"

# report uninstall result

if [ -n "${UUID}" -a "${UNINSTALL_FOR_INSTALL}" != 0 ]; then

report_uninstall_result

fiWindows:: -i : uninstall before install, do not delete domaincfg.ini

echo off

taskkill /F /IM AliHips.exe

"C:\Program Files (x86)\Alibaba\Aegis\AliHips\AliHips.exe" --stopdriver

sc stop "Alibaba Security Aegis Detect Service"

sc delete "Alibaba Security Aegis Detect Service"

taskkill /F /IM AliYunDunUpdate.exe

taskkill /F /IM AliYunDun.exe

taskkill /F /IM AliYunDunMonitor.exe

taskkill /F /IM AliSecGuard.exe

taskkill /F /IM AliNetFilter.exe

taskkill /F /IM AliDetect.exe

taskkill /F /IM AliScriptEngine.exe

::wait aegis exit

echo "begin to wait AliYunDun.exe exit"

timeout 10 > NUL

tasklist|find /i "AliYunDun.exe"

if %errorlevel% == 0 (

echo "wait AliYunDun.exe exit fail, possibly due to self-protection, please uninstall or disable self-protection from the aegis console."

exit /b 1

)

sc stop "Alibaba Security Aegis Update Service"

sc delete "Alibaba Security Aegis Update Service"

"C:\Program Files (x86)\Alibaba\Aegis\AliNet\AliNetFilter.exe" --stopdriver

set driver_onwer_file_path="C:\Program Files (x86)\Alibaba\Aegis\AliSecGuard\driver_owner.txt"

set driver_onwer_path="C:\Program Files (x86)\Alibaba\Aegis\AliSecGuard\AliSecGuard.exe"

if exist %driver_onwer_file_path% (

for /f "usebackq delims=" %%i in (%driver_onwer_file_path%) do (set driver_onwer_path="%%i")

)

::echo %driver_onwer_path%

%driver_onwer_path% --stopdriver

rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\aegis_client"

rmdir /s /q "C:\Program Files\Alibaba\Aegis\aegis_client"

timeout 3 > NUL

rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\aegis_client"

rmdir /s /q "C:\Program Files\Alibaba\Aegis\aegis_client"

rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\aegis_update"

rmdir /s /q "C:\Program Files\Alibaba\Aegis\aegis_update"

rmdir /s /q "C:\Program Files (x86)\Alibaba\Aegis\alihids"

rmdir /s /q "C:\Program Files\Alibaba\Aegis\alihids"

del /f "C:\Windows\temp\singleApp_aegisClient"

del /f "C:\Windows\temp\single_app_yun_dun_monitor"

if not "%1" == "-i" (

del /f "C:\Program Files\Alibaba\Aegis\globalcfg\domaincfg.ini"

del /f "C:\Program Files (x86)\Alibaba\Aegis\globalcfg\domaincfg.ini"

) else (

exit /b

)

if "%1" == "" (

exit /b

)

::Invoke-WebRequest is supported from powershell 3.0, so server 2008 and below is not support

set uuid=%1

powershell -executionpolicy bypass -c "Invoke-WebRequest -Uri https://update.aegis.aliyun.com/update -Method POST -ContentType 'application/json' -Body '{\"version\": 4,\"data\": {\"uuid\": \"%uuid%\", \"type\": \"uninstall\"}}'"给本文评分