清理vps里的 tat_agent、YunJing/YDService/YDLive、barad_agent、sgagent/stargate,并删除 /usr/local/qcloud、/var/lib/qcloud、/var/log/qcloud 等残留目录。
cat > /root/remove-tencent-cloud-agent.sh <<'EOF'
#!/usr/bin/env bash
set +e
LOG="/root/remove-tencent-cloud-agent.$(date +%F-%H%M%S).log"
exec > >(tee -a "$LOG") 2>&1
echo "=================================================="
echo " Tencent Cloud Agent / YunJing Cleaner"
echo " Log: $LOG"
echo " Time: $(date '+%F %T')"
echo "=================================================="
echo
if [ "$(id -u)" -ne 0 ]; then
echo "ERROR: 请使用 root 执行。"
exit 1
fi
echo "[1/9] 备份相关目录和 systemd 单元信息..."
BACKUP="/root/tencent-agent-backup.$(date +%F-%H%M%S)"
mkdir -p "$BACKUP"
cp -a /etc/systemd/system "$BACKUP/systemd-system" 2>/dev/null || true
cp -a /usr/local/qcloud "$BACKUP/usr-local-qcloud" 2>/dev/null || true
cp -a /var/lib/qcloud "$BACKUP/var-lib-qcloud" 2>/dev/null || true
cp -a /var/log/qcloud "$BACKUP/var-log-qcloud" 2>/dev/null || true
echo "Backup dir: $BACKUP"
echo
echo "[2/9] 停止并禁用 tat_agent..."
systemctl stop tat_agent 2>/dev/null || true
systemctl disable tat_agent 2>/dev/null || true
if [ -e /etc/systemd/system/tat_agent.service ] && [ ! -L /etc/systemd/system/tat_agent.service ]; then
mv /etc/systemd/system/tat_agent.service "$BACKUP/tat_agent.service.disabled" 2>/dev/null || true
fi
systemctl daemon-reload
systemctl mask tat_agent 2>/dev/null || true
systemctl daemon-reload
pkill -9 -f '/usr/local/qcloud/tat_agent' 2>/dev/null || true
pkill -9 -f 'tat_agent' 2>/dev/null || true
echo
echo "[3/9] 停止腾讯云主机安全 YunJing / YDService / YDLive..."
pkill -9 -f '/usr/local/qcloud/YunJing' 2>/dev/null || true
pkill -9 -f 'YDEyes/YDService' 2>/dev/null || true
pkill -9 -f 'YDLive/YDLive' 2>/dev/null || true
pkill -9 -f 'YDService' 2>/dev/null || true
pkill -9 -f 'YDLive' 2>/dev/null || true
pkill -9 -f 'YunJing' 2>/dev/null || true
echo
echo "[4/9] 执行腾讯云主机安全官方卸载脚本,如果存在..."
if [ -x /usr/local/qcloud/YunJing/uninst.sh ]; then
/usr/local/qcloud/YunJing/uninst.sh || true
fi
if [ -x /var/lib/qcloud/YunJing/uninst.sh ]; then
/var/lib/qcloud/YunJing/uninst.sh || true
fi
echo
echo "[5/9] 停止腾讯云云监控 sgagent / stargate / barad_agent..."
pkill -9 -f '/usr/local/qcloud/stargate/bin/sgagent' 2>/dev/null || true
pkill -9 -f 'sgagent' 2>/dev/null || true
pkill -9 -f 'stargate' 2>/dev/null || true
pkill -9 -f 'barad_agent' 2>/dev/null || true
echo
echo "[6/9] 执行云监控官方卸载脚本,如果存在..."
if [ -x /usr/local/qcloud/stargate/admin/uninstall.sh ]; then
/usr/local/qcloud/stargate/admin/uninstall.sh || true
fi
if [ -x /usr/local/qcloud/monitor/barad/admin/uninstall.sh ]; then
/usr/local/qcloud/monitor/barad/admin/uninstall.sh || true
fi
echo
echo "[7/9] 清理 systemd / init / cron 自启动残留..."
find /etc/systemd/system /lib/systemd/system /usr/lib/systemd/system \
-maxdepth 1 -type f,l \
\( \
-iname '*qcloud*' -o \
-iname '*tencent*' -o \
-iname '*yunjing*' -o \
-iname '*ydservice*' -o \
-iname '*ydlive*' -o \
-iname '*barad*' -o \
-iname '*sgagent*' -o \
-iname '*stargate*' \
\) -print -delete 2>/dev/null || true
find /etc/init.d \
-maxdepth 1 -type f \
\( \
-iname '*qcloud*' -o \
-iname '*tencent*' -o \
-iname '*yunjing*' -o \
-iname '*ydservice*' -o \
-iname '*ydlive*' -o \
-iname '*barad*' -o \
-iname '*sgagent*' -o \
-iname '*stargate*' \
\) -print -delete 2>/dev/null || true
systemctl daemon-reload
systemctl mask tat_agent 2>/dev/null || true
systemctl daemon-reload
# 当前 root 的 crontab
TMP_CRON="$(mktemp)"
crontab -l 2>/dev/null | grep -viE 'qcloud|tencent|YunJing|YDService|YDLive|barad|sgagent|stargate|tat_agent' > "$TMP_CRON" || true
crontab "$TMP_CRON" 2>/dev/null || true
rm -f "$TMP_CRON"
# 系统 cron
grep -RilE 'qcloud|tencent|YunJing|YDService|YDLive|barad|sgagent|stargate|tat_agent' \
/etc/cron.d /etc/cron.hourly /etc/cron.daily /etc/cron.weekly /etc/cron.monthly 2>/dev/null \
| xargs -r rm -f
echo
echo "[8/9] 删除腾讯云目录、扫描库、隔离区、日志和 PID 文件..."
rm -rf /usr/local/qcloud
rm -rf /var/lib/qcloud
rm -rf /var/log/qcloud
rm -rf /tmp/qcloud*
rm -rf /tmp/YunJing*
rm -rf /tmp/tat_agent*
rm -f /run/tat_agent.pid
rm -f /var/run/tat_agent.pid
# 再次杀残留
pkill -9 -f '/usr/local/qcloud' 2>/dev/null || true
pkill -9 -f 'YDEyes/YDService' 2>/dev/null || true
pkill -9 -f 'YDLive/YDLive' 2>/dev/null || true
pkill -9 -f 'barad_agent' 2>/dev/null || true
pkill -9 -f 'sgagent' 2>/dev/null || true
pkill -9 -f 'stargate' 2>/dev/null || true
pkill -9 -f 'tat_agent' 2>/dev/null || true
echo
echo "[9/9] 最终检查..."
echo
echo "== 进程残留 =="
ps aux | grep -Ei 'YunJing|YDService|YDLive|qcloud|tencent|barad|sgagent|stargate|tat_agent' | grep -v grep || echo "未发现相关进程"
echo
echo "== systemd 残留 =="
systemctl list-units --type=service --all | grep -Ei 'YunJing|YDService|YDLive|qcloud|tencent|barad|sgagent|stargate|tat_agent' || echo "未发现相关 systemd 服务"
echo
echo "== 目录残留 =="
ls -ld /usr/local/qcloud /var/lib/qcloud /var/log/qcloud 2>/dev/null || echo "未发现 qcloud 目录"
echo
echo "== tat_agent 状态 =="
systemctl status tat_agent --no-pager 2>/dev/null || true
systemctl is-enabled tat_agent 2>/dev/null || true
echo
echo "=================================================="
echo "清理完成。建议重启后再执行检查命令。"
echo "日志文件:$LOG"
echo "备份目录:$BACKUP"
echo "=================================================="
EOF
chmod +x /root/remove-tencent-cloud-agent.sh
bash /root/remove-tencent-cloud-agent.sh
重启后检查:
ps aux | grep -Ei 'YunJing|YDService|YDLive|qcloud|tencent|barad|sgagent|stargate|tat_agent' | grep -v grep
systemctl list-units --type=service --all | grep -Ei 'YunJing|YDService|YDLive|qcloud|tencent|barad|sgagent|stargate|tat_agent'
ls -ld /usr/local/qcloud /var/lib/qcloud /var/log/qcloud 2>/dev/null
systemctl is-enabled tat_agent 2>/dev/null || true
只有:
masked
并且其他命令无输出,说明清理和持久禁用都完成了。