Wipe Out Aliyun Server Guard Agent

2018/1/11 posted in  Network

Why NOT simply do reinstall via panel?

Server Guard Agent (SGA) is installed by default and Aliyun has an official uninstall guide.

However, after uninstalling SGA, your VM still trying connecting SGA remote and uploading encrypted data.

After blocked all IPs of SGA service, an unknown key inserted in my .ssh/ directory. I opened a ticket, they told me "you were hacked". And I found my sshd binary file was modified.

So we will enable full system encryption to make VMs hosted by a provider which cannot be trusted invulnerable.

Prepare your VM

You’ll install your custom distro onto a raw disk, with the direct disk boot option. The end result will be a working custom install; however, it will not support disk resizing from within the official panel, nor will it be compatible with the official backup service.

1. Create two raw, unformatted disk images. Can be done with Aliyun Console.
2. Create two configuration profiles.

Installer profile

Label: Installer
Kernel: Direct Disk
/dev/sda: Boot disk image.
/dev/sdb: Installer disk image.
root / boot device: Standard /dev/sdb

Boot profile

Label: Boot
Kernel: Direct Disk
/dev/sda: Boot disk image.
root / boot device: Standard /dev/sda

Download and Install Image

  1. Boot into Rescue Mode with your Installer disk mounted to /dev/sda, and connect to your VM using the Aliyun Console.
  2. Once in Rescue Mode, download your installation media and copy it to your Installer disk. In this example we’re using the Ubuntu net installer.
wget http://mirror.pnl.gov/releases/xenial/ubuntu-16.04.3-server-amd64.iso
dd if=mini.iso of=/dev/sda
  1. Reboot into your Installer configuration profile
  2. During your installer’s partitioning/installation phase, be sure to instruct it to use the /dev/sda volume and enable full system encryption.
  3. Once the installation completes, reboot into your Boot profile and open the console. You will have access to your VM.