[Gluster-infra] Slave23 compromised
Justin Clift
justin at gluster.org
Mon Mar 9 20:56:52 UTC 2015
On 9 Mar 2015, at 17:09, Joe Julian <joe at julianfamily.org> wrote:
> On 03/09/2015 09:30 AM, Justin Clift wrote:
>> On 6 Mar 2015, at 17:58, Michael Scherer <mscherer at redhat.com> wrote:
>>> Le vendredi 06 mars 2015 à 16:24 +0100, Michael Scherer a écrit :
>>>> Le vendredi 06 mars 2015 à 10:18 -0500, John Mark Walker a écrit :
>>>>> Huh. What was running on the VM?
>>>> Just jenkins, salt-minion, nginx and the usual stuff.
>>>>
>>>> The attack likely occured around 9h42 UTC, since that's when the kernel
>>>> log start to complain about a segfault.
>>>>
>>>> And the way the attacker entered :
>>>>
>>>> Mar 6 09:42:03 slave23 sshd[20045]: reverse mapping checking
>>>> getaddrinfo for 115.114.191.205.static-mumbai.vsnl.net.in
>>>> [115.114.191.205] failed - POSSIBLE BREAK-IN ATTEMPT!
>>>> Mar 6 09:42:03 slave23 sshd[20045]: Accepted password for root from
>>>> 115.114.191.205 port 52378 ssh2
>>>>
>>>> Case closed.
>>>> I am gonna switch root to be ssh keys only.
>>> Ok so today is not my day, as I managed to also break sshd on everything
>>> but RHEL 7 while trying to secure everything.
>>>
>>> Hopefully, I was able to fix, but if you see jenkins job failure
>>> between 18h40 and 18h55 UTC, that's me.
>>>
>>> I suspect it to be a bug somewhere in salt, since it doesn't correctly
>>> change the file correctly on RHEL 6 while it work with RHEL 7.
>> Interesting. The guys I spoke with a while ago at FOSDEM um... a year
>> ago were running Salt in their Production, and their feeling of it
>> (then) is that it's very buggy.
>>
>> Hopefully it's not unusably so. :/
>>
> I've been using it for designing our new infrastructure at $dayjob for the last 6 months and it's been very reliable.
Cool. :)
--
GlusterFS - http://www.gluster.org
An open source, distributed file system scaling to several
petabytes, and handling thousands of clients.
My personal twitter: twitter.com/realjustinclift
More information about the Gluster-infra
mailing list