[Gluster-infra] Slave23 compromised

Michael Scherer mscherer at redhat.com
Fri Mar 6 15:24:03 UTC 2015

Le vendredi 06 mars 2015 à 10:18 -0500, John Mark Walker a écrit :
> Huh. What was running on the VM?

Just jenkins, salt-minion, nginx and the usual stuff.

The attack likely occured around 9h42 UTC, since that's when the kernel
log start to complain about a segfault.

And the way the attacker entered :

Mar  6 09:42:03 slave23 sshd[20045]: reverse mapping checking
getaddrinfo for
Mar  6 09:42:03 slave23 sshd[20045]: Accepted password for root from port 52378 ssh2

Case closed. 
I am gonna switch root to be ssh keys only.
Michael Scherer
Open Source and Standards, Sysadmin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20150306/1f2076d7/attachment.sig>

More information about the Gluster-infra mailing list