[Gluster-infra] Slave23 compromised
mscherer at redhat.com
Fri Mar 6 15:24:03 UTC 2015
Le vendredi 06 mars 2015 à 10:18 -0500, John Mark Walker a écrit :
> Huh. What was running on the VM?
Just jenkins, salt-minion, nginx and the usual stuff.
The attack likely occured around 9h42 UTC, since that's when the kernel
log start to complain about a segfault.
And the way the attacker entered :
Mar 6 09:42:03 slave23 sshd: reverse mapping checking
getaddrinfo for 126.96.36.199.static-mumbai.vsnl.net.in
[188.8.131.52] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 6 09:42:03 slave23 sshd: Accepted password for root from
184.108.40.206 port 52378 ssh2
I am gonna switch root to be ssh keys only.
Open Source and Standards, Sysadmin
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the Gluster-infra