[Gluster-infra] Slave23 compromised
mscherer at redhat.com
Fri Mar 6 17:58:10 UTC 2015
Le vendredi 06 mars 2015 à 16:24 +0100, Michael Scherer a écrit :
> Le vendredi 06 mars 2015 à 10:18 -0500, John Mark Walker a écrit :
> > Huh. What was running on the VM?
> Just jenkins, salt-minion, nginx and the usual stuff.
> The attack likely occured around 9h42 UTC, since that's when the kernel
> log start to complain about a segfault.
> And the way the attacker entered :
> Mar 6 09:42:03 slave23 sshd: reverse mapping checking
> getaddrinfo for 184.108.40.206.static-mumbai.vsnl.net.in
> [220.127.116.11] failed - POSSIBLE BREAK-IN ATTEMPT!
> Mar 6 09:42:03 slave23 sshd: Accepted password for root from
> 18.104.22.168 port 52378 ssh2
> Case closed.
> I am gonna switch root to be ssh keys only.
Ok so today is not my day, as I managed to also break sshd on everything
but RHEL 7 while trying to secure everything.
Hopefully, I was able to fix, but if you see jenkins job failure
between 18h40 and 18h55 UTC, that's me.
I suspect it to be a bug somewhere in salt, since it doesn't correctly
change the file correctly on RHEL 6 while it work with RHEL 7.
Open Source and Standards, Sysadmin
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the Gluster-infra