[Gluster-infra] Slave23 compromised

Justin Clift justin at gluster.org
Mon Mar 9 16:30:27 UTC 2015

On 6 Mar 2015, at 17:58, Michael Scherer <mscherer at redhat.com> wrote:
> Le vendredi 06 mars 2015 à 16:24 +0100, Michael Scherer a écrit :
>> Le vendredi 06 mars 2015 à 10:18 -0500, John Mark Walker a écrit :
>>> Huh. What was running on the VM?
>> Just jenkins, salt-minion, nginx and the usual stuff.
>> The attack likely occured around 9h42 UTC, since that's when the kernel
>> log start to complain about a segfault.
>> And the way the attacker entered :
>> Mar  6 09:42:03 slave23 sshd[20045]: reverse mapping checking
>> getaddrinfo for
>> Mar  6 09:42:03 slave23 sshd[20045]: Accepted password for root from
>> port 52378 ssh2
>> Case closed. 
>> I am gonna switch root to be ssh keys only.
> Ok so today is not my day, as I managed to also break sshd on everything
> but RHEL 7 while trying to secure everything.
> Hopefully, I was able to fix, but if you see jenkins job failure
> between 18h40 and 18h55 UTC, that's me.
> I suspect it to be a bug somewhere in salt, since it doesn't correctly
> change the file correctly on RHEL 6 while it work with RHEL 7.

Interesting.  The guys I spoke with a while ago at FOSDEM um... a year
ago were running Salt in their Production, and their feeling of it
(then) is that it's very buggy.

Hopefully it's not unusably so. :/

+ Justin

GlusterFS - http://www.gluster.org

An open source, distributed file system scaling to several
petabytes, and handling thousands of clients.

My personal twitter: twitter.com/realjustinclift

More information about the Gluster-infra mailing list