ImreSamu
commented
11 months ago According to the analysis of your log file, available at this link, there is a likelihood that your Docker postgis service has been compromised, possibly due to Kinsing Malware attacks. :cry:
see in your log:
/tmp/kinsing is not b3039abf2ad5202f4a9363b418002351, actual For guidance on how to handle this situation and secure your Docker image, please refer to the recommendations provided in this discussion:
- https://github.com/docker-library/postgres/issues/770#issuecomment-704460980
- https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/ :
- "Some of those Docker engines weren’t configured with authentication, which make them a perfect target for Kinsing attacks."
- https://sysdig.com/blog/cloud-defense-in-depth/ ( JULY 4, 2023: Cloud Defense in Depth: Lessons from the Kinsing Malware )
- https://thenewstack.io/kinsing-malware-targets-kubernetes/ ( Jan 13th, 2023 , Kinsing Malware Targets Kubernetes )
- https://stackoverflow.com/search?q=kinsing
rranjangupta
Description: I encountered a series of errors and failures on the PostgreSQL server, possibly indicating various issues with the system setup or configurations. Below is a log of the errors encountered:
Server Information:
PostgreSQL Version: 16.0 (Debian 16.0-1.pgdg120+1) OS: Debian 12.2.0, 64-bit Error Messages:
Logs indicate missing executables (pkill, ufw, iptables, curl, etc.). Permission denied errors (/etc/sysctl.conf, /usr/local/bin/curl, /etc/ld.so.preload, etc.). Invalid length of startup packets. Connection/authentication failures for various users (postgres, KRwc, etc.). Database "orchestrator" does not exist. Actions Tried:
Attempts to execute various commands that resulted in failures. Connection attempts with different protocols showing "unsupported frontend protocol." Impact:
The errors seem to affect database connectivity, user authentication, and system commands, potentially impacting system stability and functionality. Suspected Causes:
Missing executables, permission issues on critical files, incorrect configurations in PostgreSQL or system-wide settings. [Uploading postgresql-2023-12-01_080337.log…]()