Open zong400 opened 6 years ago
I am having same issue. Is there any bug fix went in or any docker version that i can use which has fix above issue?
same with me. The pod in my cluster will use all resource
This is not a bug in docker, but a malicious process running a cryptocurrency miner. In other words, the system running this has been compromised and is being used to mine monero.
See below for more info.
You can recover the binary from memory using this example in StackExchange. Running a Symantec scan on the resulting binary identifies it as Linux.Coinminer
.
I'll post more info when I get a chance to do more digging.
Update 1:
It looks like the binary contains xmrig
a monero miner & the -c /tmp/k.conf
is the path to it's config file.
This is an issue with an insecure deployment of kubernetes. Make sure there is no public access to the kubelet api. If port 10250 is exposed to the public on any nodes, then malicious processes will be able to execute commands in pods running on these nodes. I've noticed the same issue recently until public access was removed.
There is a good blog post here on Medium explaining the ramifications of this.
same with me。
Steps to reproduce the behavior
process use 100% CPU and can not stop.
Output of
docker version
:Client: Version: 18.03.1-ce API version: 1.37 Go version: go1.9.5 Git commit: 9ee9f40 Built: Thu Apr 26 07:17:20 2018 OS/Arch: linux/amd64 Experimental: false Orchestrator: swarm
Server: Engine: Version: 18.03.1-ce API version: 1.37 (minimum version 1.12) Go version: go1.9.5 Git commit: 9ee9f40 Built: Thu Apr 26 07:15:30 2018 OS/Arch: linux/amd64 Experimental: false
Output of
docker info
:Containers: 40 Running: 22 Paused: 0 Stopped: 18 Images: 38 Server Version: 18.03.1-ce Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 773c489c9c1b21a6d78b5c538cd395416ec50f88 runc version: 4fc53a81fb7c994640722ac585fa9ca548971871 init version: 949e6fa Security Options: apparmor seccomp Profile: default Kernel Version: 4.4.0-91-generic Operating System: Ubuntu 16.04.1 LTS OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 7.671GiB Name: k8s-node1.bxr.cn ID: EHIM:VEHY:774Y:TYMX:YAT4:KH4E:FLYN:POF6:Y4LB:6RQI:QUMI:MZYW Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: registry.bxr.cn 127.0.0.0/8 Live Restore Enabled: false
WARNING: No swap limit support
Additional environment details (AWS, VirtualBox, physical, etc.)
k8s 1.10.3 ubuntu 16.04 4 core 8G mem