search

open-horizon / anax

Horizon agent control system
https://open-horizon.github.io/docs/anax/docs/
Apache License 2.0
73 stars 98 forks source link

Bug: Kinsing malware when deploying via Open Horizon #4169

Open oshadmon opened 1 month ago

oshadmon commented 1 month ago

Describe the bug.

When deploying OH, we’re noticing a malware issue caused by PostgreSQL running via Docker.

Describe the steps to reproduce the behavior.

Steps:

  1. Set ~/.bashrc

    export MONGO_IMAGE_TAG=4.0.6
export CSS_IMAGE_TAG=1.10.1-1577
export HZN_LISTEN_IP=132.177.125.232 # <-- use your IP address, not this one

  2. Install a local deployment of Open Horizon

    curl -sSL https://raw.githubusercontent.com/open-horizon/devops/master/mgmt-hub/deploy-mgmt-hub.sh | bash

  3. update ~/.bashrc with values generated in the install — HZN_ORG_ID, HZN_EXCHANGE_USER_AUTH

  4. Wait

Expected behavior.

Expect: Nothing happens Actual: Within 12-24 hours CPU utilization reaches 100% due to Kinsing malware.

Screenshots.

No response

Operating Environment

My machine is deployed via Linode -- Operating System: Ubuntu 22.04 | CPU: 2 core | RAM: 4GB | Storage: 80GB

Additional Information

This is a known issue with Postgres, and I'm seeing it repeatable/consistently with OH - no matter the version I use of Postgres (I’v tried 13, 14 and 16).

I’ve had this issue happen to me before with these machines, and the solution I found best was to physically install PostgresSQL locally. I tried to do the same with OH, but the deployment script seems to uncomment any PostgresSQL configurations I set.

oshadmon commented 1 month ago

As an FYI, I've also emailed this issue to the security group