Open dorian-kwon opened 2 years ago
emeroad
commented
2 years ago Have you exposed your containers to external networks? Containers should never be exposed to external networks. We recommend that you check the network security.
https://flink.apache.org/security.html
Frequently Asked Questions We strongly discourage users to expose Flink processes to the public internet.
dorian-kwon
commented
2 years ago I just executed docker-compose pull & docker-compose up -d.
Is there any config I have to set? Or should I set firewalls up?
As I know, docker will change firewall tables when container's port is exposed.
emeroad
commented
2 years ago I think your server has already been hacked.
Read the article below. https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability
dorian-kwon
commented
2 years ago We had thought of that and we watched our all processes all the time after killing pinpoint-flink. It reveals soon that our host server is not infected. First, When I run docker-compose except flink the malware doesn't show up. Here is the second situation. I ran flink and then waited 1~2 days till the malware was running. then I killed flink processes like task and job manager. the malware was killed by this action as well even we didn't kill it directly.
This is ports we open.
erlangparasu
version: 2.3.3
User 9999 I never created runs flink process.
kdevtmpfsi / kinsing process called mine malware are ran by this user.
this process doesn't show up immediately. it needs at least 1~2 days to show up.
If you kill flink containers by command "docker kill pinpoint-flink-jobmanager / pinpoint-flink-taskmanager" then malware will go away.