Bug: Kinsing malware when deploying via Open Horizon

Question

Bug: Kinsing malware when deploying via Open Horizon

Opened this issue 13 days ago · 1 comments

oshadmon commented 13 days ago

Describe the bug.

When deploying OH, we’re noticing a malware issue caused by PostgreSQL running via Docker.

Describe the steps to reproduce the behavior.

Steps:

Set ~/.bashrc

export MONGO_IMAGE_TAG=4.0.6
export CSS_IMAGE_TAG=1.10.1-1577
export HZN_LISTEN_IP=132.177.125.232 # <-- use your IP address, not this one

Install a local deployment of Open Horizon

curl -sSL https://raw.githubusercontent.com/open-horizon/devops/master/mgmt-hub/deploy-mgmt-hub.sh | bash

update ~/.bashrc with values generated in the install — HZN_ORG_ID, HZN_EXCHANGE_USER_AUTH
Wait

Expected behavior.

Expect: Nothing happens
Actual: Within 12-24 hours CPU utilization reaches 100% due to Kinsing malware.

Screenshots.

No response

Operating Environment

My machine is deployed via Linode -- Operating System: Ubuntu 22.04 | CPU: 2 core | RAM: 4GB | Storage: 80GB

Additional Information

This is a known issue with Postgres, and I'm seeing it repeatable/consistently with OH - no matter the version I use of Postgres (I’v tried 13, 14 and 16).

I’ve had this issue happen to me before with these machines, and the solution I found best was to physically install PostgresSQL locally. I tried to do the same with OH, but the deployment script seems to uncomment any PostgresSQL configurations I set.

Answer 1 · 2024-10-23T17:00:44.000Z

As an FYI, I've also emailed this issue to the security group