saltstack20200429矿机漏洞

https://github.com/saltstack/community/blob/master/doc/Community-Message.pdf

https://labs.f-secure.com/advisories/saltstack-authorization-bypass?spm=a2c4g.11174386.n2.3.334b1051JIYgq3

saltsatck漏洞导致被矿机

升级到最新版本3000.2修复此漏洞

CentOS

https://repo.saltstack.com/index.html#rhel

  1. sudo rpm --import https://repo.saltstack.com/py3/redhat/8/x86_64/archive/3000.2/SALTSTACK-GPG-KEY.pub
  2. [saltstack-repo]
    name=SaltStack repo for RHEL/CentOS $releasever PY3
    baseurl=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/archive/3000.2
    enabled=1
    gpgcheck=1
    gpgkey=https://repo.saltstack.com/py3/redhat/$releasever/$basearch/archive/3000.2/SALTSTACK-GPG-KEY.pub
    
  3. sudo yum clean expire-cache

    • sudo yum install salt-master
    • sudo yum install salt-minion
    • sudo yum install salt-ssh
    • sudo yum install salt-syndic
    • sudo yum install salt-cloud
    • sudo yum install salt-api
    1. 仅升级)重新启动所有升级的服务,例如:
    2. sudo systemctl restart salt-minion

       

你可能感兴趣的:(saltstack)