Applicable to:
- SolusVM
Situation
Note: The situation is actual for the Debian 10 KVM templates downloaded from TDN earlier than Feb 3, 2021 03:30 am(UTC).
VM created with the affected templates may be compromised via user debianuser
. The debianuser can run cnrig
process, which is related to CryptoNight malware.
Impact
VPS compromising.
Call to Action
Re-download the template on SolusVM master and slave nodes:
# wget https://templates.solusvm.com/kvm/linux-debian-10-x86_64-gen2-v2.gz -O /home/solusvm/kvm/template/linux-debian-10-x86_64-gen2-v2.gz
# wget https://templates.solusvm.com/kvm/linux-debian-10-x86_64-gen2-v1.gz -O /home/solusvm/kvm/template/linux-debian-10-x86_64-gen2-v1.gz
The best practice is to migrate the data to another VPS. If the migration is not the option remove the user debianuser, setup SSH key authentication and disable password authentication:
- Connect to a Debian 10 VPS via SSH
- Remove debianuser user:
# deluser --remove-all-files debianuser
- Create SSH key pair for SSH access using this article:
https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54 - Disable
PasswordAuthentication
in/etc/ssh/sshd_config
and restart SSH:# service ssh restart
- Double-check that you can still get in (open a new session and test it out) before you exit your active SSH session
Comments
0 commentsPlease sign in to leave a comment.