[Jenkins-infra] (fwd) RE: Your Azure Account - Terms of Use Reminder - Jenkins

Oleg Nenashev o.v.nenashev at gmail.com
Mon Aug 6 11:42:50 UTC 2018


Sorry, 9:30PM UTC is too late in my TZ, I will unlikely be able to join.
Could you please send out summary notes after the meeting?

Thanks in advance,

On Mon, Aug 6, 2018 at 1:19 PM, Olblak <me at olblak.com> wrote:

> The main problem here is that kind of machine have short live and I don't
> think we can know which project was build on that particular machine. For
> auditing purpose, it would be nice to have a log file with such information.
>
> > * there's some repo(s) which are invoking Maven and using it to run
> Or for instance gradlew https://git.io/fN1TZ
> Unfortunately they are different ways to run arbitrary scripts on those
> agents and I don't think it will be possible to avoid that.
>
> A solution that come to my mind would be to isolate those machine as much
> as possible to forbid outgoing/ingoing connections as much as possible.
>
> We'll probably discuss about this during the infra meeting today so feel
> free to join  https://jenkins.io/event-calendar/
>
>
> ---
> -> gpg --keyserver keys.gnupg.net --recv-key 52210D3D
> ---
>
>
>
>
> On Mon, Aug 6, 2018, at 10:44 AM, Oleg Nenashev wrote:
>
> Likely, it looks like an urgent issue so we should get all available folks
> working on it. Added the security team to CC.
>
> I have tried to investigate the issue by looking at build histories, etc.
> I was not really successful, unfortunately I cannot help much on the
> server side with my current permission level.
>
> It would help if Azure support provides more info about type of the
> cryptominer running there and exact timestamps. It would allow narrowing
> down the scope and going through plugins to find malicious dependencies.
>
> BR, Oleg
>
>
>
>
> On Mon, Aug 6, 2018 at 10:27 AM, Olblak <me at olblak.com> wrote:
>
> Shouldn't we move this discussion to security?
>
> ---
> -> gpg --keyserver keys.gnupg.net --recv-key 52210D3D
> ---
>
>
> On Mon, Aug 6, 2018, at 12:20 AM, R. Tyler Croy wrote:
> > (replies inline)
> >
> > On Sun, 05 Aug 2018, Oleg Nenashev wrote:
> >
> > > Is any help needed with this case?
> > > Or are you handling it together with Olivier?
> >
> >
> > Olivier and I haven't had a chance to really discuss it, so any thoughts
> you
> > might have would be valuable.
> >
> >
> > My current theories are:
> >
> > * there's some repo(s) which are invoking Maven and using it to run
> > miners perhaps.
> > * The dynamic agents are coming online and somehow being infected rather
> >   quickly, somehow, with nonsense.
> >
> >
> >
> > _______________________________________________
> > Jenkins-infra mailing list
> > Jenkins-infra at lists.jenkins-ci.org
> > http://lists.jenkins-ci.org/mailman/listinfo/jenkins-infra
> > Email had 1 attachment:
> > + signature.asc
> >   1k (application/pgp-signature)
>
> _______________________________________________
> Jenkins-infra mailing list
> Jenkins-infra at lists.jenkins-ci.org
> http://lists.jenkins-ci.org/mailman/listinfo/jenkins-infra
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jenkins-ci.org/pipermail/jenkins-infra/attachments/20180806/64bd9259/attachment.html>


More information about the Jenkins-infra mailing list