[Users] Jenkins down due to suspected security compromise
Ian Hinder
ian.hinder at aei.mpg.de
Fri Jun 2 10:25:38 CDT 2017
Hi all,
The security team at NCSA have blocked access to the ET Jenkins server due to a suspected security compromise. We are investigating.
If you have in the past configured a jenkins build node which can be accessed from the jenkins master via ssh (i.e. you have added the jenkins public ssh key to an authorized_keys file), then you should immediately remove this key.
Note that none of the jenkins build nodes apart from the one also hosted at NCSA was working at the time, so it's unlikely that any further attack was possible to those machines.
We have backups from before the incident, so assuming we can fix the vulnerability, we should be able to get the system up and running in a few days.
--
Ian Hinder
http://members.aei.mpg.de/ianhin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.einsteintoolkit.org/pipermail/users/attachments/20170602/25e3b902/attachment.html
More information about the Users
mailing list