Your Linux Data Center Experts

Note that there is an exploit for NRPE, the network daemon for running Nagios monitoring checks, which may allow unauthenticated users on the public Internet to run arbitrary commands on impacted systems. In particular, if you don't either firewall off NRPE, or enable the “allowed host” setting in NRPE, arbitrary commands can be run as the user the NRPE daemon runs as.

It looks like there is at least one very active person scanning for this exploit and using automated tools to compromise hosts via it. They seem to be deploying Bitcoin mining clients, and we have seen two machines in very different parts of the public Internet space compromised by this, using the same bitcoin mining account name.

If your machine has been compromised by this person, it will be running the “minerd” process, using all available CPU time.

It appears to impact NRPE version 2.13 and below. Here is an Opsview blog post about the exploit

comments powered by Disqus

Join our other satisfied clients. Contact us today.