0

Folks, how do I make sure all files of a RPM (CENTOS) where removed? The problem is that I've installed a software called shiny-proxy https://www.shinyproxy.io/ - and after 3 days running as a test server, we received a message called NetScan Detected from Germany. Now we want to clean everything up removing the RPM but it seams not that easy as something else is left on the system that continues to send and receive lots of packages (40kps). I really apologize shinyproxy folks if that is not part of their work, so far this is the last system under investigation.

enter image description here

cmaher
  • 5,100
  • 1
  • 22
  • 34
Joni Hoppen
  • 658
  • 5
  • 23
  • 1
    You can't, because scripts that could be run within an rpm are not guaranteed to cleanup on uninstall. Removing an rpm only removes the files listed in the rpm - not files that may be created or modified by its scripts. – Thomas Dickey Aug 27 '17 at 19:56
  • Hey Thomas, thanks for your answer. What you said means that a programmer with malicious intentions can make something real dirty to someones machine? – Joni Hoppen Aug 27 '17 at 22:05
  • yes - even a programmer with a buggy install/uninstall can do damage... – Thomas Dickey Aug 27 '17 at 22:10
  • Thanks indeed, I have the impression so far, unless someone proves me wrote by the shiny proxy installs a XMRig to money mining using lots of processing. Perhaps the safest way to install a RPM is by official repositories. – Joni Hoppen Aug 29 '17 at 02:42

1 Answers1

2

your docker API is bound to your public IP and therefore directly reachable from an external network. You should not do this as it would allow anybody to run arbitrary docker instances and even commands on your docker host.

You should secure your docker install: - bind it to 127.0.0.1 (lo) interface and adapt the shinyproxy yml file accordingly - setup TLS mutual auth (client certificate) on the docker API (it is supported by shinyproxy)

oasupport
  • 91
  • 1