Replay attack ?
909 views
Skip to first unread message
Pierre R
Apr 26, 2013, 8:37:27 AM4/26/13
to salt-...@googlegroups.com
Hello,
An extra return was detected from minion jenkins.local, please verify the minion, this could be a replay attack
I can see a bunch of foreign state applied to my target minion (add user "larry' "moe", add ssh pk key in root, ...)
The target is a CentOS with salt-minion 0.14 while the master is Archlinux with salt-master 0.14.1.
I am using local VMs and have disabled external interface so I guess somehow a testing config is being applied ? I actually don't have a top.sls as I try to get it from gitfs (and it does not seem to work with my current config just yet). Anyhow, I would expect an error but nothing like some foreign state applications together with worrying log message ;-) What is going on exactly ?
Thanks for your help.
Cheers,
- Pierre
Pierre R
Apr 26, 2013, 2:15:41 PM4/26/13
to salt-...@googlegroups.com
Not sure if this is related or not. Even if I have only one gitfs_remote which is NOT github, I receive a error in the salt master log saying that the master cannot connect to github ...
It looks like the salt master is trying to connect to github whenever I enable git as a file server backend.
That can't be true ? Is the error message wrong somehow ?
If this is a bug it might be a regression one from 0.14.x
I haven't look at the code yet (next step)
Cheers
Thomas S Hatch
Apr 26, 2013, 2:40:11 PM4/26/13
to salt-...@googlegroups.com
For the github, if you change the gitfs remotes you need to manually remove the old git caches on the master, I have had some issues figuring out a clean way of doing this with gitpython:
rm -rf /var/cache/salt/master/gitfs/*Thomas S. Hatch | Founder, CTO
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Pierre R
Apr 29, 2013, 4:35:58 AM4/29/13
to salt-...@googlegroups.com
Thanks !
Removing the cache solves the problem.
It's a serious enough issue as Salt uses unexpected sls files ...
Thomas S Hatch
Apr 29, 2013, 7:08:03 PM4/29/13
to salt-...@googlegroups.com
I agree, we really need to figure out a way to clean this up when the repos change in the config. We will look into it
Thomas S. Hatch | Founder, CTO
Pierre R
Sep 30, 2013, 9:32:51 AM9/30/13
to salt-...@googlegroups.com
Any update on this:
https://github.com/saltstack/salt/issues/3665
It has just bitten me once more ;-)
Thanks
https://github.com/saltstack/salt/issues/3665
It has just bitten me once more ;-)
Thanks
ric...@mooreits.com
Jun 23, 2014, 10:06:24 PM6/23/14
to salt-...@googlegroups.com
Thomas,
I am to am getting the following messages on __almost__ all of my salt-minion installations....
[ERROR ] An extra return was detected from minion ?????????????, please verify the minion, this could be a replay attack
I can definitely see two minions running on these servers. Both processes start on boot up and I don't see anything that would appear to cause this in the /etc/init/salt-minion.conf or the /etc/salt/minion files.
Any suggestions?
Thanks,
Richard Moore
C. R. Oldham
Jun 23, 2014, 10:18:14 PM6/23/14
to salt-...@googlegroups.com
Hi Richard,
Yes, the extra minion will definitely cause the replay attack message. Did you happen to look in /etc/init.d to see if maybe a stray startup script got in there in addition to the .conf file in /etc/init?
--
--
C. R. Oldham, Engineer, SaltStack
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages