Nagios high CPU by user

[nenadb]

Hi

we are experiencing high CPU usage under System stats for User (90%) and above all the time. ntop is showing avalonsabre process causing this. Any leads what might be triggering high CPU and what is avalonsabre used for?

Thanks!

Nenad

[benjaminsmith]

Hi Nenad,

Someone was able to install malware on this system and we have identified the possible exploit as an unauthenticated remote code execution (RCE) vulnerability as the apache user in the Docker config wizard and have filed CVE-2021-3193.
https://www.nagios.com/products/security/

To resolve this, please update all the configuration wizards right away in Nagios XI by going to Admin > System Extensions > Manage Config Wizards select the Check for Updates button and then select Install Updates.

See the following video for more details:
https://support.nagios.com/kb/article/n ... s-836.html

To disinfect this server, please run the following commands as root (script version 2021-02-15):

Code: Select all

for (( x = 0; x < 100; ++x)); do
chattr -i /etc/crontab
chattr -i /tmp/avalonsaber
chattr -R -i /var/spool/cron
crontab -r -u apache
crontab -r -u www-data

pkill -9 avalonsaber
pkill -9 lwp-download
pkill -9 curl
pkill -9 wget

rm -rf /tmp/avalonsaber
done

And then remove the following file:

Code: Select all

rm -rf /usr/local/nagvis/share/userfiles/scripts/userfile.php

Let us know if you need assistance with anything else regarding this issue.

Best Regards,
Benjamin