Postgres что означает лог/что происходит/откуда такое может взяться/что пытается сделать?
На сервере на Ubuntu запускаю сервисы
version: '3.9'
services:
db_host:
container_name: database
image: postgres:16.1
env_file:
- "bot/data/.env"
environment:
POSTGRES_PASSWORD: "****"
restart: always
ports:
- "5433:5432"
networks:
- botnet
volumes:
- pgdata:/var/lib/postgres/data
- ./backups:/backups
rediska:
container_name: rediska
image: "redis:5.0.1"
restart: always
command: redis-server
networks:
- botnet
volumes:
- rediska_v_sarafane:/etc/redis/data
sar_bot:
container_name: alche_sarbot
build:
context: .
command: python main.py
networks:
- botnet
env_file:
- "bot/data/.env"
volumes:
- .:/sarbot
depends_on:
- db_host
- rediska
volumes:
pgdata:
rediska_v_sarafane:
networks:
botnet:
driver:
bridge
Докер-файл
FROM python:3.11.5-alpine3.18
RUN apk update && \
apk add musl-dev libpq-dev gcc
WORKDIR /sarbot
COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt
CMD ["python", "main.py"]
при запуске сервиса sar_botсоздаётся база данных и таблицы в ней через подключение к сервису db_host
Никаких действий больше не произвожу Через пару минут простоя получаю вот такой лог
database | 2024-02-11 05:41:38.803 UTC [59] LOG: checkpoint starting: time
database | 2024-02-11 05:43:18.215 UTC [59] LOG: checkpoint complete: wrote 995 buffers (6.1%); 0 WAL file(s) added, 0 removed, 0 recycled; write=99.349 s, sync=0.047 s, total=99.412 s; sync files=379, longest=0.002 s, average=0.001 s; distance=4715 kB, estimate=4715 kB; lsn=0/1985990, redo lsn=0/1985958
database | bash: line 2: pkill: command not found
database | bash: line 3: pkill: command not found
database | bash: line 4: pkill: command not found
database | chattr: No such file or directory while trying to stat /etc/ld.so.preload
database | chattr: No such file or directory while trying to stat /var/spool/cron
database | chattr: No such file or directory while trying to stat /etc/crontab
database | bash: line 9: ufw: command not found
database | bash: line 10: iptables: command not found
database | bash: line 11: /proc/sys/kernel/nmi_watchdog: Read-only file system
database | bash: line 12: /etc/sysctl.conf: Permission denied
database | bash: line 166: curl: command not found
database | bash: line 166: /usr/local/bin/curl: Permission denied
database | chmod: cannot access '/usr/local/bin/curl': No such file or directory
database | bash: line 167: /usr/local/bin/curl: No such file or directory
database | bash: line 168: /usr/local/bin/curl: No such file or directory
database | chmod: cannot access '/tmp/curl': No such file or directory
database | bash: line 171: /tmp/curl: No such file or directory
database | main: line 236: pkill: command not found
database | main: line 237: pkill: command not found
...
database | main: line 242: pkill: command not found
database | main: line 243: pkill: command not found
database | main: line 244: netstat: command not found
database | main: line 245: ps: command not found
database | main: line 246: ps: command not found
database | main: line 247: ps: command not found
database | main: line 248: pkill: command not found
database | main: line 249: ps: command not found
database | main: line 250: ps: command not found
..
database | main: line 253: ps: command not found
database | main: line 254: ps: command not found
database | main: line 255: pkill: command not found
database | main: line 256: pkill: command not found
database | main: line 257: ps: command not found
database | main: line 258: ps: command not found
database | main: line 259: pkill: command not found
database | main: line 260: netstat: command not found
database | main: line 261: netstat: command not found
database | main: line 262: netstat: command not found
database | main: line 263: netstat: command not found
database | main: line 264: netstat: command not found
database | main: line 265: pkill: command not found
database | main: line 266: pkill: command not found
...
database | main: line 291: pkill: command not found
database | main: line 292: pkill: command not found
database | main: line 293: ps: command not found
database | sed: can't read /tmp/.X11-unix/01: No such file or directory
database | cat: /tmp/.X11-unix/01: No such file or directory
database | sed: can't read /tmp/.X11-unix/11: No such file or directory
database | cat: /tmp/.X11-unix/11: No such file or directory
database | sed: can't read /tmp/.X11-unix/22: No such file or directory
database | cat: /tmp/.X11-unix/22: No such file or directory
database | sed: can't read /tmp/.systemd.1: No such file or directory
database | cat: /tmp/.systemd.1: No such file or directory
database | sed: can't read /tmp/.systemd.2: No such file or directory
database | cat: /tmp/.systemd.2: No such file or directory
database | sed: can't read /tmp/.systemd.3: No such file or directory
database | cat: /tmp/.systemd.3: No such file or directory
database | cat: /tmp/.systemd.1: No such file or directory
database | kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
database | cat: /tmp/.systemd.2: No such file or directory
database | kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
database | cat: /tmp/.systemd.3: No such file or directory
database | kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
database | sed: can't read /tmp/.pg_stat.0: No such file or directory
database | cat: /tmp/.pg_stat.0: No such file or directory
database | sed: can't read /tmp/.pg_stat.1: No such file or directory
database | cat: /tmp/.pg_stat.1: No such file or directory
database | sed: can't read /var/lib/postgresql/data/./oka.pid: No such file or directory
database | cat: /var/lib/postgresql/data/./oka.pid: No such file or directory
database | main: line 315: pkill: command not found
database | main: line 316: pkill: command not found
...
database | main: line 320: pkill: command not found
database | main: line 321: pkill: command not found
database | main: line 322: ps: command not found
database | main: line 323: ps: command not found
..
database | main: line 326: ps: command not found
database | main: line 327: ps: command not found
database | md5sum: /tmp/kinsing: No such file or directory
database | /tmp/kinsing is not b3039abf2ad5202f4a9363b418002351, actual
database | chmod: cannot access '/tmp/kinsing': No such file or directory
database | % Total % Received % Xferd Average Speed Time Time Time Current
database | Dload Upload Total Spent Left Speed
100 5828k 100 5828k 0 0 2611k 0 0:00:02 0:00:02 --:--:-- 2609k
database | /tmp/kinsing is b3039abf2ad5202f4a9363b418002351
database | md5sum: /tmp/libsystem.so: No such file or directory
database | /tmp/libsystem.so is not ccef46c7edf9131ccffc47bd69eb743b, actual
database | chmod: cannot access '/tmp/libsystem.so': No such file or directory
database | % Total % Received % Xferd Average Speed Time Time Time Current
database | Dload Upload Total Spent Left Speed
100 26800 100 26800 0 0 6052 0 0:00:04 0:00:04 --:--:-- 6052
database | /tmp/libsystem.so is ccef46c7edf9131ccffc47bd69eb743b
database | % Total % Received % Xferd Average Speed Time Time Time Current
database | Dload Upload Total Spent Left Speed
100 26800 100 26800 0 0 6200 0 0:00:04 0:00:04 --:--:-- 6200
database | /tmp/libsystem.so is ccef46c7edf9131ccffc47bd69eb743b
database | main: line 358: /etc/ld.so.preload: Permission denied
database | main: line 362: crontab: command not found
database | main: line 362: crontab: command not found
...
database | main: line 423: crontab: command not found
database | main: line 423: crontab: command not found
database | bash: line 467: crontab: command not found
database | bash: line 474: crontab: command not found
database | 2024-02-11 05:43:52.148 UTC [969] ERROR: permission denied to alter role
database | 2024-02-11 05:43:52.148 UTC [969] DETAIL: The bootstrap user must have the SUPERUSER attribute.
database | 2024-02-11 05:43:52.148 UTC [969] STATEMENT: ALTER USER postgres WITH NOSUPERUSER
database | 2024-02-11 05:43:53.228 UTC [90] WARNING: role "postgres" has not been granted membership in role "pg_execute_server_program" by role "postgres"
database | bash: line 2: pkill: command not found
database | bash: line 3: pkill: command not found
database | bash: line 4: pkill: command not found
database | chattr: No such file or directory while trying to stat /etc/ld.so.preload
database | chattr: No such file or directory while trying to stat /var/spool/cron
database | chattr: No such file or directory while trying to stat /etc/crontab
database | bash: line 9: ufw: command not found
database | bash: line 10: iptables: command not found
database | bash: line 11: /proc/sys/kernel/nmi_watchdog: Read-only file system
database | bash: line 12: /etc/sysctl.conf: Permission denied
database | bash: line 166: curl: command not found
database | bash: line 166: /usr/local/bin/curl: Permission denied
database | chmod: cannot access '/usr/local/bin/curl': No such file or directory
database | bash: line 167: /usr/local/bin/curl: No such file or directory
database | bash: line 168: /usr/local/bin/curl: No such file or directory
database | 2024-02-11 05:44:15.226 UTC [1391] LOG: invalid length of startup packet
database | 2024-02-11 05:44:15.553 UTC [1393] LOG: invalid length of startup packet
database | chmod: cannot access '/tmp/curl': No such file or directory
database | bash: line 171: /tmp/curl: No such file or directory
database | main: line 236: pkill: command not found
database | main: line 237: pkill: command not found
...
database | main: line 242: pkill: command not found
database | main: line 243: pkill: command not found
database | main: line 244: netstat: command not found
database | main: line 245: ps: command not found
database | main: line 246: ps: command not found
database | main: line 247: ps: command not found
database | main: line 248: pkill: command not found
database | main: line 249: ps: command not found
database | main: line 250: ps: command not found
...
database | main: line 253: ps: command not found
database | main: line 254: ps: command not found
database | main: line 255: pkill: command not found
database | main: line 256: pkill: command not found
database | main: line 257: ps: command not found
database | main: line 258: ps: command not found
database | main: line 259: pkill: command not found
database | main: line 260: netstat: command not found
database | main: line 261: netstat: command not found
database | main: line 262: netstat: command not found
database | main: line 263: netstat: command not found
database | main: line 264: netstat: command not found
database | main: line 265: pkill: command not found
database | main: line 266: pkill: command not found
...
database | main: line 291: pkill: command not found
database | main: line 292: pkill: command not found
database | main: line 293: ps: command not found
database | sed: can't read /tmp/.X11-unix/01: No such file or directory
database | cat: /tmp/.X11-unix/01: No such file or directory
database | sed: can't read /tmp/.X11-unix/11: No such file or directory
database | cat: /tmp/.X11-unix/11: No such file or directory
database | sed: can't read /tmp/.X11-unix/22: No such file or directory
database | cat: /tmp/.X11-unix/22: No such file or directory
database | sed: can't read /tmp/.systemd.1: No such file or directory
database | cat: /tmp/.systemd.1: No such file or directory
database | sed: can't read /tmp/.systemd.2: No such file or directory
database | cat: /tmp/.systemd.2: No such file or directory
database | sed: can't read /tmp/.systemd.3: No such file or directory
database | cat: /tmp/.systemd.3: No such file or directory
database | cat: /tmp/.systemd.1: No such file or directory
database | kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
database | cat: /tmp/.systemd.2: No such file or directory
database | kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
database | cat: /tmp/.systemd.3: No such file or directory
database | kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
database | sed: can't read /tmp/.pg_stat.0: No such file or directory
database | cat: /tmp/.pg_stat.0: No such file or directory
database | sed: can't read /tmp/.pg_stat.1: No such file or directory
database | cat: /tmp/.pg_stat.1: No such file or directory
database | sed: can't read /var/lib/postgresql/data/./oka.pid: No such file or directory
database | cat: /var/lib/postgresql/data/./oka.pid: No such file or directory
database | main: line 315: pkill: command not found
database | main: line 316: pkill: command not found
...
database | main: line 320: pkill: command not found
database | main: line 321: pkill: command not found
database | main: line 322: ps: command not found
database | main: line 323: ps: command not found
...
database | main: line 326: ps: command not found
database | main: line 327: ps: command not found
database | /tmp/kinsing is b3039abf2ad5202f4a9363b418002351
database | /tmp/libsystem.so is ccef46c7edf9131ccffc47bd69eb743b
database | main: line 358: /etc/ld.so.preload: Permission denied
database | main: line 362: crontab: command not found
database | main: line 362: crontab: command not found
...
database | main: line 423: crontab: command not found
database | bash: line 467: crontab: command not found
database | bash: line 474: crontab: command not found
database | 2024-02-11 05:46:38.320 UTC [59] LOG: checkpoint starting: time
database | 2024-02-11 05:46:42.775 UTC [59] LOG: checkpoint complete: wrote 45 buffers (0.3%); 0 WAL file(s) added, 0 removed, 0 recycled; write=4.427 s, sync=0.008 s, total=4.455 s; sync files=37, longest=0.003 s, average=0.001 s; distance=168 kB, estimate=4260 kB; lsn=0/19AF9E0, redo lsn=0/19AF9A8
Что это вообще может быть? Это так и должно быть? Откуда оно может взяться? И что вообще происходит? Если это надо чинить, то куда копать?
п.с. Доп вопрос. По какой-то причине база данных самоудаляется через несколько дней, хотя ничего не происходит, она простаивает, и раз в сутки делается бэкап командой docker exec -it database ~/script_backup.sh
Те же вопросы, откуда/зачем/куда копать?
Ответы (1 шт):
Автор решения: Rabban Keyak
→ Ссылка
Что это вообще может быть?
Снаружи чей-то бот попробовал подсоединиться внешнему IP вашего виртуального сервера к порту TCP/5433. Поскольку файервол не настроен и разрешает любые подключения снаружи, а в ports: в docker-compose.yml у вас написано 5433:5432, а не 127.0.0.1:5433:5432 (т. е. порт 5433 выставлен в интернет), это ему удалось, ведь на порту 5433 отвечает поднятый вами контейнер db_host. Поскольку вы не меняли имя суперпользователя PostgreSQL на какое-то другое через переменную POSTGRES_USER - подошло стандартное имя postgres. В POSTGRES_PASSWORD у вас видимо достаточно простой пароль, поскольку, если бы его не удалось подобрать, ничего этого бы не было. Но, судя по логу, пароль подобран. И чей-то бот теперь пользуется возможностью суперпользователя PostgreSQL на выполнение команд в ОС (в данном случае - в контейнере db_host).
Это так и должно быть?
Так и должно быть, если бездумно выставлять порты докера в интернет и при этом не закрывать их файерволом на хостовой ОС. Вообще же об этом обычно думают и знают, закрыты ли у них порты файерволом на хостовой ОС (и закрывают, если не требуется давать сервисам на этих портах доступ снаружи), знают, нужно ли им пробрасывать контейнер в интернет (и если не нужно - ограничивают адресом localhost'а 127.0.0.1), и ставят достаточно сложный пароль.
Откуда оно может взяться?
Бот из интернета подобрал пароль.
Если это надо чинить, то куда копать?
Настройка iptables/nftables/firewalld/ufw/что-там-бывает-ещё (в зависимости от вашей ОС), корректное определение ports: в docker-composer.yml, более сложный пароль.