Following Lab4 with "admin" user security concern
When mimicing the lab instruction on "Lab 4", I set up the "admin" user similar to the image with "admin/admin", (which of course is not secure)
Interestingly I found the next day that someone had maliciously installed a crypto miner on my GCP by connecting through the GCP, login in as admin and then running a jenkins job installing the cryptominer.
Just wanted to inform, and make sure to clearly state the importance of strong password in this context since gcp makes it possible for anyone to connect really.
Comments
-
Hi @kasil, are you talking about the Jenkins credentials for logging in? Where exactly did you find admin/admin for user and password?
Regards,
Luis.0 -
Hi @luisviveropena if you look at the image in the lab when creating a user, you have filled out all fields with admin, the password is then also 5 asterisks, which could be interpreted as "admin".
0 -
Hi @kasil, I found it. The lab instructs to create an admin user and also says that you can use any user and password. So we are not instructing students to use admin/admin.
Luis.
0 -
Hi, as I mentioned, in the image itself it can definitely be interpreted as admin/admin without explicitly stating it, so my recommendation is to not use that image but it's up to the course creators of course. Maybe also stating to use a secure password would be good since you have instructed to open up the ports. Anyways, if any other taking the course sees this then just keep it in mind.
0 -
0
Categories
- All Categories
- 175 LFX Mentorship
- 175 LFX Mentorship: Linux Kernel
- 745 Linux Foundation IT Professional Programs
- 372 Cloud Engineer IT Professional Program
- 168 Advanced Cloud Engineer IT Professional Program
- 73 DevOps IT Professional Program - Discontinued
- 3 DevOps & GitOps IT Professional Program
- 98 Cloud Native Developer IT Professional Program
- 7.6K Training Courses & Learning Paths
- AI & ML Training
- Blockchain & Decentralized Identity Training
- 1 Cloud & Containers Training
- Cybersecurity Training
- DevOps & Site-Reliability Training
- Linux Kernel Development Training
- Networking Training
- Open Source Best Practice Training
- System Administration Training
- System Engineering Training
- Web & Application Development Training
- 2 LFD103-JP クラス フォーラム
- 4 LFD210-CN Class Forum
- 764 LFD259 Class Forum
- 681 LFS101 Class Forum
- 2 LFS158-JP クラス フォーラム
- 162 LFS207 Class Forum
- 3 LFS207-DE-Klassenforum
- 4 LFS207-JP クラス フォーラム
- 61 LFS241 Class Forum
- 52 LFS242 Class Forum
- 42 LFS243 Class Forum
- 19 LFS244 Class Forum
- 4 LFS250-JP クラス フォーラム
- 166 LFS253 Class Forum
- 1.4K LFS258 Class Forum
- 792 Hardware
- 202 Drivers
- 68 I/O Devices
- 37 Monitors
- 95 Multimedia
- 173 Networking
- 91 Printers & Scanners
- 87 Storage
- 768 Linux Distributions
- 81 Debian
- 67 Fedora
- 22 Linux Mint
- 13 Mageia
- 24 openSUSE
- 150 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 356 Ubuntu
- 465 Linux System Administration
- 31 Cloud Computing
- 73 Command Line/Scripting
- Github systems admin projects
- 98 Linux Security
- 78 Network Management
- 101 System Management
- 46 Web Management
- 106 Mobile Computing
- 18 Android
- 73 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 392 Off Topic
- 121 Introductions
- 181 Small Talk
- 29 Study Material
- 945 Programming and Development
- 310 Kernel Development
- 617 Software Development
- 978 Software
- 370 Applications
- 182 Command Line
- 5 Compiling/Installing
- 68 Games
- 317 Installation
- Archived
- 2 LFD140 Class Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)