> > Since this was your puppet server, you might also want to check to see if > the intrusion has spread to your other machines, it's possible the attacker > didn't notice or that the attack was fully automated, but you should read > through the puppet configs and see if there are any commands being > distributed to the other machines that you didn't put there. You don't > want to play whack-a-mole chasing this out of your system, you want to get > it all in one shot. Thanks, I'm doing this now! Tim On Sat, Oct 4, 2014 at 11:14 AM, Mark Tinberg <mark.tinberg at wisc.edu> wrote: > Since this was your puppet server, you might also want to check to see if > the intrusion has spread to your other machines, it's possible the attacker > didn't notice or that the attack was fully automated, but you should read > through the puppet configs and see if there are any commands being > distributed to the other machines that you didn't put there. You don't > want to play whack-a-mole chasing this out of your system, you want to get > it all in one shot. > > — > Mark Tinberg > mark.tinberg at wisc.edu > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B