"There is no cloud, it's just someone else's computer."
Today, as I was performing my usual server maintenance, I ran ls and found two script files I didn't recognize. My first reaction was a server intrusion, but after checking the script contents, I thought it might be a joke from the hosting provider.
Neither of the two scripts had any malicious function. Script 'a' was responsible for installing qemu-guest-agent, and script 'b' was responsible for running script 'a' and then deleting both scripts 'a' and 'b'. However, they did not execute successfully.
My VPS's system in the control panel is listed as Debian, but it is actually running Arch Linux. I suspect that the hosting provider distributes installation scripts based on the system shown in the control panel. Since I didn't have apt installed on Arch, the script encountered an execution error and exited directly, which is why the two scripts were preserved.
#!/bin/bash
echo `date`: Recipe ID: -524;
sh /root/recipe_-524.sh > /root/recipe_-524.log 2>&1;
echo `date`: RET: $?;
rm -f /root/recipe_-524.sh;
rm -f /root/exec_recipe.sh
if [ -f /etc/debian_version ]; then
OS=Ubuntu
elif [ -f /etc/redhat-release ]; then
OS=redhat
elif [-f /etc/oracle-release ]; then
OS=redhat
fi
if [ "$OS" = redhat ] ; then
systemctl status qemu-guest-agent
if [ $? != 0 ] ; then
yum --skip-broken -y install qemu-guest-agent
fi
elif [ "$OS" = Ubuntu ] ; then
systemctl status qemu-guest-agent
if [ $? != 0 ] ; then
apt-get clean -y 2>&1
apt-get update -y 2>&1
apt-get install -y qemu-guest-agent 2>&1
fi
fi
systemctl enable qemu-guest-agent
if [ "$OS" = redhat ] ; then
# Get the version of qemu-ga
REL=$(qemu-ga -V | grep -oP "\d+\.\d+\.\d+")
#path
config=/etc/sysconfig/qemu-ga
# Check if the version is 8.0.0 or higher
if [[ "$REL" =~ ^(8|\d{2,})\.[0-9]+\.[0-9]+$ ]]; then
#taking backup of old file for safer side
cp /etc/sysconfig/qemu-ga /etc/sysconfig/qemu-ga.bk
#injecting the guest-exec and guest-exec-status command for enabling
sed -i '/^FILTER_RPC_ARGS="--allow-rpcs=/ s/"$/,guest-exec,guest-file-open,guest-file-read,guest-file-close,guest-exec-status"/' $config
else
sed -c -i "s/\(BLACKLIST_RPC *= *\).*/\1guest\-file\-seek/" $config
fi
fi
REL=$(cat /etc/redhat-release)
rhel9="$(echo $REL | egrep -i '(release 9)')"
echo $rhel9
if [ "$?" -eq "0" ]; then
config=/etc/sysconfig/qemu-ga
sed -c -i "s/\(BLOCK_RPCS *= *\).*/\1guest\-file\-seek/" $config
fi
systemctl unmask qemu-guest-agent
systemctl restart qemu-guest-agent
Comments
Okay
(Was there a question?)
"A single swap file or partition may be up to 128 MB in size. [...] [I]f you need 256 MB of swap, you can create two 128-MB swap partitions." (M. Welsh & L. Kaufman, Running Linux, 2e, 1996, p. 49)
The title is not a question, it is a statement, because it ends with a dot.
I reserve the right to license all of my content under: CC BY-NC-ND. Whatever happens on this forum should stay on this forum.
This is true. But the relevance of the statement to the body of the post is not entirely clear, nor is the purpose of the thread.
We might need an AI translation, because MJJ language is quite difficult to understand due to so many variations in interpretation.
Perplexity seems to offer a simple point of view. Hopefully I did not break some Cloudflare bot with my request.
The phrase "There is no cloud, it's just someone else's computer" highlights that cloud services rely on physical servers owned by others. In your case, while maintaining your VPS, you discovered two unfamiliar scripts which initially seemed like a security breach. After inspection, the scripts weren't harmful; one intended to install qemu-guest-agent and the other to run this installation then remove both scripts. However, they failed to run because your VPS actually operates on Arch Linux, despite being labeled as Debian in the control panel. The hosting provider likely pushes installation scripts based on the control panel's OS info, causing the apt-based script to fail on Arch, leaving the scripts intact without execution. This illustrates how cloud systems can sometimes have discrepancies due to provider configurations and assumptions about the environment.
I reserve the right to license all of my content under: CC BY-NC-ND. Whatever happens on this forum should stay on this forum.
You are pushing the frontier of AI capability.
WTF? I am leaving for the big boys. This is above my pay grade.
Hey teamacc. You're a dick. (c) Jon Biloh, 2020.
While looking through my drawers, I found some loose coins.
Not sure why you need to know that, but I felt that I should share with you, just as you have with us.
If you want information, feign ignorance reply with the wrong answer. Internet people will correct you ASAP!
It’s OK if you disagree with me. I can’t force you to be right!
Preserve it. It will be a relic pretty soon. /s
We're the source, no cap. Address us: We/Our/Ours.
https://lowendspirit.com/discussion/comment/221016/#Comment_221016
AI doesn’t always have a question
Insert signature here, $5 tip required
#dicks
My pronouns are like/subscribe.