Gitlab logs for a specific repository

hey,
we are using a self hosted gitlab version from bitnami.
We have several repositories and all of them are working fine except for one repository.
It throws a 404 error.
i am not able to clone that repository into my local system as well.

also i see a service called juma utilaizing 100% of the cpu.
How do i delete the service??

How do i go about this error?
Is there any way we can check the logs of a particular repository??

Thanks,
Hari

Seems you have a similar problem as this person: Gitlab , git juma - #2 by iwalker

Looks like your gitlab is compromised, obviously an old version that had a vulnerability that needs upgrading.

do we not have any other solution apart from upgrading the gitlab?

I am trying to kill the juma process, but no matter how many times i delete it it keeps popping back.

Also i tried this command as well given in bitnami documentation
sudo /opt/bitnami/ctlscript.sh stop juma
which is of no use

Well, if you donโ€™t upgrade, then you still have the vulnerabilities, which means you will get infected again with the same processes that you have problems with right now.

Juma is not a gitlab process, no processes run as git user. This is a cryptominer. You will have to kill it, make sure itโ€™s not being started from cron, and also find out where it exactly is, if under /tmp then delete it. But there will be processes again to re-infect your machine.

1 Like

Thanks @iwalker
Better i upgrade the GitLab cu i find it difficult to find where juma is cuz i am not able to find its parent service and though i have deleted it in tmp it still pops up.

Hi @hari123 :wave:

To help track down where the juma process is being called/executed from, you can use top -c to see the full command that juma process is using and
lsof lsof(8) - Linux manual page

lsof -c juma

This will list all files the juma process has opened.

As it appears, your server has been compromised, you might find the suggestions here helpful: CVE-2021-22205: How to determine if a self-managed instance has been impacted - #19 by gitlab-greg

1 Like