we are using a self hosted gitlab version from bitnami.
We have several repositories and all of them are working fine except for one repository.
It throws a 404 error.
i am not able to clone that repository into my local system as well.
also i see a service called juma utilaizing 100% of the cpu.
How do i delete the service??
How do i go about this error?
Is there any way we can check the logs of a particular repository??
Seems you have a similar problem as this person: Gitlab , git juma - #2 by iwalker
Looks like your gitlab is compromised, obviously an old version that had a vulnerability that needs upgrading.
do we not have any other solution apart from upgrading the gitlab?
I am trying to kill the juma process, but no matter how many times i delete it it keeps popping back.
Also i tried this command as well given in bitnami documentation
sudo /opt/bitnami/ctlscript.sh stop juma
which is of no use
Well, if you don’t upgrade, then you still have the vulnerabilities, which means you will get infected again with the same processes that you have problems with right now.
Juma is not a gitlab process, no processes run as git user. This is a cryptominer. You will have to kill it, make sure it’s not being started from cron, and also find out where it exactly is, if under /tmp then delete it. But there will be processes again to re-infect your machine.
Better i upgrade the GitLab cu i find it difficult to find where juma is cuz i am not able to find its parent service and though i have deleted it in tmp it still pops up.
To help track down where the
juma process is being called/executed from, you can use
top -c to see the full command that
juma process is using and
lsof lsof(8) - Linux manual page
lsof -c juma
This will list all files the
juma process has opened.
As it appears, your server has been compromised, you might find the suggestions here helpful: CVE-2021-22205: How to determine if a self-managed instance has been impacted - #19 by gitlab-greg