Detect Bitcoin miners CPUMiner and CUDAMiner
Author: Ash Wilson - @ashmastaflash
This is a simple policy for detecting the presence of two Bitcoin mining programs, CPUMiner and CUDAMiner. The CPUMiner check demonstrates a process existence check and the CUDAMiner check looks for the existence of a binary in the filesystem.
List of Files
- minerdetection.policy.json -- The policy file for uploading into the CloudPassage Portal
- README.md -- You're looking at it.
Requirements and Dependencies
- A CloudPassage Halo account (Pro or Enterprise level subscription)
- This policy is focused on securing Linux operating systems
- Download the minerdetection.policy.json file to your workstation
- Log into https://portal.cloudpassage.com
- Mouse over "Policies" and select "Configuration Policies"
- Click on "Import Policy" and select the minerdetection.policy.json file you downloaded in step 1.
Assign the policy to your server groups:
- Select Servers
- For each Server Group you wish to apply this policy to, select "Edit Details" and select this policy under "Configuration"
- The configuration check will automatically run for all hosts within the Server Groups you have the policy assigned to at the regular interval.