Cloudpassage Halo policy for detecting Bitcoin miners CPUMiner and CUDAMiner
Pull request Compare This branch is 4 commits ahead of ashmastaflash:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
LICENSE.txt
README.md
minerdetection.policy.json

README.md

Detect Bitcoin miners CPUMiner and CUDAMiner

Version: 1.0
Author: Ash Wilson - @ashmastaflash

This is a simple policy for detecting the presence of two Bitcoin mining programs, CPUMiner and CUDAMiner. The CPUMiner check demonstrates a process existence check and the CUDAMiner check looks for the existence of a binary in the filesystem.

List of Files

  • minerdetection.policy.json -- The policy file for uploading into the CloudPassage Portal
  • README.md -- You're looking at it.
  • LICENSE.txt

Requirements and Dependencies

  • A CloudPassage Halo account (Pro or Enterprise level subscription)
  • This policy is focused on securing Linux operating systems

Installation

  1. Download the minerdetection.policy.json file to your workstation
  2. Log into https://portal.cloudpassage.com
  3. Mouse over "Policies" and select "Configuration Policies"
  4. Click on "Import Policy" and select the minerdetection.policy.json file you downloaded in step 1.

Usage

Assign the policy to your server groups:

  1. Select Servers
  2. For each Server Group you wish to apply this policy to, select "Edit Details" and select this policy under "Configuration"
  3. The configuration check will automatically run for all hosts within the Server Groups you have the policy assigned to at the regular interval.