打开邮箱收到来自部分IDC商家推送的需要急需解决的问题,发生了什么了呢?可以看看下面的原文:
What Happened?
We are using SolusVM Control Panel for our KVM VPS with their official templates. Due to an issue in the template, there is another user called “debianuser” beside “root” which can lead to security vulnerability.
What should I do?
- The fastest way should be deleting the “debianuser” – this should be done only if the “debianuser” has not been accessed before.
- Reinstall the VPS from the iso or from the updated template. We have patched the Debian 10 template so there will be no “debianuser”. You can also mount the Debian iso which is available from the Client Area or SolusVM Control Panel If you are unsure what to do, please do not hesitate to contact our Technical department.
通过字面的意思就是SolusVM使用Debian 10模板存在严重的安全漏洞,而SolusVM是目前许多VPS提供商使用的流行的虚拟化管理解决方案,特别是海外IDC商家, 如果使用Debian 10模板设置VPS,则需要采取措施。
如何解决这一问题呢?
办法一:要求VPS提供商及时更换全新的debian系统模板,或者要求提供ISO,用户手动安装确保不存在冗余的“ debianuser”用户。
办法二:最快的解决办法是使用命令解决:userdel debianuser 这个前提是你有root权限,不再需要用到debianuser用户。