Validator node security is no trivial matter. Cherry Servers' recent Sensu vulnerability reminds everyone: monitoring platforms can also become attack surfaces. When it comes to key rotation and rebuilding machines, act decisively without hesitation.

View Original
WuSaidBlockchainW
According to SolanaFloor, the Solana Foundation stated that bare-metal server provider Cherry Servers disclosed a security incident in its legacy Sensu monitoring platform that may have allowed remote code execution; Solana validators hosted on Cherry Servers should check Sensu client logs for published intrusion indicators and rotate identity keys on validator hosts that may have installed and connected Sensu agents during the incident. The Solana Foundation also recommends confirming that withdrawal authority keys are not stored on validator machines and checking for potentially exposed credentials and keys on affected hosts; if intrusion indicators are detected or the risk cannot be fully eliminated, a full machine rebuild is advised.
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned