Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This is what happens when you try to run postgreyreport with sudo. You need to run it from a room prompt. I tried this yesterday on an Ubuntu host and got this exact same result, line number 184 and everything, which is what prompted me to make the post about using sudo -i to get the root shell.
Here I uploaded the new version of the output1.log
Thanks for the log. Apart from checking the services that seem to be listening on all interfaces against what your firewall allows (or rather: should not allow), you also might want to run pflogsumm on the file created above:
to ensure all spam was actually rejected. Other than that I can not detect anything untoward from the log you sent so I suggest you focus on the measures required to assess the state of your 20 LAN machines running Windows.
Thanks for the log. Apart from checking the services that seem to be listening on all interfaces against what your firewall allows (or rather: should not allow), you also might want to run pflogsumm on the file created above:
to ensure all spam was actually rejected. Other than that I can not detect anything untoward from the log you sent so I suggest you focus on the measures required to assess the state of your 20 LAN machines running Windows.
Thanks for your help.
I don't know what I'm doing wrong
I logged in finally as root, and also I tried using sudo -i, but still shows the same message "Permission denied".
Look.
Code:
root@mail:~# postgreyreport −−nosingle_line −−check_sender=mx,a −−separate_by_subnet="=net=\n" /tmp/mail.log 2>&1 > /tmp/postgreyreport.log
Can't open −−nosingle_line: Permission denied at /usr/bin/postgreyreport line 184.
Can't open −−check_sender=mx,a: Permission denied at /usr/bin/postgreyreport line 184.
Can't open −−separate_by_subnet==net=\n: Permission denied at /usr/bin/postgreyreport line 184.
root@mail:~#
BTW CYP update this thread or lend closure by responding to the other 3 tasks outlined in post #13:
Quote:
2. Review your firewall rules so no traffic passes in or out without filtering,
4. Snort IDS seems to be supported in Zentyal so install it. While the current rules only consider Cutwail Command and Control URI's (Pushdo A, B and C because D encrypts traffic) it's better than nothing. Get the rule set from the Snort website, disable rules for services you don't run or that are otherwise outside of the scope (like deleted, Oracle, SCADA, VoIP, etc, etc). The rule set you must keep is botnet-cnc.rules. Then get the rule set from the Emerging Threats web site and disable along the same lines. The rule you must keep is called emerging-current_events.rules,
5. Scan every LAN machine with what you know from the "Scanning your machine for exploits" document.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
