Steve,
Have a look at https://phoenixnap.com/kb/centos-8-early-eol-in-2021
This may concern or may not.. I moved all my centos boxes early in 2017
to debian.
Dont regret that move at all.
On 1/25/21 6:27 PM, Steve Jones wrote:
So i have a centos server running openfire for our trillian clients to
connect to. Its been great for a few years, its the way we do all
interoffice communications with multiple same user logins.
Over the last month or so we have had issues where people arent
getting messages. Updated openfire, seemed resolved.
Today i had a tech waiting on me for a site build, finally messaged
him and he replied a screenshot of him asking me about scheduling that
i never got.
So I reboot the server, neither my webmin or openfire come back up.
Troubleshooting shows appropriate ports listening. Finally i disable
iptables and everything comes up.
(Also found out you have to change repos to update old centos 6 for a
yum update)
I manage iptables through webmin, and the only policies in there are
the default deny, established related allow , 1 webmin allow and
port 22 allow. My openfire server would never have worked.
During troubleshooting prior to disabling iptables i found Ipv6 was
also enabled, i defaultly disable this, and the ports were listening
only on ip6. I disabled ip6 and ip4 was listening.
We manage the ACL with a fortigate. Issue is our fortivoice needs the
firmware version to function. This firmware has an issue where
everything will get slow because of a memory leak.
Im trying to find a way this could be anything other than a
compromised system. I could have forgot to disable ip6, but the ports
would have needed to be listening on ip4, they werent.
I cant see any way the firewall would have worked at all unless i had
it disabled and a reboot enabled it again, except i have rebooted it.
I dont even know on linux how to identify a compromize. Our fortugate
only has a free account and no fortianalyzer so no long term logs exist.
Im super concerned because i have all my centos webmin instances
clustered.
Anybody see any way this isnt compromised? Years of function and the
sudden presence of a firewall that would never have worked?
Also, trying modello dark, its a contender
--
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com