Re: [AFMUG] Odd centos issue

2021-01-27 Thread dave 

Steve,
 Have a look at https://phoenixnap.com/kb/centos-8-early-eol-in-2021
This may concern or may not.. I moved all my centos boxes early in 2017 
to debian.

Dont regret that move at all.


On 1/25/21 6:27 PM, Steve Jones wrote:
So i have a centos server running openfire for our trillian clients to 
connect to. Its been great for a few years, its the way we do all 
interoffice communications with multiple same user logins.
Over the last month or so we have had issues where people arent 
getting messages. Updated openfire, seemed resolved.
Today i had a tech waiting on me for a site build, finally messaged 
him and he replied a screenshot of him asking me about scheduling that 
i never got.

So I reboot the server, neither my webmin or openfire come back up.
Troubleshooting shows appropriate ports listening. Finally i disable 
iptables and everything comes up.
(Also found out you have to change repos to update old centos 6 for a 
yum update)
I manage iptables through webmin, and the only policies in there are 
the default deny, established related allow , 1 webmin allow and 
port 22 allow.  My openfire server would never have worked.
During troubleshooting prior to disabling iptables i found Ipv6 was 
also enabled, i defaultly disable this, and the ports were listening 
only on ip6. I disabled ip6 and ip4 was listening.
We manage the ACL with a fortigate. Issue is our fortivoice needs the 
firmware version to function. This firmware has an issue where 
everything will get slow because of a memory leak.
Im trying to find a way this could be anything other than a 
compromised system. I could have forgot to disable ip6, but the ports 
would have needed to be listening on ip4, they werent.
I cant see any way the firewall would have worked at all unless i had 
it disabled and a reboot enabled it again, except i have rebooted it.
I dont even know on linux how to identify  a compromize. Our fortugate 
only has a free account and no fortianalyzer so no long term logs exist.
Im super concerned because i have all my centos webmin instances 
clustered.
Anybody see any way this isnt compromised? Years of function and the 
sudden presence of a firewall that would never have worked?



Also, trying modello dark, its a contender



-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com

[AFMUG] Odd centos issue

2021-01-25 Thread Steve Jones 
So i have a centos server running openfire for our trillian clients to
connect to. Its been great for a few years, its the way we do all
interoffice communications with multiple same user logins.
Over the last month or so we have had issues where people arent getting
messages. Updated openfire, seemed resolved.
Today i had a tech waiting on me for a site build, finally messaged him and
he replied a screenshot of him asking me about scheduling that i never got.
So I reboot the server, neither my webmin or openfire come back up.
Troubleshooting shows appropriate ports listening. Finally i disable
iptables and everything comes up.
(Also found out you have to change repos to update old centos 6 for a yum
update)
I manage iptables through webmin, and the only policies in there are the
default deny, established related allow , 1 webmin allow and port 22
allow.  My openfire server would never have worked.
During troubleshooting prior to disabling iptables i found Ipv6 was also
enabled, i defaultly disable this, and the ports were listening only on
ip6. I disabled ip6 and ip4 was listening.
We manage the ACL with a fortigate. Issue is our fortivoice needs the
firmware version to function. This firmware has an issue where everything
will get slow because of a memory leak.
Im trying to find a way this could be anything other than a compromised
system. I could have forgot to disable ip6, but the ports would have needed
to be listening on ip4, they werent.
I cant see any way the firewall would have worked at all unless i had it
disabled and a reboot enabled it again, except i have rebooted it.
I dont even know on linux how to identify  a compromize. Our fortugate only
has a free account and no fortianalyzer so no long term logs exist.
Im super concerned because i have all my centos webmin instances clustered.
Anybody see any way this isnt compromised? Years of function and the sudden
presence of a firewall that would never have worked?


Also, trying modello dark, its a contender
-- 
AF mailing list
AF@af.afmug.com
http://af.afmug.com/mailman/listinfo/af_af.afmug.com