I found some free Symantec training. All you need to do is register for a account. The free classes are listed as Symantec eLibrary. Select this item and go to the checkout.
http://techcenter.symantec.com/ecampus/enterprise
Tuesday, September 30, 2014
Symantec Training
I found some free Symantec training. All you need to do is register for a account. The free classes are listed as Symantec eLibrary. Select this item and go to the checkout.
http://techcenter.symantec.com/ecampus/enterprise
Thursday, September 18, 2014
Unlock locked accounts
These are my notes no unlocking user accounts, below I go over a few ways to get a user account back up and running. Such as changing the expiration date on an expired account and resetting the PAM Tally for a user.
In keeping with the space theme, I will be using earth as the server's hostname and man as the name of the user account.
This the most common way to unlock your account.
Change the expiration date of the user account
This works on some systems
This resets the account if all else fails.
References.
www.cyberciti.biz
From RHEL user-unlock command
SuperUser pam command
In keeping with the space theme, I will be using earth as the server's hostname and man as the name of the user account.
This the most common way to unlock your account.
root@earth> passwd -u man
Change the expiration date of the user account
root@earth> usermod --expire 9999 man
This works on some systems
root@earth> ipa user-unlock man
This resets the account if all else fails.
root@earth> pam_tally --user=man --reset
References.
www.cyberciti.biz
From RHEL user-unlock command
SuperUser pam command
Wednesday, September 17, 2014
Disable VRFY for Postfix (Retina ID 146)
The Retina Network Security Scanner from BeyondTrust, Inc was run against my servers and ID 146 was a hit or finding on one of my servers. Retina can give good results on network security vulnerabilities, but false finds are also common. The problem with that the scanner is that it doesn't show you how it finds the vulnerability or how to fix it. I did some research and it turns out that you need to disable the VRFY command in postfix. Below I have posted the security vulnerability from Retina, with instructions on how to fix the issue.
Test for this issue.
If the VRFY command does not come back as "VRFY command is disabled" then this is a finding.
Remediation
Add this line below to the /etc/postfix/main.cf.
cyberciti.biz
Ref for Security issue:
iss.net
xforce.iss.net
Manpages
Sendmail
Postfix
What Retina says about the vulnerability
Retina ID or vID 146
Description The VRFY command can lead to a remote attacker gaining the first and last name registered to any given email account. This can aid an attacker in social engineering attacks.
Discussion - fix Follow your SMTP server's manual on how to disable the VRFY command. If no instructions are provided contact your SMTP server's vender.
Severity = Low to Med
SevCode = III
Port = TCP:25
IA Controls = Mail Server
Retina scan Version 5.19.9.2802
Expected "252" and found "252 2.0.0. administrator"
Test for this issue.
man@earth>
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost
Escape character is '^]'.
220 earth.planet.com ESMTP Postfix
VRFY
502 5.51.1 VRFY command is disabled
Trying 127.0.0.1...
Connected to localhost
Escape character is '^]'.
220 earth.planet.com ESMTP Postfix
VRFY
502 5.51.1 VRFY command is disabled
If the VRFY command does not come back as "VRFY command is disabled" then this is a finding.
Remediation
Add this line below to the /etc/postfix/main.cf.
disable_vrfy_command = yes
Reference section
Ref for fix:cyberciti.biz
Ref for Security issue:
iss.net
xforce.iss.net
Manpages
Sendmail
Postfix
Tuesday, September 16, 2014
Monday, September 15, 2014
Brocade Training
http://community.brocade.com/
lance-Schedule/ta-p/3063
I hope someone finds this useful.
Subscribe to:
Posts (Atom)