Tuesday, September 30, 2014

Symantec Training



I found some free Symantec training. All you need to do is register for a account. The free classes are listed as Symantec eLibrary. Select this item and go to the checkout.

http://techcenter.symantec.com/ecampus/enterprise


Thursday, September 18, 2014

Unlock locked accounts

These are my notes no unlocking user accounts, below I go over a few ways to get a user account back up and running. Such as changing the expiration date on an expired account and resetting the PAM Tally for a user.

In keeping with the space theme, I will be using earth as the server's hostname and man as the name of the user account.

This the most common way to unlock your account.
root@earth> passwd -u man

Change the expiration date of the user account
root@earth> usermod --expire 9999 man

This works on some systems
root@earth> ipa user-unlock man

This resets the account if all else fails.
root@earth> pam_tally --user=man --reset



References.
www.cyberciti.biz
From RHEL user-unlock command
SuperUser pam command

Wednesday, September 17, 2014

Disable VRFY for Postfix (Retina ID 146)

The Retina Network Security Scanner from BeyondTrust, Inc was run against my servers and ID 146 was a hit or finding on one of my servers. Retina can give good results on network security vulnerabilities, but false finds are also common. The problem with that the scanner is that it doesn't show you how it finds the vulnerability or how to fix it. I did some research and it turns out that you need to disable the VRFY command in postfix. Below I have posted the security vulnerability from Retina, with instructions on how to fix the issue.

What Retina says about the vulnerability 

Retina ID or vID 146
Description The VRFY command can lead to a remote attacker gaining the first and last name registered to any given email account. This can aid an attacker in social engineering attacks.
Discussion - fix Follow your SMTP server's manual on how to disable the VRFY command. If no instructions are provided contact your SMTP server's vender.
Severity = Low to Med
SevCode = III
Port = TCP:25
IA Controls = Mail Server
Retina scan Version 5.19.9.2802
Expected "252" and found "252 2.0.0. administrator"

Test for this issue.
man@earth> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost
Escape character is '^]'.
220 earth.planet.com ESMTP Postfix
VRFY
502 5.51.1 VRFY command is disabled

If the VRFY command does not come back as "VRFY command is disabled" then this is a finding.

Remediation
Add this line below to the /etc/postfix/main.cf.
disable_vrfy_command = yes

Reference section

Ref for fix:
cyberciti.biz

Ref for Security issue:
iss.net
xforce.iss.net

Manpages
Sendmail
Postfix

Monday, September 15, 2014

Brocade Training

It appears that Brocade has some free training on their website. I don't know about you but I love free training. You will need to register on the site to get these benefits.



http://community.brocade.com/t5/Brocade-University/Brocade-University-At-a-G
lance-Schedule/ta-p/3063


I hope someone finds this useful.