zmswatch ongoing issue, need help
Posted: Thu May 30, 2019 10:17 am
Hello,
Good day, I would just like to ask assistance to have proper guidance on how will i proceed with this. I have no extensive experience in zimbra administration and yes, attacks like these.
Though reading the forums i was able to follow some inputs and so far i have applied some security measures. What we have is the other version of zmcat which is zmwatch on a zimbra server version below
Release 8.5.1_GA_3056.RHEL6_64_20141103151539 RHEL6_64 FOSS edition
so far, what i was able to do was to block all consolidated IP on our firewall from this forum and execute commands below
#chown root:root /opt/zimbra/log/zmswatch*
#chmod 400 /opt/zimbra/log/zmswatch*
#pkill zmswatch
#chmod 0775 /opt/zimbra/data/tmp/upload
#/opt/zimbra/libexec/zmfixperms
chattr -i /var/spool/cron/crontabs/zimbra
% sudo chattr +i /var/spool/cron/zimbra
% /bin/rm -f /opt/zimbra/log/zmswatch
% touch /opt/zimbra/log/zmswatch
% sudo chattr +i /opt/zimbra/log/zmswatch
What i would like to ask is that, with all the guides and solutions here, i cannot seem to verify where will i start. Can you guys guide me or put a list on what to do steps by steps.
Also, I cant seem to find a patch for my version. do i need to upgrade on a newer version and if i did, how will it affect my data?
will appropriate all the response
thank you
Good day, I would just like to ask assistance to have proper guidance on how will i proceed with this. I have no extensive experience in zimbra administration and yes, attacks like these.
Though reading the forums i was able to follow some inputs and so far i have applied some security measures. What we have is the other version of zmcat which is zmwatch on a zimbra server version below
Release 8.5.1_GA_3056.RHEL6_64_20141103151539 RHEL6_64 FOSS edition
so far, what i was able to do was to block all consolidated IP on our firewall from this forum and execute commands below
#chown root:root /opt/zimbra/log/zmswatch*
#chmod 400 /opt/zimbra/log/zmswatch*
#pkill zmswatch
#chmod 0775 /opt/zimbra/data/tmp/upload
#/opt/zimbra/libexec/zmfixperms
chattr -i /var/spool/cron/crontabs/zimbra
% sudo chattr +i /var/spool/cron/zimbra
% /bin/rm -f /opt/zimbra/log/zmswatch
% touch /opt/zimbra/log/zmswatch
% sudo chattr +i /opt/zimbra/log/zmswatch
What i would like to ask is that, with all the guides and solutions here, i cannot seem to verify where will i start. Can you guys guide me or put a list on what to do steps by steps.
Also, I cant seem to find a patch for my version. do i need to upgrade on a newer version and if i did, how will it affect my data?
will appropriate all the response
thank you