On 26/03/2020 10:39 am, Lyle Giese wrote:
> I have an instance of Surgemail installed on a virtual server at
> Linode. I have most stuff turned off and the attack surface seems to
> be small but missing a couple of details.
>
>
> I see I have a listener open on TCP 366. From what I have found this
> is for atrn( I know what atrn is and have used it in the past) but I
> don't see a switch to turn that off to drop that listener.
>
g_atrn_port "disabled"
>
> The other thing I have not looked at in detail is failed logins to the
> admin interface to Surgemail. I don't know where those are logged so
> I can at least monitor hacker failures trying to break in on that
> interface. Any pointers would be appreciated.
>
Good question, admin interface failed logins are not logged currently,
I'll address that in the next build. Successful admin actions are logged
in 'admin_yyyymm.rec' log files.
I recommend setting:
g_admin_ip "safe.ip.addresses.*,other.address"
to keep the system secure.
ChrisP.
>
> Thanks,
>
> Lyle Giese
>
> LCR Computer Services, Inc.
>
>
--
p.s. We'd love a link from your website to our new domain: https://surgemail.com if/when u have time.
|