So i have a centos server running openfire for our trillian clients to connect to. Its been great for a few years, its the way we do all interoffice communications with multiple same user logins. Over the last month or so we have had issues where people arent getting messages. Updated openfire, seemed resolved. Today i had a tech waiting on me for a site build, finally messaged him and he replied a screenshot of him asking me about scheduling that i never got. So I reboot the server, neither my webmin or openfire come back up. Troubleshooting shows appropriate ports listening. Finally i disable iptables and everything comes up. (Also found out you have to change repos to update old centos 6 for a yum update) I manage iptables through webmin, and the only policies in there are the default deny, established related allow , 10000 webmin allow and port 22 allow. My openfire server would never have worked. During troubleshooting prior to disabling iptables i found Ipv6 was also enabled, i defaultly disable this, and the ports were listening only on ip6. I disabled ip6 and ip4 was listening. We manage the ACL with a fortigate. Issue is our fortivoice needs the firmware version to function. This firmware has an issue where everything will get slow because of a memory leak. Im trying to find a way this could be anything other than a compromised system. I could have forgot to disable ip6, but the ports would have needed to be listening on ip4, they werent. I cant see any way the firewall would have worked at all unless i had it disabled and a reboot enabled it again, except i have rebooted it. I dont even know on linux how to identify a compromize. Our fortugate only has a free account and no fortianalyzer so no long term logs exist. Im super concerned because i have all my centos webmin instances clustered. Anybody see any way this isnt compromised? Years of function and the sudden presence of a firewall that would never have worked?
Also, trying modello dark, its a contender
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
