Skip to main content

Exim bug CVE-2019-10149 fixes

If you have cpanel license and can update it to the latest non-vulnerable patched version, then it is the easiest fix , else please do the below steps:



Complete below modification and restart exim, also check mail service by sending test mail. Also make sure to take backup of exim.conf, before modification

Open /etc/exim.conf, SEARCH FOR acl_not_smtp:* and add below content


###############################
deny
    condition = ${if lt {$exim_version}{4.92}{1}{0}}
    condition = ${if forany{<,$recipients}{match_local_part{$item}{\N^.*\$\{.*$\N}}{yes}{no}}
    message = restricted characters in recipient address

deny
    condition = ${if lt {$exim_version}{4.92}{1}{0}}
    condition = ${if match{$sender_address_local_part}{\N^.*\$\{.*$\N}{yes}{no}}
    message = restricted characters in sender address

# END INSERT 000_restricted_chars
# BEGIN INSERT resolve_vhost_owner
warn
        condition   = ${if eq{$originator_uid}{${perl{user2uid}{nobody}}}{1}{0}}
        set acl_c_vhost_owner = ${perl{resolve_vhost_owner}}
##############################


Search for acl_smtp_rcpt: and add below content*

############################
deny
    condition = ${if lt {$exim_version}{4.92}{1}{0}}
    local_parts = \N^.*\$\{.*$\N
    message = restricted characters in recipient address

deny
    condition = ${if lt {$exim_version}{4.92}{1}{0}}
    senders = \N^.*\$\{.*$\N
    message = restricted characters in sender address
###########################

After that please do the below steps :
######################################

1:  Remove /etc/ld.so.preload

rm -f /etc/ld.so.preload
rm -f  /lib/libgrubd.so

2: check .ssh/authorized_keys file, if anything unusual entries in authorized_keys please clear all except ezeelogin server key and set attribute for .ssh/authorized_keys

Comments

Post a Comment

Popular posts from this blog

Password reset too simplistic/systematic issue

Some time when we try to reset the password of our user in linux it will show as simple and systematic as below: BAD PASSWORD: it is too simplistic/systematic no matter how hard password you give it will show the same. Solution: ######### Check if your password is Ok with the below command, jino@ndz~$ echo 'D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l' | cracklib-check D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l: it is too simplistic/systematic Now Create a password with the below command : jino@ndz~$ echo $(tr -dc '[:graph:]' 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K; You can see that this password will be ok with the cracklib-check. jino@ndz~$ echo '7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;' | cracklib-check                 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;: OK Thats all, Thanks.
Post a Comment
Read more

Nginx Ingress controller setup in K8S MultiNode Cluster with HA-Proxy as External LB

https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/installation.md Pre-requisites: ############### >> K8s cluster setup with 1 Master and 2 Worker nodes. >> Deployed an application with Deployment name "client-sb" >> Also you need to create an HA-proxy server by spinning an Ec2 instance. After login the Ha-proxy server. # yum install haproxy # vi /etc/haproxy/haproxy.cfg delete everything after the global and defaults starting from "Main front-end which proxys to the backend" paste the below code in the end of the file: --------------------- frontend http_front   bind *:80   stats uri /haproxy?stats   default_backend http_back backend http_back   balance roundrobin   server kube 10.0.1.14:80   server kube 10.0.1.12:80 --------------------- # systemctl status haproxy # systemctl enable haproxy # systemctl start haproxy 1. Create a Namespace, a SA, the Default Secret, the Customization Confi...
Post a Comment
Read more

Running K8s cluster service kubelet with Swap Memory Enabled

For enabling swap memory check the below link : https://jinojoseph.blogspot.com/2019/10/enable-swap-memory-using-swapfile-in.html # sudo vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf Add the KUBELET_EXTRA_ARGS line as below: ---------------------------------------- Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false" ExecStart= ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS Now kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units # sudo systemctl daemon-reload # sudo systemctl restart kubelet # sudo systemctl status kubelet That is all cheers :p
Post a Comment
Read more