Question
-
Topic
-
What are the security risks if I implement the solution?
If I implement the below solution for my postfix poller error, Is there any security risks for my server and if there what will be issues?
Reference link for my error: https://community.librenms.org/t/postfix-mail-queue/8334
Open the postfixdetailed file and change /var/log/maillog to /var/log/mail.log
I also changed the $pflogsumm= variable so it includes the sudo command.$pflogsumm=’/usr/bin/env /usr/bin/sudo /usr/sbin/pflogsumm’;
And added this code to a sudoers file;snmp ALL=(ALL) NOPASSWD: /usr/sbin/pflogsumm /var/log/mail.log
Maybe you need to change the first word “snmp” to the username your snmp deamon runs on.For postfix-queues i’ve edited the file to include the sudo command;
COUNT=sudo /usr/sbin/qshape $i | grep TOTAL | awk ‘{print $2}’
And added this to a sudoers filesnmp ALL=(ALL) NOPASSWD: /usr/sbin/qshape incoming
snmp ALL=(ALL) NOPASSWD: /usr/sbin/qshape active
snmp ALL=(ALL) NOPASSWD: /usr/sbin/qshape deferred
snmp ALL=(ALL) NOPASSWD: /usr/sbin/qshape hold
Please note that you need to restart the snmp daemon so the sudoers permissions are set.add this to your config.php
$config[‘snmp’][‘timeout’] = 10; # timeout in seconds
$config[‘snmp’][‘retries’] = 5; # how many times to retry the query
$config[‘snmp’][‘transports’] = array(‘udp’, ‘udp6’, ‘tcp’, ‘tcp6’); # Transports to use
$config[‘snmp’][‘version’] = [‘v2c’, ‘v3’, ‘v1’]; # Default versions to use
$config[‘snmp’][‘port’] = 161; # Default port
$config[‘snmp’][‘exec_timeout’] = 1200; # execution time limit in se