• Creator
  • #3984247

    What are the security risks if I implement the solution?

    by lakki26 ·


    If I implement the below solution for my postfix poller error, Is there any security risks for my server and if there what will be issues?

    Reference link for my error:

    Open the postfixdetailed file and change /var/log/maillog to /var/log/mail.log
    I also changed the $pflogsumm= variable so it includes the sudo command.

    $pflogsumm=’/usr/bin/env /usr/bin/sudo /usr/sbin/pflogsumm’;
    And added this code to a sudoers file;

    snmp ALL=(ALL) NOPASSWD: /usr/sbin/pflogsumm /var/log/mail.log
    Maybe you need to change the first word “snmp” to the username your snmp deamon runs on.

    For postfix-queues i’ve edited the file to include the sudo command;

    COUNT=sudo /usr/sbin/qshape $i | grep TOTAL | awk ‘{print $2}’
    And added this to a sudoers file

    snmp ALL=(ALL) NOPASSWD: /usr/sbin/qshape incoming
    snmp ALL=(ALL) NOPASSWD: /usr/sbin/qshape active
    snmp ALL=(ALL) NOPASSWD: /usr/sbin/qshape deferred
    snmp ALL=(ALL) NOPASSWD: /usr/sbin/qshape hold
    Please note that you need to restart the snmp daemon so the sudoers permissions are set.

    add this to your config.php

    $config[‘snmp’][‘timeout’] = 10; # timeout in seconds
    $config[‘snmp’][‘retries’] = 5; # how many times to retry the query
    $config[‘snmp’][‘transports’] = array(‘udp’, ‘udp6’, ‘tcp’, ‘tcp6’); # Transports to use
    $config[‘snmp’][‘version’] = [‘v2c’, ‘v3’, ‘v1’]; # Default versions to use
    $config[‘snmp’][‘port’] = 161; # Default port
    $config[‘snmp’][‘exec_timeout’] = 1200; # execution time limit in se

You are posting a reply to: What are the security risks if I implement the solution?

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

Viewing 1 reply thread