just got an email reported modifications: new account [saslauthd] has been created - mins after installing mod_evasive?

Spirogg

• May 12, 2022 04:00

ok so I wanted to install mod_evasive - So I head over to ea4 and installed it. couple mins later i get email showing Reported modification New account [saslauthd] has been created with uid:[982] gid:[76] login:[/run/saslauthd] shell:[/sbin/nologin] so was this from mod_evasive getting installed? cause I did not see any pre-requisite when i clicked on mod_evasive. just making sure this is part of that update or what else could be the cause if this thanks just weird that i got email notification right after installing the mod evasive

• 

  Spirogg

  • May 12, 2022 09:11

  ok I tried it on my dev install and yes I missed that part that all these files are getting installed.. sorry Si i am assuming its part of the pkg Please review the following list of packages you are about to install by provisioning this profile.

  • apr-devel
  • apr-util-devel
  • cyrus-sasl
  • cyrus-sasl-devel
  • devel
  • libdb-devel
  • mod_evasive
  • openldap-devel

  thanks and sorry for the post Spiro

  0
• 

  Spirogg

  • May 12, 2022 09:26

  PS on Ubuntu when selecting mod_evasive these are the extras it installs Please review the following list of packages you are about to install by provisioning this profile.

  • apr-devel
  • apr-util-devel
  • devel
  • libdb5.3-dev
  • libldap2-dev
  • mod-evasive

  no saslauthd

  0
• 

  Spirogg

  • May 12, 2022 09:33

  to test it from root# mkdir test
cd /test
nano test.pl
  copy and paste this below #!/usr/bin/perl # test.pl: small script to test mod_dosevasive's effectiveness use IO::Socket; use strict; for(0..100) { my($response); my($SOCKET) = new IO::Socket::INET( Proto => "tcp", PeerAddr=> "127.0.0.1:80"); if (! defined $SOCKET) { die $!; } print $SOCKET "GET /?$_ HTTP/1.0\n\n"; $response = <$SOCKET>; print $response; close($SOCKET); }
  then ctrl + x then select Y foy yes then click enter and enter again (saved!) then run from root# /usr/bin/perl test.pl
  output should be root@server2:~/test# /usr/bin/perl test.pl HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request
  this means its working read this for more info

  0
• 

  cPRex Jurassic Moderator

  • May 12, 2022 13:44

  I'm glad you were able to confirm that wasn't a security issue!

  0

Please sign in to leave a comment.