Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Javier Amor Garcia

Pages: [1]
1
Hello,
 there is a bug in spamassassin's rule sets that assigns a high spam score to any message sent after 2009. Spamassassin is used by eBox's mail filter so we are hit by this problem.

The issue was fixed in version 3.2.4-1ubutu1.2 , that was released the 1 of January of this year.

To see what version are you using:
# apt-cache policy spamassassin

To update spamassassin:
# apt-get update
# apt-get install spamassassin


If you dont get the good version, maybe you lack the lien for hardy-update in your repository, open '/etc/apt/sources.list' and add the following line if it is missing:
deb http://us.archive.ubuntu.com/ubuntu/ hardy-updates universe

Then you should try to run again the two previous commands.

2
Hello folks.

 Howtoforge has just published the article Using eBox As Windows Primary Domain Controller.

This article will show you how to create a domain in eBox, add users and computers to the domain and using files shares.

I hope you find it useful.

4
News and Announcements / Openssl and Ssh vulnerability
« on: May 20, 2008, 03:02:05 pm »
As you may know a vulnerability has been found in recent openssl and
openssh packages in Debian-based distros

http://metasploit.com/users/hdm/tools/debian-openssl/


In eBox's case only the Ubuntu-based installations are vulnerable. The
older Debian based ones had a correct openssl version.

You firstly need to upgrade to the new openssl and ssh package. You can
use this command to do so:
  apt-get update
  apt-get install openssl ssh

There are two affected eBox components:
 - eBox HTTPS server certificate
 - eBox CA certificates

-eBox HTTPS server certificate
 You might create a new server certificate following those steps:
   - sudo rm -rf /var/lib/ebox/conf/ssl*
   - sudo /usr/share/ebox/ebox-create-certificate
   - sudo /etc/init.d/ebox apache restart

    In the next connection to the web interface, your browser will ask
you about accepting the new certificate


- eBox CA certificates
  There is not a easy fix here, you will need to go to the web interface
and renew the CA. This will renew the CA's certificates.
If you are using the openvpn you will need to distribute the new
certificates and the current connections will be stopped.



As last note I remind you if you that any openssl or ssh certificate
created in a ubuntu-based eBox  is unsafe and you nedd to
revoke/renew/delete it.


Cheers,
  Javier

Pages: [1]