Profile Details

Toggle Sidebar
Recent updates
  • I can not find anything about Chrome requirements for Certificate requiring Subject Alternate Names only? Now indeed I think SAN where introduced part of the X.509 V3 certificates specifications but is it a requirement for Chrome?

    The issue with creating self-signed certificates using the Webconfig ClearOS app for Chrome could be entirely another problem. I think I also tried to use the app but at the time it was creating X.509 V1 certificates that I had to manually change to be V3, this might not be the case anymore.

    This is certainly a complicated subject and I am no expert. Looking at 'Taryck BENSIALI' configuration, a Wildcard DNS within a Subject Alternate Names (SANs) is an approach the I never thought of. Also note Wildcard Certificates can be useful but will only secure a specific subdomain level.

  • Indeed the service is not set to start at boot time, to do so in CentOS you are required to enable the service:



    Note: Great app thks, a few years ago I modified the shutdown scripts to do a proper shutdown of a VMWare ESXI environment and all seems to continue to work with this app.

  • This is an old thread but I found a different approach to the solution which I will share:

    The cyrus.conf file allows similar approach to cron job to be executed within it configuration file by using:


    ipurge seem to do the trick for me. Note: imapd.conf unixhierarchysep is enabled, the delimiter used is '/' instead of '.'

  • Could be the power supply?

  • Hello Nick

    Thanks for the reply. As you probably already guess, no I did not post the entire logrotate. From what I understand even if Snortsam shows as a different service it is a plugin to Snort and when restarted they are probably intertwined, considering combining all the logs in the rotation might be appropriate?

    This bug disrupted the operation of my Gateway and a reminder that I should have made the log folder its own logical volume. I understand that an update to Snort is well overdue but this bug is in both version 6 & 7 of ClearOs, not sure how wise to ignore.

    Something like: could be helpful?

  • Snort filled up my file system

    More specifically Snort filled up the /var/log/snort folder and it does not appear that it being cleaned up properly, two type of files are appearing in that folder: syslog... and snort.log...

    I found the following configuration in /etc/logrotate.d/snort for syslog:



    syslog... file seems to be configured properly, but can not find much for snort.log... files. I am not even sure if this is a log file it seem to be binary. Here is what I found in the snort.conf



    I think this might be some type of analysis log? but these captures are filling up my file system. Anyone else is seeing this problem? are they at the wrong place? Is there a log rotation cleanup configuration required for this?

  • Took me a while to grasp the above concepts but I think I get it now. The approach such as the SUVA port 123 firewall rules over my proposed NAT route will allow the firewall to be opened from a service or an appliance request within the LAN, I guess that is why it is called statefull rule. I now understand why this approach provides better firewall protection since the firewall entrance is controlled from within the home/office network.

  • The best approach to secure a Gateway using a VOIP ATA from SIP scans?

    I am using an OBI ATA and wondering what is the best approach to secure my Gateway from SIP scans?

    if I compare the ClearOS SUVA service:



    To having a prerouting NAT chain:



    I am wondering what are the advantages/disadvantages of both approaches in regards to the gateway being subject to SIP scans?

  • The installation went well. One thing that I noticed immediately is how sluggish this new application is. I recall going through similar symptoms with the installation of SOGo 2, the configuration at the time required a change to increase the amount of processes that should be spawned, hence increase the WOWorkersCount to 10. The only issue is that configuration must now be applied in /etc/sysconfig/sogo by the use of PREFORK=10 for it to work with SOGo 3 in a CentOS 7 environment.

    For the Aliases well all seem to work well with the use of: MailFieldNames = (clearMailAliases) for my particular case since I do not want to use the mailbox name. The only issue with this is that you can not append the domain name in the alias field and can not use two destination domains, seems like a design contradiction in the CLearOS world to me.

    If you are moving from SOGo 2 to 3 like I am, pending the version you are running in SOGo 2 you may need to run some shell scripts to upgrade the DB.

  • To be honest Nick I can not remember either. It has been years since I have done my SOGo setup, but you are right the proper configuration would be: MailFieldNames = (clearMailAliases,mail).

    I recall I had an issue with ClearOS aliases, my mail account name is never used to transmit emails, I only use aliases. Something clashed with the way ClearOS had configure the LDAP structure and how an LDAP structure was interpreted by SOGo. I think I wanted to do this: MailFieldNames = (clearMailAliases), but was not possible with the ClearOS structure and I ended up adding a field to the ClearOS LDAP structure for it to work.

    Can not really check this right now, I am on vacation and If my wife caught me working... you know what I mean. But I will come back with more on this issue.