Bwiacek-Notes-WebEx

Revision as of 21:22, 17 May 2023 by Bwiacek (talk | contribs) (Created page with "{{BC|Certified}} __FORCETOC__ <div class="col-md-12 ibox-content"> = Sev 1 WebEx steps = <hr> {{KB|{{WIP}}|{{ZCS 9.0}}|{{ZCS 8.8}}|}} <hr> ==Checking if server is compromised== If a client calls in and says they are compromised or you suspect that they are this is a list of what to look for to see if anything is amiss. ===Check Install History=== Check install history to see when the last patch was applied... less /opt/zimbra/.install_history To get last patch ins...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
  1. Zimbra Tech Center
  2. Certified
  3. Bwiacek-Notes-WebEx

Sev 1 WebEx steps

   KB 24537        Last updated on 2023-05-17  




0.00
(0 votes)

Checking if server is compromised

If a client calls in and says they are compromised or you suspect that they are this is a list of what to look for to see if anything is amiss.

Check Install History

Check install history to see when the last patch was applied... 

less /opt/zimbra/.install_history

To get last patch install in legible time date. 

grep CONFIGURED .install_history | tail -n 1 | awk '{gsub(":", "", $1); print $1}' | date -d @$(cat)


Links to Patch Release history
2022: https://wiki.corp.synacor.com:8443/pages/viewpage.action?pageId=174719853
2023: https://wiki.corp.synacor.com:8443/pages/viewpage.action?pageId=176686252

Check Active Processes

Check current running processes 

ps -ef | grep -i zimbra

Check Crontabs

as root 

crontab -l

as Zimbra user 

su - zimbra
crontab -l

Check Files

Check the following for newly modified files comapre dates to the last instealled patch. 

ls -lrt /opt/zimbra/jetty/webapps/zimbra/ > /tmp/jetty_zimbra_lrt.txt
ls -lrt /opt/zimbra/jetty/webapps/zimbraAdmin/  > /tmp/jetty_zimbraAdmin_lrt.txt
ls -lrt /opt/zimbra/jetty_base/work/ > /tmp/jetty_work_lrt.txt
ls -lrt /opt/zimbra/mailboxd/webapps/zimbra/public/jsp/ > /tmp/jsp_lft.txt
ls -ltr /opt/zimbra/mailboxd/webapps/zimbra/public/ > /tmp/public_lrt.txt
ls -lrt /opt/zimbra/mailboxd/webapps/zimbraAdmin/WEB-INF > /tmp/web-inf.txt
ls -lrt /opt/zimbra/mailboxd/webapps/zimbraAdmin > /tmp/zimbraAdmin_lrt.txt

List of files modified in the last 60 days 

find /opt/zimbra/jetty/webapps/ -type f -newerct "-60 days" > /tmp/ct.txt 
find /opt/zimbra/ \( -path /opt/zimbra/backup -o -path /opt/zimbra/store -o -path /opt/zimbra/db/data \) \-prune -o -newerct "-60 days" > /tmp/newFiles.txt


Submitted by: BWiacek
Verified Against: ZCS 8.8.15, 9, 10 Date Created: yyyy-mm-dd
Article ID: https://wiki.zimbra.com/index.php?title=Bwiacek-Notes-WebEx Date Modified: 2023-05-17



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Other help Resources

User Help Page »
Official Forums »
Zimbra Documentation Page »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »


Retrieved from "http://wiki.zimbra.com/index.php?title=Bwiacek-Notes-WebEx&oldid=69761"
Jump to: navigation, search