HOWTO: Deploy script via Trend Micro OfficeScan (GPO)

How to deploy script on Trend Micro OfficeScan (GPO)

HOWTO: Change Postfix configuration for Threat Emulation MTA

How to change Postfix configuration for Threat Emulation MTA

Non-Delivery Configuration:

  1. Connect to command line on Security Gateway (over SSH, or console).
  2. Log in to Expert mode.
  3. Backup the /opt/postfix/etc/postfix/main.cf file:[[email protected]]# cp /opt/postfix/etc/postfix/main.cf /opt/postfix/etc/postfix/main.cf_ORG
  4. Edit the /opt/postfix/etc/postfix/main.cf file:[[email protected]]# vi /opt/postfix/etc/postfix/main.cf
  5. Add the desired parameters. notify_classes = bounce, resource, softwareRefer to official Postfix Configuration Parameters page.
  6. Save the changes in the file and exit from Vi editor.
  7. In SmartDashboard, install the Threat Prevention policy.

HOWTO: Delete all hidden .swp files from terminal

E325: ATTENTION
Found a swap file by the name ".swp"
owned by: subhrcho dated: Wed Dec 26 05:54:45 2012
file name: ~subhrcho/
modified: YES
user name: subhrcho host name: slc04lyo
process ID: 26176
While opening file ".vimrc"
dated: Mon Jan 28 22:45:16 2013
NEWER than swap file!

(1) Another program may be editing the same file.
If this is the case, be careful not to end up with two
different instances of the same file when making changes.
Quit, or continue with caution.

(2) An edit session for this file crashed.
If this is the case, use ":recover" or "vim -r "
to recover the changes (see ":help recovery").
If you did this already, delete the swap file ".swp"
to avoid this message.

Swap file ".swp" already exists!

find . -type f -name “.*.swp” -exec rm -f {} \;

HOWTO: Debug Policy Verification

Solution
Follow these steps:

Connect to command line on Security Management Server / Multi-Domain Security Management Server.

Log in to Expert mode.

On Multi-Domain Security Management Server, switch to the context of the relevant Domain Management Server:

[[email protected]:0]# mdsenv
Start the debug of FWM daemon:

[[email protected]:0]# fw debug fwm on TDERROR_ALL_ALL=5
[[email protected]:0]# fw debug fwm on OPSEC_DEBUG_LEVEL=3
Verify the policy under debug:

Policy Syntax
Security Policy :fwm -d verify $FWDIR/conf/.W 1>> /var/log/Security_Policy_Verification_debug.txt 2>> /var/log/Security_Policy_Verification_debug.txt
Threat Prevention Policy :fwm -d verify -p threatprevention $FWDIR/conf/.W 1>> /var/log/Threat_Prevention_Policy_Verification_debug.txt 2>> /var/log/Threat_Prevention_Policy_Verification_debug.txt
Desktop Policy :fwm -d verify $FWDIR/conf/.S 1>> /var/log/Desktop_Policy_Verification_debug.txt 2>> /var/log/Desktop_Policy_Verification_debug.txt
QoS Policy :fgate -d verify $FWDIR/conf/.F 1>> /var/log/QoS_Policy_Verification_debug.txt 2>> /var/log/QoS_Policy_Verification_debug.txt
Notes:

– is the name of the involved policy package as appears in SmartDashboard R7x / SmartConsole R8x
Take all the relevant outputs / screenshots.

Stop the debug of FWM daemon:

[[email protected]:0]# fw debug fwm off TDERROR_ALL_ALL=0
[[email protected]:0]# fw debug fwm off OPSEC_DEBUG_LEVEL=0