Hello, > Perhaps I am missing something, but what exactly leads you to believe > that there actually was a hacking event, let alone the event related to > a specific perpetrator?
I thought the same. The thread starter mentioned AlmaLinux: I already had the issue on RHEL based platforms that hand-crafted config files were reset / regenerated by system updates to defaults. Which, of course, made services stop working. You might escpecially want to watch out for files with .rpmsave (and maybe .rpmnew) suffix. It seems RPM package maintainers have to manually apply special rules to files to prevent the updates from overwriting newer, user-edited config files: "%config(noreplace)" Even marking them as "%config" seems to be insufficient. If your system was hacked, you'd probably have other problems as well than just config files losing manual changes. E.g. installed crypto miner, new open ports, outgoing connections to C&C botnet servers, data encryption in case of ransomware, ... Yours, Reg _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
