0005545: Temp files fired intrusion detection - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0005545	SOGo	Backend General	public	2022-06-29 08:10	2022-06-30 15:45

Reporter	fsoyer	Assigned To	francis
Priority	low	Severity	minor	Reproducibility	always
Status	closed	Resolution	no change required
Platform	[Server] Linux	OS	RHEL/CentOS	OS Version	7
Product Version	5.5.0

Summary	0005545: Temp files fired intrusion detection
Description	Hi staff, I've installed recently on my network a Sandfly Security instrusion detection. I have a false positive regarding files "/tmp.OGoxxxxxx", seen as possible hack attempts : The file '/tmp/OGo1A0762BB24DAF1.tmp' is common with certain types of log cleaners and was left behind in this directory. The file is owned by UID '986' and was created on 2022-06-28T17:57:14+02:00. The user 986 is, you have understood, sogo user. Can you confirm that this files are created by Sogo, and tell me if there is a way to redirect them to another directory (dedicated temp dir for example) ? Thanks a lot. Frank
Tags	No tags attached.

Date Modified	Username	Field	Change
2022-06-29 08:10	fsoyer	New Issue
2022-06-30 12:32	francis	Note Added: 0016105
2022-06-30 15:31	fsoyer	Note Added: 0016109
2022-06-30 15:45	francis	Assigned To	=> francis
2022-06-30 15:45	francis	Status	new => closed
2022-06-30 15:45	francis	Resolution	open => no change required

francis 2022-06-30 12:32 administrator ~0016105	Try to change the configuration parameter `NGMimeBuildMimeTempDirectory`.

fsoyer 2022-06-30 15:31 reporter ~0016109	Wonderful, it work ! I didn't seen it in parameters list, thank you for your reactivity ;)