Thread Info
  • State Not Answered
  • +5 person also asked this people also asked this
  • Locked Locked
  • Replies 22 replies
  • Subscribers 15 subscribers
  • Views 5247 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

/usr/local/bin/dataupload.plx, what is it and what is it doing?

teched

What is /usr/local/bin/dataupload.plx doing and why?

 

I noticed an unexpected email from my UTM software appliance (home use).

Current software version...: 9.703003
# crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (- installed on Mon Aug 24 20:36:33 2020)
# (Cron version V5.0 -- $Id: crontab.c,v 1.12 2004/01/23 18:56:42 vixie Exp $)
0 1 * * * /usr/local/bin/dataupload.plx > /dev/null
#

# ls -l /usr/local/bin/dataupload.plx
-rwxr-xr-x 1 root root 93292 Aug 24 21:39 /usr/local/bin/dataupload.plx

 

I almost certainly would not have noticed this had standard error been redirected too.

 

A few notes:

u2d-ohelp9-9.1086 ?

/var/log/webadmin/*/*/*

/tmp/*/*.eip & /tmp/*/*.tar.gz

ip addresses, what more?

upload to something fronted by cloudfront?

 

 

Edit:  Note, incomplete answers will not be considered as an accepted answer.  Details on what the plx is doing, why it is doing so and why this appears to have been silently rolled out are not insignificant to the post.  Further questions in the replies are also important.



This thread was automatically locked due to age.

Top Replies

  • in reply to teched +2

    Given how much working environments have changed this year, we have accelerated our product security efforts, taking a more proactive approach.  As part of this initiative, we’ve already deployed a number security enhancements in UTM 9.704 and MRs for our XG Firewall platform.  As a result of these efforts, we have identified additional telemetry that would better assist with our security efforts.  This telemetry gathering is a valuable feature we already have on our XG Firewall platform, but we lacked some information that would enable us to better protect our SG UTM platform.  We do not collect any Personally Identifiable Information (PII).  Specifically the information we are gathering is:

    - UTM ID

    - License serial #

    - Any helpful error entries in webadmin.log

    - Other operational statistics

     

    As described, we are not collecting any PII data. The data which is collected complies with the GDPR, the EULA, and other data privacy requirements. We are gathering this operational data to help improve the product, enhance its security, and further protect your important data.  

     

    Thanks for your understanding, and we apologize for any confusion.

    Jump to answer
Parents
  • 0

    Do you have the SophosLabs feedback option enabled?  Probably part of that.  You can find this setting under Management/System Settings/Scan Settings tab.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0

    Do you have the SophosLabs feedback option enabled?  Probably part of that.  You can find this setting under Management/System Settings/Scan Settings tab.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children