Zimbra Collaboration Suite Open-Source Edition muaj ntau yam cuab yeej muaj zog los xyuas kom meej cov ntaub ntawv kev nyab xeeb. Ntawm lawv - ib qho kev daws teeb meem rau kev tiv thaiv tus neeg xa ntawv los ntawm kev tawm tsam los ntawm botnets, ClamAV - ib qho tshuaj tiv thaiv kab mob uas tuaj yeem luam theej duab cov ntaub ntawv thiab cov ntawv xa mus rau kev kis kab mob nrog cov kev pab cuam phem, nrog rau - ib qho zoo tshaj plaws spam lim hnub no. Txawm li cas los xij, cov cuab yeej no tsis tuaj yeem tiv thaiv Zimbra OSE los ntawm brute quab yuam tawm tsam. Tsis yog qhov zoo nkauj tshaj plaws, tab sis tseem muaj txiaj ntsig zoo, brute-forcing passwords siv phau ntawv txhais lus tshwj xeeb yog fraught tsis yog tsuas yog muaj qhov ua tau zoo ntawm kev nyiag nkas nrog tag nrho cov txiaj ntsig tom qab, tab sis kuj nrog kev tsim cov khoom tseem ceeb ntawm lub server, uas ua txhua yam. ua tsis tiav kev sim hack lub server nrog Zimbra OSE.
Hauv txoj cai, koj tuaj yeem tiv thaiv koj tus kheej los ntawm brute quab yuam siv tus qauv Zimbra OSE cov cuab yeej. Txoj cai tswjfwm kev ruaj ntseg tus password tso cai rau koj los teeb tsa tus lej ntawm kev nkag tsis tau tus password nkag mus, tom qab ntawd qhov kev cuam tshuam tus account raug thaiv. Qhov teeb meem tseem ceeb ntawm txoj hauv kev no yog cov xwm txheej tshwm sim uas cov nyiaj ntawm ib lossis ntau tus neeg ua haujlwm yuav raug thaiv vim muaj kev tawm tsam tsis muaj zog uas lawv tsis muaj dab tsi ua, thiab qhov ua rau poob qis hauv kev ua haujlwm ntawm cov neeg ua haujlwm tuaj yeem ua rau poob loj rau. lub tuam txhab. Tias yog vim li cas nws yog qhov zoo tshaj plaws tsis txhob siv qhov kev xaiv no ntawm kev tiv thaiv brute quab yuam.
Txhawm rau tiv thaiv brute quab yuam, lub cuab yeej tshwj xeeb hu ua DoSFilter yog qhov zoo dua qub, uas tau tsim rau hauv Zimbra OSE thiab tuaj yeem txiav qhov kev sib txuas rau Zimbra OSE ntawm HTTP. Hauv lwm lo lus, txoj cai kev khiav hauj lwm ntawm DoSfilter zoo ib yam li txoj cai kev khiav hauj lwm ntawm PostScreen, tsuas yog siv rau cov txheej txheem sib txawv. Keeb kwm tsim los txwv tus naj npawb ntawm kev ua ib tus neeg siv tuaj yeem ua tau, DoSfilter kuj tseem tuaj yeem muab kev tiv thaiv brute force. Nws qhov sib txawv tseem ceeb ntawm cov cuab yeej tsim rau hauv Zimbra yog tias tom qab qee qhov kev sim ua tsis tiav, nws tsis thaiv tus neeg siv nws tus kheej, tab sis tus IP chaw nyob los ntawm ntau qhov kev sim ua kom nkag mus rau hauv ib tus account tshwj xeeb. Ua tsaug rau qhov no, tus thawj tswj hwm tsis tuaj yeem tiv thaiv kev quab yuam brute nkaus xwb, tab sis kuj zam kev thaiv cov neeg ua haujlwm hauv tuam txhab los ntawm tsuas yog ntxiv lub network sab hauv ntawm nws lub tuam txhab rau daim ntawv teev npe IP chaw nyob thiab subnets.
Qhov txiaj ntsig loj ntawm DoSfilter yog tias ntxiv rau ntau qhov kev sim nkag mus rau hauv ib tus account tshwj xeeb, siv cov cuab yeej no koj tuaj yeem thaiv cov neeg tawm tsam uas tau txais tus neeg ua haujlwm cov ntaub ntawv pov thawj, thiab tom qab ntawd nkag mus rau hauv nws tus account thiab pib xa ntau pua qhov kev thov. mus rau lub server.
Koj tuaj yeem teeb tsa DoSfilter siv cov lus txib hauv qab no:
- zimbraHttpDosFilterMaxRequestsPerSec - Siv cov lus txib no, koj tuaj yeem teeb tsa cov kev sib txuas ntau tshaj plaws rau ib tus neeg siv. Los ntawm lub neej ntawd tus nqi no yog 30 kev sib txuas.
- zimbraHttpDosFilterDelayMillis - Siv cov lus txib no, koj tuaj yeem teem sijhawm ncua sijhawm hauv milliseconds rau kev sib txuas uas yuav dhau qhov txwv tau teev tseg los ntawm cov lus txib dhau los. Ntxiv rau qhov muaj nuj nqis, tus thawj tswj hwm tuaj yeem hais qhia 0, kom tsis txhob ncua sijhawm, thiab -1, kom tag nrho cov kev sib txuas uas tshaj qhov txwv tsis pub dhau tsuas yog cuam tshuam. Tus nqi pib yog -1.
- zimbraHttpThrottleSafeIPs - Siv cov lus txib no, tus thawj tswj hwm tuaj yeem teev cov chaw nyob IP ntseeg tau thiab cov subnets uas yuav tsis raug rau cov kev txwv uas tau teev tseg saum toj no. Nco ntsoov tias cov syntax ntawm cov lus txib no yuav txawv nyob ntawm qhov xav tau. Yog li, piv txwv li, los ntawm kev nkag mus rau cov lus txib zmprov mcf zimbraHttpThrottleSafeIPs 127.0.0.1, koj yuav sau tag nrho cov npe thiab tawm tsuas yog ib qho chaw nyob IP hauv nws. Yog tias koj nkag mus rau qhov hais kom ua zmprov mcf +zimbraHttpThrottleSafeIPs 127.0.0.1, tus IP chaw nyob uas koj nkag mus yuav muab ntxiv rau hauv daim ntawv teev npe dawb. Ib yam li ntawd, siv tus lej rho tawm, koj tuaj yeem tshem tawm ib qho IP ntawm daim ntawv tso cai.
Thov nco ntsoov tias DoSfilter tuaj yeem tsim ntau yam teeb meem thaum siv Zextras Suite Pro txuas ntxiv. Txhawm rau zam lawv, peb pom zoo kom nce tus naj npawb ntawm kev sib txuas ib txhij los ntawm 30 txog 100 siv cov lus txib zmprov mcf zimbraHttpDosFilterMaxRequestsPerSec 100. Tsis tas li ntawd, peb pom zoo kom ntxiv cov lag luam sab hauv network rau cov npe uas tau tso cai. Qhov no tuaj yeem ua tiav siv cov lus txib zmprov mcf +zimbraHttpThrottleSafeIPs 192.168.0.0/24. Tom qab ua ib qho kev hloov pauv rau DoSfilter, nco ntsoov rov pib koj lub mail server siv cov lus txib zmmailboxdctl rov pib dua.
Lub ntsiab qhov tsis zoo ntawm DoSfilter yog tias nws ua haujlwm ntawm qib kev thov thiab yog li tsuas yog tuaj yeem txwv lub peev xwm ntawm cov neeg tawm tsam kom ua tiav ntau yam kev ua ntawm tus neeg rau zaub mov, tsis txwv lub peev xwm txuas mus rau sab qaum teb. Vim li no, kev thov xa mus rau server rau kev lees paub lossis xa ntawv, txawm hais tias lawv yuav pom tseeb tsis ua tiav, tseem yuav sawv cev rau qhov qub DoS nres, uas tsis tuaj yeem nres ntawm qib siab.
Txhawm rau kom ruaj ntseg tag nrho koj cov neeg rau zaub mov nrog Zimbra OSE, koj tuaj yeem siv cov kev daws teeb meem xws li Fail2ban, uas yog lub hauv paus uas tuaj yeem saib xyuas cov ntaub ntawv kaw lus txuas ntxiv rau kev ua rov ua dua thiab thaiv cov neeg tawm tsam los ntawm kev hloov pauv ntawm firewall. Thaiv nyob rau theem qis no tso cai rau koj los lov tes taw cov neeg tawm tsam txoj cai ntawm theem ntawm IP txuas rau lub server. Yog li, Fail2Ban tuaj yeem ua tiav cov kev tiv thaiv tsim siv DoSfilter. Cia peb kawm seb koj tuaj yeem txuas Fail2Ban nrog Zimbra OSE li cas thiab ua kom muaj kev ruaj ntseg ntawm koj lub lag luam IT infrastructure.
Zoo li lwm daim ntawv thov kev lag luam hauv chav kawm, Zimbra Collaboration Suite Open-Source Edition khaws cov ntaub ntawv ntxaws ntxaws ntawm nws txoj haujlwm. Feem ntau ntawm lawv yog khaws cia rau hauv cov ntawv tais ceev tseg /opt/zimbra/log/ nyob rau hauv daim ntawv ntawm cov ntaub ntawv. Nov yog qee qhov ntawm lawv:
- mailbox.log β Jetty mail service cav
- audit.log - authentication cav
- clamd.log - cov ntaub ntawv ua haujlwm tiv thaiv kab mob
- freshclam.log - antivirus hloov tshiab cav
- convertd.log β Symptoms converter cav
- zimbrastats.csv - server kev ua haujlwm cav
Zimbra cav kuj tuaj yeem pom hauv cov ntaub ntawv /var/log/zimbra.log, qhov twg cov cav ntawm Postfix thiab Zimbra nws tus kheej raug khaws cia.
Txhawm rau tiv thaiv peb lub cev los ntawm brute quab yuam, peb yuav saib xyuas mailbox.log, audit.log ΠΈ zimbra.log.
Txhawm rau kom txhua yam ua haujlwm, nws yog qhov tsim nyog uas Fail2Ban thiab iptables tau teeb tsa ntawm koj lub server nrog Zimbra OSE. Yog tias koj siv Ubuntu, koj tuaj yeem ua qhov no siv cov lus txib dpkg -s fail2ban, yog tias koj siv CentOS, koj tuaj yeem tshawb xyuas qhov no siv cov lus txib yum npe ntsia fail2ban. Yog tias koj tsis muaj Fail2Ban ntsia, tom qab ntawd kev txhim kho nws yuav tsis muaj teeb meem, txij li cov pob no muaj nyob hauv yuav luag txhua qhov chaw khaws khoom.
Thaum tag nrho cov software tsim nyog tau teeb tsa, koj tuaj yeem pib teeb tsa Fail2Ban. Txhawm rau ua qhov no koj yuav tsum tsim cov ntaub ntawv teeb tsa /etc/fail2ban/filter.d/zimbra.conf, nyob rau hauv uas peb yuav sau cov kab lus tsis tu ncua rau Zimbra OSE cav uas yuav phim cov kev nkag mus tsis raug thiab ua rau Fail2Ban mechanisms. Ntawm no yog ib qho piv txwv ntawm cov ntsiab lus ntawm zimbra.conf nrog cov kab lus tsis tu ncua coj mus rau ntau yam yuam kev uas Zimbra OSE cuam tshuam thaum qhov kev sim ua pov thawj tsis ua tiav:
# Fail2Ban configuration file
[Definition]
failregex = [ip=<HOST>;] account - authentication failed for .* (no such account)$
[ip=<HOST>;] security - cmd=Auth; .* error=authentication failed for .*, invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=soap; error=authentication failed for .* invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=imap; error=authentication failed for .* invalid password;$
[oip=<HOST>;.* SoapEngine - handler exception: authentication failed for .*, account not found$
WARN .*;ip=<HOST>;ua=ZimbraWebClient .* security - cmd=AdminAuth; .* error=authentication failed for .*;$
ignoreregex =Thaum cov lus qhia tsis tu ncua rau Zimbra OSE tau muab tso ua ke, nws yog lub sijhawm los pib kho qhov teeb tsa ntawm Fail2ban nws tus kheej. Cov kev teeb tsa ntawm qhov kev siv hluav taws xob no nyob hauv cov ntaub ntawv /etc/fail2ban/jail.conf. Tsuas yog nyob rau hauv rooj plaub, cia peb ua ib daim ntawv luam ntawm nws siv cov lus txib cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak. Tom qab ntawd, peb yuav txo cov ntaub ntawv no mus rau kwv yees li hauv qab no:
# Fail2Ban configuration file
[DEFAULT]
ignoreip = 192.168.0.1/24
bantime = 600
findtime = 600
maxretry = 5
backend = auto
[ssh-iptables]
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, [email protected], [email protected]]
logpath = /var/log/messages
maxretry = 5
[sasl-iptables]
enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, [email protected]]
logpath = /var/log/zimbra.log
[ssh-tcpwrapper]
enabled = false
filter = sshd
action = hostsdeny
sendmail-whois[name=SSH, dest=support@ company.ru]
ignoreregex = for myuser from
logpath = /var/log/messages
[zimbra-account]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-account]
sendmail[name=zimbra-account, [email protected] ]
logpath = /opt/zimbra/log/mailbox.log
bantime = 600
maxretry = 5
[zimbra-audit]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-audit]
sendmail[name=Zimbra-audit, [email protected]]
logpath = /opt/zimbra/log/audit.log
bantime = 600
maxretry = 5
[zimbra-recipient]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-recipient]
sendmail[name=Zimbra-recipient, [email protected]]
logpath = /var/log/zimbra.log
bantime = 172800
maxretry = 5
[postfix]
enabled = true
filter = postfix
action = iptables-multiport[name=postfix, port=smtp, protocol=tcp]
sendmail-buffered[name=Postfix, [email protected]]
logpath = /var/log/zimbra.log
bantime = -1
maxretry = 5Txawm hais tias qhov piv txwv no yog qhov dav dav, nws tseem tsim nyog piav qhia qee qhov tsis zoo uas koj yuav xav hloov thaum teeb tsa Fail2Ban koj tus kheej:
- Tsis quav ntsej - siv qhov ntsuas no koj tuaj yeem qhia meej ib qho ip lossis subnet uas Fail2Ban yuav tsum tsis txhob txheeb xyuas qhov chaw nyob. Raws li txoj cai, lub network sab hauv ntawm lub tuam txhab thiab lwm qhov chaw nyob uas ntseeg siab tau ntxiv rau cov npe ntawm cov tsis quav ntsej.
- Bantime - Lub sijhawm uas tus neeg ua txhaum cai yuav raug txwv. Ntsuas hauv vib nas this. Tus nqi ntawm -1 txhais tau hais tias txwv tsis pub mus tas li.
- Maxretry - Tus lej siab tshaj plaws ntawm lub sijhawm ib tus IP chaw tuaj yeem sim nkag mus rau lub server.
- Xa Email - Qhov chaw uas tso cai rau koj xa email ceeb toom thaum Fail2Ban tshwm sim.
- Nrhiav sijhawm - Kev teeb tsa uas tso cai rau koj los teeb tsa lub sijhawm ncua sij hawm tom qab qhov chaw nyob IP tuaj yeem sim nkag mus rau tus neeg rau zaub mov dua tom qab qhov siab tshaj plaws ntawm kev sim ua tsis tau tiav lawm (maxretry parameter)
Tom qab txuag cov ntaub ntawv nrog Fail2Ban nqis, txhua yam uas tseem tshuav yog rov pib siv cov khoom siv no siv cov lus txib service fail2ban restart. Tom qab rov pib dua, lub ntsiab Zimbra cav yuav pib saib xyuas tas li kom ua raws li cov lus qhia tsis tu ncua. Ua tsaug rau qhov no, tus thawj coj yuav tuaj yeem tshem tawm txhua qhov muaj peev xwm ntawm tus neeg tawm tsam tsis yog Zimbra Collaboration Suite Open-Source Edition mailboxes nkaus xwb, tab sis kuj tseem tiv thaiv txhua qhov kev pabcuam uas khiav hauv Zimbra OSE, thiab tseem paub txog txhua qhov kev sim kom tau txais kev tso cai tsis raug cai. .
Rau tag nrho cov lus nug ntsig txog Zextras Suite, koj tuaj yeem tiv tauj Tus Neeg Sawv Cev ntawm Zextras Ekaterina Triandafilidi los ntawm e-mail [email tiv thaiv]
Tau qhov twg los: www.hab.com