Zimbra Collaboration Suite Open-Source Edition nwere ọtụtụ ngwaọrụ dị ike iji hụ na nchekwa ozi. N'etiti ha - ihe ngwọta maka ichedo ihe nkesa ozi site na mwakpo sitere na botnets, ClamAV - antivirus nke nwere ike nyochaa faịlụ na akwụkwọ ozi na-abata maka ọrịa na mmemme ọjọọ, yana - otu n'ime ihe nzacha spam kacha mma taa. Agbanyeghị, ngwaọrụ ndị a enweghị ike ichekwa Zimbra OSE site na mwakpo ike jọgburu onwe ya. Ọ bụghị ndị kasị mara, ma ka nnọọ irè, brute-amanye okwuntughe na-eji a pụrụ iche akwụkwọ ọkọwa okwu bụ fraught bụghị nanị na nke nwere ike ịga nke ọma hacking na niile ensuing pụta, kamakwa na-eke nke a ịrịba ibu na ihe nkesa, nke Filiks niile. Mgbalị iji Zimbra OSE mbanye anataghị ikike nkesa nke ọma.
N'ụkpụrụ, ị nwere ike ichekwa onwe gị pụọ n'ike ike n'iji ngwaọrụ Zimbra OSE ọkọlọtọ. Ntọala amụma nchekwa okwuntughe na-enye gị ohere ịtọ ọnụọgụ nke mbọ ntinye okwuntughe na-enweghi nke ọma, emesịa egbochiri akaụntụ ahụ enwere ike ibuso ya. Isi nsogbu na ụzọ a bụ na ọnọdụ na-ebilite nke nwere ike igbochi akaụntụ nke otu ma ọ bụ karịa ndị ọrụ n'ihi mwakpo ike nke ha na-enweghị ihe ọ bụla ha ga-eme, na oge nkwụsị ọrụ nke ndị ọrụ nwere ike iweta nnukwu mfu. ụlọ ọrụ ahụ. Ọ bụ ya mere na ọ kacha mma ka ị ghara iji nhọrọ a nke nchebe megide ike ọjọọ.
Iji chebe megide ike ọjọọ, ngwá ọrụ pụrụ iche a na-akpọ DoSFilter dabara nke ọma, nke arụnyere na Zimbra OSE ma nwee ike ịkwụsị njikọ Zimbra OSE ozugbo site na HTTP. N'ikwu ya n'ụzọ ọzọ, ụkpụrụ arụ ọrụ nke DoSFilter yiri ụkpụrụ ọrụ nke PostScreen, naanị a na-eji ya maka usoro dị iche. Emebere nke mbụ iji belata ọnụ ọgụgụ omume otu onye ọrụ nwere ike ime, DoSFilter nwekwara ike inye nchebe ike dị nro. Isi ihe dị iche na ngwa arụnyere n'ime Zimbra bụ na mgbe ọnụọgụ ụfọdụ nke mbọ emeghị nke ọma, ọ naghị egbochi onye ọrụ n'onwe ya, mana adreesị IP nke a na-eme ọtụtụ mbọ ịbanye n'otu akaụntụ. N'ihi nke a, onye na-ahụ maka sistemụ nwere ike ọ bụghị naanị ichebe megide ike ọjọọ, kamakwa zere igbochi ndị ọrụ ụlọ ọrụ site na ịgbakwunye netwọkụ nke ụlọ ọrụ ya na listi adreesị IP na subnets tụkwasịrị obi.
Nnukwu uru nke DoSFilter bụ na na mgbakwunye na ọtụtụ mbọ iji banye n'otu akaụntụ, site na iji ngwá ọrụ a, ị nwere ike igbochi ndị mwakpo ahụ weghaara data njirimara onye ọrụ, wee banye na akaụntụ ya nke ọma wee malite izipu ọtụtụ narị arịrịọ. na ihe nkesa.
Ị nwere ike hazie DoSFilter site na iji iwu njikwa ndị a:
- zimbraHttpDosFilterMaxRequestsPerSec - N'iji iwu a, ị nwere ike ịtọ ọnụọgụ njikọ kacha ekwe maka otu onye ọrụ. Site na ndabara uru a bụ njikọ 30.
- zimbraHttpDosFilterDelayMillis - Iji iwu a, ị nwere ike ịtọ oge na milliseconds maka njikọ ga-agafe oke nke iwu gara aga akọwapụtara. Na mgbakwunye na ụkpụrụ integer, onye nchịkwa nwere ike ịkọwapụta 0, ka ọ ghara igbu oge, na -1, nke mere na njikọ niile gafere oke a kapịrị ọnụ na-akwụsịtụ. Uru ndabara bụ -1.
- zimbraHttpThrottleSafeIPs - Iji nke a iwu, onye nchịkwa nwere ike ezipụta ntụkwasị obi adreesị IP na subnets na-agaghị n'okpuru mmachi e depụtara n'elu. Rịba ama na syntax nke iwu a nwere ike ịdị iche dabere na nsonaazụ achọrọ. Yabụ, dịka ọmụmaatụ, site na itinye iwu zmprov mcf zimbraHttpThrottleSafeIPs 127.0.0.1, ị ga-edegharị ndepụta ahụ kpamkpam wee hapụ naanị otu adreesị IP n'ime ya. Ọ bụrụ na itinye iwu zmprov mcf +zimbraHttpThrottleSafeIPs 127.0.0.1, a ga-atụkwasị adreesị IP ị banyere na listi ọcha. N'otu aka ahụ, iji akara mwepu, ị nwere ike wepu IP ọ bụla na ndetu ekwere.
Biko mara na DoSFilter nwere ike ịmepụta ọtụtụ nsogbu mgbe ị na-eji ndọtị Zextras Suite Pro. Iji zere ha, anyị na-akwado ịbawanye ọnụ ọgụgụ nke njikọ n'otu oge site na 30 ruo 100 site na iji iwu ahụ. zmprov mcf zimbraHttpDosFilterMaxArịrịọPerSec 100. Na mgbakwunye, anyị na-akwado ịgbakwunye netwọk ime ụlọ ọrụ na ndepụta nke ndị anabatara. Enwere ike ime nke a site na iji iwu zmprov mcf +zimbraHttpThrottleSafeIPs 192.168.0.0/24. Mgbe ịmechara mgbanwe ọ bụla na DoSFilter, jide n'aka na ịmalitegharịa ihe nkesa ozi gị site na iji iwu ahụ zmmailboxdctl malitegharịa.
Ihe ọghọm dị na DoSFilter bụ na ọ na-arụ ọrụ na ọkwa ngwa na ya mere ọ nwere ike igbochi ikike nke ndị na-awakpo ime ihe dị iche iche na ihe nkesa, na-enweghị njedebe ikike iji jikọọ na ugwu. N'ihi nke a, arịrịọ ezigara na ihe nkesa maka nyocha ma ọ bụ izipu akwụkwọ ozi, ọ bụ ezie na ha ga-adaba n'ụzọ doro anya, ka ga-anọchi anya ọgụ DoS ochie dị mma, nke a na-apụghị ịkwụsị na ọkwa dị elu.
Iji chekwaa nkesa ụlọ ọrụ gị kpamkpam na Zimbra OSE, ị nwere ike iji ngwọta dị ka Fail2ban, nke bụ usoro nke nwere ike nyochaa ndekọ sistemụ ozi mgbe niile maka omume ugboro ugboro wee gbochie onye mbubata site na ịgbanwe ntọala firewall. Mgbochi na ọkwa dị ala dị otú ahụ na-enye gị ohere gbanyụọ ndị na-awakpo ozugbo na ọkwa njikọ IP na ihe nkesa ahụ. Ya mere, Fail2Ban nwere ike imeju nchekwa nke ejiri DoSFilter rụọ nke ọma. Ka anyị chọpụta ka ị ga-esi jikọọ Fail2Ban na Zimbra OSE wee si otú a kwalite nchekwa akụrụngwa IT nke ụlọ ọrụ gị.
Dịka ngwa klaasị ọ bụla ọzọ, Zimbra Collaboration Suite Open-Source Edition na-edobe ndekọ zuru ezu nke ọrụ ya. A na-echekwa ọtụtụ n'ime ha na nchekwa /opt/zimbra/log/ n'ụdị faịlụ. Nke a bụ naanị ole na ole n'ime ha:
- mailbox.log — Ndekọ ọrụ ozi Jetty
- audit.log - ndekọ nyocha
- clamd.log - ndekọ ọrụ antivirus
- freshclam.log - ndekọ mmelite antivirus
- convertd.log - ndekọ ihe ntụgharị ihe mgbakwunye
- zimbrastats.csv - ndekọ arụmọrụ nkesa
Enwere ike ịhụ ndekọ Zimbra na faịlụ ahụ /var/log/zimbra.log, ebe a na-edebe ndekọ nke Postfix na Zimbra n'onwe ya.
Iji chebe sistemu anyị pụọ na ike ọjọọ, anyị ga-enyocha mailbox.log, nyochaa.log и zimbra.log.
Ka ihe niile wee rụọ ọrụ, ọ dị mkpa na Zimbra OSE arụnyere Fail2Ban na iptables na sava gị. Ọ bụrụ na ị na-eji Ubuntu, ị nwere ike ime nke a site na iji iwu dpkg -s fail2ban, ọ bụrụ na ị na-eji CentOS, ị nwere ike ịlele nke a site na iji iwu yum ndepụta arụnyere fail2ban. Ọ bụrụ na ị nweghị Fail2Ban arụnyere, mgbe ahụ ịwụnye ya agaghị abụ nsogbu, ebe ọ bụ na ngwugwu a dị n'ihe fọrọ nke nta ka ọ bụrụ ebe nchekwa ọkọlọtọ niile.
Ozugbo arụnyere ngwanrọ niile dị mkpa, ị nwere ike ịmalite ịtọlite Fail2Ban. Iji mee nke a, ịkwesịrị ịmepụta faịlụ nhazi /etc/fail2ban/filter.d/zimbra.conf, nke anyị ga-ede okwu oge niile maka ndekọ Zimbra OSE nke ga-adakọ na mbọ nbanye na-ezighi ezi ma kpalite usoro Fail2Ban. Nke a bụ ọmụmaatụ nke ọdịnaya zimbra.conf nwere usoro okwu oge niile dabara na mperi dị iche iche Zimbra OSE na-atụfu mgbe mbọ nyocha dara:
# Fail2Ban configuration file
[Definition]
failregex = [ip=<HOST>;] account - authentication failed for .* (no such account)$
[ip=<HOST>;] security - cmd=Auth; .* error=authentication failed for .*, invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=soap; error=authentication failed for .* invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=imap; error=authentication failed for .* invalid password;$
[oip=<HOST>;.* SoapEngine - handler exception: authentication failed for .*, account not found$
WARN .*;ip=<HOST>;ua=ZimbraWebClient .* security - cmd=AdminAuth; .* error=authentication failed for .*;$
ignoreregex =Ozugbo achịkọtara okwu oge niile maka Zimbra OSE, oge eruola ịmalite dezi nhazi nke Fail2ban n'onwe ya. Ntọala nke akụrụngwa a dị na faịlụ ahụ /etc/fail2ban/jail.conf. Ọ bụrụ na ọ dị, ka anyị jiri iwu ahụ mee ihe ndabere ya cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak. Mgbe nke ahụ gasịrị, anyị ga-ebelata faịlụ a ka ọ bụrụ ụdị nke a:
# Fail2Ban configuration file
[DEFAULT]
ignoreip = 192.168.0.1/24
bantime = 600
findtime = 600
maxretry = 5
backend = auto
[ssh-iptables]
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, [email protected], [email protected]]
logpath = /var/log/messages
maxretry = 5
[sasl-iptables]
enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, [email protected]]
logpath = /var/log/zimbra.log
[ssh-tcpwrapper]
enabled = false
filter = sshd
action = hostsdeny
sendmail-whois[name=SSH, dest=support@ company.ru]
ignoreregex = for myuser from
logpath = /var/log/messages
[zimbra-account]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-account]
sendmail[name=zimbra-account, [email protected] ]
logpath = /opt/zimbra/log/mailbox.log
bantime = 600
maxretry = 5
[zimbra-audit]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-audit]
sendmail[name=Zimbra-audit, [email protected]]
logpath = /opt/zimbra/log/audit.log
bantime = 600
maxretry = 5
[zimbra-recipient]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-recipient]
sendmail[name=Zimbra-recipient, [email protected]]
logpath = /var/log/zimbra.log
bantime = 172800
maxretry = 5
[postfix]
enabled = true
filter = postfix
action = iptables-multiport[name=postfix, port=smtp, protocol=tcp]
sendmail-buffered[name=Postfix, [email protected]]
logpath = /var/log/zimbra.log
bantime = -1
maxretry = 5Ọ bụ ezie na ihe atụ a bụ nke ukwuu, ọ ka bara uru ịkọwa ụfọdụ n'ime paramita ndị ị nwere ike ịgbanwe mgbe ị na-edozi Fail2Ban n'onwe gị:
- Ileghara anya - Iji nke a oke ị nwere ike ezipụta kpọmkwem ip ma ọ bụ subnet nke Fail2Ban na-ekwesịghị ịlele adreesị. Dị ka a na-achị, netwọk nke ime ụlọ ọrụ na adreesị ndị ọzọ a tụkwasịrị obi na-agbakwunye na ndepụta nke ndị na-eleghara anya.
- Bantime - Oge a ga-amachibido onye mejọrọ iwu. A tụrụ ya na sekọnd. Uru nke -1 pụtara mmachibido iwu na-adịgide adịgide.
- Maxretry - Ọnụ ọgụgụ kachasị nke otu adreesị IP nwere ike ịnwale ịnweta ihe nkesa ahụ.
- Zipu ozi - Ntọala na-enye gị ohere izipu ọkwa email na-akpaghị aka mgbe Fail2Ban kpalitere.
- Oge nchọta - Ntọala nke na-enye gị ohere ịtọ oge etiti oge nke adreesị IP nwere ike ịnwa ịnweta ihe nkesa ọzọ mgbe ike gwụchara ọnụ ọgụgụ kachasị nke mgbalị ndị na-emeghị nke ọma (maxretry parameter)
Mgbe ịchekwaa faịlụ ahụ na ntọala Fail2Ban, naanị ihe fọdụrụ bụ ịmalitegharị akụrụngwa a site na iji iwu ahụ. service fail2ban malitegharịa. Ka ịmalitegharịa, a ga-amalite inyocha ndekọ Zimbra bụ isi mgbe niile maka nnabata na nkwupụta oge niile. N'ihi nke a, onye nchịkwa ga-enwe ike iwepụ ohere ọ bụla nke onye mwakpo ịbanye ọ bụghị naanị igbe ozi Zimbra Collaboration Suite Open-Source Edition, kamakwa chebe ọrụ niile na-agba n'ime Zimbra OSE, ma marakwa maka mbọ ọ bụla iji nweta ohere na-enweghị ikike. .
Maka ajụjụ niile metụtara Zextras Suite, ị nwere ike ịkpọtụrụ Zextras Representative Ekaterina Triandafilidi site na email. [email protected]
isi: www.habr.com