Zimbra Collaboration Suite Open-Source Edition ili ndi zida zingapo zamphamvu zowonetsetsa chitetezo chazidziwitso. Mwa iwo - yankho loteteza seva yamakalata kuti isawukidwe ndi botnets, ClamAV - antivayirasi yomwe imatha kuyang'ana mafayilo obwera ndi zilembo za matenda obwera ndi mapulogalamu oyipa, komanso - imodzi mwazosefera zabwino kwambiri za sipamu lero. Komabe, zida izi sizingathe kuteteza Zimbra OSE ku nkhondo zankhanza. Osati zokongola kwambiri, koma zogwira mtima kwambiri, mawu achinsinsi okakamiza mwankhanza pogwiritsa ntchito dikishonale yapadera amadzaza osati ndi mwayi wobera bwino ndi zotsatira zake zonse, komanso ndikupanga katundu wofunikira pa seva, yomwe imayendetsa zonse. kuyesa kosatheka kuthyolako seva ndi Zimbra OSE.
M'malo mwake, mutha kudziteteza ku mphamvu zankhanza pogwiritsa ntchito zida zamtundu wa Zimbra OSE. Makonda achinsinsi achitetezo amakulolani kuti muyike kuchuluka kwa zoyeserera zolephera kulowa mawu achinsinsi, pambuyo pake akaunti yomwe ingasokonezedwe imatsekedwa. Vuto lalikulu ndi njirayi ndikuti pamakhala zochitika zomwe maakaunti a wogwira ntchito m'modzi kapena angapo angatsekedwe chifukwa cha kuukira kwankhanza komwe alibe chochita, ndipo kutsika kwantchito kwa ogwira ntchito kumatha kubweretsa kutayika kwakukulu. kampaniyo. Ndicho chifukwa chake ndibwino kuti musagwiritse ntchito njira iyi yodzitetezera ku mphamvu zankhanza.
Kuti muteteze ku mphamvu yankhanza, chida chapadera chotchedwa DoSFilter ndichoyenerera bwino, chomwe chimamangidwa mu Zimbra OSE ndipo chimatha kuthetseratu kulumikizidwa kwa Zimbra OSE kudzera pa HTTP. Mwa kuyankhula kwina, mfundo yoyendetsera ntchito ya DoSFilter ndi yofanana ndi ndondomeko ya PostScreen, yokha yomwe imagwiritsidwa ntchito pa protocol yosiyana. Poyambirira idapangidwa kuti ichepetse kuchuluka kwa zochita zomwe wogwiritsa ntchito m'modzi angachite, DoSFilter imathanso kupereka chitetezo chankhanza. Kusiyanitsa kwake kwakukulu kuchokera ku chida chomwe chinamangidwa ku Zimbra ndikuti pambuyo poyesa kuyesa kosatheka, sikulepheretsa wogwiritsa ntchitoyo, koma adilesi ya IP yomwe amayesa kangapo kuti alowe mu akaunti inayake. Chifukwa cha izi, woyang'anira dongosolo sangangoteteza ku mphamvu zankhanza, komanso kupewa kutsekereza antchito akampani pongowonjezera maukonde amkati a kampani yake pamndandanda wa ma adilesi odalirika a IP ndi ma subnets.
Ubwino waukulu wa DoSFilter ndikuti kuphatikiza pakuyesera kangapo kuti mulowe muakaunti inayake, pogwiritsa ntchito chida ichi mutha kuletsa omwe akuukira omwe adatenga zidziwitso zawantchito, kenako adalowa muakaunti yake ndikuyamba kutumiza zopempha zambiri. ku seva.
Mutha kusintha DoSFilter pogwiritsa ntchito malamulo awa:
- zimbraHttpDosFilterMaxRequestsPerSec - Pogwiritsa ntchito lamuloli, mutha kukhazikitsa kuchuluka kwa kulumikizana komwe kumaloledwa kwa wogwiritsa m'modzi. Mwachikhazikitso mtengo uwu ndi 30 malumikizidwe.
- zimbraHttpDosFilterDelayMillis - Pogwiritsa ntchito lamuloli, mutha kukhazikitsa kuchedwa kwa ma milliseconds pazolumikizana zomwe zingadutse malire omwe adanenedwa kale. Kuwonjezera pa chiwerengero cha chiwerengero, woyang'anira akhoza kufotokoza 0, kotero kuti palibe kuchedwa konse, ndi -1, kotero kuti maulumikizi onse omwe amadutsa malire omwe atchulidwa amangosokonezedwa. Mtengo wokhazikika ndi -1.
- zimbraHttpThrottleSafeIPs - Pogwiritsa ntchito lamuloli, woyang'anira akhoza kufotokoza ma adilesi a IP odalirika ndi ma subnets omwe sangagwirizane ndi zoletsa zomwe zatchulidwa pamwambapa. Zindikirani kuti mawu a lamuloli amatha kusiyanasiyana malinga ndi zomwe mukufuna. Kotero, mwachitsanzo, polowetsa lamulo zmprov mcf zimbraHttpThrottleSafeIPs 127.0.0.1, mudzalemba mndandanda wonsewo ndikusiya adilesi imodzi yokha ya IP mmenemo. Ngati mulowetsa lamulo zmprov mcf +zimbraHttpThrottleSafeIPs 127.0.0.1, adilesi ya IP yomwe mudayika idzawonjezedwa pamndandanda woyera. Mofananamo, pogwiritsa ntchito chizindikiro chochotsa, mutha kuchotsa IP iliyonse pamndandanda wololedwa.
Chonde dziwani kuti DoSFilter ikhoza kubweretsa zovuta zingapo mukamagwiritsa ntchito zowonjezera za Zextras Suite Pro. Kuti tipewe, timalimbikitsa kuwonjezera kuchuluka kwa maulumikizidwe munthawi yomweyo kuchokera pa 30 mpaka 100 pogwiritsa ntchito lamulo. zmprov mcf zimbraHttpDosFilterMaxRequestsPerSec 100. Kuphatikiza apo, timalimbikitsa kuwonjezera maukonde amkati mwamakampani pamndandanda wa omwe amaloledwa. Izi zitha kuchitika pogwiritsa ntchito lamulo zmprov mcf +zimbraHttpThrottleSafeIPs 192.168.0.0/24. Mukapanga kusintha kulikonse ku DoSFilter, onetsetsani kuti mwayambitsanso seva yanu yamakalata pogwiritsa ntchito lamulo zmmailboxdctl kuyambitsanso.
Choyipa chachikulu cha DoSFilter ndikuti imagwira ntchito pamlingo wogwiritsa ntchito ndipo chifukwa chake imatha kuchepetsa kuthekera kwa omwe akuukira kuchita zinthu zosiyanasiyana pa seva, popanda kuchepetsa kuthekera kolumikizana ndi kumpoto. Chifukwa cha izi, zopempha zotumizidwa kwa seva kuti zitsimikizidwe kapena kutumiza makalata, ngakhale kuti mwachiwonekere zidzalephera, zidzayimilirabe kuukira kwabwino kwa DoS, komwe sikungathe kuimitsidwa pamtunda wotere.
Kuti muteteze kwathunthu seva yanu yamakampani ndi Zimbra OSE, mutha kugwiritsa ntchito yankho monga Fail2ban, lomwe ndi chimango chomwe chimatha kuyang'anira nthawi zonse zipika zamakina kuti zizichitika mobwerezabwereza ndikuletsa wolowererayo posintha zoikamo zowotcha moto. Kutsekereza pamlingo wotsika chotere kumakupatsani mwayi kuti mulepheretse omwe akuwukirani pamlingo wolumikizana ndi IP ku seva. Chifukwa chake, Fail2Ban imatha kukwaniritsa bwino chitetezo chomangidwa pogwiritsa ntchito DoSFilter. Tiyeni tiwone momwe mungalumikizire Fail2Ban ndi Zimbra OSE ndikuwonjezera chitetezo chamakampani anu a IT.
Monga ntchito ina iliyonse yamabizinesi, Zimbra Collaboration Suite Open-Source Edition imasunga zipika zatsatanetsatane zantchito yake. Ambiri aiwo amasungidwa mufoda /opt/zimbra/log/ mu mawonekedwe a mafayilo. Nazi zochepa chabe mwa izo:
- mailbox.log - Zipika zamakalata a Jetty
- audit.log - zolemba zotsimikizira
- clamd.log - zolemba za antivayirasi
- freshclam.log - zolemba zosintha za antivayirasi
- convertd.log - zolemba zosinthira zolumikizira
- zimbrastats.csv - zolemba za seva
Zolemba za Zimbra zitha kupezekanso mufayilo /var/log/zimbra.log, kumene mitengo ya Postfix ndi Zimbra yokha imasungidwa.
Kuti titeteze dongosolo lathu ku mphamvu zankhanza, tidzayang'anira mailbox.log, audit.log ΠΈ zimbra.log.
Kuti chilichonse chigwire ntchito, ndikofunikira kuti Fail2Ban ndi ma iptables ayikidwe pa seva yanu ndi Zimbra OSE. Ngati mukugwiritsa ntchito Ubuntu, mutha kuchita izi pogwiritsa ntchito malamulo dpkg -s fail2ban, ngati mugwiritsa ntchito CentOS, mutha kuyang'ana izi pogwiritsa ntchito malamulo yum list anaika fail2ban. Ngati mulibe Fail2Ban yoyika, ndiye kuti kuyiyika sikukhala vuto, chifukwa phukusili likupezeka pafupifupi m'malo onse osungira.
Mapulogalamu onse ofunikira akakhazikitsidwa, mutha kuyamba kukhazikitsa Fail2Ban. Kuti muchite izi muyenera kupanga fayilo yosintha /etc/fail2ban/filter.d/zimbra.conf, momwe tidzalembera mawu okhazikika a zipika za Zimbra OSE zomwe zingafanane ndi kuyesa kolakwika kolowera ndikuyambitsa njira za Fail2Ban. Nachi chitsanzo cha zomwe zili mu zimbra.conf yokhala ndi mawu okhazikika omwe amagwirizana ndi zolakwika zosiyanasiyana zomwe Zimbra OSE imaponya ngati kuyesa kutsimikizira sikulephera:
# Fail2Ban configuration file
[Definition]
failregex = [ip=<HOST>;] account - authentication failed for .* (no such account)$
[ip=<HOST>;] security - cmd=Auth; .* error=authentication failed for .*, invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=soap; error=authentication failed for .* invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=imap; error=authentication failed for .* invalid password;$
[oip=<HOST>;.* SoapEngine - handler exception: authentication failed for .*, account not found$
WARN .*;ip=<HOST>;ua=ZimbraWebClient .* security - cmd=AdminAuth; .* error=authentication failed for .*;$
ignoreregex =Mawu anthawi zonse a Zimbra OSE atapangidwa, ndi nthawi yoti muyambe kusintha masinthidwe a Fail2ban palokha. Zokonda za chida ichi zili mufayilo /etc/fail2ban/jail.conf. Zikatero, tiyeni tipange zosunga zobwezeretsera zake pogwiritsa ntchito lamulo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak. Pambuyo pake, tidzachepetsa fayiloyi kukhala pafupifupi mawonekedwe awa:
# Fail2Ban configuration file
[DEFAULT]
ignoreip = 192.168.0.1/24
bantime = 600
findtime = 600
maxretry = 5
backend = auto
[ssh-iptables]
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, [email protected], [email protected]]
logpath = /var/log/messages
maxretry = 5
[sasl-iptables]
enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, [email protected]]
logpath = /var/log/zimbra.log
[ssh-tcpwrapper]
enabled = false
filter = sshd
action = hostsdeny
sendmail-whois[name=SSH, dest=support@ company.ru]
ignoreregex = for myuser from
logpath = /var/log/messages
[zimbra-account]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-account]
sendmail[name=zimbra-account, [email protected] ]
logpath = /opt/zimbra/log/mailbox.log
bantime = 600
maxretry = 5
[zimbra-audit]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-audit]
sendmail[name=Zimbra-audit, [email protected]]
logpath = /opt/zimbra/log/audit.log
bantime = 600
maxretry = 5
[zimbra-recipient]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-recipient]
sendmail[name=Zimbra-recipient, [email protected]]
logpath = /var/log/zimbra.log
bantime = 172800
maxretry = 5
[postfix]
enabled = true
filter = postfix
action = iptables-multiport[name=postfix, port=smtp, protocol=tcp]
sendmail-buffered[name=Postfix, [email protected]]
logpath = /var/log/zimbra.log
bantime = -1
maxretry = 5Ngakhale chitsanzochi ndi chachilendo, ndikofunikira kufotokozera magawo ena omwe mungafune kusintha mukakhazikitsa Fail2Ban nokha:
- Ignoreip - pogwiritsa ntchito gawoli mutha kutchula ip kapena subnet yeniyeni yomwe Fail2Ban sayenera kuyang'ana ma adilesi. Monga lamulo, maukonde amkati abizinesi ndi ma adilesi ena odalirika amawonjezedwa pamndandanda wa omwe anyalanyazidwa.
- Bantime - Nthawi yomwe wolakwayo adzaletsedwa. Kuyesedwa mumasekondi. Mtengo wa -1 umatanthauza kuletsedwa kosatha.
- Maxretry - Kuchuluka kwa nthawi yomwe adilesi ya IP ingayesere kupeza seva.
- Tumizani Sendmail - Kukonzekera komwe kumakupatsani mwayi wotumiza zidziwitso za imelo mukangoyambitsa Fail2Ban.
- Findtime - Kukonzekera komwe kumakupatsani mwayi wokhazikitsa nthawi yomwe adilesi ya IP ingayesetsenso kupezanso seva pambuyo poti kuchuluka kwa zoyesayesa zomwe sizinachitike zatha (maxretry parameter)
Mukasunga fayiloyo ndi zoikamo za Fail2Ban, chomwe chatsala ndikuyambitsanso izi pogwiritsa ntchito lamulo service fail2ban kuyambanso. Pambuyo poyambitsanso, zipika zazikulu za Zimbra zidzayamba kuyang'aniridwa nthawi zonse kuti zitsatire mawu okhazikika. Chifukwa cha izi, woyang'anira azitha kuthetseratu kuthekera kulikonse kwa wowukira kulowa m'mabokosi a makalata a Zimbra Collaboration Suite Open-Source Edition, komanso kuteteza mautumiki onse omwe akuyenda mkati mwa Zimbra OSE, komanso dziwani zoyesayesa zilizonse zopezera mwayi wosaloledwa. .
Pamafunso onse okhudzana ndi Zextras Suite, mutha kulumikizana ndi Woimira Zextras Ekaterina Triandafilidi ndi imelo. [imelo ndiotetezedwa]
Source: www.habr.com