Zimbra Collaboration Suite Open-Source Edition e tele meafaigaluega mamana e faʻamautinoa ai le saogalemu o faʻamatalaga. Faatasi ai ma i latou - o se fofo mo le puipuia o se meli meli mai osofaʻiga mai botnets, ClamAV - o se antivirus e mafai ona suʻesuʻeina faila o loʻo oʻo mai ma tusi mo faʻamaʻi i polokalame leaga, faʻapea foʻi ma - tasi o filiga spam sili ona lelei i aso nei. Ae ui i lea, o nei meafaigaluega e le mafai ona puipuia Zimbra OSE mai osofaʻiga malosi. E le o le sili ona aulelei, ae o loʻo lelei pea, faʻamalosi faʻamalosi upu faʻaoga e faʻaaoga ai se lolomifefiloi faʻapitoa e tumu e le gata i le ono manuia o le hacking ma taunuuga uma e oʻo mai, ae faʻapea foʻi ma le fatuina o se uta taua i luga o le 'auʻaunaga, lea e faʻatautaia uma. taumafaiga le manuia e taʻavale se server ma Zimbra OSE.
I le faʻavae, e mafai ona e puipuia oe lava mai le faʻamalosi malosi e faʻaaoga ai meafaigaluega Zimbra OSE masani. O faiga fa'avae mo le puipuiga o upu fa'aupuga e mafai ai ona e setiina le numera o taumafaiga e le manuia e ulufale i upu fa'aulu, pe a mae'a ona poloka le teugatupe e ono osofa'ia. O le fa'afitauli autu o lenei faiga o le tula'i mai lea o tulaga e ono poloka ai fa'amatalaga a se tasi pe sili atu tagata faigaluega ona o se osofa'iga fa'amalosi e leai se mea latou te faia, ma o le fa'aletonu o le galuega a tagata faigaluega e mafai ona aumaia ai le tele o gau le kamupani. O le mafuaaga lena e sili ai le aua le faʻaogaina lenei filifiliga o le puipuiga mai le malosi faʻamalosi.
Ina ia puipuia mai le malosi malosi, o se meafaigaluega faʻapitoa e taʻua o DoSFilter e sili atu ona fetaui, lea e fausia i totonu o le Zimbra OSE ma e mafai ona faʻamutaina le fesoʻotaʻiga i Zimbra OSE e ala i HTTP. I se isi faaupuga, o le faʻaogaina o le DoSFilter e tutusa ma le faʻaogaina o le PostScreen, naʻo le faʻaaogaina mo se isi faʻasalalauga. Muamua na fuafuaina e faʻatapulaʻa le numera o gaioiga e mafai e se tagata e toʻatasi ona faia, e mafai foi e le DoSFilter ona tuʻuina atu le puipuiga malosi. O lona eseesega autu mai le meafaigaluega na fausia i totonu o Zimbra o le maeʻa lea o se numera o taumafaiga le manuia, e le taofia ai le tagata faʻaoga lava ia, ae o le tuatusi IP lea e faia ai le tele o taumafaiga e ulufale i totonu o se teugatupe faapitoa. Faʻafetai i lenei mea, e le gata e mafai e le pule o le polokalama ona puipuia mai le malosi, ae ia aloese mai le polokaina o tagata faigaluega a le kamupani e ala i le faʻaopoopoina o le fesoʻotaʻiga i totonu o lana kamupani i le lisi o tuatusi IP faatuatuaina ma subnets.
O le aoga tele o le DoSFilter o le faaopoopo atu lea i le tele o taumafaiga e ulufale i totonu o se teugatupe faapitoa, i le faʻaaogaina o lenei mea faigaluega e mafai ona e otometi lava ona poloka na tagata osofaʻi na latou umia faʻamaumauga faʻamaonia a le tagata faigaluega, ona ulufale atu lea ma le manuia i lana teugatupe ma amata auina atu le faitau selau o talosaga. i le server.
E mafai ona e faʻatulagaina le DoSFilter e faʻaaoga ai tulafono faʻamafanafana nei:
- zimbraHttpDosFilterMaxRequestsPerSec - I le faʻaaogaina o lenei faʻatonuga, e mafai ona e setiina le numera maualuga o fesoʻotaʻiga faʻatagaina mo le tasi tagata faʻaoga. O le fa'aletonu o lenei tau e 30 feso'ota'iga.
- zimbraHttpDosFilterDelayMillis - I le faʻaaogaina o lenei poloaiga, e mafai ona e setiina se faʻatuai i milliseconds mo fesoʻotaʻiga e sili atu i le tapulaʻa ua faʻamaonia e le poloaiga muamua. I le faaopoopo atu i tau aofaʻi, e mafai e le pule ona faʻamaonia le 0, ina ia leai se faʻatuai, ma -1, ina ia faʻalavelave uma fesoʻotaʻiga e sili atu i le tapulaa faʻamaonia. Ole tau fa'aletonu ole -1.
- zimbraHttpThrottleSafeIPs - I le faʻaaogaina o lenei faʻatonuga, e mafai e le pule ona faʻamaonia tuatusi IP faʻalagolago ma subnets o le a le noatia i tapulaʻa o loʻo lisiina i luga. Manatua o le syntax o lenei poloaiga e mafai ona fesuisuiaʻi e faʻatatau i le mea e manaʻomia. O lea, mo se faʻataʻitaʻiga, e ala i le ulufale i le poloaiga zmprov mcf zimbraHttpThrottleSafeIPs 127.0.0.1, o le ae toe fa'asolo atoa le lisi atoa ma tu'u ai na'o le tasi le tuatusi IP i totonu. Afai e te ulufale i le poloaiga zmprov mcf +zimbraHttpThrottleSafeIPs 127.0.0.1, o le tuatusi IP na e ulufale i ai o le a faʻaopoopoina i le lisi paʻepaʻe. E fa'apena fo'i, fa'aaoga le fa'ailoga toesea, e mafai ona e aveese so'o se IP mai le lisi fa'atagaina.
Fa'amolemole maitau e mafai e le DoSFilter ona fa'atupu ni fa'afitauli pe a fa'aogaina fa'aopoopoga Zextras Suite Pro. Ina ia aloese mai ia i latou, matou te fautuaina le faateleina o le numera o fesoʻotaʻiga tutusa mai le 30 i le 100 faʻaaoga le poloaiga zmprov mcf zimbraHttpDosFilterMaxRequestsPerSec 100. E le gata i lea, matou te fautuaina le faʻaopoopoina o le atinaʻe i totonu o fesoʻotaiga i le lisi o mea faʻatagaina. E mafai ona faia lenei mea i le faʻaaogaina o le poloaiga zmprov mcf +zimbraHttpThrottleSafeIPs 192.168.0.0/24. A maeʻa ona fai soʻo se suiga ile DoSFilter, ia mautinoa e toe amata lau meli meli e faʻaaoga ai le poloaiga toe amata le zmmailboxdctl.
O le faʻaletonu autu o le DoSFilter o loʻo galue i le tulaga o le talosaga ma o lea e mafai ai ona faʻatapulaʻaina le malosi o tagata osofaʻi e faia ni gaioiga eseese i luga o le 'auʻaunaga, e aunoa ma le faʻatapulaaina o le mafai ona faʻafesoʻotaʻi i matu. Ona o lenei mea, o talosaga na lafoina i le 'auʻaunaga mo le faʻamaonia poʻo le lafoina o tusi, e ui lava o le a mautinoa lava le toilalo, o le a avea pea ma sui o se osofaʻiga tuai a le DoS, lea e le mafai ona taofia i se tulaga maualuga.
Ina ia faʻamautinoa atoatoa lau 'auʻaunaga faʻatasi ma Zimbra OSE, e mafai ona e faʻaogaina se fofo e pei o Fail2ban, o se faʻavae e mafai ona mataʻituina i taimi uma faʻamaumauga o faʻamatalaga mo gaioiga faifaipea ma poloka le tagata faʻalavelave e ala i le suia o faʻamaufaʻailoga afi. O le polokaina i se tulaga maualalo e mafai ai ona e faʻamalo tagata osofaʻi i le tulaga o le fesoʻotaʻiga IP i le server. O le mea lea, e mafai e Fail2Ban ona faʻafetaui lelei le puipuiga na fausia e faʻaaoga ai le DoSFilter. Sei o tatou su'esu'e pe fa'afefea ona e fa'afeso'ota'i Fail2Ban ma le Zimbra OSE ma fa'ateleina ai le saogalemu o au atina'e IT.
E pei o so'o se isi atina'e-vasega talosaga, Zimbra Collaboration Suite Open-Source Edition o lo'o teuina fa'amatalaga auiliili o ana galuega. O le tele o latou o lo'o teuina i totonu o le faila /opt/zimbra/log/ i le tulaga o faila. O nisi nei o latou:
- mailbox.log — Ogalaau o auaunaga meli meli
- audit.log - ogalaau fa'amaonia
- clamd.log - ogalaau o galuega antivirus
- freshclam.log - ogalaau fa'afouga antivirus
- convertd.log - ogalaau liliu fa'apipi'i
- zimbrastats.csv - fa'amaumauga o fa'atinoga a le 'au'aunaga
Zimbra logs e mafai foi ona maua i le faila /var/log/zimbra.log, lea e teu ai ogalaau o Postfix ma Zimbra lava ia.
Ina ia puipuia la matou faiga mai le faʻamalosi, matou te mataʻituina mailbox.log, audit.log и zimbra.log.
Ina ia mafai ona galue mea uma, e tatau ona faʻapipiʻi Fail2Ban ma iptables i lau 'auʻaunaga ma Zimbra OSE. Afai o loʻo e faʻaogaina le Ubuntu, e mafai ona e faia lenei mea e faʻaaoga ai le poloaiga dpkg -s fail2ban, afai e te faʻaogaina CentOS, e mafai ona e siakiina lenei mea e faʻaaoga ai poloaiga yum lisi faʻapipiʻi fail2ban. Afai e te leʻi faʻapipiʻiina Fail2Ban, ona faʻapipiʻi lea e le o se faʻafitauli, talu ai o lenei afifi o loʻo avanoa i le toetoe lava o faleoloa masani.
O le taimi lava e faʻapipiʻi uma ai le polokalama talafeagai, e mafai ona e amata faʻatulagaina Fail2Ban. Ina ia faia lenei mea e te manaʻomia le fatuina o se faila faila /etc/fail2ban/filter.d/zimbra.conf, lea o le a matou tusia ai faʻamatalaga masani mo ogalaau Zimbra OSE o le a fetaui ma taumafaiga faʻaoga sese ma faʻaosoina Fail2Ban masini. O se faʻataʻitaʻiga lea o mea o loʻo i totonu o le zimbra.conf faʻatasi ai ma se seti o faʻamatalaga masani e fetaui ma mea sese eseese e lafo e Zimbra OSE pe a le manuia se taumafaiga faʻamaonia:
# Fail2Ban configuration file
[Definition]
failregex = [ip=<HOST>;] account - authentication failed for .* (no such account)$
[ip=<HOST>;] security - cmd=Auth; .* error=authentication failed for .*, invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=soap; error=authentication failed for .* invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=imap; error=authentication failed for .* invalid password;$
[oip=<HOST>;.* SoapEngine - handler exception: authentication failed for .*, account not found$
WARN .*;ip=<HOST>;ua=ZimbraWebClient .* security - cmd=AdminAuth; .* error=authentication failed for .*;$
ignoreregex =O le taimi lava e tuʻufaʻatasia ai faʻamatalaga masani mo Zimbra OSE, ua oʻo i le taimi e amata faʻasaʻo ai le faʻatulagaina o Fail2ban lava ia. O faʻatulagaga o lenei faʻaoga o loʻo i totonu o le faila /etc/fail2ban/jail.conf. Na'o le tulaga, se'i o tatou faia se kopi faaleoleo e faaaoga ai le poloaiga cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak. A maeʻa lena, o le a matou faʻaititia le faila i le tulaga o loʻo i lalo:
# Fail2Ban configuration file
[DEFAULT]
ignoreip = 192.168.0.1/24
bantime = 600
findtime = 600
maxretry = 5
backend = auto
[ssh-iptables]
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, [email protected], [email protected]]
logpath = /var/log/messages
maxretry = 5
[sasl-iptables]
enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, [email protected]]
logpath = /var/log/zimbra.log
[ssh-tcpwrapper]
enabled = false
filter = sshd
action = hostsdeny
sendmail-whois[name=SSH, dest=support@ company.ru]
ignoreregex = for myuser from
logpath = /var/log/messages
[zimbra-account]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-account]
sendmail[name=zimbra-account, [email protected] ]
logpath = /opt/zimbra/log/mailbox.log
bantime = 600
maxretry = 5
[zimbra-audit]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-audit]
sendmail[name=Zimbra-audit, [email protected]]
logpath = /opt/zimbra/log/audit.log
bantime = 600
maxretry = 5
[zimbra-recipient]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-recipient]
sendmail[name=Zimbra-recipient, [email protected]]
logpath = /var/log/zimbra.log
bantime = 172800
maxretry = 5
[postfix]
enabled = true
filter = postfix
action = iptables-multiport[name=postfix, port=smtp, protocol=tcp]
sendmail-buffered[name=Postfix, [email protected]]
logpath = /var/log/zimbra.log
bantime = -1
maxretry = 5E ui lava o lenei faʻataʻitaʻiga e fai si lautele, e aoga lava le faʻamatalaina o nisi o faʻamaufaʻailoga atonu e te manaʻo e sui pe a faʻatulagaina oe lava ia Fail2Ban:
- Le amanaia - fa'aaoga lenei fa'amaufa'ailoga e mafai ona e fa'ailoa mai ai se ip po'o se subnet e le tatau ai ona siaki e Fail2Ban tuatusi. I le avea ai o se tulafono, o le fesoʻotaʻiga i totonu o le atinaʻe ma isi tuatusi faʻalagolago e faʻaopoopoina i le lisi o mea le amanaiaina.
- Bantime — Le taimi e faasā ai lē ua solitulafono. Fua i sekone. O le tau o le -1 o lona uiga o se tapu tumau.
- Maxretry — Ole numera maualuga ole taimi e tasi le tuatusi IP e mafai ona taumafai e maua le server.
- Lafo meli - O se faʻatulagaga e mafai ai ona e auina atu faʻamatalaga imeli pe a faʻaalia Fail2Ban.
- Su'e taimi - O se faʻatulagaga e mafai ai e oe ona seti le vaeluaga o le taimi e mafai ai e le tuatusi IP ona toe taumafai e toe ulufale i le server pe a maeʻa le numera maualuga o taumafaiga le manuia (maxretry parameter)
A maeʻa ona faʻasaoina le faila i le Fail2Ban faʻatulagaina, pau lava le mea o loʻo totoe o le toe amata lea o le aoga e faʻaaoga ai le poloaiga toe amata le auaunaga fail2ban. A maeʻa le toe amataina, o le a amata ona mataʻituina i taimi uma ia faʻamaumauga autu a Zimbra mo le tausisia o faʻamatalaga masani. Faʻafetai i lenei mea, o le a mafai e le pule ona faʻaumatia soʻo se avanoa e osofaʻia ai e le tagata osofaʻi e le gata o Zimbra Collaboration Suite Open-Source Edition pusameli, ae puipuia foi auaunaga uma o loʻo faʻaogaina i totonu o le Zimbra OSE, ma ia nofouta foi i soʻo se taumafaiga e maua le avanoa e le faʻatagaina. .
Mo fesili uma e fesoʻotaʻi ma Zextras Suite, e mafai ona e faʻafesoʻotaʻi le Sui o Zextras Ekaterina Triandafilidi ile imeli [imeli puipuia]
puna: www.habr.com