Zimbra Collaboration Suite Open-Source Edition e na le lisebelisoa tse 'maloa tse matla ho netefatsa ts'ireletso ea tlhahisoleseling. Har'a bona - tharollo bakeng sa ho sireletsa seva sa poso litlhaselong tsa botnets, ClamAV - antivirus e ka hlahlobang lifaele tse kenang le mangolo bakeng sa tšoaetso ea mananeo a kotsi, hammoho le - e 'ngoe ea li-filters tse ntle ka ho fetisisa tsa spam kajeno. Leha ho le joalo, lisebelisoa tsena ha li khone ho sireletsa Zimbra OSE litlhaselong tse sehlōhō. Ha se li-passwords tse ntle ka ho fetesisa, empa tse ntseng li sebetsa ka mokhoa o sehlōhō, tse sebelisang dikishinari e khethehileng, ha li tletse feela monyetla oa ho qhekella ka katleho le litlamorao tsohle tse latelang, empa hape le ka ho theha mojaro o moholo ho seva, e sebetsanang le tsohle. liteko tse sa atleheng tsa ho senya seva ka Zimbra OSE.
Ha e le hantle, u ka itšireletsa ho matla a sehlōhō u sebelisa lisebelisoa tse tloaelehileng tsa Zimbra OSE. Litlhophiso tsa leano la ts'ireletso ea password li u lumella ho beha palo ea liteko tse sa atleheng tsa ho kenya password, ka mor'a moo akhaonto e ka 'nang ea hlaseloa e koetsoe. Bothata bo ka sehloohong ba mokhoa ona ke hore maemo a hlaha moo litlaleho tsa mohiruoa a le mong kapa ho feta li ka thibeloang ka lebaka la tlhaselo e sehlōhō eo ba se nang letho ho eona, 'me ho fokotseha ho bakoang ke mosebetsi oa basebetsi ho ka tlisa tahlehelo e kholo. khamphani. Ke ka lebaka leo ho leng molemo hore u se ke ua sebelisa khetho ena ea tšireletso khahlanong le matla a sehlōhō.
Ho itšireletsa khahlanong le matla a sehlōhō, sesebelisoa se khethehileng se bitsoang DoSFilter se loketse hantle, se hahelletsoeng ka har'a Zimbra OSE mme se ka emisa ka bohona ho hokela Zimbra OSE ka HTTP. Ka mantsoe a mang, molao-motheo oa ts'ebetso oa DoSFilter o tšoana le molao-motheo oa ts'ebetso oa PostScreen, feela o sebelisetsoa protocol e fapaneng. Qalong e etselitsoe ho fokotsa palo ea liketso tseo mosebedisi a le mong a ka li etsang, DoSFilter e ka boela ea fana ka tšireletso ea matla a sehlōhō. Phapang ea eona e ka sehloohong ho tloha sesebelisoa se hahiloeng ho Zimbra ke hore ka mor'a palo e itseng ea boiteko bo sa atleheng, ha e thibele mosebedisi ka boeena, empa aterese ea IP eo ho etsoang boiteko bo bongata ba ho kena ka akhaonto e itseng. Ka lebaka la sena, mookameli oa tsamaiso a ke ke a sireletsa feela khahlanong le matla a sehlōhō, empa hape a qoba ho thibela basebetsi ba khampani ka ho eketsa marang-rang a ka hare a k'hamphani ea hae lethathamong la liaterese tsa IP tse tšepahalang le li-subnets.
Monyetla o moholo oa DoSFilter ke hore ntle le liteko tse ngata tsa ho kena akhaonteng e itseng, u sebelisa sesebelisoa sena u ka thibela bahlaseli ba nkileng data ea netefatso ea mohiruoa, mme ba kena ka katleho akhaonteng ea hae mme ba qala ho romella likopo tse makholo. ho seva.
U ka lokisa DoSFilter u sebelisa litaelo tse latelang tsa console:
- zimbraHttpDosFilterMaxRequestsPerSec - U sebelisa taelo ena, u ka beha palo e kholo ea likhokahano tse lumelletsoeng mosebelisi a le mong. Ka tloaelo boleng bona ke likhokahano tse 30.
- zimbraHttpDosFilterDelayMillis - U sebelisa taelo ena, u ka beha tieho ho milliseconds bakeng sa likhokahano tse tla feta moeli o boletsoeng ke taelo e fetileng. Ho phaella ho litekanyetso tse feletseng, mookameli a ka hlalosa 0, e le hore ho se ke ha e-ba le tieho ho hang, le -1, e le hore likhokahano tsohle tse fetang moeli o boletsoeng li sitisoe feela. Boleng ba kamehla ke -1.
- zimbraHttpThrottleSafeIPs - A sebelisa taelo ena, mookameli a ka bolela liaterese tsa IP tse tšepahalang le li-subnet tse ke keng tsa ba tlas'a lithibelo tse thathamisitsoeng ka holimo. Hlokomela hore syntax ea taelo ena e ka fapana ho latela sephetho se lakatsehang. Kahoo, ho etsa mohlala, ka ho kenya taelo zmprov mcf zimbraHttpThrottleSafeIPs 127.0.0.1, o tla ngola lethathamo lohle ka botlalo mme o siee aterese e le 'ngoe feela ea IP ho eona. Haeba o kenya taelo zmprov mcf +zimbraHttpThrottleSafeIPs 127.0.0.1, aterese ea IP eo u e kentseng e tla kenngoa lethathamong le lesoeu. Ka mokhoa o ts'oanang, ka ho sebelisa lets'oao la ho tlosa, o ka tlosa IP efe kapa efe lethathamong le lumelletsoeng.
Ka kopo hlokomela hore DoSFilter e ka baka mathata a 'maloa ha u sebelisa lisebelisoa tsa Zextras Suite Pro. E le ho li qoba, re khothaletsa ho eketsa palo ea likhokahano tse ts'oanang ka nako e le 'ngoe ho tloha ho 30 ho isa ho 100 u sebelisa taelo. zmprov mcf zimbraHttpDosFilterMaxRequestsPerSec 100. Ntle le moo, re khothaletsa ho kenyelletsa marang-rang a kahare a khoebo lethathamong la ba lumelletsoeng. Sena se ka etsoa ho sebelisa taelo zmprov mcf +zimbraHttpThrottleSafeIPs 192.168.0.0/24. Ka mor'a ho etsa liphetoho leha e le life ho DoSFilter, etsa bonnete ba hore u qala seva sa hau sa poso hape u sebelisa taelo zmmailboxdctl qala hape.
Bothata bo ka sehloohong ba DoSFilter ke hore e sebetsa boemong ba kopo mme ka hona e ka fokotsa bokhoni ba bahlaseli ho etsa liketso tse sa tšoaneng ho seva, ntle le ho fokotsa bokhoni ba ho hokahanya le leboea. Ka lebaka la sena, likōpo tse rometsoeng ho seva bakeng sa ho netefatsa kapa ho romela mangolo, le hoja ho hlakile hore li tla hlōleha, li ntse li tla emela tlhaselo e ntle ea khale ea DoS, e ke keng ea emisoa boemong bo phahameng joalo.
E le hore u sireletse ka ho feletseng seva sa hau sa khoebo ka Zimbra OSE, u ka sebelisa tharollo e kang Fail2ban, e leng moralo o ka lulang o lekola li-log tsa tsamaiso ea tlhahisoleseding bakeng sa liketso tse pheta-phetoang le ho thibela mohatelli ka ho fetola litlhophiso tsa firewall. Ho thibela boemong bo tlaase joalo ho u lumella ho thibela bahlaseli hantle sethaleng sa khokahanyo ea IP ho seva. Kahoo, Fail2Ban e ka tlatsana hantle le ts'ireletso e hahiloeng ho sebelisoa DoSFilter. Ha re fumane hore na u ka hokahanya Fail2Ban joang le Zimbra OSE 'me ka hona u eketse ts'ireletso ea lisebelisoa tsa IT tsa khoebo ea hau.
Joalo ka ts'ebeliso efe kapa efe ea maemo a khoebo, Zimbra Collaboration Suite Open-Source Edition e boloka lintlha tse qaqileng tsa mosebetsi oa eona. Tse ngata tsa tsona li bolokiloe foldareng /opt/zimbra/log/ ka mokhoa oa lifaele. Tse seng kae feela tsa tsona ke tsena:
- mailbox.log - Li-log tsa tšebeletso ea poso ea Jetty
- audit.log - lintlha tsa netefatso
- clamd.log - lits'ebetso tsa ts'ebetso ea antivirus
- freshclam.log - li-logs tsa ntlafatso ea antivirus
- convertd.log - li-log tsa converter ea sephutheloana
- zimbrastats.csv - lintlha tsa ts'ebetso ea seva
Li-logs tsa Zimbra le tsona li ka fumaneha faeleng /var/log/zimbra.log, moo ho bolokoang lifate tsa Postfix le Zimbra ka boeona.
E le ho sireletsa tsamaiso ea rona ho matla a sehlōhō, re tla beha leihlo mailbox.log, tlaleho.log и zimbra.log.
E le hore ntho e 'ngoe le e' ngoe e sebetse, hoa hlokahala hore Fail2Ban le iptables li kenngoe ho seva sa hau ka Zimbra OSE. Haeba u sebelisa Ubuntu, u ka etsa sena u sebelisa litaelo dpkg -s fail2ban, haeba u sebelisa CentOS, u ka hlahloba sena u sebelisa litaelo yum lethathamo le kentse fail2ban. Haeba u sena Fail2Ban e kentsoeng, ho e kenya e ke ke ea e-ba bothata, kaha sephutheloana sena se fumaneha hoo e batlang e le libakeng tsohle tsa polokelo tse tloaelehileng.
Hang ha software eohle e hlokahalang e kentsoe, o ka qala ho theha Fail2Ban. Ho etsa sena, o hloka ho theha file ea tlhophiso /etc/fail2ban/filter.d/zimbra.conf, moo re tla ngola lipolelo tse tloaelehileng bakeng sa li-logs tsa Zimbra OSE tse tla lumellana le liteko tse fosahetseng tsa ho kena le ho qala mekhoa ea Fail2Ban. Mohlala ke ona oa dikahare tsa zimbra.conf ka sete ya dipolelo tse tlwaelehileng tse tsamaellanang le diphoso tse fapaneng tseo Zimbra OSE e di lahlelang ha teko ya netefatso e hloleha:
# Fail2Ban configuration file
[Definition]
failregex = [ip=<HOST>;] account - authentication failed for .* (no such account)$
[ip=<HOST>;] security - cmd=Auth; .* error=authentication failed for .*, invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=soap; error=authentication failed for .* invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=imap; error=authentication failed for .* invalid password;$
[oip=<HOST>;.* SoapEngine - handler exception: authentication failed for .*, account not found$
WARN .*;ip=<HOST>;ua=ZimbraWebClient .* security - cmd=AdminAuth; .* error=authentication failed for .*;$
ignoreregex =Hang ha mantsoe a tloaelehileng a Zimbra OSE a se a hlophisitsoe, ke nako ea ho qala ho hlophisa tlhophiso ea Fail2ban ka boeona. Litlhophiso tsa sesebelisoa sena li fumaneha faeleng /etc/fail2ban/jail.conf. Haeba ho ka etsahala, ha re etseng kopi ea eona re sebelisa taelo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak. Ka mor'a moo, re tla fokotsa faele ena hoo e batlang e le foromo e latelang:
# Fail2Ban configuration file
[DEFAULT]
ignoreip = 192.168.0.1/24
bantime = 600
findtime = 600
maxretry = 5
backend = auto
[ssh-iptables]
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, [email protected], [email protected]]
logpath = /var/log/messages
maxretry = 5
[sasl-iptables]
enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, [email protected]]
logpath = /var/log/zimbra.log
[ssh-tcpwrapper]
enabled = false
filter = sshd
action = hostsdeny
sendmail-whois[name=SSH, dest=support@ company.ru]
ignoreregex = for myuser from
logpath = /var/log/messages
[zimbra-account]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-account]
sendmail[name=zimbra-account, [email protected] ]
logpath = /opt/zimbra/log/mailbox.log
bantime = 600
maxretry = 5
[zimbra-audit]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-audit]
sendmail[name=Zimbra-audit, [email protected]]
logpath = /opt/zimbra/log/audit.log
bantime = 600
maxretry = 5
[zimbra-recipient]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-recipient]
sendmail[name=Zimbra-recipient, [email protected]]
logpath = /var/log/zimbra.log
bantime = 172800
maxretry = 5
[postfix]
enabled = true
filter = postfix
action = iptables-multiport[name=postfix, port=smtp, protocol=tcp]
sendmail-buffered[name=Postfix, [email protected]]
logpath = /var/log/zimbra.log
bantime = -1
maxretry = 5Leha mohlala ona e le oa tlhaho, o ntse o le bohlokoa ho hlalosa tse ling tsa liparamente tseo o ka ratang ho li fetola ha u theha Fail2Ban ka bouena:
- Hlokomoloha — o sebelisa paramethara ena o ka hlakisa ip kapa subnet e itseng eo Fail2Ban e sa lokelang ho sheba liaterese ho eona. E le molao, marang-rang a ka hare a khoebo le liaterese tse ling tse tšeptjoang li kenngoa lethathamong la tse hlokomolohuoang.
- Bantime — Nako eo mofosi a tla thibeloa ka eona. E lekantsoe ka metsotswana. Boleng ba -1 bo bolela thibelo e sa feleng.
- Maxretry - Palo e phahameng ea makhetlo ao aterese e le 'ngoe ea IP e ka lekang ho fihlella seva.
- sendmail - Peakanyo e o dumellang hore o romele ditsebiso tsa imeile ka boyona ha Fail2Ban e qala.
- Nako ea ho fumana - Sebaka se u lumellang hore u behe nako ea nako eo ka mor'a moo aterese ea IP e ka lekang ho fihlella seva hape ka mor'a hore palo e kholo ea liteko tse sa atleheng e felile (maxretry parameter)
Kamora ho boloka faele ka li-setting tsa Fail2Ban, se setseng ke ho qala ts'ebeliso ena u sebelisa taelo service fail2ban qala hape. Kamora ho qala bocha, lits'oants'o tsa mantlha tsa Zimbra li tla qala ho beoa leihlo khafetsa bakeng sa ho latela mantsoe a tloaelehileng. Ka lebaka la sena, molaoli o tla khona ho felisa monyetla ofe kapa ofe oa hore mohlaseli a kenelle mabokoseng a poso a Zimbra Collaboration Suite Open-Source Edition feela, empa hape a sireletse lits'ebeletso tsohle tse sebetsang ka har'a Zimbra OSE, hape a hlokomele boiteko bofe kapa bofe ba ho fumana phihlello e sa lumelloeng. .
Bakeng sa lipotso tsohle tse amanang le Zextras Suite, o ka ikopanya le Moemeli oa Zextras Ekaterina Triandafilidi ka imeile [imeile e sirelelitsoe]
Source: www.habr.com