I-Zimbra Collaboration Suite Open-Source Edition inamathuluzi amaningana anamandla okuqinisekisa ukuphepha kolwazi. Phakathi kwazo - isixazululo sokuvikela iseva yemeyili ekuhlaselweni ngama-botnets, i-ClamAV - i-antivirus engaskena amafayela angenayo nezinhlamvu zokutheleleka ngezinhlelo ezinonya, kanye - esinye sezihlungi ezingcono kakhulu zogaxekile namuhla. Kodwa-ke, lawa mathuluzi awakwazi ukuvikela i-Zimbra OSE ekuhlaselweni kwendluzula. Akuwona amagama ayimfihlo amahle kakhulu, kodwa asasebenza kahle, anonya asebenzisa isichazamazwi esikhethekile agcwele nje amathuba okugebenga okuphumelelayo nayo yonke imiphumela elandelayo, kodwa futhi nokudala umthwalo obalulekile kuseva, ocubungula konke. imizamo engaphumelelanga yokugenca iseva nge-Zimbra OSE.
Empeleni, ungazivikela emandleni anonya usebenzisa amathuluzi ajwayelekile e-Zimbra OSE. Izilungiselelo zenqubomgomo yokuphepha kwephasiwedi zikuvumela ukuthi usethe inombolo yemizamo yokufakwa kwephasiwedi engaphumelelanga, ngemuva kwalokho i-akhawunti okungenzeka ukuthi ihlaselwe iyavinjwa. Inkinga enkulu ngale ndlela ukuthi izimo ziphakama lapho ama-akhawunti omsebenzi oyedwa noma ngaphezulu angase avinjwe ngenxa yokuhlasela okunamandla okungenakukwenza, futhi umphumela wokunciphisa umsebenzi wabasebenzi ungaletha ukulahlekelwa okukhulu Inkampani. Yingakho kungcono ukungasebenzisi le nketho yokuzivikela emandleni anonya.
Ukuvikela emandleni anonya, ithuluzi elikhethekile elibizwa ngokuthi i-DoSFilter lifaneleka kangcono, elakhelwe ku-Zimbra OSE futhi linganqamula ngokuzenzakalelayo ukuxhumeka ku-Zimbra OSE nge-HTTP. Ngamanye amazwi, isimiso sokusebenza se-DoSFilter siyefana nesimiso sokusebenza se-PostScreen, kuphela sisetshenziselwa iphrothokholi ehlukile. Ekuqaleni yakhelwe ukukhawulela inani lezenzo umsebenzisi oyedwa angakwazi ukuzenza, i-DoSFilter ingase futhi inikeze ukuvikeleka kwamandla anonya. Umehluko wayo oyinhloko ethuluzini elakhelwe ku-Zimbra ukuthi ngemva kwenani elithile lemizamo engaphumelelanga, ayivimbeli umsebenzisi ngokwakhe, kodwa ikheli le-IP okwenziwa kulo imizamo eminingi yokungena ku-akhawunti ethile. Ngenxa yalokhu, umlawuli wesistimu akakwazi ukuvikela kuphela amandla anonya, kodwa futhi agweme ukuvimbela abasebenzi benkampani ngokumane angeze inethiwekhi yangaphakathi yenkampani yakhe ohlwini lwamakheli e-IP athembekile nama-subnets.
Inzuzo enkulu ye-DoSFilter ukuthi ngaphezu kwemizamo eminingi yokungena ku-akhawunti ethile, usebenzisa leli thuluzi ungakwazi ukuvimba ngokuzenzakalelayo labo bahlaseli abathathe idatha yokuqinisekisa yomsebenzi, base bengena ngempumelelo ku-akhawunti yakhe futhi baqala ukuthumela amakhulu ezicelo. kuseva.
Ungamisa i-DoSFilter usebenzisa imiyalo elandelayo yekhonsoli:
- zimbraHttpDosFilterMaxRequestsPerSec — Ngokusebenzisa lo myalo, ungasetha inani eliphezulu lokuxhumana elivunyelwe kumsebenzisi oyedwa. Ngokuzenzakalelayo leli nani liwukuxhumana okungu-30.
- zimbraHttpDosFilterDelayMillis - Ngokusebenzisa lo myalo, ungasetha ukubambezeleka kuma-millisecond ukuze kuxhunywe umkhawulo oshiwo ngumyalo odlule. Ngaphezu kwamanani aphelele, umlawuli angacacisa u-0 ukuze kungabikho ukubambezeleka nhlobo, kanye no- -1 ukuze konke ukuxhuma okudlula umkhawulo oshiwo kumane kuphazamiseke. Inani elizenzakalelayo lingu-1.
- zimbraHttpThrottleSafeIPs — Esebenzisa lo myalo, umlawuli angacacisa amakheli e-IP athembekile nama-subnet angeke abe ngaphansi kwemikhawulo ebhalwe ngenhla. Qaphela ukuthi i-syntax yalo myalo ingahluka kuye ngomphumela oyifunayo. Ngakho, isibonelo, ngokufaka umyalo zmprov mcf zimbraHttpThrottleSafeIPs 127.0.0.1, uzobhala phezu kwalo lonke uhlu futhi ushiye ikheli le-IP elilodwa kuphela kulo. Uma ufaka umyalo zmprov mcf +zimbraHttpThrottleSafeIPs 127.0.0.1, ikheli lasesizindeni se-inthanethi olifakile lizokwengezwa ohlwini olumhlophe. Ngokufanayo, usebenzisa uphawu lokukhipha, ungasusa noma iyiphi i-IP ohlwini oluvunyelwe.
Sicela uqaphele ukuthi i-DoSFilter ingase idale izinkinga eziningi lapho isebenzisa izandiso ze-Zextras Suite Pro. Ukuze uzigweme, sincoma ukwandisa inani lokuxhumana ngasikhathi sinye ukusuka ku-30 kuye ku-100 usebenzisa umyalo. zmprov mcf zimbraHttpDosFilterMaxRequestsPerSec 100. Ngaphezu kwalokho, sincoma ukungeza inethiwekhi yangaphakathi yebhizinisi ohlwini lwabavunyelwe. Lokhu kungenziwa ngokusebenzisa umyalo zmprov mcf +zimbraHttpThrottleSafeIPs 192.168.0.0/24. Ngemva kokwenza noma yiziphi izinguquko ku-DoSFilter, qiniseka ukuthi uqala kabusha iseva yakho yemeyili usebenzisa umyalo zmmailboxdctl qala kabusha.
Ububi obuyinhloko be-DoSFilter ukuthi isebenza ezingeni lohlelo lokusebenza ngakho-ke ingakhawulela kuphela ikhono labahlaseli ukwenza izenzo ezihlukahlukene kuseva, ngaphandle kokukhawulela ikhono lokuxhuma enyakatho. Ngenxa yalokhu, izicelo ezithunyelwe kuseva zokuqinisekisa noma ukuthumela izincwadi, nakuba ngokusobala zizohluleka, zisazomela ukuhlasela kwe-DoS endala okuhle, okungenakuvinjelwa ezingeni eliphezulu kangaka.
Ukuze uvikele ngokuphelele iseva yakho yenkampani nge-Zimbra OSE, ungasebenzisa isixazululo esifana ne-Fail2ban, okuwuhlaka olungahlala luqapha amalogi esistimu yolwazi ngezenzo eziphindaphindiwe futhi uvimbele isigebengu ngokushintsha izilungiselelo zohlelo lokuvikela. Ukuvimba ezingeni eliphansi kangako kukuvumela ukuthi ukhubaze abahlaseli khona kanye esigabeni sokuxhuma kwe-IP kuseva. Ngakho, i-Fail2Ban ingaphelelisa ngokuphelele isivikelo esakhiwe kusetshenziswa i-DoSFilter. Ake sithole ukuthi ungayixhuma kanjani i-Fail2Ban ne-Zimbra OSE futhi ngaleyo ndlela wandise ukuvikeleka kwengqalasizinda ye-IT yebhizinisi lakho.
Njenganoma yiluphi olunye uhlelo lokusebenza olusezingeni lebhizinisi, i-Zimbra Collaboration Suite Open-Source Edition igcina amalogi anemininingwane omsebenzi wayo. Eziningi zazo zigcinwa kufolda /opt/zimbra/log/ ngendlela yamafayela. Nazi ezimbalwa zazo:
- mailbox.log - Izingodo zesevisi ye-Jetty mail
- audit.log - amalogi wokuqinisekisa
- clamd.log - izingodo zokusebenza ze-antivirus
- freshclam.log - izingodo zokuvuselela i-antivirus
- convertd.log — izingodo zokuguqula okunamathiselwe
- zimbrastats.csv - izingodo zokusebenza kweseva
Izingodo ze-Zimbra nazo zingatholakala kufayela /var/log/zimbra.log, lapho kugcinwa khona izingodo zePostfix neZimbra ngokwayo.
Ukuze sivikele uhlelo lwethu emandleni anonya, sizoqapha ibhokisi lemeyili.log, audit.log и zimbra.log.
Ukuze yonke into isebenze, kuyadingeka ukuthi i-Fail2Ban nama-iptables afakwe kuseva yakho nge-Zimbra OSE. Uma usebenzisa Ubuntu, ungakwenza lokhu usebenzisa imiyalo dpkg -s fail2ban, uma usebenzisa i-CentOS, ungabheka lokhu usebenzisa imiyalo Uhlu lwe-yum lufakwe ku-fail2ban. Uma ungenayo i-Fail2Ban efakiwe, ukuyifaka ngeke kube inkinga, njengoba le phakheji itholakala cishe kuwo wonke amaqoqo ajwayelekile.
Uma yonke isofthiwe edingekayo isifakiwe, ungaqala ukusetha i-Fail2Ban. Ukuze wenze lokhu udinga ukudala ifayela lokucushwa /etc/fail2ban/filter.d/zimbra.conf, lapho sizobhala khona izinkulumo ezivamile zamalogi e-Zimbra OSE azofana nemizamo yokungena engalungile futhi acuphe izindlela ze-Fail2Ban. Nasi isibonelo sokuqukethwe yi-zimbra.conf enesethi yezinkulumo ezivamile ezihambisana namaphutha ahlukahlukene i-Zimbra OSE ewaphonselayo lapho umzamo wokuqinisekisa uhluleka:
# Fail2Ban configuration file
[Definition]
failregex = [ip=<HOST>;] account - authentication failed for .* (no such account)$
[ip=<HOST>;] security - cmd=Auth; .* error=authentication failed for .*, invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=soap; error=authentication failed for .* invalid password;$
;oip=<HOST>;.* security - cmd=Auth; .* protocol=imap; error=authentication failed for .* invalid password;$
[oip=<HOST>;.* SoapEngine - handler exception: authentication failed for .*, account not found$
WARN .*;ip=<HOST>;ua=ZimbraWebClient .* security - cmd=AdminAuth; .* error=authentication failed for .*;$
ignoreregex =Uma izisho ezivamile ze-Zimbra OSE sezihlanganisiwe, sekuyisikhathi sokuqala ukuhlela ukucushwa kwe-Fail2ban ngokwayo. Izilungiselelo zalolu hlelo lokusebenza zitholakala kufayela /etc/fail2ban/jail.conf. Uma kwenzeka, masenze ikhophi yayo eyisipele sisebenzisa umyalo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.bak. Ngemva kwalokho, sizokwehlisa leli fayela libe cishe ngendlela elandelayo:
# Fail2Ban configuration file
[DEFAULT]
ignoreip = 192.168.0.1/24
bantime = 600
findtime = 600
maxretry = 5
backend = auto
[ssh-iptables]
enabled = false
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, [email protected], [email protected]]
logpath = /var/log/messages
maxretry = 5
[sasl-iptables]
enabled = false
filter = sasl
backend = polling
action = iptables[name=sasl, port=smtp, protocol=tcp]
sendmail-whois[name=sasl, [email protected]]
logpath = /var/log/zimbra.log
[ssh-tcpwrapper]
enabled = false
filter = sshd
action = hostsdeny
sendmail-whois[name=SSH, dest=support@ company.ru]
ignoreregex = for myuser from
logpath = /var/log/messages
[zimbra-account]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-account]
sendmail[name=zimbra-account, [email protected] ]
logpath = /opt/zimbra/log/mailbox.log
bantime = 600
maxretry = 5
[zimbra-audit]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-audit]
sendmail[name=Zimbra-audit, [email protected]]
logpath = /opt/zimbra/log/audit.log
bantime = 600
maxretry = 5
[zimbra-recipient]
enabled = true
filter = zimbra
action = iptables-allports[name=zimbra-recipient]
sendmail[name=Zimbra-recipient, [email protected]]
logpath = /var/log/zimbra.log
bantime = 172800
maxretry = 5
[postfix]
enabled = true
filter = postfix
action = iptables-multiport[name=postfix, port=smtp, protocol=tcp]
sendmail-buffered[name=Postfix, [email protected]]
logpath = /var/log/zimbra.log
bantime = -1
maxretry = 5Yize lesi sibonelo sijwayelekile, kusafanele ukuchaza amanye amapharamitha ongafuna ukuwashintsha lapho usetha i-Fail2Ban ngokwakho:
- Ziba — usebenzisa le parameter ungacacisa i-ip ethile noma i-subnet lapho i-Fail2Ban akufanele ihlole amakheli kuyo. Njengomthetho, inethiwekhi yangaphakathi yebhizinisi namanye amakheli athembekile engezwa ohlwini lwabanganakwa.
- Bantime - Isikhathi lapho umenzi wecala azovinjelwa ngaso. Kukalwa ngemizuzwana. Inani elingu -1 lisho ukuvinjelwa unomphela.
- I-Maxretry - Inombolo enkulu yezikhathi lapho ikheli le-IP elilodwa lingazama ngalo ukufinyelela iseva.
- Thumela — Ukusetha okukuvumela ukuthi uthumele ngokuzenzakalelayo izaziso ze-imeyili uma i-Fail2Ban icushiwe.
- Isikhathi sokuthola - Isilungiselelo esikuvumela ukuthi usethe isikhawu sesikhathi ngemva kwalokho ikheli le-IP lingazama ukufinyelela iseva futhi ngemva kokuba inombolo enkulu yemizamo engaphumelelanga isiphelile (ipharamitha ye-maxretry)
Ngemva kokulondoloza ifayela ngezilungiselelo ze-Fail2Ban, okusele nje ukuqala kabusha lolu hlelo lokusebenza usebenzisa umyalo service fail2ban iqala kabusha. Ngemuva kokuqalisa kabusha, amalogi amakhulu eZimbra azoqala ukugadwa njalo ukuze ahambisane nezinkulumo ezijwayelekile. Ngenxa yalokhu, umlawuli uzokwazi ukuqeda cishe noma yikuphi ukuthi umhlaseli angangeni ebhokisini leposi le-Zimbra Collaboration Suite Open-Source Edition kuphela, kodwa futhi avikele zonke izinsiza ezisebenza ngaphakathi kwe-Zimbra OSE, futhi aqaphele nanoma yimiphi imizamo yokuthola ukufinyelela okungagunyaziwe. .
Kuyo yonke imibuzo ehlobene ne-Zextras Suite, ungathinta Ummeleli we-Zextras Ekaterina Triandafilidi nge-imeyili [i-imeyili ivikelwe]
Source: www.habr.com