Archivo

Archive for the ‘Linux’ Category

Fail2Ban

http://www.taringa.net/posts/linux/6681999/Fail2Ban-y-Postfix.HTML

 

En /etc/fail2ban/filter.d/postfix.conf , agregamos las siguientes lineas (o adaptamos)

failregex = reject: RCPT from (.*)[<HOST>]: 550 5.1.1
reject: RCPT from (.*)[<HOST>]: 450 4.7.1
reject: RCPT from (.*)[<HOST>]: 550 5.7.1
Comprobamos que este todo bien con

fenix:~# fail2ban-regex /var/log/zimbra.log /etc/fail2ban/filter.d/postfix.conf|less
Running tests
Si todo marcha bien, la habilitamos en jail.conf , estableciendo enabled = true

[postfix]
enabled = true
port = smtp,ssmtp
filter = postfix
maxretry = 6
bantime = 86400
findtime = 600
action = %(action_)s
logpath = /var/log/zimbra.log

Bloqueo por 24 horas (86.400 segundos, bantime) a aquellos que me molestaron 6 veces (maxretry) en los ultimos 10 minutos (findtime).

Bantime a -1, lo cual lo haria permanente (o hasta que se reinice el server, las reglas de iptables o recarguemos el filtro de fail2ban)

Recargamos fail2ban

fenix:~# fail2ban-client reload

Si queremos ver como va la cosa, utilizamos el comando watch, que cada 2 segundos nos muestra el estado del comando pasado. (Salimos presionando Ctrl+C)

fenix:~# watch fail2ban-client status postfix
Every 2,0s: fail2ban-client status postfix Sun Aug 22 09:42:56 2010

Status for the jail: postfix
|- filter
| |- File list: /var/log/zimbra.log
| |- Currently failed: 598
| `- Total failed: 7657
`- action
|- Currently banned: 342
| `- IP list: 62.194.198.x … …. …. … … … … … … … … 166.227
`- Total banned: 341

Anuncios

Fail2Ban para Zimbra

..::Last Bits::..

La diferencia que posee fail2ban contra las políticas de seguridad de Zimbra, es que fail2ban levanta una regla de iptables para la IP de origen, bloqueando todo acceso al servidor, en cambio las políticas de seguridad de Zimbra bloquean la cuenta en particular que se estaba intentando vulnerar. Así fail2ban viene a complementar las políticas de seguridad de Zimbra, bloqueando toda la IP de origen, así que, cuando se aplica una de estas reglas, no podrá seguir intentando vulnerar otra cuenta.

Ahora, para agregar algunas reglas para Zimbra, debe realizar lo siguiente:

1) Crear el archivo /etc/fail2ban/filter.d/zimbra.conf:

# Fail2Ban configuration file # # Author: # # $Revision: 1 $ # [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "<HOST>" can # be used for standard IP/hostname matching and is…

Ver la entrada original 451 palabras más

Categorías:Linux, Seguridad, Zimbra Etiquetas:

Actualizar Debian 7 Wheezy a Debian 8 Jessie

Categorías:Linux Etiquetas: ,

Saving Iptables Firewall Rules Permanently

https://www.digitalocean.com/community/tutorials/how-to-implement-a-basic-firewall-template-with-iptables-on-ubuntu-14-04

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04

https://www.thomas-krenn.com/en/wiki/Saving_Iptables_Firewall_Rules_Permanently

iptables-save

The actual iptables rules are created and customized on the command line with the command iptables for IPv4 and ip6tables for IPv6.

These can be saved in a file with the command iptables-save for IPv4.

Debian/Ubuntu: iptables-save > /etc/iptables/rules.v4
RHEL/CentOS: iptables-save > /etc/sysconfig/iptables

These files can be loaded again with the command iptables-restore for IPv4.

Debian/Ubuntu: iptables-restore < /etc/iptables/rules.v4
RHEL/CentOS: iptables-restore < /etc/sysconfig/iptables

If you would also like to use IPv6 rules, these can be stored in a separate file.

Debian/Ubuntu: ip6tables-save > /etc/iptables/rules.v6
RHEL/CentOS: ip6tables-save > /etc/sysconfig/ip6tables

The automatic loading of the configured iptables rules can be done by using the following methods:

iptables-persistent for Debian/Ubuntu

Since Ubuntu 10.04 LTS (Lucid) and Debian 6.0 (Squeeze) there is a package with the name “iptables-persistent” which takes over the automatic loading of the saved iptables rules. To do this, the rules must be saved in the file /etc/iptables/rules.v4 for IPv4 and /etc/iptables/rules.v6 for IPv6.

For use, the package must simply be installed.

apt-get install iptables-persistent

If the installation fails, please check whether systemd has already had failures before the installation of iptables-persisent. Those systemd errors can cause the iptables-persistent installation to fail.[1]

Older iptables-persistent versions (e.g. like those in Debian Squeeze) still do not support IPv6 rules. There is only one file with the name /etc/iptables/rules for IPv4. Check the Init-Script for which files are loaded in your iptables-persistent version.

Please check that your rules are loaded as desired following the first reboot after configuration.

iptables Service for RedHat Enterprise Linux (RHEL) and CentOS

RHEL/CentOS also offer simple methods to permanently save iptables rules for IPv4 and IPv6.

There is a service called “iptables”. This must be enabled.

# chkconfig --list | grep iptables
  iptables       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
# chkconfig iptables on

The rules are saved in the file /etc/sysconfig/iptables for IPv4 and in the file /etc/sysconfig/ip6tables for IPv6. You may also use the init script in order to save the current rules.

# service iptables sabe

 

Categorías:Firewall, Linux Etiquetas: , , ,

DU Command / Comando DU

 

https://ss64.com/bash/du.html

du  /home/user 
du -h /home/user   "Human Readable" Gigas
du -H /home/user   "Human Readable" Megas
du -sh /home/user  "Short Info + Human Readable"
du -S /home/user   "Separate Dirs"
du -h --max-depth=3 /home/user "Show only 3 level"

 

How to Remove/Uninstall (Oracle Java & openJDK) on Linux

Categorías:Java, Linux Etiquetas: , , , ,

Cambiar la Hora y la Fecha al sistema Linux

http://www.linux-party.com/index.php/35-linux/1732-cambiar-la-hora-y-la-fecha-al-sistema-linux

date --set "2016-04-14 16:20"
hwclock –set –date=”`date ‘+%D %H:%M:%S’`”
Categorías:Linux, Uncategorized Etiquetas: ,