Centos | Записки системного администратора

Архивы рубрики ‘Centos’

Настройка fail2ban для защиты ssh,proftpd,exim,postfix,dovecot на Centos.

Ноябрь 6th, 2013

Evgeniy Kamenev

Установка fail2ban

# yum install fail2ban

1	# yum install fail2ban

1.Настройка конфигурационного файла fail2ban

# grep -v -E '(\#|^$)' /etc/fail2ban/fail2ban.conf

1	# grep -v -E '(\#\|^$)' /etc/fail2ban/fail2ban.conf

[Definition]
loglevel = INFO
logtarget = /var/log/fail2ban.log
syslogsocket = auto
socket = /var/run/fail2ban/fail2ban.sock
pidfile = /var/run/fail2ban/fail2ban.pid
dbfile = /var/lib/fail2ban/fail2ban.sqlite3
dbpurgeage = 86400

[Definition]

loglevel = INFO

logtarget = /var/log/fail2ban.log

syslogsocket = auto

socket = /var/run/fail2ban/fail2ban.sock

pidfile = /var/run/fail2ban/fail2ban.pid

dbfile = /var/lib/fail2ban/fail2ban.sqlite3

dbpurgeage = 86400

2.Настройка Fail2ban для мониторинга логов

# grep -v -E '(\#|^$)' /etc/fail2ban/jail.conf

1	# grep -v -E '(\#\|^$)' /etc/fail2ban/jail.conf

[INCLUDES]
before = paths-fedora.conf
[DEFAULT]
ignoreip = 127.0.0.1/8 159.224.XXX.YYY
ignorecommand =
bantime  = 86400
findtime  = 7200
maxretry = 5
backend = auto
usedns = warn
logencoding = auto
enabled = false
filter = %(__name__)s
destemail = myuser@mydomain.com
sender = root@mydomain.com
mta = sendmail
protocol = tcp
chain = INPUT
port = 0:65535
banaction = iptables-multiport
action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
            %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
             xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
action_blocklist_de  = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"]
action_badips = badips.py[category="%(name)s", banaction="%(banaction)s"]
action = %(action_)s

### SSH
[sshd - iptables]
port = 2200
logpath  = /var/log/secure
maxretry = 3
enabled  = true
filter   = sshd
action = %(action_mwl)s
bantime  = 86400
findtime  = 3600
maxretry = 3

### ProFTPD
[proftpd-iptables]
port     = ftp,ftp-data,ftps,ftps-data
enabled  = true
filter   = proftpd
action = %(action_mwl)s
#action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
#          sendmail-whois[name=ProFTPD, dest=myname@mydomain.com, sender=root@mydomain.com]
logpath  = /var/log/proftpd/proftpd.log
bantime  = 86400
findtime  = 3600
maxretry = 3

###  Exim
[exim-iptables]
port   = smtp,465,submission
enabled  = true
filter   = exim
action = %(action_mwl)s
# action   =  iptables-multiport[name=Exim, port="smtp,smtps,submission", protocol=tcp]
#           sendmail-whois[name=Exim, dest= myname@mydomain.com, sender=root@mydomain.com]
logpath  = /var/log/exim/mainlog
bantime  = 86400
#bantime  = -1 # блокировка навсегда
findtime  = 3600
maxretry = 3

### Dovecot
[dovecot-iptables]
port   = pop3,pop3s,imap,imaps
enabled  = true
filter   = dovecot
action = %(action_mwl)s
# Необходимо указать файл,в котором логируются попытки аутентификации для Dovecot
logpath  = /var/log/secure
#logpath  = /var/log/maillog
#logpath  = /var/log/dovecot.log
bantime  = 86400
findtime  = 3600
maxretry = 3

### Postfix
[postfix-sasl]
enabled = true
port     = smtp,465,submission
logpath  = /var/log/maillog
filter   = postfix-sasl
action = %(action_mwl)s
#action   = iptables[name=postfix-sasl, port=smtp,smtps,submission protocol=tcp]
#           sendmail-whois[name=postfix-sasl, dest=myname@mydomain.com, sender=root@mydomain.com]
bantime  = 604800
findtime  = 3600
maxretry = 3

[postfix-iptables]
enabled = true
port     = smtp,465,submission
logpath = /var/log/maillog
filter = postfix
action = %(action_mwl)s
#action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp]
#        sendmail[name=Postfix-smtp, dest=myname@mydomain.com, sender=root@mydomain.com]
logpath = /var/log/maillog
bantime = 604800
maxretry = 3
findtime = 3600

100

101

102

103

104

105

106

107

108

109

[INCLUDES]

before = paths-fedora.conf

[DEFAULT]

ignoreip = 127.0.0.1/8 159.224.XXX.YYY

ignorecommand =

bantime = 86400

findtime = 7200

maxretry = 5

backend = auto

usedns = warn

logencoding = auto

enabled = false

filter = %(__name__)s

destemail = myuser@mydomain.com

sender = root@mydomain.com

mta = sendmail

protocol = tcp

chain = INPUT

port = 0:65535

banaction = iptables-multiport

action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

%(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]

action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]

action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]

action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"]

action_badips = badips.py[category="%(name)s", banaction="%(banaction)s"]

action = %(action_)s

### SSH

[sshd - iptables]

port = 2200

logpath = /var/log/secure

maxretry = 3

enabled = true

filter = sshd

action = %(action_mwl)s

bantime = 86400

findtime = 3600

maxretry = 3

### ProFTPD

[proftpd-iptables]

port = ftp,ftp-data,ftps,ftps-data

enabled = true

filter = proftpd

action = %(action_mwl)s

#action = iptables[name=ProFTPD, port=ftp, protocol=tcp]

# sendmail-whois[name=ProFTPD, dest=myname@mydomain.com, sender=root@mydomain.com]

logpath = /var/log/proftpd/proftpd.log

bantime = 86400

findtime = 3600

maxretry = 3

### Exim

[exim-iptables]

port = smtp,465,submission

enabled = true

filter = exim

action = %(action_mwl)s

# action = iptables-multiport[name=Exim, port="smtp,smtps,submission", protocol=tcp]

# sendmail-whois[name=Exim, dest= myname@mydomain.com, sender=root@mydomain.com]

logpath = /var/log/exim/mainlog

bantime = 86400

#bantime = -1 # блокировка навсегда

findtime = 3600

maxretry = 3

### Dovecot

[dovecot-iptables]

port = pop3,pop3s,imap,imaps

enabled = true

filter = dovecot

action = %(action_mwl)s

# Необходимо указать файл,в котором логируются попытки аутентификации для Dovecot

logpath = /var/log/secure

#logpath = /var/log/maillog

#logpath = /var/log/dovecot.log

bantime = 86400

findtime = 3600

maxretry = 3

### Postfix

[postfix-sasl]

enabled = true

port = smtp,465,submission

logpath = /var/log/maillog

filter = postfix-sasl

action = %(action_mwl)s

#action = iptables[name=postfix-sasl, port=smtp,smtps,submission protocol=tcp]

# sendmail-whois[name=postfix-sasl, dest=myname@mydomain.com, sender=root@mydomain.com]

bantime = 604800

findtime = 3600

maxretry = 3

[postfix-iptables]

enabled = true

port = smtp,465,submission

logpath = /var/log/maillog

filter = postfix

action = %(action_mwl)s

#action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp]

# sendmail[name=Postfix-smtp, dest=myname@mydomain.com, sender=root@mydomain.com]

logpath = /var/log/maillog

bantime = 604800

maxretry = 3

findtime = 3600

3.Настройка Fail2ban фильтров для мониторинга логов Будем использовать все штатные фильтры, которые поставляются в комплекте с fail2ban SSH

# nano /etc/fail2ban/filter.d/sshd.conf

1	# nano /etc/fail2ban/filter.d/sshd.conf

[Definition]
_daemon = sshd
failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$
            ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
            ^%(__prefix_line)sFailed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(__md5hex)s(, client user ".*", client host ".*")?))?\s*$
            ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
            ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
            ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$
            ^%(__prefix_line)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*$
            ^%(__prefix_line)sUser .+ from <HOST> not allowed because not in any group\s*$
            ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
            ^%(__prefix_line)sReceived disconnect from <HOST>: 3: \S+: Auth fail$
            ^%(__prefix_line)sUser .+ from <HOST> not allowed because a group is listed in DenyGroups\s*$
            ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
            ^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked<SKIPLINES>(?P=__prefix)(?:error: )?Received disconnect from <HOST>: 11: .+ \[preauth\]$
            ^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? \[preauth\]<SKIPLINES>(?P=__prefix)(?:error: )?Connection closed by <HOST> \[preauth\]$
            ^(?P<__prefix>%(__prefix_line)s)Connection from <HOST> port \d+(?: on \S+ port \d+)?<SKIPLINES>(?P=__prefix)Disconnecting: Too many authentication failures for .+? \[preauth\]$
            ^%(__prefix_line)spam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$
ignoreregex =

[Definition]

_daemon = sshd

failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$

^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$

^%(__prefix_line)sFailed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ $serial \d+$ CA )?\S+ %(__md5hex)s(, client user ".*", client host ".*")?))?\s*$

^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$

^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$

^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$

^%(__prefix_line)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*$

^%(__prefix_line)sUser .+ from <HOST> not allowed because not in any group\s*$

^%(__prefix_line)srefused connect from \S+ $<HOST>$\s*$

^%(__prefix_line)sReceived disconnect from <HOST>: 3: \S+: Auth fail$

^%(__prefix_line)sUser .+ from <HOST> not allowed because a group is listed in DenyGroups\s*$

^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$

^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked<SKIPLINES>(?P=__prefix)(?:error: )?Received disconnect from <HOST>: 11: .+ \[preauth\]$

^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? \[preauth\]<SKIPLINES>(?P=__prefix)(?:error: )?Connection closed by <HOST> \[preauth\]$

^(?P<__prefix>%(__prefix_line)s)Connection from <HOST> port \d+(?: on \S+ port \d+)?<SKIPLINES>(?P=__prefix)Disconnecting: Too many authentication failures for .+? \[preauth\]$

^%(__prefix_line)spam_unix$sshd:auth$:\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$

ignoreregex =

ProFTPD

# nano /etc/fail2ban/filter.d/proftpd.conf

1	# nano /etc/fail2ban/filter.d/proftpd.conf

[Definition]
_daemon = proftpd
__suffix_failed_login = (User not authorized for login|No such user found|Incorrect password|Password expired|Account disabled|Invalid shell: '\S+'|User in \S+|Limit ($

failregex = ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .*: no such user found from \S+ \[\S+\] to \S+:\S+ *$
            ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .* \(Login failed\): %(__suffix_failed_login)s\s*$
            ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: .* login attempted\. *$
            ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$
ignoreregex =

[Definition]

_daemon = proftpd

failregex = ^%(__prefix_line)s%(__hostname)s $\S+\[<HOST>\]$[: -]+ USER .*: no such user found from \S+ \[\S+\] to \S+:\S+ *$

^%(__prefix_line)s%(__hostname)s $\S+\[<HOST>\]$[: -]+ USER .* $Login failed$: %(__suffix_failed_login)s\s*$

^%(__prefix_line)s%(__hostname)s $\S+\[<HOST>\]$[: -]+ SECURITY VIOLATION: .* login attempted\. *$

^%(__prefix_line)s%(__hostname)s $\S+\[<HOST>\]$[: -]+ Maximum login attempts $\d+$ exceeded *$

ignoreregex =

Exim

# nano /etc/fail2ban/filter.d/exim.conf

1	# nano /etc/fail2ban/filter.d/exim.conf

[Definition]
failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$
             ^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\](:\d+)?( I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s$
             ^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (relay not permitted|Sender verify failed|Unknown user)\s*$
             ^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$
             ^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\](:\d+)? )?dropped: too many nonmail commands \(last was "\S+"\)\s*$
ignoreregex =

[Definition]

failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$

^%(pid)s \w+ authenticator failed for (\S+ )?$\S+$ \[<HOST>\](:\d+)?( I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( $set_id=.*$|: \d+ Time\(s$

^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (relay not permitted|Sender verify failed|Unknown user)\s*$

^%(pid)s SMTP protocol synchronization error $[^)]*$: rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$

^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\](:\d+)? )?dropped: too many nonmail commands $last was "\S+"$\s*$

ignoreregex =

Dovecot

# nano /etc/fail2ban/filter.d/dovecot.conf

1	# nano /etc/fail2ban/filter.d/dovecot.conf

 [Definition]
_daemon = (auth|dovecot(-auth)?|auth-worker)
failregex = ^%(__prefix_line)s(%(__pam_auth)s(\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(\s+user=\$
            ^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disab$
            ^%(__prefix_line)s(Info|dovecot: auth\(default\)|auth-worker\(\d+\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying aut$
            ^%(__prefix_line)s(auth|auth-worker\(\d+\)): (pam|passwd-file)\(\S+,<HOST>\): unknown user\s*$
ignoreregex =

[Definition]

_daemon = (auth|dovecot(-auth)?|auth-worker)

failregex = ^%(__prefix_line)s(%(__pam_auth)s($dovecot:auth$)?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(\s+user=\$

^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disab$

^%(__prefix_line)s(Info|dovecot: auth$default$|auth-worker$\d+$): pam$\S+,<HOST>$: pam_authenticate failed: (User not known to the underlying aut$

^%(__prefix_line)s(auth|auth-worker$\d+$): (pam|passwd-file)$\S+,<HOST>$: unknown user\s*$

ignoreregex =

Postfix

# nano /etc/fail2ban/filter.d/postfix-sasl.conf

1	# nano /etc/fail2ban/filter.d/postfix-sasl.conf

[Definition]
_daemon = postfix/(submission/)?smtp(d|s)
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$
ignoreregex =

[Definition]

_daemon = postfix/(submission/)?smtp(d|s)

failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$

ignoreregex =

# nano /etc/fail2ban/filter.d/postfix.conf

1	# nano /etc/fail2ban/filter.d/postfix.conf

[Definition]
_daemon = postfix/(submission/)?smtp(d|s)
failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
            ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
            ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$
            ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$
            ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$
ignoreregex =

[Definition]

_daemon = postfix/(submission/)?smtp(d|s)

failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$

^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$

^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$

^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$

^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$

ignoreregex =

4.Проверка работы фильтра […]

Опубликовано в рубрике Centos, Security

Метки: dovecot, Exim, fail2ban, postfix, Proftpd, security, ssh

Комментарии отключены

Установка и настройка Cacti на Centos

Ноябрь 6th, 2013

Evgeniy Kamenev

1.Установка необходимых пакетов

# yum install rrdtool cacti php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp

1	# yum install rrdtool cacti php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp

2. Установка и настройка SNMP

# yum install net-snmp-utils net-snmp net-snmp-libs

1	# yum install net-snmp-utils net-snmp net-snmp-libs

#  cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf~

1	# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf~

# cat /dev/null > /etc/snmp/snmpd.conf

1	# cat /dev/null > /etc/snmp/snmpd.conf

# nano /etc/snmp/snmpd.conf

1	# nano /etc/snmp/snmpd.conf

# разрешаем снимать статистику локально(с самого себя)

rocommunity mysecret localhost 
syslocation "Ukraine,Kharkov"
syscontact Root root@mydomain.com

rocommunity mysecret localhost

syslocation "Ukraine,Kharkov"

syscontact Root root@mydomain.com

# systemctl start snmpd

1	# systemctl start snmpd

# systemctl status snmpd

1	# systemctl status snmpd

# ps aux | grep [Ss]nmpd

1	# ps aux \| grep [Ss]nmpd

root      2124  0.2  1.0 222928 10688 ?        Ss   12:09   0:00 /usr/sbin/snmpd -LS0-6d –f

1	root 2124 0.2 1.0 222928 10688 ? Ss 12:09 0:00 /usr/sbin/snmpd -LS0-6d –f

# netstat -nlpu | grep 161

1	# netstat -nlpu \| grep 161

udp 0 0 0.0.0.0:161 0.0.0.0:* 2124/snmpd

1	udp 0 0 0.0.0.0:161 0.0.0.0:* 2124/snmpd

Проверка корректности работы SNMP

# snmpwalk -v 2c -c mysecret localhost

1	# snmpwalk -v 2c -c mysecret localhost

3.Настройка Cacti У cacti есть скрипт для создания базы данных. Находим файл с именем cacti.sql

# rpm -ql cacti | grep cacti.sql

1	# rpm -ql cacti \| grep cacti.sql

/usr/share/doc/cacti-0.8.8b/cacti.sql

1	/usr/share/doc/cacti-0.8.8b/cacti.sql

Создаем базу cacti и […]

Опубликовано в рубрике Centos, Monitoring

Метки: Cacti, poller, rrdtool, spine

Комментарии отключены

Установка и настройка APC(Alternative PHP Cache) на Centos5

Ноябрь 6th, 2013

Evgeniy Kamenev

Установка и настройка APC(Alternative PHP Cache) на Centos5 yum install php-pecl-apc /etc/init.d/httpd restart php -i ‘phpinfo’ | grep apc cp /usr/share/doc/php-pecl-apc-3.1.10/apc.php /var/www/html/ /var/www/html/ — это у меня корень сайта Проверяем в браузере http://<sitename>/apc.php nano /etc/php.d/apc.ini extension = apc.so ; Options for the APC module version >= 3.1.3 ; See http://www.php.net/manual/en/apc.configuration.php ; This can be set […]

Опубликовано в рубрике Centos, PHP

Метки: APC, php

Комментарии отключены

Тестирование Postfix-Dovecot+Привязка SSL к Dovecot

Ноябрь 6th, 2013

Evgeniy Kamenev

Тестирование Postfix-Dovecot+Привязка SSL к Dovecot Postfix(25 порт) freebsd9# telnet localhost 25 Trying 127.0.0.1… Connected to localhost. Escape character is ‘^]’. 220 freebds9.kamaok.org.ua ESMTP Postfix (2.9.5) helo localhost 250 freebds9.kamaok.org.ua mail from:<test@kamaok.org.ua> 250 2.1.0 Ok rcpt to:<test@kamaok.org.ua> 250 2.1.5 Ok data 354 End data with . hi thi is test message . 250 2.0.0 Ok: queued […]

Опубликовано в рубрике Centos, Linux/Unix General, Mail

Метки: dovecot, postfix, SSL

Комментарии отключены

Подключение репозитариев EPEL, RPMForge, Remi, ATrpms, Webtatic на Сentos

Ноябрь 6th, 2013

Evgeniy Kamenev

EPEL CentOS/RHEL 7 # rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm CentOS/RHEL 6 # rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm CentOS/RHEL 5 # rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm RPMForge CentOS/RHEL 7 x86 64bit: #rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm CentOS/RHEL 6 x86 64bit: #rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm CentOS/RHEL 6 x86 32bit: #rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm CentOS/RHEL 5 x86 64bit: #rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm CentOS/RHEL 5 x86 32bit: #rpm -Uvh […]

Опубликовано в рубрике Centos, System

Метки: ATrpms, EPEL, Remi, repository, RPMForge, Webtatic

Комментарии отключены

Использование виртуальных пользователей в Postfix+PostfixAdmin

Ноябрь 6th, 2013

Evgeniy Kamenev

Использование виртуальных пользователей в Postfix+PostfixAdmin 1.mkdir /home/vmail chmod 770 /home/vmail/ useradd -r -u 1000 -g 12 -d /home/vmail/ -c «Virtual mail» vmail chown -R vmail:mail /home/vmail/ [root@guk5 ~]# cat /etc/passwd | grep «vmail\|mail» mail:x:8:12:mail:/var/spool/mail:/sbin/nologin vmail:x:1000:12:Virtual mail:/home/vmail/:/bin/bash Настройка Postfix В /etc/postfix/main.cf добавляем local_recipient_maps = $virtual_mailbox_maps, $virtual_alias_maps mail_spool_directory = /var/spool/mail virtual_mailbox_base = /home/vmail virtual_mailbox_domains = mysql:/etc/postfix/sql/vdomains.cf virtual_mailbox_maps […]

Опубликовано в рубрике Centos, Mail

Метки: postfix, postfixadmin

Комментарии отключены

Обновление PHP c 5.1 до 5.3 и MySQL c 5.1 до 5.5 в Centos 5

Ноябрь 6th, 2013

Evgeniy Kamenev

Обновление PHP до 5.3 и MySQL до 5.5 в Centos 5 Для обновления php c вресии 5.1 до версии 5.3 подкллючаем репозитарий Atomic wget -q -O — http://www.atomicorp.com/installers/atomic.sh | sh Также мне пришлось отключить на время обновления репозитарий Centalt

<b>yum update php</b>

1	<b>yum update php</b>

<b> </b>

<b>nano /etc/php.ini</b>

1	<b>nano /etc/php.ini</b>

<b>date.timezone = Europe/Kiev</b>

1	<b>date.timezone = Europe/Kiev</b>

<b> </b>

<b>php -v</b>

1	<b>php -v</b>

<b>php -m</b>

1	<b>php -m</b>

<b>/etc/init.d/httpd restart</b>

1	<b>/etc/init.d/httpd restart</b>

После обновления php до версии 5.3 происходит […]

Опубликовано в рубрике Centos, PHP

Метки: php

Комментарии отключены

Установка и настройка Bind на Centos6

Ноябрь 6th, 2013

Evgeniy Kamenev

1.Установка Bind-демона, добавление в автозагрузку

# yum install bind bind-utils

1	# yum install bind bind-utils

# chkconfig --level 2345 named on

1	# chkconfig --level 2345 named on

2.Настройка конфигурационного файла Bind /etc/named.conf

# nano /etc/named.conf

1	# nano /etc/named.conf

options {
listen-on port 53 { 127.0.0.1; 195.64.155.22; };
directory       "/var/named";
dump-file       "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { any; };
recursion yes;
allow-transfer {"none";};
allow-recursion {localhost; };
version "My DNS Server";

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
    };
};

zone "." IN {
type hint;
file "named.ca";
};

# include "/etc/named.rfc1912.zones";
# include "/etc/named.root.key";

zone "kamaok.org.ua" in {
type master;
file "kamaok.org.ua.zone";
 };

options {

listen-on port 53 { 127.0.0.1; 195.64.155.22; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query { any; };

recursion yes;

allow-transfer {"none";};

allow-recursion {localhost; };

version "My DNS Server";

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

zone "." IN {

type hint;

file "named.ca";

};

# include "/etc/named.rfc1912.zones";

# include "/etc/named.root.key";

zone "kamaok.org.ua" in {

type master;

file "kamaok.org.ua.zone";

};

3.Создание файла описания зоны kamaok.org.ua

# nano /var/named/kamaok.org.ua.zone

1	# nano /var/named/kamaok.org.ua.zone

$TTL 900
@      IN     SOA     ns1.kamaok.org.ua.     admin.kamaok.org.ua. (
2014092600 ;Serial
14400      ;refresh
3600       ;Retry
1209600    ;Expire
86400 )    ; Minimum

kamaok.org.ua. IN     NS     ns1.kamaok.org.ua.
kamaok.org.ua. IN     NS     ns2.kamaok.org.ua.

localhost       IN     A       127.0.0.1
kamaok.org.ua. IN     A       195.64.155.22

ns1   IN     A       195.64.155.22
ns2   IN     A       195.64.155.22
mail IN     A       195.64.155.22

kamaok.org.ua. IN     MX     10 mail
*     IN     CNAME   kamaok.org.ua.

$TTL 900

@ IN SOA ns1.kamaok.org.ua. admin.kamaok.org.ua. (

2014092600 ;Serial

14400 ;refresh

3600 ;Retry

1209600 ;Expire

86400 ) ; Minimum

kamaok.org.ua. IN NS ns1.kamaok.org.ua.

kamaok.org.ua. IN NS ns2.kamaok.org.ua.

localhost IN A 127.0.0.1

kamaok.org.ua. IN A 195.64.155.22

ns1 IN A 195.64.155.22

ns2 IN A 195.64.155.22

mail IN A 195.64.155.22

kamaok.org.ua. IN MX 10 mail

* IN CNAME kamaok.org.ua.

4.Отключение использования IPv6 для DNS

# nano /etc/sysconfig/named

1	# nano /etc/sysconfig/named

OPTIONS="-4"

1	OPTIONS="-4"

5.Проверка синтаксиса конфигурационного файла Bind

# named-checkconf /etc/named.conf

1	# named-checkconf /etc/named.conf

6.Проверка файла описания зоны домена kamaok.org.ua

# named-checkzone kamaok.org.ua /var/named/kamaok.org.ua.zone

1	# named-checkzone kamaok.org.ua /var/named/kamaok.org.ua.zone

zone kamaok.org.ua/IN: loaded serial 2014092600
OK

1 2	zone kamaok.org.ua/IN: loaded serial 2014092600 OK

7.Запуск Bind

# /etc/init.d/named start

1	# /etc/init.d/named start

ps ax | grep [n]amed
2750 ?       Ssl   0:00 /usr/sbin/named -u named -4

1 2	ps ax \| grep [n]amed 2750 ? Ssl 0:00 /usr/sbin/named -u named -4

8.Настройка rndc […]

Опубликовано в рубрике Centos, DNS

Метки: Bind, DNS

Комментарии отключены

Установка и настройка Denyhost на Centos

Ноябрь 6th, 2013

Evgeniy Kamenev

yum install denyhosts nano /etc/hosts.allow #список адресов,разрешенных для подключения(белый список) sshd: 159.224.38.182 sshd: 159.224.38.183 sshd : 178.165.70.240 cp /etc/denyhosts.conf /etc/denyhosts.conf~ nano /etc/denyhosts.conf # Какой лог парсить для нахожжения попыток аутентификации SECURE_LOG = /var/log/secure # Куда заносить блокированные хосты HOSTS_DENY = /etc/hosts.deny # Как часто очищать список блокированных хостов PURGE_DENY = 4w # Какие службы мониторить […]

Опубликовано в рубрике Centos, Security

Метки: denyhost

Комментарии отключены

Архивы рубрики ‘Centos’

Настройка fail2ban для защиты ssh,proftpd,exim,postfix,dovecot на Centos.

Установка и настройка Cacti на Centos

Установка и настройка APC(Alternative PHP Cache) на Centos5

Тестирование Postfix-Dovecot+Привязка SSL к Dovecot

Подключение репозитариев EPEL, RPMForge, Remi, ATrpms, Webtatic на Сentos

Использование виртуальных пользователей в Postfix+PostfixAdmin

Обновление PHP c 5.1 до 5.3 и MySQL c 5.1 до 5.5 в Centos 5

Установка и настройка Bind на Centos6

Установка и настройка Denyhost на Centos

Страницы

Свежие записи

Архивы

Рубрики

Админ-панель