Установка и настройка модуля mod_rpaf на Сentos 6 1.Установка wget http://repo.x-api.net/centos6/x86_64/mod_rpaf-0.6-2.el6.x86_64.rpm rpm -ihv mod_rpaf-0.6-2.el6.x86_64.rpm Либо собираем rpm-пакет из иходников cd /tmp wget http://centos.alt.ru/6/SRPMS/mod_rpaf-0.6-2.el6.src.rpm rpm -ihv mod_rpaf-0.6-2.el6.src.rpm yum install rpm-build gcc httpd-devel rpmbuild -bb /root/rpmbuild/SPECS/mod_rpaf.spec rpm -ihv /root/rpmbuild/RPMS/x86_64/mod_rpaf-0.6-2.el6.x86_64.rpm 2.Настройка В /etc/httpd/conf.d/ создаем файл rpaf.conf с таким содержанием (или правим его до этого вида, если он […]
Архивы за месяц Ноябрь, 2013
Настройка Nginx+mod_rpaf/mod_extract_forwarded на Centos 6
Ноябрь 6th, 2013 
Evgeniy Kamenev 
Опубликовано в рубрике Centos, Web 
Метки: mod_extract_forwarded, mod_rpaf, Nginx 
Комментарии к записи Настройка Nginx+mod_rpaf/mod_extract_forwarded на Centos 6 отключеныУстановка и настройка Nginx+PHP-FPM(FastCGI Process Manager) на Centos 6/7
Ноябрь 6th, 2013 Evgeniy Kamenev Установка и настройка Nginx+PHP—FPM(FastCGI Process Manager) на Centos 6/7 Имеем три виртуальных хоста с дом.каталогами в разных пользователях joomla.us (/home/user/joomla/joomla.us) wordpress.us (/home/user/wordpress/wordpress.us) kamaok.us (/home/user/kamaok/kamaok.us) Будет создано три php-fpm пула — по отдельному пулу для каждого пользователя, под которыми и будет работать php-fpm. 1.Установка Nginx Centos 7 Либо rpm —import http://nginx.org/keys/nginx_signing.key rpm -ivh […]
Установка и настройка NFS-сервера и NFS-клиента на Centos
Ноябрь 6th, 2013 Evgeniy Kamenev Установка и настройка NFS-сервера и NFS-клиента на Centos 1.Установка NFS Проверка, установлен ли nfs уже в системе [root@guk5 ~]# chkconfig —list nfs nfs 0:выкл 1:выкл 2:вкл 3:вкл 4:вкл 5:вкл 6:выкл Аналогично проверяем службу portmap [root@kit ~]# chkconfig —list portmap portmap 0:выкл 1:выкл 2:вкл 3:вкл 4:вкл 5:вкл 6:выкл Если нет, то устанавливаем ,добавляем в автозагрузку, запускаем […]
Установка и настройка Mytop на Centos
Ноябрь 6th, 2013 Evgeniy Kamenev Установка и настройка Mytop на Centos/Debian/Ubuntu
|
1 |
# yum install mytop |
|
1 |
# apt-get install atop |
Настроить mytop можно 3 способами 1.Запуск с передачей аргументов с командной строки
|
1 |
# mytop -u root -p123456789 -d mysql |
2.Создание файла .mytop в домашнем каталоге пользователя(например,root)
|
1 |
# nano /root/.mytop |
|
1 2 3 4 |
user=root pass=123456789 delay=1 db=mysql |
|
1 |
# chmod 400 /root/.mytop && chown root:root /root/.mytop |
и запускаем просто через команду mytop 3.Редактирование бинарника
|
1 |
# which mytop |
|
1 |
/usr/bin/mytop |
|
1 |
# nano /usr/bin/mytop |
|
1 2 3 4 |
user=root pass=123456789 delay=1 db=mysql |
Описание утилиты Как видно на снимке, основной экран делится на […]
Опубликовано в рубрике Centos, Debian/Ubuntu, Linux/Unix General, MySQL, MySQL Метки: mytop Комментарии к записи Установка и настройка Mytop на Centos отключеныУстановка и настройка Munin на FreeBSD/Centos
Ноябрь 6th, 2013 Evgeniy Kamenev Установка и настройка Munin на FreeBSD/Centos В качестве сервера Munin будет выступать FreeBSD-сервер, а в качестве клиентов — тот же FreeBSD-сервер и пару Сentos-серверов 1.Установка и настройка munin-сервера. а)cd /usr/ports/sysutils/munin-master/ make make install б)Настраиваем основной конфигурационнай файл nano /usr/local/etc/munin/munin.conf dbdir /var/munin htmldir /usr/local/www/munin logdir /var/log/munin rundir /var/run/munin tmpldir /usr/local/etc/munin/templates staticdir /usr/local/etc/munin/static cgitmpdir /var/munin/cgi-tmp includedir /usr/local/etc/munin/munin-conf.d […]
Опубликовано в рубрике Centos, FreeBSD, Monitoring, Monitoring Метки: munin Комментарии к записи Установка и настройка Munin на FreeBSD/Centos отключеныУстановка и настройка memcached на Centos
Ноябрь 6th, 2013 Evgeniy Kamenev Установка и настройка memcached на Centos 1.Подключение репозитариев, если они еще не подключены Либо RPMForge i386 rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.5.1-1.el5.rf.i386.rpm x86_64 rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.5.1-1.el5.rf.x86_64.rpm Установка ключа rpm –import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt Либо EPEL- # rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm # rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm 2.Установка memcached yum install memcached 3.Настройка,запуск,постановка в автозагрузка nano /etc/sysconfig/memcached PORT=»11211″ USER=»memcached» MAXCONN=»1024″ # максимальное количество подключений […]
Установка и настройка Logwatch на Centos/Debian
Ноябрь 6th, 2013 Evgeniy Kamenev Установка и настройка Logwatch на Centos 1.Установка logwatch
|
1 |
# yum install logwatch |
|
1 |
# whereis logwatch |
|
1 |
logwatch: /usr/sbin/logwatch /etc/logwatch /usr/share/logwatch /usr/share/man/man8/logwatch.8.gz |
2. Настройка основного конфигурационного файла /usr/share/logwatch/default.conf/logwatch.conf
|
1 |
# cp /usr/share/logwatch/default.conf/logwatch.conf /share/logwatch/default.conf/logwatch.conf~ |
|
1 |
# nano /usr/share/logwatch/default.conf/logwatch.conf |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
LogDir = /var/log TmpDir = /var/cache/logwatch MailTo = your@email MailFrom = Logwatch-myservername Print = No #Save = /tmp/logwatch Archives = Yes Range = yesterday Detail = High Service = All Service = "-zz-network" Service = "-zz-sys" Service = "-eximstats" mailer = "sendmail -t" |
3.Проверка наличия добавленного системой задания по запуску logwatch в планировщик cron
|
1 |
# cat /etc/cron.daily/*logwatch |
4.Тестируем работоспособность Logwatch
|
1 |
# logwatch |
На почту должно прийти письмо от Logwatch с результатами проверок Пояснение параметров /usr/share/logwatch/default.conf/logwatch.conf
|
1 |
LogDir |
— путь к каталогу, в […]
Опубликовано в рубрике Centos, Debian/Ubuntu, Security, Security Метки: logwatch Комментарии к записи Установка и настройка Logwatch на Centos/Debian отключеныУстановка и настройка Keepalived на Centos
Ноябрь 6th, 2013 Evgeniy Kamenev Установка и настройка Keepalived на Centos VIP-adress – 192.168.1.126 Server1 centos641.kama.dnsalias.com Server2 centos642.kama.dnsalias.com 1.Установка необходимого ПО yum install keepalived yum install ipvsadm 2.Добавление алиаса на lo nano /etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo IPADDR= 192.168.1.126 NETMASK=255.255.255.255 #NETWORK=192.168.1.0 #BROADCAST=192.168.1.255 ONBOOT=yes NAME=loopback /etc/init.d/network restart Проверяем наличие адреса на интерфейсе lo [root@centos641 sites]# ip […]
Опубликовано в рубрике Centos Метки: keepalived Комментарии к записи Установка и настройка Keepalived на Centos отключеныУстановка и настройка ImageMagic на Centos6,Debian7,Gentoo
Ноябрь 6th, 2013 Evgeniy Kamenev Установка и настройка ImageMagic на Centos6 yum install php php-devel yum install ImageMagick ImageMagick-devel yum install php-pear gcc make #Установка php-расширения для работы с ImageMagick pecl install imagick nano /etc/php.d/imagick.ini extension=imagick.so nano /etc/httpd/conf/httpd.conf ServerAdmin root@localhost /etc/init.d/httpd restart Установка и настройка ImageMagic на Debian7 apt-get install imagemagick apt-get install php5-imagick cat /etc/php5/conf.d/imagick.ini apt-get install […]
Опубликовано в рубрике Centos, Debian/Ubuntu, Other, Other Метки: ImageMagic Комментарии к записи Установка и настройка ImageMagic на Centos6,Debian7,Gentoo отключеныНастройка fail2ban для защиты ssh,proftpd,exim,postfix,dovecot на Centos.
Ноябрь 6th, 2013 Evgeniy Kamenev Установка fail2ban
|
1 |
# yum install fail2ban |
1.Настройка конфигурационного файла fail2ban
|
1 |
# grep -v -E '(\#|^$)' /etc/fail2ban/fail2ban.conf |
|
1 2 3 4 5 6 7 8 |
[Definition] loglevel = INFO logtarget = /var/log/fail2ban.log syslogsocket = auto socket = /var/run/fail2ban/fail2ban.sock pidfile = /var/run/fail2ban/fail2ban.pid dbfile = /var/lib/fail2ban/fail2ban.sqlite3 dbpurgeage = 86400 |
2.Настройка Fail2ban для мониторинга логов
|
1 |
# grep -v -E '(\#|^$)' /etc/fail2ban/jail.conf |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
[INCLUDES] before = paths-fedora.conf [DEFAULT] ignoreip = 127.0.0.1/8 159.224.XXX.YYY ignorecommand = bantime = 86400 findtime = 7200 maxretry = 5 backend = auto usedns = warn logencoding = auto enabled = false filter = %(__name__)s destemail = myuser@mydomain.com sender = root@mydomain.com mta = sendmail protocol = tcp chain = INPUT port = 0:65535 banaction = iptables-multiport action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"] action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"] action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"] xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"] action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"] action_badips = badips.py[category="%(name)s", banaction="%(banaction)s"] action = %(action_)s ### SSH [sshd - iptables] port = 2200 logpath = /var/log/secure maxretry = 3 enabled = true filter = sshd action = %(action_mwl)s bantime = 86400 findtime = 3600 maxretry = 3 ### ProFTPD [proftpd-iptables] port = ftp,ftp-data,ftps,ftps-data enabled = true filter = proftpd action = %(action_mwl)s #action = iptables[name=ProFTPD, port=ftp, protocol=tcp] # sendmail-whois[name=ProFTPD, dest=myname@mydomain.com, sender=root@mydomain.com] logpath = /var/log/proftpd/proftpd.log bantime = 86400 findtime = 3600 maxretry = 3 ### Exim [exim-iptables] port = smtp,465,submission enabled = true filter = exim action = %(action_mwl)s # action = iptables-multiport[name=Exim, port="smtp,smtps,submission", protocol=tcp] # sendmail-whois[name=Exim, dest= myname@mydomain.com, sender=root@mydomain.com] logpath = /var/log/exim/mainlog bantime = 86400 #bantime = -1 # блокировка навсегда findtime = 3600 maxretry = 3 ### Dovecot [dovecot-iptables] port = pop3,pop3s,imap,imaps enabled = true filter = dovecot action = %(action_mwl)s # Необходимо указать файл,в котором логируются попытки аутентификации для Dovecot logpath = /var/log/secure #logpath = /var/log/maillog #logpath = /var/log/dovecot.log bantime = 86400 findtime = 3600 maxretry = 3 ### Postfix [postfix-sasl] enabled = true port = smtp,465,submission logpath = /var/log/maillog filter = postfix-sasl action = %(action_mwl)s #action = iptables[name=postfix-sasl, port=smtp,smtps,submission protocol=tcp] # sendmail-whois[name=postfix-sasl, dest=myname@mydomain.com, sender=root@mydomain.com] bantime = 604800 findtime = 3600 maxretry = 3 [postfix-iptables] enabled = true port = smtp,465,submission logpath = /var/log/maillog filter = postfix action = %(action_mwl)s #action = iptables[name=Postfix-smtp, port=smtp, protocol=tcp] # sendmail[name=Postfix-smtp, dest=myname@mydomain.com, sender=root@mydomain.com] logpath = /var/log/maillog bantime = 604800 maxretry = 3 findtime = 3600 |
3.Настройка Fail2ban фильтров для мониторинга логов Будем использовать все штатные фильтры, которые поставляются в комплекте с fail2ban SSH
|
1 |
# nano /etc/fail2ban/filter.d/sshd.conf |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
[Definition] _daemon = sshd failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$ ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$ ^%(__prefix_line)sFailed \S+ for .*? from <HOST>(?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ %(__md5hex)s(, client user ".*", client host ".*")?))?\s*$ ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$ ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers\s*$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because listed in DenyUsers\s*$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because not in any group\s*$ ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ ^%(__prefix_line)sReceived disconnect from <HOST>: 3: \S+: Auth fail$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because a group is listed in DenyGroups\s*$ ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$ ^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked<SKIPLINES>(?P=__prefix)(?:error: )?Received disconnect from <HOST>: 11: .+ \[preauth\]$ ^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? \[preauth\]<SKIPLINES>(?P=__prefix)(?:error: )?Connection closed by <HOST> \[preauth\]$ ^(?P<__prefix>%(__prefix_line)s)Connection from <HOST> port \d+(?: on \S+ port \d+)?<SKIPLINES>(?P=__prefix)Disconnecting: Too many authentication failures for .+? \[preauth\]$ ^%(__prefix_line)spam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$ ignoreregex = |
ProFTPD
|
1 |
# nano /etc/fail2ban/filter.d/proftpd.conf |
|
1 2 3 4 5 6 7 8 9 |
[Definition] _daemon = proftpd __suffix_failed_login = (User not authorized for login|No such user found|Incorrect password|Password expired|Account disabled|Invalid shell: '\S+'|User in \S+|Limit ($ failregex = ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .*: no such user found from \S+ \[\S+\] to \S+:\S+ *$ ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .* \(Login failed\): %(__suffix_failed_login)s\s*$ ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: .* login attempted\. *$ ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded *$ ignoreregex = |
Exim
|
1 |
# nano /etc/fail2ban/filter.d/exim.conf |
|
1 2 3 4 5 6 7 |
[Definition] failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$ ^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\](:\d+)?( I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s$ ^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (relay not permitted|Sender verify failed|Unknown user)\s*$ ^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$ ^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\](:\d+)? )?dropped: too many nonmail commands \(last was "\S+"\)\s*$ ignoreregex = |
Dovecot
|
1 |
# nano /etc/fail2ban/filter.d/dovecot.conf |
|
1 2 3 4 5 6 7 |
[Definition] _daemon = (auth|dovecot(-auth)?|auth-worker) failregex = ^%(__prefix_line)s(%(__pam_auth)s(\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(\s+user=\$ ^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disab$ ^%(__prefix_line)s(Info|dovecot: auth\(default\)|auth-worker\(\d+\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying aut$ ^%(__prefix_line)s(auth|auth-worker\(\d+\)): (pam|passwd-file)\(\S+,<HOST>\): unknown user\s*$ ignoreregex = |
Postfix
|
1 |
# nano /etc/fail2ban/filter.d/postfix-sasl.conf |
|
1 2 3 4 |
[Definition] _daemon = postfix/(submission/)?smtp(d|s) failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$ ignoreregex = |
|
1 |
# nano /etc/fail2ban/filter.d/postfix.conf |
|
1 2 3 4 5 6 7 8 |
[Definition] _daemon = postfix/(submission/)?smtp(d|s) failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$ ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$ ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$ ignoreregex = |
4.Проверка работы фильтра […]