使用SquirrelMail在CentOS 5.3 / ISPConfig 3上配置fail2ban 3
介绍
本教程将介绍如何通过使用fail2ban来防止无限制的登录尝试,从而对您的SquirrelMail Web登录进行强力攻击。
要求
确保fail2ban和SquirrelMail都安装在这里详细介绍的CentOS v5.3 / ISPConfig 3机器上。
但是,他们的安装是直接的:
yum install fail2ban squirrelmail
您必须主动使用iptables作为防火墙。 Fail2ban通过为未授权的源IP地址创建一个临时丢弃规则。
2.松鼠邮件记录配置
默认登录到/ var / log / maillog的
CentOS v5.3 / ISPConfig 3下的SquirrelMail(imapd),但仅作为IP地址127.0.0.1(localhost)。 因为我们试图禁止一个特定的源地址,所以fail2ban不能使用这个文件。 因此,我们安装并使用Squirrel Logger
来捕获登录尝试的真实源地址。
下载并安装松鼠记录器
:
cd /usr/share/squirrelmail/plugins
wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fsquirrel_logger-2.3-1.2.7.tar.gz
tar zxvf squirrel_logger-2.3-1.2.7.tar.gz
cd squirrel_logger-2.3-1.2.7
cp config_example.php config.php
虽然这个插件是最新版本的Squirrel Logger
,如果已经进行了修订升级,那么直接从SquirrelMail Plugins网站下载它。
如果您的计算机使用的本地时间不是GMT,请使用vi
更改: config_php中的$ sl_use_GMT = 1
到$ sl_use_GMT = 0
:
原来config.php
:
... // Log dates in GMT? If you do not do this, dates will // be logged in whatever timezone each user is in (or // has set in their personal preferences) // // 1 = yes // 0 = no // $sl_use_GMT = 1; ...
修改了config.php
:
... // Log dates in GMT? If you do not do this, dates will // be logged in whatever timezone each user is in (or // has set in their personal preferences) // // 1 = yes // 0 = no // $sl_use_GMT = 0; ...
删除下载的Squirrel Logger
gzip文件:
cd /usr/share/squirrelmail/plugins
rm squirrel_logger-2.3-1.2.7.tar.gz
配置SquirrelMail使用松鼠记录器
插件:
/usr/share/squirrelmail/config/conf.pl
SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color on S Save data Q Quit Command >>
Select: Plugins
SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Plugins Installed Plugins 1. delete_move_next 2. squirrelspell 3. newmail
Available Plugins: 4. listcommands 5. fortune 6. filters 7. translate 8. abook_take 9. spamcop 10. squirrel_logger 11. mail_fetch 12. calendar 13. sent_subfolders 14. message_details 15. administrator 16. info 17. bug_report R Return to Main Menu C Turn color on S Save data Q Quit Command >>
Select: squirrel_logger
SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Plugins Installed Plugins 1. delete_move_next 2. squirrelspell 3. newmail 4. squirrel_logger
Available Plugins: 5. listcommands 6. fortune 7. filters 8. translate 9. abook_take 10. spamcop 11. mail_fetch 12. calendar 13. sent_subfolders 14. message_details 15. administrator 16. info 17. bug_report R Return to Main Menu C Turn color on S Save data Q Quit Command >>
Select: Save data, Quit
3. Fail2ban配置
更改为fail2ban配置目录:
cd /etc/fail2ban
假设您使用http传输SquirrelMail,请使用vi
将以下行添加到jail.conf
文件中:
[squirrelmail-iptables] enabled = true filter = squirrelmail action = iptables[name=SquirrelMail, port=http, protocol=tcp] sendmail-whois[name=SquirrelMail, dest=you@your_domain.com, sender=fail2ban@your_domain.com] logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log maxretry = 4
确保dest
和发件人的
maxretry
和email地址设置为您的要求。
更改为fail2ban过滤器目录:
cd filter.d
在filter.d
目录中,使用vi
创建一个具有以下内容的squirrelmail.conf
文件:
# Fail2Ban configuration file # # Author: Bill Landry ((email_protected)) # # $Revision: 510 $ [Definition] # Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag " " can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P \S+) # Values: TEXT failregex = \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT ignoreregex =
Fail2ban需要识别squirrelmail_access_log
文件中使用的日期格式。
cd /usr/share/fail2ban/server
使用vi
编辑datedetector.py
文件,并在Apache格式
和Exim格式
部分之间添加以下行:
# SquirrelMail 09/13/2007 06:43:20 template = DateStrptime() template.setName("Month/Day/Year Hour:Minute:Second") template.setRegex("\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}") template.setPattern("%m/%d/%Y %H:%M:%S") self.__templates.append(template)