使用SquirrelMail在CentOS 5.3 / ISPConfig 3上配置fail2ban

使用SquirrelMail在CentOS 5.3 / ISPConfig 3上配置fail2ban 3

介绍

本教程将介绍如何通过使用fail2ban来防止无限制的登录尝试,从而对您的SquirrelMail Web登录进行强力攻击。

要求

确保fail2ban和SquirrelMail都安装在这里详细介绍的CentOS v5.3 / ISPConfig 3机器上。

但是,他们的安装是直接的:

yum install fail2ban squirrelmail

您必须主动使用iptables作为防火墙。 Fail2ban通过为未授权的源IP地址创建一个临时丢弃规则。

2.松鼠邮件记录配置

默认登录到/ var / log / maillog的 CentOS v5.3 / ISPConfig 3下的SquirrelMail(imapd),但仅作为IP地址127.0.0.1(localhost)。 因为我们试图禁止一个特定的源地址,所以fail2ban不能使用这个文件。 因此,我们安装并使用Squirrel Logger来捕获登录尝试的真实源地址。

下载并安装松鼠记录器

cd /usr/share/squirrelmail/plugins
wget http://squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fsquirrel_logger-2.3-1.2.7.tar.gz
tar zxvf squirrel_logger-2.3-1.2.7.tar.gz
cd squirrel_logger-2.3-1.2.7
cp config_example.php config.php

虽然这个插件是最新版本的Squirrel Logger ,如果已经进行了修订升级,那么直接从SquirrelMail Plugins网站下载它。

如果您的计算机使用的本地时间不是GMT,请使用vi更改: config_php中的$ sl_use_GMT = 1$ sl_use_GMT = 0

原来config.php

...
// Log dates in GMT?  If you do not do this, dates will
// be logged in whatever timezone each user is in (or
// has set in their personal preferences)
//
//    1 = yes
//    0 = no
//
$sl_use_GMT = 1;
...

修改了config.php

...
// Log dates in GMT?  If you do not do this, dates will
// be logged in whatever timezone each user is in (or
// has set in their personal preferences)
//
//    1 = yes
//    0 = no
//
$sl_use_GMT = 0;
...

删除下载的Squirrel Logger gzip文件:

cd /usr/share/squirrelmail/plugins
rm squirrel_logger-2.3-1.2.7.tar.gz

配置SquirrelMail使用松鼠记录器插件:

/usr/share/squirrelmail/config/conf.pl
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Main Menu --
1.  Organization Preferences
2.  Server Settings
3.  Folder Defaults
4.  General Options
5.  Themes
6.  Address Books
7.  Message of the Day (MOTD)
8.  Plugins
9.  Database
10. Languages

D.  Set pre-defined settings for specific IMAP servers

C   Turn color on
S   Save data
Q   Quit

Command >>
Select: Plugins
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
  Installed Plugins
    1. delete_move_next
    2. squirrelspell
    3. newmail
Available Plugins: 4. listcommands 5. fortune 6. filters 7. translate 8. abook_take 9. spamcop     10. squirrel_logger 11. mail_fetch 12. calendar 13. sent_subfolders 14. message_details 15. administrator 16. info 17. bug_report R Return to Main Menu C Turn color on S Save data Q Quit Command >>
Select: squirrel_logger
SquirrelMail Configuration : Read: config.php (1.4.0)
---------------------------------------------------------
Plugins
  Installed Plugins
    1. delete_move_next
    2. squirrelspell
    3. newmail
    4. squirrel_logger
Available Plugins: 5. listcommands 6. fortune 7. filters 8. translate 9. abook_take 10. spamcop 11. mail_fetch 12. calendar 13. sent_subfolders 14. message_details 15. administrator 16. info 17. bug_report R Return to Main Menu C Turn color on S Save data Q Quit Command >>
Select: Save data, Quit

3. Fail2ban配置

更改为fail2ban配置目录:

cd /etc/fail2ban

假设您使用http传输SquirrelMail,请使用vi将以下行添加到jail.conf文件中:

[squirrelmail-iptables]
enabled  = true
filter   = squirrelmail
action   = iptables[name=SquirrelMail, port=http, protocol=tcp]
           sendmail-whois[name=SquirrelMail, dest=you@your_domain.com, sender=fail2ban@your_domain.com]
logpath  = /var/lib/squirrelmail/prefs/squirrelmail_access_log
maxretry = 4

确保dest发件人的 maxretry和email地址设置为您的要求。

更改为fail2ban过滤器目录:

cd filter.d

filter.d目录中,使用vi创建一个具有以下内容的squirrelmail.conf文件:

# Fail2Ban configuration file
#
# Author: Bill Landry ((email_protected))
#
# $Revision: 510 $

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#         host must be matched by a group named "host". The tag "
  
   " can
#         be used for standard IP/hostname matching and is only an alias for
#         (?:::f{4,6}:)?(?P
   
    \S+)
# Values: TEXT

failregex = \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT

ignoreregex =

   
  

Fail2ban需要识别squirrelmail_access_log文件中使用的日期格式。

cd /usr/share/fail2ban/server

使用vi编辑datedetector.py文件,并在Apache格式Exim格式部分之间添加以下行:

# SquirrelMail 09/13/2007 06:43:20
template = DateStrptime()
template.setName("Month/Day/Year Hour:Minute:Second")
template.setRegex("\d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}")
template.setPattern("%m/%d/%Y %H:%M:%S")
self.__templates.append(template)
赞(52) 打赏
未经允许不得转载:优客志 » 系统运维
分享到:

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏