I don't know what's the matter with people: they don't learn by understanding, they learn by some other way — by rote or something. Their knowledge is so fragile! (Feynman)
Download latest epel-release rpm from
http://download-ib01.fedoraproject.org/pub/epel/6/x86_64/
Install epel-release rpm:
Install bsd-mailx rpm package:
with mailx you can delete the messages as follow (as root):
…
& d *
& q
reCaptcha plugin for Roundcube is a good way to protect your server against brute-force attacks on a webmail.
We will install it from the plugin’s repository https://github.com/dsoares/rcguard.git. The addon was tested at the moment of the writing of this guide with RoundCube version 1.3.3.
First make sure you’ve got git installed on your server. If it’s missing you can install it either from your OS repository with a package manager or from sources.
Installation of the plugin into RoundCube on a Directadmin server starts with the following commands:
cd /var/www/html/roundcube/plugins/ GIT_SSL_NO_VERIFY=true git clone https://github.com/dsoares/rcguard.git rcguard chown -R webapps:webapps rcguard/ cd rcguard mv config.inc.php.dist config.inc.php
Example of an output from git command:
# GIT_SSL_NO_VERIFY=true git clone https://github.com/dsoares/rcguard.git rcguard Cloning into 'rcguard'... remote: Counting objects: 470, done. remote: Total 470 (delta 0), reused 0 (delta 0), pack-reused 470 Receiving objects: 100% (470/470), 82.68 KiB, done. Resolving deltas: 100% (240/240), done.
If you see an error you should read everything carefully and try to resolve it. Please feel free to contact us if anything goes wrong here.
Go to https://www.google.com/recaptcha/admin and get your keys.
It’s important to mention, that Google will show reCaptcha only on domains which were registered at Google for these particular pair of keys. It means that you should either register all of your domains at Google if you want to access RoundCube on users’ domains, or use one domain (or hostname) for all users and register one domain at Google.
As soon as you get your keys you should add them into configuration file of the addon.
Open the config file of the plugin in an editor:
vi config.inc.php
and update the following lines with your real public and private keys from Google:
// Public key for reCAPTCHA $config['recaptcha_publickey'] = ''; // Private key for reCAPTCHA $config['recaptcha_privatekey'] = '';
So it would look like the following:
// Public key for reCAPTCHA $rcmail_config['recaptcha_publickey'] = '6LdNmhYTAAAAAOXR**********OcI6MPpePq2eRn'; // Private key for reCAPTCHA $rcmail_config['recaptcha_privatekey'] = '6LdNmhYTAAAAAB**********vJxvSjDR9VUiDDq-';
For security reasons some symbols are masked here, in your case there should not be asterisks.
You can change other settings of the plugin per your needs. For example this one:
// Number of failed logins before reCAPTCHA is shown $rcmail_config['failed_attempts'] = 5;
can be changed to
// Number of failed logins before reCAPTCHA is shown $rcmail_config['failed_attempts'] = 1;
if you want reCaptcha to be shown after the first failed login (the default is 5).
Connect to mysql either in a shell with the following command:
mysql --defaults-extra-file=/usr/local/directadmin/conf/my.cnf da_roundcube
Or use phpMyAdmin interface and choose DB with name da_roundcube.
Then run the following query:
CREATE TABLE `rcguard` ( `ip` VARCHAR(40) NOT NULL, `first` DATETIME NOT NULL, `last` DATETIME NOT NULL, `hits` INT(10) NOT NULL, PRIMARY KEY (`ip`), INDEX `last_index` (`last`), INDEX `hits_index` (`hits`) ) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci; quit;
Here is an example of a desirable output: “Query OK, 0 rows affected (0.03 sec)”, and in full it will look as the following:
MariaDB [da_roundcube]> CREATE TABLE `rcguard` (
-> `ip` VARCHAR(40) NOT NULL,
-> `first` DATETIME NOT NULL,
-> `last` DATETIME NOT NULL,
-> `hits` INT(10) NOT NULL,
-> PRIMARY KEY (`ip`),
-> INDEX `last_index` (`last`),
-> INDEX `hits_index` (`hits`)
-> ) ENGINE = InnoDB CHARACTER SET utf8 COLLATE utf8_general_ci;
Query OK, 0 rows affected (0.03 sec)
MariaDB [da_roundcube]>
MariaDB [da_roundcube]> quit;
Bye
Now we need to modify RoundCube main configuration in order to let it work with the addon/plugin.
Register the plugin by modifying config.inc.php:
cd /var/www/html/roundcube/config/ vi ./config.inc.php
Find the line
$config['plugins'] = array(
and change it to:
$config['plugins'] = array(
'rcguard',
Don’t forget to add a comma in the end of the line.
For this you need to copy the plugin and updated config into a special folder of custombuild:
mkdir -p /usr/local/directadmin/custombuild/custom/roundcube/plugins/ cd /usr/local/directadmin/custombuild/custom/roundcube/ cp -r /var/www/html/roundcube/plugins/rcguard ./plugins/ cp -p /var/www/html/roundcube/config/config.inc.php .
Every time when you update a version of RoundCube with Directadmin you will still have the plugin enabled.
That’s it. Tags: directadminE-mailRoundcubepluginsSecurityreCaptcha
List of user’s group
# groups username
# adduser username -g sftp -s /sbin/nologin # passwd username
in general to add a new group
# groupadd
in general to add user to a group
#usermod -G group username
Open and add the following lines to /etc/ssh/sshd_config configuration file:
list of groups and its users # cat /etc/group Subsystem sftp internal-sftp Match Group sftp ChrootDirectory /home/%u ForceCommand internal-sftp X11Forwarding no AllowTcpForwarding no
# systemctl restart sshd OR # service sshd restart then check the user home directory permissions # ls /home/ -ltra in case run this # chmod 755 /home/username/ # chown root:sftp /home/username/ -Rf
# chown username:sftp /home/username/basedir
I had this error when I tried to create folder in basedir:
mkdir /New directory: permission denied
after googlig a lot I found this here (Thanks):
# setsebool -P ssh_chroot_rw_homedirs on
# restorecon -R /home/username
After this, sftp works as expected, even when chrooted, without having to disable SELinux completely.——other explanation——
This tutorial will help you to create SFTP only user (without ssh access) on CentOS and RedHat systems. The user can connect the server with SFTP access only and allowed to access the specified directory. User can’t SSH into the server. Follow the below tutorial to create sftp only account.
First of all, create a user account to use for sftp access. Below command will create user named sftpuser with no shell access.
sudo adduser --shell /bin/false sftpuser sudo passwd sftpuser
Now, create the directory structure to be accessible by sftp user.
sudo mkdir -p /var/sftp/files
Change the ownership of the files directory to sftp user. So that sftpuser can read and write on this directory.
sudo chown sftpuser:sftpuser /var/sftp/files
And set the owner and group owner of the /var/sftp to root. The root user has read/write access on this access. Group member and other account have only read and execute permissions.
sudo chown root:root /var/sftp sudo chmod 755 /var/sftp
Now edit the SSH configuration file in a text editor
sudo vim /etc/ssh/sshd_config
and add the following settings at end of file.
Match User sftpuser ForceCommand internal-sftp PasswordAuthentication yes ChrootDirectory /var/sftp PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no
Save the configuration and restart SSH service to apply changes.
sudo systemctl restart sshd.service
and c.email_address NOT REGEXP ‘[-a-z0-9~!$%^&=+}{\\’?]+(\.[-a-z0-9~!$%^&=+}{\\’?]+)@([a-z0-9_][-a-z0-9_](\.[-a-z0-9_]+)*\.(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z][a-z])|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(:[0-9]{1,5})?’
In windows server 2012 : msg * In 5 minutes the server will be restarted
The Net Send command has the following syntax:
net send {username | * | /domain[:domainname] | /users} message
where
username – user name, computer name, or messaging name to which you want to send the message;
* – sends the message to all names in your domain or workgroup;
/domain[:domainname] – sends the message to all names in the computer’s domain or in the specified domain;
/users – sends the message to all users connected to the server;
message – specifies text of the message.
