Posts

Posted on

Failban configuration

Today I found an error in the regular expression of failban filter :

/etc/fail2ban/filter.d/postfix-sasl.conf

with this useful site https://regex101.com/ gave me an error so I changed the expression from

failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*     

failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+\/:]*={0,2})?\s*     

failban conf file : jail.conf

[postfix-sasl]

enabled = true
filter = postfix-sasl
action = iptables[name=postfix-sasl, port=”smtp,465,submission,imap3,imaps,pop3,pop3s”, protocol=tcp]
sendmail-whois[name=postfix-sasl, dest=postmaster@saic.it, sender=postmaster@saic.it]
#port = smtp,465,submission,imap3,imaps,pop3,pop3s
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# “warn” level but overall at the smaller filesize.
logpath = %(postfix_log)s
backend = %(postfix_backend)s
maxretry = 3
bantime = 10800

here /etc/fail2ban/paths-fedora.conf the configuration of the variable postfix_log and postfix_backend

http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal

Posted on

Linux Centos 7 – Startup Services – Functions

systemctl disable httpd
Running systemctl disable removes the symlink to the service in /etc/systemd/system/*

systemctl status httpd

systemctl list-unit-files

systemctl start application.service

systemctl list-units –type=service
systemctl list-units –all –state=inactive

systemctl mask nginx.service
systemctl unmask nginx.service

systemctl edit nginx.service

To remove any additions you have made, either delete the unit’s .d configuration directory or the modified service file from /etc/systemd/system. For instance, to remove a snippet, we could type:

sudo rm -r /etc/systemd/system/nginx.service.d
To remove a full modified unit file, we would type:

sudo rm /etc/systemd/system/nginx.service
After deleting the file or directory, you should reload the systemd process so that it no longer attempts to reference these files and reverts back to using the system copies. You can do this by typing:

sudo systemctl daemon-reload

very usefull
https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units

 

Posted on

Migration to Contabo from SeFlow – Nameserver and DNS

Hi to everybody,

I migrated from SeFlow, good service but awful support.

Only in the person of Matteo Berlonghi.

No professional skill, but I understood how works DNS world.

This is wants to be my personal diary.

Difference between Authority and Registrar.

usefull link to find which nameserver are registered to the Authority:

https://intodns.com/saic.it or http://mxtoolbox.com

in the DNS zone (NS record) you have to insert the nameserver that the Registrar sent to Authority.

to see the propagation: https://www.whatsmydns.net