iredmail – IT Engineer, MSc in Cybersecurity

El VPS se queda sin memoria AKA HOWTO Parad antivirus y sustituir por un cron

HOWTO Parad antivirus y sustituir por un cron Paso 1 : Editar el fichero de Amavis: nano /etc/amavis/conf.d/50-user Localizar una linea como esta: # Enable virus check. @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, $bypass_virus_checks_re, ); Y dejadla así: @bypass_virus_checks_maps = (0); Paso FINAL : Stop clamav iredmail Ahora matad el proceso y desactivar los scripts de inicio de demonios: /etc/init.d/clamav-daemon stop update-rc.d -f clamav-daemon remove update-rc.d -f clamav-freshclam remove El ultimo paso en realidad es programar un cron: crontab -e Editamos al gusto, os muestro varias líneas por si surgen ideas: 00 5 * * * /usr/bin/rkhunter –update -c –cronjob –report-warnings-only | mail -s “rkhuntur pymestic.net” miemail@midominio.tld */30 * * * * /var/www/vhosts/cronWP.sh 52 22 * * 0 clamscan -r –infected –exclude-dir=^/sys\|^/proc\|^/dev / | mail -s “Escaner ClamAV” miemail@midominio.tld La que interesa es la última, donde programo un escaneo del antivirus ClamAV a las 22:52 y envío los resultados a miemail@midominio.tld

» Leer más

Deja un comentario Bash, Comandos, consola, iredmail, linux, VPS

Error fail2ban in FilterPyinotify callback: ‘module’ object has no attribute ‘_strptime_time’

Jose Blanco Errores, GNU/Linux, Revisado, Seguridad, VPS

Esta mañana al resetear el servicio fail2ban me he encontrado con esto: service fail2ban status ● fail2ban.service – LSB: Start/stop fail2ban Loaded: loaded (/etc/init.d/fail2ban) Active: active (running) since jue 2017-01-12 10:03:11 CET; 30s ago Process: 2674 ExecStop=/etc/init.d/fail2ban stop (code=exited, status=0/SUCCESS) Process: 2810 ExecStart=/etc/init.d/fail2ban start (code=exited, status=0/SUCCESS) CGroup: /system.slice/fail2ban.service └─2820 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid ene 12 10:03:11 server fail2ban.actions[2820]: INFO Set banTime = 86400 ene 12 10:03:11 server fail2ban.jail[2820]: INFO Jail ‘sshd’ started ene 12 10:03:11 server fail2ban.jail[2820]: INFO Jail ‘sshd-ddos’ started ene 12 10:03:11 server fail2ban.jail[2820]: INFO Jail ’roundcube-iredmail’ started ene 12 10:03:11 server fail2ban.jail[2820]: INFO Jail ‘dovecot-iredmail’ started ene 12 10:03:11 server fail2ban.jail[2820]: INFO Jail ‘postfix-iredmail’ started ene 12 10:03:11 server fail2ban[2810]: Starting authentication failure monitor: fail2ban. ene 12 10:03:11 server systemd[1]: Started LSB: Start/stop fail2ban. ene 12 10:03:11 server fail2ban.filter[2820]: ERROR Error in FilterPyinotify callback: ‘module’ object has no attribute ‘_strptime_time’ ene 12 10:03:11 server fail2ban.filter[2820]: ERROR Error in FilterPyinotify callback: ‘module’ object has no attribute ‘_strptime_time’ El Workaround que he aplicado es establecer en polling el backend para averiguar las modificaciones en ficheros de forma que no utilice librerías externas. (editar jail.conf) # “backend” specifies the backend used to get files modification. # Available options are “pyinotify”, “gamin”, “polling” and “auto”. # This option can be overridden in each jail as well. # # pyinotify: requires pyinotify (a file alteration monitor) to be installed. # If pyinotify is not installed, Fail2ban will use auto. # gamin: requires Gamin (a file alteration monitor) to be installed. […]

» Leer más

Deja un comentario Comandos, consola, fail2ban, gnu, iredmail, linux, VPS