Add alert when account locked

- 
The script ships with 4 authentication failure checks.

-  IP/Account hash check which warns on 10 auth failures from
an ip/account combo within a 60 second window.

- Account check which warns on 15 auth failures from any ip
within a 60 second window.  Attempts to detect a distributed
hijack based attack on a single account.

-  IP check which warns on 20 auth failures to any account
within a 60 second windows.  Attempts to detect a single host
based attack across multiple accounts.

- Total auth failure check which warns on 1000 auth failures
from any ip to any account within 60 seconds.  The recommended
value on this is guestimated at 1% of active accounts for the MBS.


Edit file /opt/zimbra/conf/auditswatchrc.in or All values can be
tuned via zmlocalconfig parameters.

zimbra_swatch_ipacct_threshold=10 (max failures for an IP & account pair)
zimbra_swatch_acct_threshold=15 (max failures for an account)
zimbra_swatch_ip_threshold=20(max failures for a specific IP)
zimbra_swatch_total_threshold=60(all failures max trigger count)
zimbra_swatch_threshold_seconds=60(the duration window it has to happen in)

zmlocalconfig -e zimbra_swatch_notice_user=admin@domain.com
/opt/zimbra/bin/zmauditswatchctl start


su - zimbra
postfix reload

Ref:
https://nguoiquynhon.blogspot.com/2010/03/add-alert-when-account-locked.html

Comments

Post a Comment

Popular posts from this blog

Disabling Zimbra's AntiSpam, Amavis and AntiVirus filtering

-
 Check whether antispam and antivirus service is enabled currently on server using the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  The above command will list all the services which are currently installed and enabled on the server. Disable the antivirus and antispam services using the given commands zmprov -l ms <mail.example.com> -zimbraServiceEnabled antispam  zmprov -l ms <mail.example.com> -zimbraServiceEnabled amavis zmprov -l ms <mail.example.com> -zimbraServiceEnabled antivirus  Comment the following line in the file /opt/zimbra/postfix/conf/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024  Restart services on server zmcontrol restart  Confirm that the antispam and antivirus services are disabled with the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  zmcontrol status 
Read more

Cambium cnPilot E400/E410/E500 Configuration Tutorial

-
Image
Basic Connectivity:   Router (Broadband/mikrotik |dhcp enabled) >>> E400/E410/E500 + LAPTOP Cambium (Powered ON) [POE port] >>>> LAPTOP [LAN port] Step 1: Open Cambium controller in the browser. Step 2: After entering in to the site click on the Onboard Device option from Home Tab of Left Panel. Step 3: In the Onboard Option, we will get Claim Device option to adopt a Cambium AP. Step 4: Now we will move to the Cambium AP configuration Part. Below are credentials of default login access of cnpilot E400/E410/E500/E410/E500. IP:192.168.0.1 Command Line Access: Username: admin Telnet: Disabled by default Password: admin SSH: Enabled by default (on standard port: 22) ***We can also use dhcp IP to login to the cnpilot E400/E410/E500. We will get login page. Step 5: We can see several TAB on left panel. On the DashBoard Tab, we will get some overall information. Some are useful for the configuration; some are useful for troubleshoo...
Read more

Error "Unable to retrive Zimbra GPG key for package validation"

-
From the installation log we see: Executing: /tmp/tmp.mSlzRMclVa/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79 gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com gpg: keyserver timed out gpg: keyserver receive failed: keyserver error 1. Open port 11371 11371 tcp,udp hkp OpenPGP HTTP Keyserver 2. Force it to use port 80: gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9BE6ED79 Ref: https://wiki.zimbra.com/wiki/Error_%22Unable_to_retrive_Zimbra_GPG_key_for_package_validation%22
Read more