{"id":4289,"date":"2021-01-12T14:49:59","date_gmt":"2021-01-12T20:49:59","guid":{"rendered":"https:\/\/ugit.siua.ac.cr\/?p=4289"},"modified":"2021-02-01T15:00:34","modified_gmt":"2021-02-01T21:00:34","slug":"pasos-para-configurar-logsiua-ac-cr-y-ataquessiua-ac-cr-en-servidores-con-zimbra","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=4289","title":{"rendered":"Pasos para configurar log@siua.ac.cr y ataques@siua.ac.cr en servidores con zimbra"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Para que esto funcione debe tener configurado el envi\u00f3 de correos con gmail, para probarlo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code><code>echo \"contenido correo\" | mail -s \"asunto\" gustavo.matamoros@gmail.com<\/code><\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Logwatch<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Abrimos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/logwatch\/conf\/logwatch.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Modificamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>MailTo = interuniversitariadealajuela@gmail.com<br>X<br>MailTo = log@siua.ac.cr<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Fail2ban<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Abrimos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/fail2ban\/jail.local<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Modificamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>destemail = interuniversitariadealajuela@gmail.com<br>X<br>destemail = ataques@siua.ac.cr<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Abrimos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/fail2ban\/agrega_ip_blacklist-ugit.sh<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Modificamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>echo $correo | mail \\<br>-a \"From: interuniversitariadealajuela@gmail.com\" \\<br>-a \"MIME-Version: 1.0\" \\<br>-a \"Content-Type: text\/html\" \\<br>-s \"&#91;BD\/$servidor_atacado\/$ip_ban]\" \\<br>interuniversitariadealajuela@gmail.com<br><code>exit else printf \"La IP NO se agrego correctamente por favor verifiquela!!\\n\\n\" echo \"Problema al agregar IP: $ip_ban\" | mail -s \"&#91;ERROR_AB_$servidor_atacado]: $ip_ban\" <code>interuniversitariadealajuela@gmail.com<\/code> exit fi<\/code><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Por<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>echo $correo | mail \\<br>-a \"From: interuniversitariadealajuela@gmail.com\" \\<br>-a \"MIME-Version: 1.0\" \\<br>-a \"Content-Type: text\/html\" \\<br>-s \"&#91;BD\/$servidor_atacado\/$ip_ban]\" \\<br>ataques@siua.ac.cr<br><code>exit else printf \"La IP NO se agrego correctamente por favor verifiquela!!\\n\\n\" echo \"Problema al agregar IP: $ip_ban\" | mail -s \"&#91;ERROR_AB_$servidor_atacado]: $ip_ban\" ataques@siua.ac.cr exit fi<\/code><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Modificamos el freegeoip<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>freegeoip=<code>curl -s --get http:\/\/anuncios.siua.ac.cr:8080\/json\/$ip_ban<\/code><br>X<br>freegeoip= <code>curl -s --get https:\/\/reallyfreegeoip.org\/json\/$ip_ban<\/code><br><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Reiniciamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>service fail2ban restart<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">RKHunter y chkrootkit<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Abrimos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code><code>nano \/etc\/cron.monthly\/rkhunter.sh<\/code><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Modificamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>!\/bin\/bash<br>(<br>rkhunter --versioncheck<br>rkhunter --update<br>rkhunter -c --cronjob --report-warnings-only<br>)| mail -a \"From: interuniversitariadealajuela@gmail.com\" -s \"rkhunter: $(hostname -s)\" log@siua.ac.cr<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Abrimos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code><code>crontab -e<\/code><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Modificamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>@monthly \/usr\/local\/chkrootkit\/chkrootkit -q | mail -s \"chkrootkit: $(hostname -s)\" log@siua.ac.cr<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Para que esto funcione debe tener configurado el envi\u00f3 de correos con gmail, para probarlo Logwatch Abrimos el archivo Modificamos Fail2ban Abrimos el archivo Modificamos Abrimos el archivo Modificamos Por Modificamos el freegeoip Reiniciamos RKHunter y chkrootkit Abrimos Modificamos Abrimos Modificamos<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[140,236],"tags":[264,157,263,262,244],"class_list":["post-4289","post","type-post","status-publish","format-standard","hentry","category-fail2ban","category-zimbra","tag-ataques","tag-fail2ban","tag-log","tag-logwatch","tag-zimbra"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/4289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4289"}],"version-history":[{"count":6,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/4289\/revisions"}],"predecessor-version":[{"id":4442,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/4289\/revisions\/4442"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}