Monday, December 12, 2011

Creating master user for Dovecot

This is based on the the dovecot wiki - http://wiki.dovecot.org/Authentication/MasterUsers

The ff: will be added or appended at /etc/dovecot and for this, am using dovecot-1.0.7-2.el5


#
auth_master_user_separator=*
#
auth default {
#
 passdb passwd-file {
        args = /etc/dovecot/passwd.masterusers
        master = yes
        }
#


and the entry for  /etc/dovecot/passwd.masterusers contains the ff: 

#/etc/dovecot/passwd.masterusers
 
master:{plain}mypassword
#

So testing if it works, telnet the server.

telnet servertest.com 143


[user@servertest ~]$ telnet servertest.com 143
Trying servertest.com...
Connected to servertest.com.
Escape character is '^]'.
* OK Dovecot ready.
a login username*master mypassword
a OK Logged in.


When using imap client, the username that will be use is username*master.




Posted by at

Monday, December 5, 2011

ssh client login email alert


I just got it when searching via google, I forgot the link but thanks for this share.


The code below should be inserted at /etc/profile so that every time someone logon via ssh in your server, it will send an email alert, assuming that the server is capable of sending an email via command line which will not be tackled here.

################
if [ -n "$SSH_CLIENT" ]; then

   TEXT="$(date): ssh login by ${USER}@$(hostname -f)"

   TEXT="$TEXT from $(echo $SSH_CLIENT|awk '{print $1}')"

   echo $TEXT|mail -s "ssh login" linux.admin@mydomain.com

fi
################
Posted by at
Restricting ssh access with access.conf and listfile



Related files:

/etc/security/access.conf
/etc/pam.d/sshd

Below is my /etc/pam.d/sshd


#%PAM-1.0
auth required pam_listfile.so item=user sense=allow file=/etc/allowed_to_ssh_listfile onerr=fail
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
#Comment
#account    required     pam_access.so - > this is to be added so that the
account    required     pam_access.so
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so


#/etc/allowed_to_ssh_listfile - example content
root
user1
user2

Note: root has been included here but will be restricted on the /etc/security/access.conf


#/etc/security/access.conf
#The format of the ip on centos4 has .(dot) at the end
#for centos5, it can be no .(dot)
#the cron entry is to allow root to run cron, else cron will fail for root
+ : root : 10.10.9.3.
+ : root : 10.10.9.6.
+ : root : 127.0.0.1.
+ : root : 10.120.1.6.
+ : root : 127.0.0.1
+ : root : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6
+ : root : LOCAL
#
- : root : ALL
Posted by at
Subscribe to: Posts (Atom)