- Oct 05 Sun 2008 10:55
-
find指令技巧
- Jul 31 Thu 2008 23:49
-
/etc/make.conf設定
ftp://ftp.cs.pu.edu.tw/BSD/FreeBSD/distfiles/${DIST_SUBDIR}/\
ftp://ftp2.tw.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}/\
ftp://ftp.nctu.edu.tw/pub/FreeBSD/distfiles/${DIST_SUBDIR}MASTER_SITE_OVERRIDE?= ${MASTER_SITE_BACKUP}
WITHOUT_X11=yes
- Feb 22 Fri 2008 19:42
-
PF錯誤訊息
No ALTQ support in kernel
ALTQ related functions disabled
pfctl: DIOCSETSTATUSIF
*表示interface填錯了,檢查看看
- Dec 07 Fri 2007 15:13
-
用pf防止ssh、ftp暴力攻擊
table <SSHbruteforce> persist
table <FTPbruteforce> persist
block quick from <SSHbruteforce>
block quick from <FTPbruteforce>
pass quick inet proto tcp from any to any port 22 keep state (max-src-conn 5, max-src-conn-rate 3/20,overload <SSHbruteforce> flush global)
pass quick inet proto tcp from any to any port ftp keep state (max-src-conn 5, max-src-conn-rate 10/40,overload <FTPbruteforce> flush global)
2.再寫個script去紀錄每天的狀況
#!/bin/sh
log_file="/var/log/bad_guy.log"
date >> $log_file
echo " FTP:" >> $log_file
/sbin/pfctl -t SSHbruteforce -T show >> $log_fileecho " SSH:" >> $log_file
/sbin/pfctl -t FTPbruteforce -T show >> $log_file
3.阻擋一日後,即清除IP紀錄,先裝套件/usr/ports/security/expiretable
# /usr/local/sbin/expiretable -v -d -t 24h SSHbruteforce
# /usr/local/sbin/expiretable -v -d -t 24h FTPbruteforce
並把設定加入rc.local
- Dec 03 Mon 2007 20:13
-
postfix寄信到hotmail等等問題
常常寄信到外部ISP都會寄不出去,而有的又可以
可能對方主機判斷DNS沒有MX紀錄,而認為是垃圾信
postfix在main.cf內加上
relayhost = [ms25.hinet.net]
請有MX的郵件主機幫忙relay,前提是要對方接受relay
- Aug 02 Thu 2007 22:32
-
amavisd-new + spamassassin notes
1.使用amavisd-new 呼叫內建的spamassassin,分數設定在amavisd.conf(非local.cf)
2.使用spamassassin提供的spamd
據說有效能差異,忘了哪個好,但是2可以讓使用者自訂黑白名單
以1來說,在amavisd.conf內有段
$sa_tag_level_deflt #在這個分數內不會把spam score顯示在header,超過就顯示在header
$sa_tag2_level_deflt #超過這個分數就修改標題為***SPAM****(參照其中一行設定)
$sa_kill_level_deflt #超過就kill
- Aug 01 Wed 2007 23:52
-
Malware Block List
效果未知...
HOW TO use MBL on Postfix:
因為是用BSD,寫了一下script讓它每天定時更新list
- Jul 27 Fri 2007 21:15
-
mailgraph注意事項
常常裝完後跑一陣子就有權限問題,newsyslog.conf也改過..
原因出在創出/var/log/maillog的不是newsyslog,它只是替換壓縮而已
真正要改的是syslog-ng.conf或syslogd.conf,
syslogd不熟,syslog-ng.conf改法如下:
- Apr 01 Sun 2007 23:10
-
portupgrade遇到make需帶參數,怎辦?
NOTE: If you upgrade, it's recomended to run pkgdb -L to restore lost
dependencies. Fill ALT_PKGDEP section in pkgtools.conf file for portupgrade
be aware of alternative dependencies you use.
E.g.
ALT_PKGDEP = {
'www/apache13' => 'www/apache13-modssl',
'print/ghostscript-afpl' => 'print/ghostscript-gnu',
} Note also, portupgrade knows nothing how to handle ports with different
suffixes (E.g. -nox11). So you should explicitly define variables
(E.g. WITHOUT_X11=yes) for the ports in /etc/make.conf or pkgtools.conf
(MAKE_ARGS section) files.
另外要加上make參數時,需修改/usr/local/etc/pkgtool.conf
MAKE_ARGS = {
'multimedia/mplayer-*' => 'WITH_GUI=1 WITH_FREETYPE=1',
}
- Feb 14 Wed 2007 00:45
-
sysctl調校
kern.ipc.somaxconn=1024
The kern.ipc.somaxconn sysctl variable limits the size of the listen queue for accepting new TCP connections. The default value of 128 is typically too low for robust handling of new connections in a heavily loaded web server environment. For such environments, it is recommended to increase this value to 1024 or higher. The service daemon may itself limit the listen queue size (e.g. sendmail(8), or Apache) but will often have a directive in its configuration file to adjust the queue size. Large listen queues also do a better job of avoiding Denial of Service (DoSDoSDoSDoSDoS) attacks.
#禁止看到對方
security.bsd.see_other_uids=0
#防止Dos
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1