Posts

Showing posts from February, 2019

Restricting Users to Send mails to Certain Domains on Zimbra 8.5 and above

Please make sure to make all this changes you are using the zimbra user no root user because when you create the databases with root user doesn't work it's not creating the databases required as lmdb root create the databases with postmap as hash be aware of this. 1. Open file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf and add this line at the top check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders 2. Open file /opt/zimbra/conf/zmconfigd.cf and add those lines before RESTART mta. make a search for RESTART mta and add the lines before of the RESTART POSTCONF smtpd_restriction_classes local_only POSTCONF local_only FILE postfix_check_recipient_access.cf RESTART mta 3. Create a file /opt/zimbra/conf/postfix_check_recipient_access.cf and add the following line   check_recipient_access lmdb:/opt/zimbra/postfix/conf/local_domains, reject 4. Create a file “/opt/zimbra/postfix/conf/restricted_senders” and list all the users, whom

CentOS 7 Server Hardening Guide

CentOS 7 Server Hardening Guide 1. System Settings – Disk Partitioning and Post installation 1.1 Disk Encryption with Kickstart The easiest way to encrypt a partition is during Kickstart installation. This can be achieved by adding the –encrypted and –passphrase= options to the definition of a physical LVM volume. Our Kickstart template is provided below. Note that the template requires a 32GB disk. #version=CentOS7.5 # System authorisation information auth --enableshadow --passalgo=sha512 # Use CDROM installation media cdrom ignoredisk --only-use=sda # Keyboard layouts keyboard --vckeymap=gb --xlayouts='gb' # System language lang en_GB.UTF-8 # SELinux selinux --enforcing # Network information network --bootproto=dhcp --device=eth0 --onboot=on --activate network --hostname=ks-c7.example.com # Plaintext root password: PleaseChangeMe rootpw --iscrypted $6$nS0mBJyS$q/QgCof5unWrT9W3qngTISueSDhDHVNntDqd8sOcgmHp2lq4f/niUbjCmoEzaf3EWQ2x3z/k0eIZa

Hardening Script for Ubuntu CIS 2.1 Bechmark

echo echo Hardening Script CIS_Ubuntu_Linux_14.04_LTS_Benchmark_v2.1.0 function set_parameter { sed -i -e "s|^$2.*|$2$3|" $1 egrep "^$2*" $1 > /dev/null ||echo "$2$3" >> $1 } #--------------------------------------------------------------------------------------------------------------- function add_line { egrep "^$2" $1 > /dev/null || echo "$2" >> $1 } #--------------------------------------------------------------------------------------------------------------- echo ------------------------------------------------------------------------ echo 1.1.1.1 Ensure mounting of cramfs filesystems is disabled scored touch /etc/modprobe.d/CIS.conf add_line /etc/modprobe.d/CIS.conf "install cramfs /bin/true" rmmod cramfs echo ------------------------------------------------------------------------ echo 1.1.1.2 Ensure mounting of freevxfs filesystems is disabled scored add_line /etc/modprobe.d