Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • ispconfig/ispconfig3
  • RealOpty/ispconfig3
  • Horfic/ispconfig3
  • kingcody/ispconfig3
  • mbethke/ispconfig3
  • harkman/ispconfig3
  • stefanheinen/ispconfig3
  • JanKraljic/ispconfig3
  • pulsweb/ispconfig3
  • kayyy/ispconfig3
  • mwacht/ispconfig3
  • schuetzm/ispconfig3
  • gbg/ispconfig3
  • jproxx/ispconfig3
  • Nilpo/ispconfig3
  • Cambra/ispconfig3
  • crackerizer/ispconfig3
  • simonswine/ispconfig3
  • zbuzanic/ispconfig3
  • alexalouit/ispconfig3
  • guilhermefilippo/ispconfig3
  • kotishe/ispconfig3
  • Rescue9/ispconfig3
  • DmitriyLyalyuev/ispconfig3
  • simon.levesque/ispconfig3
  • Viktor/ispconfig3
  • Dr4c0/ispconfig3
  • stefanmcds-mnt/ispconfig3
  • Konflikted/ispconfig3
  • Schoene/ispconfig3
  • stefan.eertwegh/ispconfig3
  • Quest/ispconfig3
  • bst2002/ispconfig3
  • jphustman/ispconfig3
  • lepirlouit/ispconfig3
  • lolo888/ispconfig3
  • Quetzal/ispconfig3
  • kolorafa/ispconfig3
  • jdsn/ispconfig3
  • mk/ispconfig3
  • jnorell/ispconfig3
  • madalin/ispconfig3
  • edspiner/ispconfig3
  • blu3bird/ispconfig3
  • ITManager/ispconfig3
  • virtualweb/ispconfig3
  • dirkd/ispconfig3
  • jcdirks/ispconfig3
  • bvbmedia/ispconfig3
  • CSoellinger/ispconfig3
  • lutacon/ispconfig3
  • armsby/ispconfig3
  • psantos/ispconfig3
  • pkdevbox_y/ispconfig3
  • tlanger/ispconfig3
  • Krauser/ispconfig3
  • ochorocho/ispconfig3
  • aisfrond/ispconfig3
  • ldrrp/ispconfig3
  • steglicd/ispconfig3
  • darkalex/ispconfig3
  • b.dokimakis/ispconfig3
  • MarioSteinitz/ispconfig3
  • bweston/ispconfig3
  • bob/ispconfig3
  • HHGAG/ispconfig3
  • ark74/ispconfig3
  • fuerni/ispconfig3
  • hexblot/ispconfig3
  • maxxer/ispconfig3
  • JustDevZero/ispconfig3
  • habeggerl/ispconfig3
  • phpexpert/ispconfig3
  • Questler/ispconfig3
  • JanThiel/ispconfig3
  • joni_1993/ispconfig3
  • MePha/ispconfig3
  • flies/ispconfig3
  • macjohnny/ispconfig3
  • csegarra/ispconfig3
  • Tibius/ispconfig3
  • wairuru/ispconfig3
  • pdreissen/ispconfig3
  • mgiworx/ispconfig3
  • michielp/ispconfig3
  • ZarToK/ispconfig3
  • x-f/ispconfig3
  • tomlankhorst/ispconfig3
  • olivier.br/ispconfig3
  • hajti/ispconfig3
  • JaviSabalete/ispconfig3
  • dharman/ispconfig3
  • Martin-enavn/ispconfig3
  • Fr3k4Life/ispconfig3
  • Caldeira/ispconfig3
  • enavn/ispconfig3
  • cybernet2u/ispconfig3
  • Denny/ispconfig3
  • jbbr/ispconfig3
  • kakohari/ispconfig3
  • almere/ispconfig3
  • Kyokata/ispconfig3
  • burn/ispconfig3
  • feldsam/ispconfig3
  • woutervddn/ispconfig3
  • tm/ispconfig3
  • blount/ispconfig3
  • pravdomil/ispconfig3
  • manyk/ispconfig3
  • Poppabear/ispconfig3
  • t1st3/ispconfig3
  • scrat14/ispconfig3
  • ncomputers.org/ispconfig3
  • wlisik/ispconfig3
  • CupOfTea696/ispconfig3
  • ogmelch/ispconfig3
  • techwolf12/ispconfig3
  • timo.boldt/ispconfig3
  • DemoFreak/ispconfig3
  • EndelWar/ispconfig3
  • maanus/ispconfig3
  • ms217/ispconfig3
  • luisvivasb/ispconfig3
  • Ismir/ispconfig3
  • truongld/ispconfig3
  • nhutphan/ispconfig3
  • ram/ispconfig3
  • josemorenoasix/ispconfig3
  • onestepp/ispconfig3
  • gguglielmetti/ispconfig3
  • andre/ispconfig3
  • omig/ispconfig3
  • liane/ispconfig3
  • PVasileff/ispconfig3
  • mattanja/ispconfig3
  • dnl-jst/ispconfig3
  • jkalousek/ispconfig3
  • lgg42/ispconfig3
  • ispcomm/ispconfig3
  • moglgasy/ispconfig3
  • natanfelles/ispconfig3
  • cristiandeluxe/ispconfig3
  • pete/ispconfig3
  • Sosha/ispconfig3
  • shr3k/ispconfig3
  • niceit/ispconfig3
  • dani/ispconfig3
  • Ongaro/ispconfig3
  • Djidel/ispconfig3
  • andre.ballensiefen/ispconfig3
  • qroac/ispconfig3
  • magenbrot/ispconfig3
  • doekia/ispconfig3
  • edersonmora/ispconfig3
  • zucha.imz/ispconfig3
  • ckc/ispconfig3
  • Sroka/ispconfig3
  • batgau/ispconfig3
  • isp/ispconfig3
  • oboumati/ispconfig3
  • mscholz/ispconfig3
  • katiak/ispconfig3
  • jamiroph/ispconfig3
  • buhlerax/ispconfig3
  • johan/ispconfig3
  • KordianBruck/ispconfig3
  • trs997/ispconfig3
  • Funclineal/ispconfig3
  • xals/ispconfig3
  • sververda/ispconfig3
  • presure/ispconfig3
  • vojtech.myslivec/ispconfig3
  • helmo/ispconfig3
  • brody/ispconfig3
  • GameO7er/ispconfig3
  • webslice/ispconfig3
  • ufoonline/ispconfig3
  • alwin/ispconfig3
  • t.heller/ispconfig3
  • philipp/ispconfig3
  • andrzejs/ispconfig3
  • pixcept/ispconfig3
  • tgmedia/ispconfig3
  • Nardol/ispconfig3
  • m42e/ispconfig3
  • condless/ispconfig3
  • alesak/ispconfig3
  • MasonChase/ispconfig3
  • brt/ispconfig3
  • Rusek/ispconfig3
  • credz/ispconfig3
  • fiftyz/ispconfig3
  • dciancu/ispconfig3
  • thom/ispconfig3
  • florian030/ispconfig3
  • Mixasik/ispconfig3
  • SimonSparks/ispconfig3
  • eurodomenii/ispconfig3
  • vitex/ispconfig3
  • mitho/ispconfig3
  • CaptainStarbuck/ispconfig3
  • renky/ispconfig3
  • d--j/ispconfig3
  • inetspec/ispconfig3
  • Christian/ispconfig3
  • lukav/ispconfig3
  • galgenjunge/ispconfig3
  • gody/ispconfig3
  • kpendic/ispconfig3
  • diciannove/ispconfig3
  • tbasler/ispconfig3
  • logifech/ispconfig3
  • maximaweb/ispconfig3
  • tommaso-perondi/ispconfig3
  • francoisPE/ispconfig3
  • elgeorge2k/ispconfig3
  • francoisgrizzlydev/ispconfig3
  • Chris_UK/ispconfig3
  • mrutkowski/ispconfig3
  • mladen074/ispconfig3
  • trogper/ispconfig3
  • Lokutos/ispconfig3
  • manoaratefy/ispconfig3
  • GwynethLlewelyn/ispconfig3
  • tim427/ispconfig3
  • mapreri/ispconfig3
  • gsubiron/ispconfig3
  • eriam/ispconfig3
  • Steveorevo/ispconfig3
  • Jens/ispconfig3
  • ebela/ispconfig3
  • typoworx/ispconfig3
  • teuto.net/ispconfig3
  • element/ispconfig3
  • Petar/ispconfig3
  • ewsp/ispconfig3
  • bicisteadm/ispconfig3
  • ivmm/ispconfig3
  • blinkenbox/ispconfig3
  • Samgarr/ispconfig3
  • B.Richard/ispconfig3
  • ahrasis/ispconfig3
  • nephi.aust/ispconfig3
  • lntrx/ispconfig3
  • luttje/ispconfig3
  • hairy/ispconfig3
  • styxtdo/ispconfig3
  • SGr33n/ispconfig3
  • mepstein/ispconfig3
  • kobuki/ispconfig3
  • dachris/ispconfig3
  • mina/ispconfig3
252 results
Show changes
Commits on Source (453)
353 additional commits have been omitted to prevent performance issues.
Hide whitespace changes
Inline Side-by-side
Showing
with 106 additions and 5 deletions
.gitignore
View file @ d357e20e
.DS_Store
/nbproject/private/
\ No newline at end of file
LICENSE
View file @ d357e20e
Copyright (c) 2007-2016, Till Brehm, ISPConfig UG
Copyright (c) 2007-2017, Till Brehm, ISPConfig UG
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
......
docs/hardening/.gitkeep 0 → 100644
View file @ d357e20e
docs/hardening/README.md 0 → 100644
View file @ d357e20e
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This folder contains examples for further ISPC hardening (done by NwSEC)
Currently, these are:
anti-bruteforce WordPress Login Anti-Bruteforce via fail2ban
postfix-ldap Query for valid recipients via LDAP in a transparent
setup routing mails e.g. to the internal server
All these examples have been productively tested and implemented on various
Debian/GNU Linux based systems.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
\ No newline at end of file
docs/hardening/anti-bruteforce/.gitkeep 0 → 100644
View file @ d357e20e
docs/hardening/anti-bruteforce/README.md 0 → 100644
View file @ d357e20e
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is an example to block WordPress Login Bruteforce Attacks. Further
description can also be found @ https://blog.nwsec.de/wordpress/?p=1112
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
\ No newline at end of file
docs/hardening/anti-bruteforce/jail.local 0 → 100644
View file @ d357e20e
#
# This goes into (or at the end of) /etc/fail2ban/jail.local
#
[wp-auth]
enabled = true
filter = wp-auth
action = iptables-multiport[name=wp-auth, port="http,https"]
logpath = /var/log/ispconfig/httpd/*/*.log
bantime = 1200
maxretry = 5
docs/hardening/anti-bruteforce/wp-auth.conf 0 → 100644
View file @ d357e20e
#
# This goes into /etc/fail2ban/filter.d/wp-auth.conf
#
[Definition]
failregex = ^<HOST> .* "POST /wp-login.php
\ No newline at end of file
docs/hardening/postfix-ldap/.gitkeep 0 → 100644
View file @ d357e20e
docs/hardening/postfix-ldap/README.md 0 → 100644
View file @ d357e20e
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
If mails get transparently forwarded to another mailserver, a mechanism to block
mail for invalid recipients makes sense, and drastically increaes the well-known
backscatter problem.
LDAP queries are used to check for valid recipients, and forwards the mail, if
an entry for the user is found.
For this to work, on Debian/GNU Linux, you also have to install postfix-ldap by
apt install postfix-ldap
Further information can be found @ https://blog.nwsec.de/wordpress/?p=1031
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
\ No newline at end of file
docs/hardening/postfix-ldap/add_to_main.cf 0 → 100644
View file @ d357e20e
#
# This goes into /etc/postfix/main.cf in the section relay_recipient_maps
#
relay_recipient_maps = hash:/etc/postfix/relay_recipients, ldap:/etc/postfix/ldap-aliases.cf
\ No newline at end of file
docs/hardening/postfix-ldap/ldap-aliases.cf 0 → 100644
View file @ d357e20e
server_host = x.x.x.x
search_base = ou=xxx, dc=xxx, dc=xx
version = 3
timeout = 10
leaf_result_attribute = mail
bind_dn = user@domain
bind_pw = userpassword
query_filter = (mail=%s)
result_attribute = mail, addressToForward
\ No newline at end of file
install/dist/conf/centos52.conf.php
View file @ d357e20e
......@@ -118,6 +118,10 @@ $conf['mailman']['installed'] = false; // will be detected automatically during
$conf['mailman']['config_dir'] = '/etc/mailman';
$conf['mailman']['init_script'] = 'mailman';
//* mlmmj
$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
//* Getmail
$conf['getmail']['installed'] = false; // will be detected automatically during installation
$conf['getmail']['config_dir'] = '/etc/getmail';
......
install/dist/conf/centos53.conf.php
View file @ d357e20e
......@@ -118,6 +118,10 @@ $conf['mailman']['installed'] = false; // will be detected automatically during
$conf['mailman']['config_dir'] = '/etc/mailman';
$conf['mailman']['init_script'] = 'mailman';
//* mlmmj
$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
//* Getmail
$conf['getmail']['installed'] = false; // will be detected automatically during installation
$conf['getmail']['config_dir'] = '/etc/getmail';
......
install/dist/conf/centos70.conf.php
View file @ d357e20e
......@@ -118,6 +118,10 @@ $conf['mailman']['installed'] = false; // will be detected automatically during
$conf['mailman']['config_dir'] = '/etc/mailman';
$conf['mailman']['init_script'] = 'mailman';
//* mlmmj
$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
//* Getmail
$conf['getmail']['installed'] = false; // will be detected automatically during installation
$conf['getmail']['config_dir'] = '/etc/getmail';
......
install/dist/conf/centos72.conf.php
View file @ d357e20e
......@@ -118,6 +118,10 @@ $conf['mailman']['installed'] = false; // will be detected automatically during
$conf['mailman']['config_dir'] = '/etc/mailman';
$conf['mailman']['init_script'] = 'mailman';
//* mlmmj
$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
//* Getmail
$conf['getmail']['installed'] = false; // will be detected automatically during installation
$conf['getmail']['config_dir'] = '/etc/getmail';
......
install/dist/conf/debian40.conf.php
View file @ d357e20e
......@@ -120,6 +120,10 @@ $conf['mailman']['installed'] = false; // will be detected automatically during
$conf['mailman']['config_dir'] = '/etc/mailman';
$conf['mailman']['init_script'] = 'mailman';
//* mlmmj
$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
//* Getmail
$conf['getmail']['installed'] = false; // will be detected automatically during installation
$conf['getmail']['config_dir'] = '/etc/getmail';
......
install/dist/conf/debian60.conf.php
View file @ d357e20e
......@@ -120,6 +120,10 @@ $conf['mailman']['installed'] = false; // will be detected automatically during
$conf['mailman']['config_dir'] = '/etc/mailman';
$conf['mailman']['init_script'] = 'mailman';
//* mlmmj
$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
//* Getmail
$conf['getmail']['installed'] = false; // will be detected automatically during installation
$conf['getmail']['config_dir'] = '/etc/getmail';
......
install/dist/conf/debian90.conf.php
View file @ d357e20e
<?php
/*
Copyright (c) 2016, Till Brehm, ISPConfig UG
Copyright (c) 2017, Till Brehm, projektfarm Gmbh
All rights reserved.
Redistribution and use in source and binary forms, with or without modification,
......@@ -101,7 +101,7 @@ $conf['web']['apps_vhost_group'] = 'ispapps';
//* Fastcgi
$conf['fastcgi']['fastcgi_phpini_path'] = '/etc/php/7.0/cgi/';
$conf['fastcgi']['fastcgi_starter_path'] = '/var/www/php-fcgi-scripts/[system_user]/';
$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi';
$conf['fastcgi']['fastcgi_bin'] = '/usr/bin/php-cgi7.0';
//* Postfix
$conf['postfix']['installed'] = false; // will be detected automatically during installation
......@@ -170,7 +170,7 @@ $conf['mydns']['init_script'] = 'mydns';
//* PowerDNS
$conf['powerdns']['installed'] = false; // will be detected automatically during installation
$conf['powerdns']['database'] = 'powerdns';
$conf["powerdns"]["config_dir"] = '/etc/powerdns/pdns.d';
$conf['powerdns']['config_dir'] = '/etc/powerdns/pdns.d';
$conf['powerdns']['init_script'] = 'pdns';
//* BIND DNS Server
......@@ -230,5 +230,4 @@ $conf['cron']['wget'] = '/usr/bin/wget';
$conf['xmpp']['installed'] = false;
$conf['xmpp']['init_script'] = 'metronome';
?>
install/dist/conf/debiantesting.conf.php
View file @ d357e20e
......@@ -120,6 +120,10 @@ $conf['mailman']['installed'] = false; // will be detected automatically during
$conf['mailman']['config_dir'] = '/etc/mailman';
$conf['mailman']['init_script'] = 'mailman';
//* mlmmj
$conf['mlmmj']['installed'] = false; // will be detected automatically during installation
$conf['mlmmj']['config_dir'] = '/etc/mlmmj';
//* Getmail
$conf['getmail']['installed'] = false; // will be detected automatically during installation
$conf['getmail']['config_dir'] = '/etc/getmail';
......