How can I send a copy of all outgoing messages to another mailbox with Exim
The most straightforward way is to set up a system filter, and include a command such as:
unseen deliver mailbox@serverbuddies.com
This sends a copy of every message to mailbox@serverbuddies.com (unless the message already has that recipient - Exim never does duplicate deliveries). To save only outgoing messages, you need to come up with a definition of what outgoing means. Typically, this might be a check on the sender address and/or on the originating host.
Here is an example:
if $sender_address_domain is serverbuddies.com and
${mask:$sender_host_address/24} is 192.168.124.0/24
then
unseen deliver mailbox@serverbuddies.com/
endif
How to Prevent Fork Bombing attack
Linux has provided various resource limits for each user, such as user limit (ulimit) for CPU time, number of processes (nproc), memory usage etc. ulimit is the solution to prevent fork bombing attack. It defines maximum number of processes allowed (ulimit –u) for each user.
There are two types of ulimit. One is HARD limit and the other is SOFT Limit. Non root
user cannot change the hard limit by executing commands like ulimit –u value.
Root user on remote server or Host needs to set the ulimit to prevent fork bombing attack. ulimit are set in /etc/security/limits.conf file. To set ulimit for number of processes, option provided is nproc. Hard and soft limit need to be set for that.
For example:
@root nproc hard 5000
@root nproc soft 4000
@buddy nproc hard 2000
@buddy nproc soft 1000
How to check SELinux Status
Use the command below to check the current status.
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 21
Policy from config file: targeted
We can also change the policy using setenforce command.
setenforce 0 - to disable
setenforce 1 - to enable
# setenforce –help
usage: setenforce [ Enforcing | Permissive | 1 | 0 ]
How to find World/Group writable files and directories.
Finding world-writable files and directories
#find / -type f \( -perm -2 -o -perm -20 \) -exec ls -lg {} \;
#find / -type d \( -perm -2 -o -perm -20 \) -exec ls -lg {} \;
This will create a huge file with permission of all files having either write permission set to the group or everybody. Check the permissions and eliminate world writable files to everyone, by executing /bin/chmod on the files.
To remove the permission execute.
#/bin/chmod o-w [file-name]
Using find Command for security check
The ‘find’ command is usually used to find filenames which have specific patterns. However, we can also use it to find the files modified/accessed within a specific time period.
For example we can find all files in /etc owned by root that have been modified within the last 2 days:
find /etc -user root -mtime -2
The options we can use here are:
-atime: when the file was last accessed
-ctime: when the file’s permissions were last changed
-mtime: when the file’s data was last modified
You may have noticed that we have a minus sign in front of ‘2′ in the last example. The ‘time’ options for the find command are expressed in 24-hour increments, and the sign in front of the number can indicate ‘less than’ or ‘greater than’. Thus ‘-2′ means we want to find files which were modified within the last two days. If we wanted to find files that were modified more than 2 days ago, we would need to put a plus sign in front of the 2:
find /etc -user root -mtime +2
There are also versions of the atime, ctime, and mtime arguments that measure time in minutes:
-amin: when (in minutes) the file was last accessed
-cmin: when (in minutes) the file’s permissions were last changed
-mmin: when (in minutes) the file’s data was last modified
To match -atime +1, a file has to have been accessed at least two days ago. More example in the find man pages.
