Category: Technical

Detecting brute force attacks on Zimbra with zmauditswatch

Zimbra 5.0.11 introduced the zmauditswatch script which notifies a specific e-mail address of a potential brute force attack if certain conditions are met. This is disabled by default and the documentation to enable it isn’t particularly clear, so here is a quick run through: zmlocalconfig -e zimbra_swatch_notice_user=admin@domain.com zmlocalconfig -e zimbra_swatch_ipacct_threshold=10 zmlocalconfig -e zimbra_swatch_acct_threshold=15 zmlocalconfig -e zimbra_swatch_ip_threshold=20 zmlocalconfig -e zimbra_swatch_total_threshold=60 zmlocalconfig...

cPanel/WHM and yum-updatesd

In my continuing fight with yum-updatesd, I found that on servers with cPanel/WHM installed it was crashing with mysterious Python errors: root@tma03 [/etc/yum]# yum-updatesd –debug –no-fork Traceback (most recent call last): File “/usr/sbin/yum-updatesd”, line 35, in ? import dbus File “/usr/lib64/python2.4/site-packages/dbus/__init__.py”, line 1, in ? from _dbus import * File “/usr/lib64/python2.4/site-packages/dbus/_dbus.py”, line 48, in ? from proxies import * File...