Re: [mod-security-users] apache 2 mod_security iptables
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] apache 2 mod_security iptables
|
From: Reindl H. <h.r...@th...> - 2020-12-26 08:59:41
|
Am 26.12.20 um 10:15 schrieb Jeffery Wilkins: > im looking for some people who host http servers (apache/nginx) and who > are familiar with mod_security and iptables firewalls > the setup that I am after is if an IP address hits my website and does a > typical vuln scan my web server sends them back no response and they > silently get added to an iptables ipset blacklist that lasts for 1 week > I already have mod_security (OWASP RULES) on my apache 2 server at > (192.168.2.10) and a pfsense style firewall at (192.168.2.1) > kind of like a web server honeypot if you will > my current setup is already pretty powerful if you even send a simple > TCP SYN packet to port 21,22 or even 23 you automatically get added to > my routers firewall and dropped for 7 days for both in and outbound > forgive me for asking alot but I really want to buckle down on these > stupid automated vuln scanners and keep them off my network > I have already looked into things like fail2ban but that only protects > the webserver itself and does not integrate with my routers firewall at > all protecting the network as a whole you need some log parsing and do it outside the webserver modsec runs inside the webserver and if it would be possible to interact with iptables rules from a webserver process you would have a much larger problem my httpd can't even access shells thanks to systemd ProtectSystem=strict ReadWritePaths=-/data/www ReadWritePaths=-/data/xdebug ReadWritePaths=-/run/httpd ReadWritePaths=-/tmp ReadWritePaths=-/var/log ReadWritePaths=-/var/www/sessiondata ReadWritePaths=-/var/www/uploadtemp InaccessiblePaths=-/etc/anacrontab InaccessiblePaths=-/etc/cron.allow InaccessiblePaths=-/etc/cron.deny InaccessiblePaths=-/etc/crontab InaccessiblePaths=-/etc/crypttab InaccessiblePaths=-/etc/fstab InaccessiblePaths=-/etc/shadow InaccessiblePaths=-/etc/shadow- InaccessiblePaths=-/etc/nftables InaccessiblePaths=-/etc/sysconfig/ip6tables-config InaccessiblePaths=-/etc/sysconfig/ipset InaccessiblePaths=-/etc/sysconfig/iptables InaccessiblePaths=-/etc/sysconfig/iptables-config InaccessiblePaths=-/etc/sysconfig/nftables.conf InaccessiblePaths=-/etc/systemd/system/network-up.service InaccessiblePaths=-/etc/systemd/system/vpn.service InaccessiblePaths=-/etc/wireguard InaccessiblePaths=-/usr/libexec/arptables-helper InaccessiblePaths=-/usr/libexec/arptables-nft-helper InaccessiblePaths=-/usr/libexec/initscripts InaccessiblePaths=-/usr/libexec/iptables InaccessiblePaths=-/usr/libexec/sudo InaccessiblePaths=-/usr/libexec/udisks2 InaccessiblePaths=-/usr/sbin/arptables InaccessiblePaths=-/usr/sbin/arptables-nft InaccessiblePaths=-/usr/sbin/arptables-nft-restore InaccessiblePaths=-/usr/sbin/arptables-nft-save InaccessiblePaths=-/usr/sbin/arptables-restore InaccessiblePaths=-/usr/sbin/arptables-save InaccessiblePaths=-/usr/sbin/ebtables InaccessiblePaths=-/usr/sbin/ebtables-nft InaccessiblePaths=-/usr/sbin/ebtables-nft-restore InaccessiblePaths=-/usr/sbin/ebtables-nft-save InaccessiblePaths=-/usr/sbin/ebtables-restore InaccessiblePaths=-/usr/sbin/ebtables-save InaccessiblePaths=-/usr/sbin/ip6tables InaccessiblePaths=-/usr/sbin/ip6tables-nft InaccessiblePaths=-/usr/sbin/ip6tables-nft-restore InaccessiblePaths=-/usr/sbin/ip6tables-nft-save InaccessiblePaths=-/usr/sbin/ip6tables-restore InaccessiblePaths=-/usr/sbin/ip6tables-restore-translate InaccessiblePaths=-/usr/sbin/ip6tables-save InaccessiblePaths=-/usr/sbin/ip6tables-translate InaccessiblePaths=-/usr/sbin/ipset InaccessiblePaths=-/usr/sbin/iptables InaccessiblePaths=-/usr/sbin/iptables-apply InaccessiblePaths=-/usr/sbin/iptables-nft InaccessiblePaths=-/usr/sbin/iptables-nft-restore InaccessiblePaths=-/usr/sbin/iptables-nft-save InaccessiblePaths=-/usr/sbin/iptables-restore InaccessiblePaths=-/usr/sbin/iptables-restore-translate InaccessiblePaths=-/usr/sbin/iptables-save InaccessiblePaths=-/usr/sbin/iptables-translate InaccessiblePaths=-/usr/sbin/nfbpf_compile InaccessiblePaths=-/usr/sbin/nft InaccessiblePaths=-/usr/sbin/xtables-monitor InaccessiblePaths=-/usr/sbin/xtables-multi InaccessiblePaths=-/usr/sbin/xtables-nft-multi InaccessiblePaths=-/usr/sbin/agetty InaccessiblePaths=-/usr/sbin/alsactl InaccessiblePaths=-/usr/sbin/anacron InaccessiblePaths=-/usr/sbin/apachectl InaccessiblePaths=-/usr/sbin/arp InaccessiblePaths=-/usr/sbin/arpd InaccessiblePaths=-/usr/sbin/arping InaccessiblePaths=-/usr/sbin/auditctl InaccessiblePaths=-/usr/sbin/blkdiscard InaccessiblePaths=-/usr/sbin/brctl InaccessiblePaths=-/usr/sbin/bridge InaccessiblePaths=-/usr/sbin/cfdisk InaccessiblePaths=-/usr/sbin/chkconfig InaccessiblePaths=-/usr/sbin/consoletype InaccessiblePaths=-/usr/sbin/crond InaccessiblePaths=-/usr/sbin/ctstat InaccessiblePaths=-/usr/sbin/cupsctl InaccessiblePaths=-/usr/sbin/delpart InaccessiblePaths=-/usr/sbin/devlink InaccessiblePaths=-/usr/sbin/efibootdump InaccessiblePaths=-/usr/sbin/efibootmgr InaccessiblePaths=-/usr/sbin/ether-wake InaccessiblePaths=-/usr/sbin/ethtool InaccessiblePaths=-/usr/sbin/fdformat InaccessiblePaths=-/usr/sbin/fdisk InaccessiblePaths=-/usr/sbin/fping InaccessiblePaths=-/usr/sbin/fsck InaccessiblePaths=-/usr/sbin/fsfreeze InaccessiblePaths=-/usr/sbin/fuser InaccessiblePaths=-/usr/sbin/genhostid InaccessiblePaths=-/usr/sbin/genl InaccessiblePaths=-/usr/sbin/groupadd InaccessiblePaths=-/usr/sbin/grub2-bios-setup InaccessiblePaths=-/usr/sbin/grub2-install InaccessiblePaths=-/usr/sbin/grub2-macbless InaccessiblePaths=-/usr/sbin/grub2-mkconfig InaccessiblePaths=-/usr/sbin/grub2-reboot InaccessiblePaths=-/usr/sbin/grub2-rpm-sort InaccessiblePaths=-/usr/sbin/grub2-switch-to-blscfg InaccessiblePaths=-/usr/sbin/hwclock InaccessiblePaths=-/usr/sbin/ifcfg InaccessiblePaths=-/usr/sbin/ifconfig InaccessiblePaths=-/usr/sbin/ifdown InaccessiblePaths=-/usr/sbin/ifstat InaccessiblePaths=-/usr/sbin/ifup InaccessiblePaths=-/usr/sbin/insmod InaccessiblePaths=-/usr/sbin/ip InaccessiblePaths=-/usr/sbin/ipmaddr InaccessiblePaths=-/usr/sbin/iptunnel InaccessiblePaths=-/usr/sbin/lnstat InaccessiblePaths=-/usr/sbin/logwatch InaccessiblePaths=-/usr/sbin/lsmod InaccessiblePaths=-/usr/sbin/lspci InaccessiblePaths=-/usr/sbin/mii-diag InaccessiblePaths=-/usr/sbin/mii-tool InaccessiblePaths=-/usr/sbin/mkfs InaccessiblePaths=-/usr/sbin/mkfs.btrfs InaccessiblePaths=-/usr/sbin/mkfs.cramfs InaccessiblePaths=-/usr/sbin/mkfs.exfat InaccessiblePaths=-/usr/sbin/mkfs.ext2 InaccessiblePaths=-/usr/sbin/mkfs.ext3 InaccessiblePaths=-/usr/sbin/mkfs.ext4 InaccessiblePaths=-/usr/sbin/mkfs.f2fs InaccessiblePaths=-/usr/sbin/mkfs.fat InaccessiblePaths=-/usr/sbin/mkfs.minix InaccessiblePaths=-/usr/sbin/mkfs.msdos InaccessiblePaths=-/usr/sbin/mkfs.ntfs InaccessiblePaths=-/usr/sbin/mkfs.udf InaccessiblePaths=-/usr/sbin/mkfs.vfat InaccessiblePaths=-/usr/sbin/mkfs.xfs InaccessiblePaths=-/usr/sbin/mkswap InaccessiblePaths=-/usr/sbin/modprobe InaccessiblePaths=-/usr/sbin/nameif InaccessiblePaths=-/usr/sbin/netreport InaccessiblePaths=-/usr/sbin/netscsid InaccessiblePaths=-/usr/sbin/nstat InaccessiblePaths=-/usr/sbin/parted InaccessiblePaths=-/usr/sbin/partprobe InaccessiblePaths=-/usr/sbin/partx InaccessiblePaths=-/usr/sbin/pidof InaccessiblePaths=-/usr/sbin/ping InaccessiblePaths=-/usr/sbin/ping6 InaccessiblePaths=-/usr/sbin/plipconfig InaccessiblePaths=-/usr/sbin/poweroff InaccessiblePaths=-/usr/sbin/rdma InaccessiblePaths=-/usr/sbin/reboot InaccessiblePaths=-/usr/sbin/rmmod InaccessiblePaths=-/usr/sbin/rndc InaccessiblePaths=-/usr/sbin/rndc-confgen InaccessiblePaths=-/usr/sbin/route InaccessiblePaths=-/usr/sbin/routef InaccessiblePaths=-/usr/sbin/routel InaccessiblePaths=-/usr/sbin/rsyslogd InaccessiblePaths=-/usr/sbin/rtacct InaccessiblePaths=-/usr/sbin/rtkitctl InaccessiblePaths=-/usr/sbin/rtmon InaccessiblePaths=-/usr/sbin/rtpr InaccessiblePaths=-/usr/sbin/rtstat InaccessiblePaths=-/usr/sbin/runuser InaccessiblePaths=-/usr/sbin/service InaccessiblePaths=-/usr/sbin/setcap InaccessiblePaths=-/usr/sbin/setenforce InaccessiblePaths=-/usr/sbin/setpci InaccessiblePaths=-/usr/sbin/setquota InaccessiblePaths=-/usr/sbin/setsebool InaccessiblePaths=-/usr/sbin/sfdisk InaccessiblePaths=-/usr/sbin/slattach InaccessiblePaths=-/usr/sbin/smartctl InaccessiblePaths=-/usr/sbin/smbios-battery-ctl InaccessiblePaths=-/usr/sbin/smbios-keyboard-ctl InaccessiblePaths=-/usr/sbin/smbios-state-byte-ctl InaccessiblePaths=-/usr/sbin/smbios-thermal-ctl InaccessiblePaths=-/usr/sbin/smbios-token-ctl InaccessiblePaths=-/usr/sbin/smbios-upflag-ctl InaccessiblePaths=-/usr/sbin/smbios-wakeup-ctl InaccessiblePaths=-/usr/sbin/smbios-wireless-ctl InaccessiblePaths=-/usr/sbin/smokeping InaccessiblePaths=-/usr/sbin/ss InaccessiblePaths=-/usr/sbin/sshd InaccessiblePaths=-/usr/sbin/sushell InaccessiblePaths=-/usr/sbin/swapon InaccessiblePaths=-/usr/sbin/sysctl InaccessiblePaths=-/usr/sbin/sys-unconfig InaccessiblePaths=-/usr/sbin/tipc InaccessiblePaths=-/usr/sbin/tunctl InaccessiblePaths=-/usr/sbin/unhide InaccessiblePaths=-/usr/sbin/unhide_rb InaccessiblePaths=-/usr/sbin/unhide-tcp InaccessiblePaths=-/usr/sbin/useradd InaccessiblePaths=-/usr/sbin/usermod InaccessiblePaths=-/usr/sbin/usernetctl InaccessiblePaths=-/usr/sbin/wipefs InaccessiblePaths=-/usr/sbin/zramctl InaccessiblePaths=-/usr/bin/alsaloop InaccessiblePaths=-/usr/bin/alsamixer InaccessiblePaths=-/usr/bin/alsatplg InaccessiblePaths=-/usr/bin/alsaucm InaccessiblePaths=-/usr/bin/alsaunmute InaccessiblePaths=-/usr/bin/attr InaccessiblePaths=-/usr/bin/balooctl InaccessiblePaths=-/usr/bin/bash InaccessiblePaths=-/usr/bin/bootctl InaccessiblePaths=-/usr/bin/busctl InaccessiblePaths=-/usr/bin/chacl InaccessiblePaths=-/usr/bin/chattr InaccessiblePaths=-/usr/bin/cmp InaccessiblePaths=-/usr/bin/coredumpctl InaccessiblePaths=-/usr/bin/crontab InaccessiblePaths=-/usr/bin/csh InaccessiblePaths=-/usr/bin/dash InaccessiblePaths=-/usr/bin/dd InaccessiblePaths=-/usr/bin/df InaccessiblePaths=-/usr/bin/diff InaccessiblePaths=-/usr/bin/diff3 InaccessiblePaths=-/usr/bin/dmesg InaccessiblePaths=-/usr/bin/dnf InaccessiblePaths=-/usr/bin/dotty InaccessiblePaths=-/usr/bin/dracut InaccessiblePaths=-/usr/bin/evmctl InaccessiblePaths=-/usr/bin/free InaccessiblePaths=-/usr/bin/ftp InaccessiblePaths=-/usr/bin/getfacl InaccessiblePaths=-/usr/bin/getfattr InaccessiblePaths=-/usr/bin/grotty InaccessiblePaths=-/usr/bin/grub2-file InaccessiblePaths=-/usr/bin/grub2-menulst2cfg InaccessiblePaths=-/usr/bin/grub2-mkimage InaccessiblePaths=-/usr/bin/grub2-mkrelpath InaccessiblePaths=-/usr/bin/grub2-render-label InaccessiblePaths=-/usr/bin/grub2-script-check InaccessiblePaths=-/usr/bin/hostnamectl InaccessiblePaths=-/usr/bin/htop InaccessiblePaths=-/usr/bin/ipcmk InaccessiblePaths=-/usr/bin/journalctl InaccessiblePaths=-/usr/bin/keyctl InaccessiblePaths=-/usr/bin/kill InaccessiblePaths=-/usr/bin/killall InaccessiblePaths=-/usr/bin/ksh InaccessiblePaths=-/usr/bin/last InaccessiblePaths=-/usr/bin/localectl InaccessiblePaths=-/usr/bin/locate InaccessiblePaths=-/usr/bin/loginctl InaccessiblePaths=-/usr/bin/ls InaccessiblePaths=-/usr/bin/lsattr InaccessiblePaths=-/usr/bin/lsblk InaccessiblePaths=-/usr/bin/lsb_release InaccessiblePaths=-/usr/bin/lscpu InaccessiblePaths=-/usr/bin/lsdiff InaccessiblePaths=-/usr/bin/lsinitrd InaccessiblePaths=-/usr/bin/lsipc InaccessiblePaths=-/usr/bin/lslocks InaccessiblePaths=-/usr/bin/lslogins InaccessiblePaths=-/usr/bin/lsmem InaccessiblePaths=-/usr/bin/lsns InaccessiblePaths=-/usr/bin/lsof InaccessiblePaths=-/usr/bin/lsscsi InaccessiblePaths=-/usr/bin/lsusb InaccessiblePaths=-/usr/bin/lua InaccessiblePaths=-/usr/bin/lynis InaccessiblePaths=-/usr/bin/mail InaccessiblePaths=-/usr/bin/mkfifo InaccessiblePaths=-/usr/bin/mkinitrd InaccessiblePaths=-/usr/bin/mkisofs InaccessiblePaths=-/usr/bin/mknod InaccessiblePaths=-/usr/bin/mount InaccessiblePaths=-/usr/bin/mountpoint InaccessiblePaths=-/usr/bin/nc InaccessiblePaths=-/usr/bin/netcap InaccessiblePaths=-/usr/bin/netstat InaccessiblePaths=-/usr/bin/netstat-nat InaccessiblePaths=-/usr/bin/networkctl InaccessiblePaths=-/usr/bin/nmap InaccessiblePaths=-/usr/bin/nping InaccessiblePaths=-/usr/bin/nsenter InaccessiblePaths=-/usr/bin/pactl InaccessiblePaths=-/usr/bin/panelctl InaccessiblePaths=-/usr/bin/passwd InaccessiblePaths=-/usr/bin/peekfd InaccessiblePaths=-/usr/bin/pgrep InaccessiblePaths=-/usr/bin/pidof InaccessiblePaths=-/usr/bin/ping InaccessiblePaths=-/usr/bin/pkill InaccessiblePaths=-/usr/bin/pkttyagent InaccessiblePaths=-/usr/bin/pmap InaccessiblePaths=-/usr/bin/portablectl InaccessiblePaths=-/usr/bin/prtstat InaccessiblePaths=-/usr/bin/ps InaccessiblePaths=-/usr/bin/pslog InaccessiblePaths=-/usr/bin/pstree InaccessiblePaths=-/usr/bin/pstree.x11 InaccessiblePaths=-/usr/bin/pulseaudio InaccessiblePaths=-/usr/bin/pwdx InaccessiblePaths=-/usr/bin/python InaccessiblePaths=-/usr/bin/python2 InaccessiblePaths=-/usr/bin/python3 InaccessiblePaths=-/usr/bin/resolvectl InaccessiblePaths=-/usr/bin/rkhunter InaccessiblePaths=-/usr/bin/rpm InaccessiblePaths=-/usr/bin/rsync InaccessiblePaths=-/usr/bin/ruby InaccessiblePaths=-/usr/bin/scp InaccessiblePaths=-/usr/bin/screen InaccessiblePaths=-/usr/bin/sdiff InaccessiblePaths=-/usr/bin/setarch InaccessiblePaths=-/usr/bin/setcifsacl InaccessiblePaths=-/usr/bin/setfacl InaccessiblePaths=-/usr/bin/setfattr InaccessiblePaths=-/usr/bin/setpriv InaccessiblePaths=-/usr/bin/setsid InaccessiblePaths=-/usr/bin/setterm InaccessiblePaths=-/usr/bin/setxkbmap InaccessiblePaths=-/usr/bin/sftp InaccessiblePaths=-/usr/bin/sh InaccessiblePaths=-/usr/bin/skill InaccessiblePaths=-/usr/bin/slabtop InaccessiblePaths=-/usr/bin/snice InaccessiblePaths=-/usr/bin/ssh InaccessiblePaths=-/usr/bin/ssh-add InaccessiblePaths=-/usr/bin/ssh-agent InaccessiblePaths=-/usr/bin/ssh-copy-id InaccessiblePaths=-/usr/bin/ssh-keyscan InaccessiblePaths=-/usr/bin/strace InaccessiblePaths=-/usr/bin/strace-log-merg InaccessiblePaths=-/usr/bin/stty InaccessiblePaths=-/usr/bin/su InaccessiblePaths=-/usr/bin/sudo InaccessiblePaths=-/usr/bin/systemctl InaccessiblePaths=-/usr/bin/systemd-tty-ask-password-agent InaccessiblePaths=-/usr/bin/tcl InaccessiblePaths=-/usr/bin/tcptraceroute InaccessiblePaths=-/usr/bin/tcsh InaccessiblePaths=-/usr/bin/telnet InaccessiblePaths=-/usr/bin/timedatectl InaccessiblePaths=-/usr/bin/tload InaccessiblePaths=-/usr/bin/top InaccessiblePaths=-/usr/bin/tracepath InaccessiblePaths=-/usr/bin/traceroute InaccessiblePaths=-/usr/bin/traceroute6 InaccessiblePaths=-/usr/bin/tricklectl InaccessiblePaths=-/usr/bin/tty InaccessiblePaths=-/usr/bin/udisksctl InaccessiblePaths=-/usr/bin/umount InaccessiblePaths=-/usr/bin/updatedb InaccessiblePaths=-/usr/bin/uptime InaccessiblePaths=-/usr/bin/users InaccessiblePaths=-/usr/bin/vmstat InaccessiblePaths=-/usr/bin/vmtoolsd InaccessiblePaths=-/usr/bin/vmware-checkvm InaccessiblePaths=-/usr/bin/vmware-namespace-cmd InaccessiblePaths=-/usr/bin/vmware-rpctool InaccessiblePaths=-/usr/bin/vmware-toolbox-cmd InaccessiblePaths=-/usr/bin/vmware-xferlogs InaccessiblePaths=-/usr/bin/w InaccessiblePaths=-/usr/bin/wall InaccessiblePaths=-/usr/bin/watch InaccessiblePaths=-/usr/bin/wdctl InaccessiblePaths=-/usr/bin/wg InaccessiblePaths=-/usr/bin/wget InaccessiblePaths=-/usr/bin/who InaccessiblePaths=-/usr/bin/whoami InaccessiblePaths=-/usr/bin/zsh InaccessiblePaths=-/boot InaccessiblePaths=-/efi InaccessiblePaths=-/media InaccessiblePaths=-/run/media InaccessiblePaths=-/run/mount InaccessiblePaths=-/etc/cron.d InaccessiblePaths=-/etc/cron.daily InaccessiblePaths=-/etc/cron.hourly InaccessiblePaths=-/etc/cron.monthly InaccessiblePaths=-/etc/cron.weekly InaccessiblePaths=-/etc/dbus-1 InaccessiblePaths=-/etc/modprobe.d InaccessiblePaths=-/etc/modules-load.d InaccessiblePaths=-/etc/postfix InaccessiblePaths=-/etc/ssh InaccessiblePaths=-/etc/sysctl.d InaccessiblePaths=-/run/console InaccessiblePaths=-/run/dbus InaccessiblePaths=-/run/lock InaccessiblePaths=-/run/systemd/generator InaccessiblePaths=-/run/systemd/system InaccessiblePaths=-/run/systemd/users InaccessiblePaths=-/run/udev InaccessiblePaths=-/usr/lib/.build-id InaccessiblePaths=-/usr/lib/alsa InaccessiblePaths=-/usr/lib/cpp InaccessiblePaths=-/usr/lib/dracut InaccessiblePaths=-/usr/lib/dtrace InaccessiblePaths=-/usr/lib/firmware InaccessiblePaths=-/usr/lib/gcc InaccessiblePaths=-/usr/lib/grub InaccessiblePaths=-/usr/lib/kernel InaccessiblePaths=-/usr/lib/modprobe.d InaccessiblePaths=-/usr/lib/modules InaccessiblePaths=-/usr/lib/modules-load.d InaccessiblePaths=-/usr/lib/rpm InaccessiblePaths=-/usr/lib/sysctl.d InaccessiblePaths=-/usr/lib/udev InaccessiblePaths=-/usr/lib/vmware InaccessiblePaths=-/usr/lib/vmware-installer InaccessiblePaths=-/usr/lib/vmware-ovftool InaccessiblePaths=-/usr/lib/vmware-vix InaccessiblePaths=-/usr/lib64/dbus-1 InaccessiblePaths=-/usr/libexec/mlocate-run-updatedb InaccessiblePaths=-/usr/libexec/openssh InaccessiblePaths=-/usr/libexec/openssh/sftp-server InaccessiblePaths=-/usr/libexec/openssh/sshd-keygen InaccessiblePaths=-/usr/libexec/postfix InaccessiblePaths=-/usr/local/scripts InaccessiblePaths=-/var/db InaccessiblePaths=-/var/lib/dbus InaccessiblePaths=-/var/lib/dnf InaccessiblePaths=-/var/lib/rpm InaccessiblePaths=-/var/lib/systemd InaccessiblePaths=-/var/spool/anacron InaccessiblePaths=-/var/spool/clientmqueue InaccessiblePaths=-/var/spool/cron InaccessiblePaths=-/var/spool/exim InaccessiblePaths=-/var/spool/hylafax InaccessiblePaths=-/var/spool/lpd InaccessiblePaths=-/var/spool/mail InaccessiblePaths=-/var/spool/mqueue InaccessiblePaths=-/var/spool/postfix InaccessiblePaths=-/var/spool/squid InaccessiblePaths=-/var/spool/uucp |
