Archives

All posts for the month June, 2010

LightSquid installation Steps – Squid Graphical Report Viewer

Published June 26, 2010 by Siva

Installation Instructions:

Required software:

  1. Perl
  2. http server (Apache, lighthttpd, etc)
  3. Squid
  4. Cron

or equivalent

in example i use Apache

1. Extract lightsquid.tgz into any folder

cd /var/www/htdocs/
mkdir lightsquid
cd lightsquid
tar -xzf lightsquid.tgz

set ‘executable’ flag for scrip

chmod +x *.cgi
chmod +x *.pl

change owner

chown -R apache:apache *
(where apache = httpd user)

2. Configure your Apache server

.cgi files must execute as CGI scrip

<Directory "/var/www/html/lightsquid">
   AddHandler cgi-script .cgi
   AllowOverride All
</Directory>

Restart apache

3. Edit lightsquid.cfg

4. If you want GROUP reports – edit group.cfg

format:

esl           01            SysAdmin
karlos       01            SysAdmin
thy           01            SysAdmin
Ivanov     02            Developer
Ivanov2    02            Developer
Petrov      03            Commerial
Petrova    03            Commerial
vasyav     04            room 312
petyava    04            room 312

5. If you want use REALNAME – edit realname.cfg

format:

esl           Sergey Erokhin
karlos       Super User1
thy           Tech Good
Ivanov     Developer numer one
Ivanov2    Developer numbe two
Petrov      Good Commerial
Petrova    Bad Commerial
vasyav     Some User1
petyava    Some User2

6. if you want graphics report

check graph report

7. run check-setup.pl

if all done try next step
else check config file.

8. Try run lightparser.pl

if everything is ok no messages will be produced

parse old statistic
./lightparser.pl access.log.1.{gz|bz2}
./lightparser.pl access.log.2.{gz|bz2}
./lightparser.pl access.log.3.{gz|bz2}

9. Try to use lightsquid

Using your favorite browser enter http://<host where we live>/lightsquid/

10. Setup crontab to run lightparser once per hour

crontab -e
This example will execute parser every 20 minutes

*/20 * * * * /var/www/htdocs/lightsquid/lightparser.pl today

if you have small log and fast machine, you may run lightparser with smaller delay
warning not set interval less 10 min

11. All done!

You Can Access Via :

http://Youripaddresshere/lightsquid

Making Squid Box Act as a GateWay Script

Published June 26, 2010 by Siva

#!/bin/sh

# Squid server IP

SQUID_SERVER=”192.168.1.3″

# Interface connected to Internet

INTERNET=”eth0″

# Address connected to LAN

LOCAL=”192.168.1.0/24″

LOCAL2=”192.168.1.0/24″

# Squid port

SQUID_PORT=”3128″

# Clean old firewall

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X

# Enable Forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

# Setting default filter policy

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

# Unlimited access to loop back

iptables -A INPUT -s 0/0 -i eth0 -p tcp -m tcp –dport 80 -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

# Allow UDP, DNS and Passive FTP

iptables -A INPUT -i $INTERNET -m state –state ESTABLISHED,RELATED -j ACCEPT

# set this system as a router for Rest of LAN

iptables -t nat -A POSTROUTING -o $INTERNET -j MASQUERADE

iptables -A FORWARD -s $LOCAL -j ACCEPT

# unlimited access to LAN

iptables -A INPUT -s $LOCAL -j ACCEPT

iptables -A OUTPUT -s $LOCAL -j ACCEPT

# DNAT port 80 request coming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy

iptables -t nat -A PREROUTING -s $LOCAL -p tcp –dport 80 -j DNAT –to $SQUID_SERVER:$SQUID_PORT

iptables -t nat -A PREROUTING -s $LOCAL2 -p tcp –dport 80 -j DNAT –to $SQUID_SERVER:$SQUID_PORT

# if it is same system

iptables -t nat -A PREROUTING -i $INTERNET -p tcp –dport 80 -j REDIRECT –to-port $SQUID_PORT

#open everything

iptables -A INPUT -i $INTERNET -j ACCEPT

iptables -A OUTPUT -o $INTERNET  -j ACCEPT

# DROP everything and Log it

iptables -A INPUT -j LOG

iptables -A INPUT -j DROP

Squid Server Configuration Step By Step on Centos 5

Published June 26, 2010 by Siva

I recently configured squid server in Centos 5. I have shared my documentation with you all. Feedback’s are welcome.

Squid Configuration File:

/etc/squid/squid.conf

Squid Access File Location:

/var/log/squid/access.log

Squid Error File Location:

/var/log/squid/cache.log

Viewing online Access log

tail -f /var/log/squid/access.log |grep  192.168.1.124

Configuration File

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 81 # Apache_new

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

acl Allow_url dstdomain  “/etc/squid/custom/allowedurls”

acl goodsites dstdomain  “/etc/squid/custom/goodsites”

acl goodsites_ips src “/etc/squid/custom/goodsites_dst_ips”

acl jobsites_ips src “/etc/squid/custom/jobsites_dst_ips”

acl download_ips src “/etc/squid/custom/download_dst_ips”

acl emailallowip src  “/etc/squid/custom/emailallowips_dst_ips” # for Geetha_System

acl allallowip src  “/etc/squid/custom/allallowips_dst_ips”

acl dlds urlpath_regex -i \.gz \.msi \.rm \.asf \.mp4 \.mpa \.cab \.mp3 \.rm \.ram \.mepg \.mpg \.exe \.dll \.chm \.iso \.rar \.zip  \.flv \.torrent

acl jobs dstdomain “/etc/squid/custom/job-sites.acl”

acl social dstdomain “/etc/squid/custom/social-sites.acl”

acl porn dstdomain “/etc/squid/custom/porn-sites.acl”

acl proxy1 dstdomain “/etc/squid/custom/proxy-sites.acl”

acl hack dstdomain “/etc/squid/custom/hack-sites.acl”

acl fileupload dstdomain “/etc/squid/custom/file-upload.acl”

acl email1 dstdomain “/etc/squid/custom/email-sites.acl”

http_access allow localhost

#http_access deny GeneralSites

http_access deny jobs !jobsites_ips

http_access deny social !allallowip

http_access deny porn

http_access deny proxy1

http_access deny hack

http_access deny fileupload !allallowip

http_access deny email1 !emailallowip

http_access deny dlds !download_ips

http_access allow Allow_url

http_access allow goodsites goodsites_ips

http_access allow all

http_access deny all

http_port 3128 transparent

icp_port 3130

cache_mem 16 MB

cache_dir ufs /var/spool/squid 100 16 256

access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

visible_hostname net.minthomes.server

Restarting squid Service

# Service squid restart or /etc/init.d/squid restart

# Service squid reload or /etc/init.d/squid reload

Please contact me, if you facing any issues or clarifications. Thanks

How to List the content of a tar file

Published June 21, 2010 by Siva

You need to list the contents of a tar or tar.gz file on screen before extracting the all files.

Task: List the contents of a tar file

Use the following command:
$ tar -tvf file.tar
Task: List the contents of a tar.gz file

Use the following command:
$ tar -ztvf file.tar.gz
Task: List the contents of a tar.bz2 file

Use the following command:
$ tar -jtvf file.tar.bz2

Apache – “Client denied by server configuration” – Resolved

Published June 19, 2010 by Siva

Having problems with displaying your site and getting error 403 in your web-browser?

does the log-file for apache errors contain lines like tis?
“client denied by server configuration: /path/to/files”

Then you probably have denied access to the directory in the httpd.conf file.

Allow access by adding:
<directory /path/to/files>
allow from all
</directory>

If your are using VirtualHosts then add the directory-block inside the <virtualhost> block.

How to install CSF and LFD?

Published June 17, 2010 by Siva

Securing a web server is critical if it is Internet facing. A steady flood of random and targeted attacks is going to happen as soon as the server is available over the Internet. Installing a firewall and a brute force attack detection tool should be one of the very first steps for a web master. In the past we recommended APF and BFD of R-fx Networks as the software to use, but both tools have not kept up with the pace and are very much outdated. A competing product developer stepped up to the plate and grabbed the opportunity to position his own software solution in the market. Best of all – the solution is freely available at Configserver.com.

CSF and LFD are very easy to install and to configure – especially if you are using a cpanel & WHM server. Here are the instructions on how to install CSF and LFD.

1) Log into your server and switch to the root user
2) Switch directories to your download directory
3) Download the latest version of the software: # wget http://www.configserver.com/free/csf.tgz
4) Untar the package: # tar -xzf csf.tgz
5) Switch into the new extracted folder: # cd csf
6) Run the installer: # sh install.sh
7) If you are still running APF and BFD on your server it is necessary to disable those applications: # sh disable_apf_bfd.sh

If you are running WHM you can now configure CSF and LFD from WHM. CSF/LFD comes pre-configured for a cpanel/WHM server and so there is not that much to do after the installation. Log into WHM and inspect the new configuration utility. As an example you can uninstall APF and BFD from here with the click of the button. If you want to manually edit the CSF/LFD configuration you can do so at / etc/csf/*. Make sure to make backups before you make changes as well as using the debug mode to avoid being locked out.

If for whatever reason you need to uninstall CSF and LFD you can do this easily yourself as well. Login to your server via SSH and switch to the root user.

1) Switch to the folder holding the uninstaller: # cd /etc/csf
2) Run the uninstaller: # sh uninstall.sh

All done. We highly recommend to make yourself familar with the product and how it works. CSF / LFD comes with a readme.txt file that you really should read. The readme file will give a great insight into how both apps work and what you need to configure to have your server properly configured.