2014年10月20日星期一

squid server use ntlm authenction with multi group

1. modify squid.conf as below
# vim /etc/squid3/squid.conf

http_port  3128
icp_port 0
htcp_port 0
cache_mgr admin@cps.com
visible_hostname squid.csp.com
cache_dir diskd /var/spool/squid3 81920 16 256
cache_mem 1024 MB
cache_swap_low  80
cache_swap_high 95
maximum_object_size  1024 KB
maximum_object_size_in_memory 800 KB
ipcache_size 65536
ipcache_low 80
ipcache_high 95

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

digest_generation off
pipeline_prefetch on
shutdown_lifetime 1 second

cache_access_log /var/log/squid3/access.log
#cache_access_log syslog:local5.info squid
cache_log /var/log/squid3/cache.log
cache_store_log none
pid_filename /var/run/squid3.pid
cache_swap_log /var/log/squid3/cache_swap.log
read_timeout 10 minutes
request_timeout 8 minutes
pconn_timeout 120 seconds
ftp_user anonymous
ftp_list_width 64
ftp_passive on
ftp_sanitycheck on
hosts_file /etc/hosts
negative_ttl 2 minutes

cache_peer 10.10.2.2 parent 9119 0 no-query name=fproxy
cache_peer_domain fproxy .yahoo.co.jp .gov.tw

# authentication
authenticate_ttl 8 hours
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 50
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic realm squidt1-6 Proxy
auth_param basic credentialsttl 8 hours

external_acl_type wbinfo_check %LOGIN /usr/lib/squid3/wbinfo_group.pl
acl tw_www_disabled external wbinfo_check tw_www_disabled
acl tw_www_enabled external wbinfo_check tw_www_enabled
acl tw_www_cloud external wbinfo_check tw_www_cloud

#ACLS
#general
acl java browser -i ^JAVA/
acl svn browser -i ^SVN/
acl CONNECT method CONNECT
acl password proxy_auth REQUIRED
acl manager proto cache_object
acl Safe_ports port 20 21 80 81 82 443 888 1025-65535
acl SSL_ports port 22 94 443 2083-2093 8443 10443
acl ftp proto FTP
acl http proto http

acl localhost src 127.0.0.1/32
acl gissrc src 10.77.0.0/16
acl cspdst dst 10.0.0.0/8  192.168.0.0/16
acl cspsrc src 10.0.0.0/8

acl site_block dstdomain "/etc/squid3/site_block"
acl site_allow dstdomain "/etc/squid3/site_allow"
acl ip_block dst "/etc/squid3/ip_block"
acl ip_china_proxy src "/etc/squid3/ip_china_proxy"
acl ip_gmail_allow src "/etc/squid3/ip_gmail_allow"
acl ip_cloud_allow src "/etc/squid3/ip_cloud_allow"
acl site_webmail_allow dstdomain "/etc/squid3/site_webmail_allow"
acl site_cloud_allow dstdomain "/etc/squid3/site_cloud_allow"

#allow_specific
http_access allow tw_www_disabled site_allow
http_access deny tw_www_disabled !site_allow

http_access allow ip_gmail_allow site_webmail_allow
http_access allow tw_www_cloud site_cloud_allow

#deny rule
http_access deny site_block
http_access deny ip_block
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny !cspsrc
snmp_access deny !cspsrc
icp_access deny !cspsrc

#allow rule
http_access allow java
http_access allow svn
http_access allow ip_china_proxy
http_access allow gissrc
http_access allow manager localhost
http_access deny manager
http_access allow ftp
http_access allow Safe_ports tw_www_enabled

2014年10月6日星期一

install squidgurard to implement acl

1. install squidguard
# apt-get update && apt-get install squidguard

2. modify squidguard configuration
# vim /etc/squid/squidguard.conf

dbhome /var/lib/squidguard/blacklists
logdir /var/log/squid

#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat

time workhours {
        weekly mtwhf 00:00 - 24:00
        date *-*-01  00:00 - 24:00
}
src admin {
        ip              10.124.20.159
        user            root tommy
        within          workhours
}

src client-src {
        ip              10.0.0.0/8
}

#
# DESTINATION CLASSES:
#

dest good {
        domainlist      good/domains
        urllist         good/urls
        log             block.log
}


dest ads {
        domainlist      ads/domains
        urllist         ads/urls
        log             block.log
}

dest adult {
        domainlist      adult/domains
        urllist         adult/urls
        log             block.log
}

dest chat {
        domainlist      chat/domains
        urllist         chat/urls
        log             block.log
}

acl {
        admin {
                pass     any
        }

        client-src within workhours {
                pass     good !ads !adult !chat all
        } else {
                pass any
        }

        default {
                pass     none
                redirect http://xxx.xxxx.xxxx/cgi-bin/blocked.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
        }
}

3. download the blacklist from internet 
# cd /var/lib/squidguard/
# tar zxvf bigblacklist.tar.gz


4. create good folder in the db location
# cd /var/lib/squidguard/blacklists
# mkdir good
# touch good/domains
# touch good/urls

5. initial the database and change the permission for squid service account
# squidGuard -C all
# chown -Rf proxy:proxy  /var/lib/squidguard/blacklists

6. touch the block.log 
# touch /var/log/squid/block.log
# chown -Rf proxy:proxy /var/lig/squid

7. add the line into the squid.conf
# vim /etc/squid3/squid.conf
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

8. restart the squid service 
# /etc/init.d/squid restart

2014年10月1日星期三

How to direct the squid log to splunk

1. modify squid config and change  cache_access_log  to rsyslog
# vim /etc/squid3/squid.conf

#cache_access_log /var/log/squid3/access.log
cache_access_log syslog:local5.info squid

2. modify rsyslog configurtion to direct squid.log to splunk
# vim /etc/rsyslog.d/50-default.conf

add this line to the file
local5.*                                  @splunk.xxx.xxx.xxx:514

3.restart squid  and rsyslog
# /etc/init.d/squid3 restart
# /etc/init.d/rsyslog restart

4. confirm squid server status
# /etc/init.d/squid3 status

5. confirm the log data in splunk server

2014年5月28日星期三

how to mount disk that larger than 2TB

1. install the tool like gpart
# apt-get install gpart

2. confirm the disk lable you want to format
# fidsk /dev/sdx

3. use gpart tool to make a partition
#gpart /dev/sdx

make a partition label for it, we use gpt that support larger disk size
(parted) mklabel gpt

Warning: The existing disk label on /dev/sdx will be destroyed and all data on this disk will be lost. Do you want to continue?
Yes/No? yes
set the unit
(parted) unit TB

create 3TB size
(parted) mkpart primary 0.00TB 3.00TB

(parted) quit

4. format the disk
#mkfs.ext4 /dev/sdx

5. mount it
#mkdir /mnt/backup
#mount /dev/sdx1 /mnt/backup

6. use df to confirm the disk size
#df -h

2014年5月27日星期二

use ldapsearch to query windows active directory

1. install ladp component
#apt-get install ldap-utils

2. -H ldap server
    -b bind
   -D domain account
  -w  doamin password
 
#ldapsearch -LLL -H ldap://dc01.csp.com: 389 -b "dc=csp,dc=com" -D "cps\tommy" -w "abc123" "(sAMAccountName=tommy.lbs)"

2014年5月5日星期一

install postfix and dovecot and redirect all mail to one account

1. install postfix, pcre and dovecot
# apt-get install postfix postfix-pcre
# apt-get install dovecot-core dovecot-imapd

2. confirm your dns mx record have one mx record for your mail server

3. modify your postfix configuration  for your environment
# vim /etc/postfix/main.cf

myhostname = mail.csp.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, $mydomain, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/16
always_bcc = tommy@csp.com.tw
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/

#head_checks
header_checks = pcre:/etc/postfix/header_checks

4.add new file /etc/postfix/header_checks
# vim /etc/postfix/header_checks
/TO:*@*/ REDIRECT check01@csp.com

5. check postfix setting and restart postfix
# postfix check
# /etc/init.d/postfix restart

6.modify /etc/dovecot/dovecot.conf
#vim /etc/dovecot/dovecot.conf
uncomment the lines

listen = *, ::
base_dir = /var/run/dovecot/
instance_name = dovecot
login_greeting = Dovecot ready.

7. change 10-auth.conf
#vim /etc/dovecot/conf.d/10-auth.conf
uncomment line and change the value
disable_plaintext_auth = no

8.change 10-master.conf
#vim /etc/dovecot/conf.d/10-master.conf
change contents within lines as below

service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
service lmtp {
  unix_listener lmtp {
    mode = 0666
  }

service auth {
   # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
}
auth_mechanisms = plain login

9. change 10-mail.conf
#vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir

10.change 20-imap.conf
#vim /etc/dovecot/conf.d/20-imap.conf
  imap_max_line_length = 64k
  mail_max_userip_connections = 10
  mail_plugins = $mail_plugins
  imap_logout_format = bytes=%i/%o
  imap_client_workarounds = tb-extra-mailbox-sep

11. restart the dovecot services.
# /etc/init.d/dovecot restart

2014年4月10日星期四

ubuntu 12.04 install ntp server over http

1.install ntp server package
#apt-get update
#apt-get upgrade
#apt-get install ntp

2. modify ntp configuration
#vim /etc/ntp.conf

driftfile /var/lib/ntp/ntp.drift
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
server 127.127.1.0
restrict csp.garmin.com notrap nomodify nopeer noquery
restrict 192.168.200.0 mask 255.255.255.0
restrict 127.0.0.1
broadcast 192.168.200.255
disable auth
broadcastclient

3. restart ntp serivce
#/etc/init.d/ntp restart

4.add third party component to source.list
#vim /etc/apt/source.list
deb http://ppa.launchpad.net/landronimirc/htpdate/ubuntu precise main
deb-src http://ppa.launchpad.net/landronimirc/htpdate/ubuntu precise main

5.add ppa key
#app-apt-repository ppa:landronimirc/htpdate

6.update repository
#apt-get update

7. install htpdate package
#apt-get install htpdate

8.setting crontab
#vim /etc/crontab
* */6 * * * /usr/bin/htpdate -d http://www.perl.org

9. restart cron job
#/etc/init.d/cron restart