2014年10月29日星期三

create local ubuntu update repository with apt-mirror package

1. install apt-mirror package
# apt-get update
# apt-get install apt-mirror

2. modify apt-mirror configuration file
# vim /etc/apt/mirror.list

remove comments for these lines
set base_path    /var/spool/apt-mirror
set mirror_path  $base_path/mirror
set skel_path    $base_path/skel
set var_path     $base_path/var

3. initial apt-mirror
# /etc/init.d/apt-mirror



2014年10月20日星期一

squid server use ntlm authenction with multi group

1. modify squid.conf as below
# vim /etc/squid3/squid.conf

http_port  3128
icp_port 0
htcp_port 0
cache_mgr admin@cps.com
visible_hostname squid.csp.com
cache_dir diskd /var/spool/squid3 81920 16 256
cache_mem 1024 MB
cache_swap_low  80
cache_swap_high 95
maximum_object_size  1024 KB
maximum_object_size_in_memory 800 KB
ipcache_size 65536
ipcache_low 80
ipcache_high 95

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

digest_generation off
pipeline_prefetch on
shutdown_lifetime 1 second

cache_access_log /var/log/squid3/access.log
#cache_access_log syslog:local5.info squid
cache_log /var/log/squid3/cache.log
cache_store_log none
pid_filename /var/run/squid3.pid
cache_swap_log /var/log/squid3/cache_swap.log
read_timeout 10 minutes
request_timeout 8 minutes
pconn_timeout 120 seconds
ftp_user anonymous
ftp_list_width 64
ftp_passive on
ftp_sanitycheck on
hosts_file /etc/hosts
negative_ttl 2 minutes

cache_peer 10.10.2.2 parent 9119 0 no-query name=fproxy
cache_peer_domain fproxy .yahoo.co.jp .gov.tw

# authentication
authenticate_ttl 8 hours
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 50
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic realm squidt1-6 Proxy
auth_param basic credentialsttl 8 hours

external_acl_type wbinfo_check %LOGIN /usr/lib/squid3/wbinfo_group.pl
acl tw_www_disabled external wbinfo_check tw_www_disabled
acl tw_www_enabled external wbinfo_check tw_www_enabled
acl tw_www_cloud external wbinfo_check tw_www_cloud

#ACLS
#general
acl java browser -i ^JAVA/
acl svn browser -i ^SVN/
acl CONNECT method CONNECT
acl password proxy_auth REQUIRED
acl manager proto cache_object
acl Safe_ports port 20 21 80 81 82 443 888 1025-65535
acl SSL_ports port 22 94 443 2083-2093 8443 10443
acl ftp proto FTP
acl http proto http

acl localhost src 127.0.0.1/32
acl gissrc src 10.77.0.0/16
acl cspdst dst 10.0.0.0/8  192.168.0.0/16
acl cspsrc src 10.0.0.0/8

acl site_block dstdomain "/etc/squid3/site_block"
acl site_allow dstdomain "/etc/squid3/site_allow"
acl ip_block dst "/etc/squid3/ip_block"
acl ip_china_proxy src "/etc/squid3/ip_china_proxy"
acl ip_gmail_allow src "/etc/squid3/ip_gmail_allow"
acl ip_cloud_allow src "/etc/squid3/ip_cloud_allow"
acl site_webmail_allow dstdomain "/etc/squid3/site_webmail_allow"
acl site_cloud_allow dstdomain "/etc/squid3/site_cloud_allow"

#allow_specific
http_access allow tw_www_disabled site_allow
http_access deny tw_www_disabled !site_allow

http_access allow ip_gmail_allow site_webmail_allow
http_access allow tw_www_cloud site_cloud_allow

#deny rule
http_access deny site_block
http_access deny ip_block
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny !cspsrc
snmp_access deny !cspsrc
icp_access deny !cspsrc

#allow rule
http_access allow java
http_access allow svn
http_access allow ip_china_proxy
http_access allow gissrc
http_access allow manager localhost
http_access deny manager
http_access allow ftp
http_access allow Safe_ports tw_www_enabled

2014年10月6日星期一

install squidgurard to implement acl

1. install squidguard
# apt-get update && apt-get install squidguard

2. modify squidguard configuration
# vim /etc/squid/squidguard.conf

dbhome /var/lib/squidguard/blacklists
logdir /var/log/squid

#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat

time workhours {
        weekly mtwhf 00:00 - 24:00
        date *-*-01  00:00 - 24:00
}
src admin {
        ip              10.124.20.159
        user            root tommy
        within          workhours
}

src client-src {
        ip              10.0.0.0/8
}

#
# DESTINATION CLASSES:
#

dest good {
        domainlist      good/domains
        urllist         good/urls
        log             block.log
}


dest ads {
        domainlist      ads/domains
        urllist         ads/urls
        log             block.log
}

dest adult {
        domainlist      adult/domains
        urllist         adult/urls
        log             block.log
}

dest chat {
        domainlist      chat/domains
        urllist         chat/urls
        log             block.log
}

acl {
        admin {
                pass     any
        }

        client-src within workhours {
                pass     good !ads !adult !chat all
        } else {
                pass any
        }

        default {
                pass     none
                redirect http://xxx.xxxx.xxxx/cgi-bin/blocked.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
        }
}

3. download the blacklist from internet 
# cd /var/lib/squidguard/
# tar zxvf bigblacklist.tar.gz


4. create good folder in the db location
# cd /var/lib/squidguard/blacklists
# mkdir good
# touch good/domains
# touch good/urls

5. initial the database and change the permission for squid service account
# squidGuard -C all
# chown -Rf proxy:proxy  /var/lib/squidguard/blacklists

6. touch the block.log 
# touch /var/log/squid/block.log
# chown -Rf proxy:proxy /var/lig/squid

7. add the line into the squid.conf
# vim /etc/squid3/squid.conf
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

8. restart the squid service 
# /etc/init.d/squid restart

2014年10月1日星期三

How to direct the squid log to splunk

1. modify squid config and change  cache_access_log  to rsyslog
# vim /etc/squid3/squid.conf

#cache_access_log /var/log/squid3/access.log
cache_access_log syslog:local5.info squid

2. modify rsyslog configurtion to direct squid.log to splunk
# vim /etc/rsyslog.d/50-default.conf

add this line to the file
local5.*                                  @splunk.xxx.xxx.xxx:514

3.restart squid  and rsyslog
# /etc/init.d/squid3 restart
# /etc/init.d/rsyslog restart

4. confirm squid server status
# /etc/init.d/squid3 status

5. confirm the log data in splunk server

2014年5月28日星期三

how to mount disk that larger than 2TB

1. install the tool like gpart
# apt-get install gpart

2. confirm the disk lable you want to format
# fidsk /dev/sdx

3. use gpart tool to make a partition
#gpart /dev/sdx

make a partition label for it, we use gpt that support larger disk size
(parted) mklabel gpt

Warning: The existing disk label on /dev/sdx will be destroyed and all data on this disk will be lost. Do you want to continue?
Yes/No? yes
set the unit
(parted) unit TB

create 3TB size
(parted) mkpart primary 0.00TB 3.00TB

(parted) quit

4. format the disk
#mkfs.ext4 /dev/sdx

5. mount it
#mkdir /mnt/backup
#mount /dev/sdx1 /mnt/backup

6. use df to confirm the disk size
#df -h

2014年5月27日星期二

use ldapsearch to query windows active directory

1. install ladp component
#apt-get install ldap-utils

2. -H ldap server
    -b bind
   -D domain account
  -w  doamin password
 
#ldapsearch -LLL -H ldap://dc01.csp.com: 389 -b "dc=csp,dc=com" -D "cps\tommy" -w "abc123" "(sAMAccountName=tommy.lbs)"

2014年5月5日星期一

install postfix and dovecot and redirect all mail to one account

1. install postfix, pcre and dovecot
# apt-get install postfix postfix-pcre
# apt-get install dovecot-core dovecot-imapd

2. confirm your dns mx record have one mx record for your mail server

3. modify your postfix configuration  for your environment
# vim /etc/postfix/main.cf

myhostname = mail.csp.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, $mydomain, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/16
always_bcc = tommy@csp.com.tw
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/

#head_checks
header_checks = pcre:/etc/postfix/header_checks

4.add new file /etc/postfix/header_checks
# vim /etc/postfix/header_checks
/TO:*@*/ REDIRECT check01@csp.com

5. check postfix setting and restart postfix
# postfix check
# /etc/init.d/postfix restart

6.modify /etc/dovecot/dovecot.conf
#vim /etc/dovecot/dovecot.conf
uncomment the lines

listen = *, ::
base_dir = /var/run/dovecot/
instance_name = dovecot
login_greeting = Dovecot ready.

7. change 10-auth.conf
#vim /etc/dovecot/conf.d/10-auth.conf
uncomment line and change the value
disable_plaintext_auth = no

8.change 10-master.conf
#vim /etc/dovecot/conf.d/10-master.conf
change contents within lines as below

service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
service lmtp {
  unix_listener lmtp {
    mode = 0666
  }

service auth {
   # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
}
auth_mechanisms = plain login

9. change 10-mail.conf
#vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir

10.change 20-imap.conf
#vim /etc/dovecot/conf.d/20-imap.conf
  imap_max_line_length = 64k
  mail_max_userip_connections = 10
  mail_plugins = $mail_plugins
  imap_logout_format = bytes=%i/%o
  imap_client_workarounds = tb-extra-mailbox-sep

11. restart the dovecot services.
# /etc/init.d/dovecot restart