Category Archives: Linux

Apache as Forward Proxy

An Apache forward proxy is an intermediate server that is  between the client and origin server.To receive content from  origin server,  client sends a request to proxy naming  origin server as the target and the proxy then requests  content from the origin server and returns it to the client. Client host must be specially configured to use the forward proxy to use other sites.

Forward proxy is used to give access to internal clients that are restricted by a firewall.This can also be use caching (mod to be used mod_cache) to cut bandwith usage.Never enable proxy with ProxyRequests until you have harden security. Open proxy servers are dangerous in network and as well as internet.Antonymous user can use your internet without your consense.

Steps to convert apache as forward proxy

1. Install mod-proxy-html
# apt-get install libapache2-mod-proxy-html
2.Enable proxy proxy_html and proxy_http module for http request
# a2enmod proxy
# a2enmod proxy_html
# a2enmod proxy_http

3. Enable Connect Module for https requests
# a2enmod proxy_connect

4. cp /etc/apache2/sites-available/default /etc/apache2/sites-available/proxy

5. put in a desired port, and append at the end within <VirtualHost> directive
#for HTTP Requests
ProxyRequests On
ProxyVia On

#For HTTPS Request
SSLProxyEngine On
AllowCONNECT 443

Order deny,allow
Deny from all
Allow from [hostname or IP]

hostname or IP is the one you need to allow proxy to be accessed from

6. Enable Proxy site
# a2ensite proxy

6. Append the following at the bottom of ports.conf:
Listen [your port]
The port that you have desired to use as forward Proxy

7. restart apache
service apache2 restart

That makes apache as a forward proxy and as alternate to squid in windows if the squid build for windows doesnot support in your system.

Remove Cron Jobs from auth.log

CRON[21587]: pam_unix(cron:session): session opened for user root by (uid=0)
CRON[21587]: pam_unix(cron:session): session closed for user root

This type of logs makes you hard to read the log by you can whe you are looking for information logged by ssh.

To strip off this logs you can simply edit /etc/pam.d/cron (using sudo since you need to root privileges) and comment out the line:

    @include common-session

 

auth.log Empty

Troubleshooting auth.log empty
/var/log/auth.log can be empty due to various reasons but you can restore rsyslogd with its initial settings so that you get logs

Here is How you reinstall it:

# sudo apt-get remove rsyslog

# sudo apt-get install rsyslog

This will reinstall your rsyslog and you can get the auth logs

auth.log can also be empty when log is rotated. No action is needed in this case.

File Permission for Web Server

We need to change File permission for web server to default for web server securitywe can adjust all web page files by changing directory to web server default directory  and issuing following command as root.

find . -type f -exec chmod 644 {} ;  
find . -type d -exec chmod 755 {} ;

Squid Multiple Outgoing IP

I got lots of queries from Fellow VPS server Administrators on using all of IPs provided by provider for browsing the internet and rotating the IP addresses for squid multiple outgoing ip

When squid server is configured by using following squid acls and tcp_outgoing_address directives we can use all of IPs that are assigned.Here is configuration of  squid multiple outgoing IP address using tcp_outgoing_address

acl myip1 myip 10.0.11.2
acl myip2 myip 10.0.11.3
acl myip3 myip 10.0.11.4

tcp_outgoing_address 10.0.11.2 myip1
tcp_outgoing_address 10.0.11.3 myip2
tcp_outgoing_address 10.0.11.4 myip3

Here I take 10.0.11.2 -10.0.11.4 as your assigned IP

The acl lines tell squid to match myip which means if someone uses the IP 10.0.1.2 as their proxy server they will match the acl ip1 and so on..

Script for IP Change Alert

If you need to be notified upon the IP address of the system it can be achieved through following Perl Script

At first a sendemail needs to be installed using :
sudo apt-get install sendemail (in Debian based Distros : Ubuntu )
sudo yum install sendemail (in Redhat Based Distros :Red Hat,Fedora, Cent OS)

Else you may use another MTAs too like sendmail or postfix that is available.

This  IP change alert script alerts the admin if external IP address is changed

#!/usr/bin/perl -w
#Anwesh Tiwari Oct 12 2011

use strict;
my $today=`date +%Y-%m-%d” “%r`;
#location of TEMP file
my $ip_last_check_file = “/home/tmp/IP-Address”;
my $ip_now = `curl -s http://checkip.dyndns.org`;
$ip_now =~ s/.*?(d+.d+.d+.d+).*/$1/s;

open(IP, “<$ip_last_check_file”) or die “Cannot open $ip_last_check_file: $!”;
my $ip_last_check = ;0
close(IP);

if ($ip_now ne $ip_last_check)
{
open(IP, “>$ip_last_check_file”) or die “Cannot open $ip_last_check: $!”;
print IP $ip_now;
close(IP);
#-s “SMTP address of your SMTP server instead” of “-s localhost” if you dont have ipaddress running.
my $output = `sendemail -f [email protected] -t [email protected] -s localhost -u IP-CHANGE-ALERT -m Gateway IP-address has changed to $ip_now.\\n Event Time :$today`;
}

exit;

Make sure that port 25 is not blocked by ISP

Vsftpd Virtual Users

Installing Vsftpd Virtual Users and Password in text file

vsftpd is a reliable , fast and stable FTP server Daemon. In this article we’ll install the server and make it a  password text file for virtual users allowed to login.

1. Install following  packages using
sudo apt-get install  libpam-pwdfile vsftpd

2. Configure vsftpd (sudo nano /etc/vsftpd.conf)
Following variable need to be changed and leave others to default

local_enable=YES
write_enable=YES
anonymous_enable=NO
hide_ids=YES
local_umask=022
chroot_local_user=YES
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER

local_root  is user’s home directories  in the machine

3. Manage PAM to check the passwd file for users (sudo nano /etc/pam.d/vsftpd)
auth required pam_pwdfile.so pwdfile /etc/ftpd.passwd
account required pam_permit.so
Remove other configuration from file
4. The passwd file containing the users is created
sudo htpasswd -c /etc/ftpd.passwd user1

Additional users to the file as below:
sudo htpasswd /etc/ftpd.passwd user2

5. Reload vsftpd
sudo /etc/init.d/vsftpd restart

6. User home directory should be created manually  since vsftpd doesn’t do it automatically
sudo mkdir /var/www/user1

7.Appropriate Permissions need to be provided to that folder for user ftp for uploads

chown 775 ftp:ftp /var/www/user1

Change UUID of Vdi in Virtualbox

Making  copy of the .vdi file into another location will make a real copy of the virtual disk, including the UUID of the disk. If this disk is added to  the Virtual Media Manager, you  will get an error like this:

virtualbox-error.png

To chage the UUID of disk use following command

$ VBoxManage internalcommands setvdiuuid /path/to/virtualdisk.vdi
VirtualBox Command Line Management Interface Version 2.2.2
(C) 2005-2009 Sun Microsystems, Inc.
All rights reserved.

UUID changed to: 9e89fe14-d010-469e-a737-cd6521889acb

Since the old UUID is change , you can now add this virtual disk to Disk Manager

You need not use this commmad if you use clonevdi function to duplicate the virtual disk image, in the first place. The clonevdi  makes the new disk image with unique UUID.

The syntax of the clonedvi goes like this:

$ VBoxManage clonevdi_Master.vdi Clone.vdi

 

install bandwidthd ubuntu


Installing bandwidthd for Network Monitoring in Ubuntu Server

1. Install bandwidthd :   #apt-get install bandwidthd
2. follow prompts, main config file is /etc/bandwidthd/bandwidthd.conf.  You can  copy the conf file from /usr/share/doc/bandwidthd/bandwidthd.conf to /etc/bandwidthd/bandwidthd.conf
3. Install apache2    #apt-get install apache2
4. Change directory  to /var/www and create a soft link to the htdocs directory that bandwidthd uses (check /etc/bandwidthd/bandwidthd.conf for default bandwidthd path ).The softlink of bandwidthd is  created using this command
# ln -s /var/lib/bandwidthd/htdocs bandwidthd

5. restart apache /etc/init.d/apache2 restart (and bandwidthd if needed /etc/init.d/bandwidthd restart)
6. To access bandwidthd
http://<IP of the PC>