Thursday, December 23, 2010

Enabling Polling on FreeBSD 8.1 kernel

plucking your hair on enabling polling on 8.1 kernel by sysctl?

Yeah I know u might have tried your level best to get the polling enabled using
sysctl kern.polling.enable=1 
of modifying /etc/sysctl.conf
But both will produce an error saying "sysctl: unknown oid 'kern.polling.enable'"
Dont worry its enabled as long as you have a polling enabled while compiling the kernel


So just relax and check
sysctl kern.hz
shows ur some values must be 1000 or higher


Now go ahead and enable polling in your network card in /etc/rc.conf ifconfig statement


Happy polling :)



Sunday, June 20, 2010

Squid Log rotation with logrotate

I Install the lotrotate from ports
cd /usr/ports/sysutils/logrotate
make install clean


II Create a new logrotate.conf file.

vi /usr/local/etc/logrotate.conf

# Added the following to rotate Apache and Squid logs

# see “man logrotate” for details
# rotate log files weekly
#weekly
daily

# keep 4 weeks worth of backlogs
rotate 7

# send errors to root
#errors root

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
compress

# RPM packages drop log rotation information into this directory
include /usr/local/etc/logrotate.d

/var/log/lastlog {
monthly
rotate 12
}

# system-specific logs may be configured here

III Create a directory for specific logrotate files

mkdir -p /usr/local/etc/logrotate.d

VI. First, create a logrotate file for Squid to rotate it’s access.log files for 90 days and cache.log for 7 days.

cd /usr/local/etc/logrotate.d/

vi /usr/local/etc/logrotate.d/squid

#Copy and paste the following

/var/log/squid/access.log {
daily
rotate 90
copytruncate
compress
notifempty
missingok
}
/var/log/squid/cache.log {
daily
rotate 7
copytruncate
compress
notifempty
missingok
}

V. Create the necessary directories and files for logrotate and test and debug logrotate

mkdir /var/lib/

touch /var/lib/logrotate.status

/usr/local/sbin/logrotate -d /usr/local/etc/logrotate.conf
/usr/local/sbin/logrotate -f /usr/local/etc/logrotate.conf

VI. Next, we will rotate and manage Apache logs

vi /usr/local/etc/logrotate.d/apache

#Add the following to rotate and manage Apache access_log and error_log for 30 days.

#Note: If your Apache logs may be in a different directory, simply change the directory.

/var/log/apache/access_log {
daily
rotate 30
copytruncate
compress
notifempty
missingok
}
/var/log/apache/error_log {
daily
rotate 30
copytruncate
compress
notifempty
missingok
}

If all goes well, that’s it. Your Apache and Squid logs should be rotated.

The last thing is to add an entry into crontab and letting the cron daemon rotate your Apache and Squid logs automatically.

VII. Automating logrotate using crontab

vi /etc/crontab

#Add the following to rotate your logs at 1 AM in the morning

#Logrotate
0 1 * * * root /usr/local/sbin/logrotate /usr/local/etc/logrotate.conf > /dev/null 2>&1

That’s it. Your Apache and Squid logs will be rotating without manual intervention!!

pf

Hammering those Hammers
If your server gets under attack what can be done and how we will be able to prevent server going down with hammering from the attackers
Few simeple steps with pf can do magic instead of some high fi pocket crashing firewalls

Say the server we want to protect is our web server

Add the following to the /etc/pf.conf
# Ok all the attackers goes to presistant mode with a file in /etc/pf.blocklist so
table persist file "/etc/pf.blocklist"

# block all incoming connections from attackers on FTPD
block in quick on $ext_if from

# Let us allow FTP with bruteforce protection
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 80 keep state (max-src-conn-rate 5/40, overload flush global)

So what the previous lines gona do
i.e if any ip produces more than 5 connections in 40 seconds time, that ip gona end up in pf table of hammers and who are in pf table of hammers are blocked with block in command bfore that
But this work as long as system doesnt restart or pf looses the table so lets make it permamnet by adding it to rc.shutdown
# echo '/sbin/pfctl -t ftp-attacks -T show > /etc/pf.blocklist' >> /etc/rc.shutdown
Woah next time even if the system reboots we have the list of those guys who tried to hammer our web server

See how easy and cool it is
Yes ofcoz I came across from the net and used it for my purpose

Thursday, April 29, 2010

PasswordLess Auth for SSH between dissimilar users

Passwordless SSH between hosts with different  user ids

Ok now we have a situation where I need to ssh to host ROUTER everytime with a
username which is not the one i use on CLIENT system
Say on the CLIENT system my username is jack and the username on ROUTER is
sparrow ith a different password, the passwordless authentication with
public/private keys are not going to work as teh usernames differs and how we
can over come this situation

So now we are logged in CLIENT system as user jack
lets create the encryption keys for this user. Please use -b for the keylength
of encryption. Lets create a 512 bit encryption keys. Remember dsa is limited to
1024 bits but rsa doesnt have any such limits, but a 1024 bit keys is more than
sufficient and may a bit over kill. If you trust google and bank sites with 128 bit key then why to be so much worried.
$ssh-keygen -t rsa -b 512


Ok this will create a rsa encryption based public key and private
key < id_rsa> and now keep ur private key ( id_rsa) very safe
Lets copy the public key id_rsa.pub to the remote machine through scp or any
means and append it to authorized_keys file in .ssh folder

Ok if you test it you can see it still asks for password bcoz the user ids are
different in both systems, so how we can solve it
in CLIENT system, in user jacks folder's ssh folder create a file called config
which can cotain entries as follows
Content of config file in .ssh
Hostname
User
Port < ssh port if its running on other than 22>

So our sample config file may contain like this
Host ROUTER
Name sparrow

Ok thats all and now its time to test it guys
IF you have done it this much without any fail then you must be seeing a ssh
console of ROUTER

Thats simple ssh lesson for all of us

Wednesday, April 21, 2010

Waiting for DNS rebinding attacks

Are we all waiting for this attack to happen?? It was a pretty scary details
Just go through it
Details of DNS Rebinding attacks and how to prevent it
http://www.securityfocus.com/columnists/455


What is DNS rebinding?

DNS rebinding is a vulnerability in Web browsers and their plug-ins that can be exploited to circumvent firewalls or to temporarily hijack a client's IP address, effectively converting browsers into open network proxies.

Spooky man!

Squid Log file Rotation with logrotate

I.  Install the lotrotate from ports
cd /usr/ports/sysutils/logrotate
make install clean


II Create a new logrotate.conf file.

vi /usr/local/etc/logrotate.conf

# Added the following to rotate Apache and Squid logs

# see “man logrotate” for details
# rotate log files weekly
#weekly
daily

# keep 4 weeks worth of backlogs
rotate 7

# send errors to root
#errors root

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
compress

# RPM packages drop log rotation information into this directory
include /usr/local/etc/logrotate.d

/var/log/lastlog {
monthly
rotate 12
}

# system-specific logs may be configured here

III Create a directory for specific logrotate files

mkdir -p /usr/local/etc/logrotate.d

VI. First, create a logrotate file for Squid to rotate it’s access.log files for 90 days and cache.log for 7 days.

cd /usr/local/etc/logrotate.d/

vi /usr/local/etc/logrotate.d/squid

#Copy and paste the following

/var/log/squid/access.log {
daily
rotate 90
copytruncate
compress
notifempty
missingok
}
/var/log/squid/cache.log {
daily
rotate 7
copytruncate
compress
notifempty
missingok
}

V. Create the necessary directories and files for logrotate and test and debug logrotate

mkdir /var/lib/

touch /var/lib/logrotate.status

/usr/local/sbin/logrotate -d /usr/local/etc/logrotate.conf
/usr/local/sbin/logrotate -f /usr/local/etc/logrotate.conf

VI. Next, we will rotate and manage Apache logs

vi /usr/local/etc/logrotate.d/apache

#Add the following to rotate and manage Apache access_log and error_log for 30 days.

#Note: If your Apache logs may be in a different directory, simply change the directory.

/var/log/apache/access_log {
daily
rotate 30
copytruncate
compress
notifempty
missingok
}
/var/log/apache/error_log {
daily
rotate 30
copytruncate
compress
notifempty
missingok
}

If all goes well, that’s it. Your Apache and Squid logs should be rotated.

The last thing is to add an entry into crontab and letting the cron daemon rotate your Apache and Squid logs automatically.

VII.  Automating logrotate using crontab

vi /etc/crontab

#Add the following to rotate your logs at 1 AM in the morning

#Logrotate
0 1 * * * root /usr/local/sbin/logrotate /usr/local/etc/logrotate.conf > /dev/null 2>&1

That’s it. Your Apache and Squid logs will be rotating without manual intervention!!

Tuesday, March 9, 2010

SARG on FreeBSD+Squid

Squid Report Analysis using SARG in FreeBSD and Squid 


Ok if you want to be the big brother and wanted to monitor and analyse the web usage of your users sarg is your best friend. Do let me warn you about
the consiquences of using it and breaking the users privacy and legal mess you can be. Do kindly let ur users know that they are getting monitored on their 
web usage.




Now why SARG?
Bcoz it produces nice report in html format neatly that too datewise and userwise


Prior requirment? Yes Apache and squid which I hope you guys have installed and running already


Installation is as root
#cd /usr/ports/www/sarg
#make install clean


Ok thats it you got it installed guys! Dont you love freebsd for its ports?


Now time to tweak sarg settings
#cd /usr/local/etc/sarg/


Lets edit sarg configuaration file
#vi sarg.conf


First of all modify the like which talks about squid access log file. Modify it according to ur squid log file location
Ok I am just putting only the besic ones kindly go through ur sarg configuration file and see what and all you can change and tweak


access_log /usr/local/squid/var/logs/access.log
graphs yes
graph_days_bytes_bar_color orange
title "Squid User Access Reports"
output_dir /var/www/htdocs/sarg
resolve_ip no
topuser_sort_field BYTES reverse
user_sort_field BYTES reverse


Ok save it and now its time for us to run it everyday so that it can produce the report at the end of the day
in my case I wanted sarge to produce the report at midnight so that I can check my users access next day morning


Now how to run it everyday mid night? There comes the cron for your help
Create a crontab entry to run the sarg at mid night everyday
#cronttab -e    
01 * * * *   root /usr/local/bin/sarg


Ok guys thats all , Ready to be the big brother and snoop on users . Shame on you guys :) dont you feel guily? Yeah I know the anser, WHY THE HELL I MUST BE?
If our bosses doesnt feel that, balls to users ha? LOL


OK I hope some desparete user dont kill us LOL




Thursday, January 21, 2010

Getting rid of comments from any File

Ever wanted to have a mean squid.conf file?

How neat it may look if U get rid of all that comments of # marks

Yeah I found out an easier way with grep command
Infact I wanted to do it with awk which I am trying to learn but found the command worked on linux wont work in FreeBSD
So went back not shell commands and grep was there to save the day

#grep -v ^# /usr/local/etc/squid/squid.conf | grep -v ^$

Must get you the filtered squid configuration file without all that commented lines
Enjoy

Tuesday, January 12, 2010

Warm New Year Wishes

Wishing Everyone A Warm NewYear
Lets all hope this new year brings great hopes , peace and prosperity & achievements to everyones life.
Eagerly  looking forward to the coming months are years
Lets all have a wonderful New Year Ahead.

Babs