Linux

Squid Proxy — EasyList to SquidGuard Expression List Conversion

Hi all! It’s seems to be difficult to keep up with the EasyList expression lists, and to make matters more confusing, the conversion from one EasyList expression list to SquidGuard can be cumbersome. There are a few article out on Google that people have posted their own SED files to convert from EasyList to squidGuard, that will manipulate the EasyList expression list and convert it to be compatible with SquidGuard. However, most are outout of date and will cause squidGuard to fail to initialize the expression list when issuing a

>squidGuard -C all

Continue reading…

Linux — Apache Logs -Stop Logging Certain URIs

I recently posted an article talking about HAProxy as a load balancer. In the article I spoke about using a HTML health check file to maintain status of each servers Apache instance. The problem is this will flood your Apache server access logs every time this health check occurs, which I believe is every 2 seconds.

So you end up with a log file like this:

To correct this issue we need to modify the apache2.conf file on each server, and explicitly tell Apache NOT to log this URI to the access logs. So, from the previous article the culprit URI is /healthcheck.html. Open your Apache configuration file.

sudo vi /etc/apache2/apache2.conf

Now add this above the CustomLog section:

#logs 
SetEnvIf Request_URI "^/healthcheck.html$" dontlog 
CustomLog /www/logs/mysite_access_logs combined env=!dontlog 
ErrorLog /www/logs/mysite_error_logs

NOTICE: Make sure you have the ” escape character for any special characters.

That’s it! No more spamming of all the health checks to our Apache logs!!

Sources:

HAProxy — HTTP Load Balancing HAProxy1.4

I’ve posted a few articles on load balancing with the use of BIGIP F5 hardware appliances. However, there are also a few alternatives available, some even free! HAProxy is a popular load balancing application that has a robust collection of features.

HAProxy is  “The Reliable, High Performance TCP/HTTP Load Balancer”, taken right from the title of their web page. It has many different uses available, for this article I am going to focus on the HTTP load balancing functionality of it. Our scenario is as follows:

Continue reading…

Linux — Recovering from Drive Failure with mdadm

So it happened. I had a drive fail on me. Degrading my RAID 6 media server. Luckily I was notified by mdadm and was able to order a new one from newegg.com and rebuild it.

I want to walk through the steps I took getting my RAID file system backup and running, starting with the notification I received to my gmail account (which i received on my phone).

Continue reading…

Linux — IPTABLES NAT, Dynamic NAT, NAT Overloading/Masquerade

If you have had experience with NATs via Cisco Routers or read about them in your CCNA studies, there are 3 Network Address Translation(NAT) types. Technically, two, see here, plus a third special case.

  • Static NAT, one-to-one mapping
  • Dynamic NAT, pool-to-pool mapping
  • Dynamic NAT with PAT Overload, many-to-one mapping

So as you can see the two types are static NAT and Dynamic NAT, with the special case of Dynamic NAT with PAT overload.

Continue reading…

Linux — SSH Key Based Authentication

There are many articles and tutorials out there on how to configure SSH to use public key authentication. I wanted to share my findings on the subject and identify some interesting connections I made when setting it up myself. The following instructions will show you how to setup SSH key based authentication, using Ubuntu 12.04, on a local and remote machines.

SquidProxy — Network Adblocking using Squid1.4

I originally discovered Adblock Plus when I first downloaded Firefox many years ago. Since then I’ve installed the Adblock plugin right after Firefox, etc. It’s become so standard that I almost think Firefox should just bundle them together. Including it in it’s default install exe.

Adblock Plus works as if it were a local content policy,  filtering each request you make with Firefox. Each URL, each domain, each link you navigate to is check based on a static blacklist of expressions and URLs. If a match is found, Adblock Plus simply discards the content from rendering. The discarding and allowing content to load is managed by the Content Policy engine within Firefox. Adblock Plus simply utilizes this in order to block the unwanted contents. Or at least this is my comprehension of how it works. :-p

Setting up your own Network wide Adblocker

The purpose of this guide and tutorial is to instruct you on how to set up your own network based adblocker. Expections after completion is every client browser on the network will benefit from adblocking. I will include as much as possible, and feel free to ping me with questions or comment down below.

You will need:

  1. Computer that will be running the Web Proxy. (For this article, see specs below)
  2. OS that will host the Proxy Software. (For this article, Ubuntu 12.04 32-bit Server)
  3. Proxy software that allows rewrite engines/programs. (squidGuard)
  4. Content-Control-Software or URL Redirect Application(This will consume your blacklists)
  5. URL and RegExp Blacklists consumable by your Content-Control-Software (Here are some free ones)
  6. Optional: ipTables for transparent proxy redirection
  7. Patients and enthusiasm :-p

Continue reading…

Linux — ASCII Art in Terminal Sessions

I was wondering today…I used to see this screenshot of a ASCII cow in a terminal that was giving some sort of advice or fortune. After a little googling I found the application fortune which shows you a simple fortune when run from a terminal on linux/unix. I also found the application cowsay which is the app that shows the ASCII art of animals with a comic balloon. By default a cow, however there are many others. I chose tux.

$ fortune | cowsay
 _______________________________________
/ Don't go around saying the world owes 
| you a living. The world owes you      |
| nothing. It was here first.           |
|                                       |
 -- Mark Twain                         /
 ---------------------------------------
           ^__^
           (oo)_______
            (__)       )/
                ||----w |
                ||     ||

 

Why the pipe? because fortune echos a string, and cowsay reads in a string.

Now the problem was I had to type the command every single time. To solve this we turn to your users .bashrc file. Located ~/.bashrc for Ubuntu users. Edit the file with your favorite text editor and add the following lines at the bottom.

if [ -x /usr/games/cowsay -a -x /usr/games/fortune ]; 
then fortune | cowsay 
fi

 


(if statement checks to make sure both cowsay and fortune are installed)
Now, everytime you open a terminal or command prompt you’ll have a cool animal telling you a fortune!

Sources:
http://askubuntu.com/questions/16428/showing-a-cowsays-in-every-new-terminal-session
Cool Android app here. This will send SMS text messages from your phone as cowsay!!

Linux — Encrypt files with CCrypt, AxCrypt, and OpenSSL

Are you someone who keeps a text file on their Desktop with all there passwords in it? Do you write you account information and passwords on a sticky-note? I sure hope not! But if you do, consider encrypting that password file with high-grade encryption using reliable freeware.

I will review three free encryption applications; CCrypt, AxCrypt, and OpenSSL.

Continue reading…