Blocking videos with rep_mime_type video/x-flv

We are going to block this file.The configuration file is :

acl LOCALNETWORK src 192.168.0.0/24
acl FORBIDDEN_DESTINATION dstdomain "/etc/squid/restrictdomains.txt"
acl FORBIDDEN_VIDEO rep_mime_type video/x-flv 

http_access deny FORBIDDEN_DESTINATION
http_reply_access deny FORBIDDEN_VIDEO


http_access allow LOCALNETWORK
http_port 3128

The difference with our previous configuration are :

1. acl FORBIDDEN_VIDEO rep_mime_type video/x-flv. rep_mime_type is regex match against the mime type of the reply received by squid. Can be used to detect file download or some types HTTP tunneling requests. This has no effect in http_access rules. It only has effect in rules that affect the reply data stream such as http_reply_access.
2. http_reply_access deny FORBIDDEN_VIDEO. http_reply_access allow replies to client requests. This is complementary to http_access.

Read more...

Set squid proxy server upload limit

 

 

 

 

 

 

 

 

Set squid proxy server upload limit ?


Add the following line in the squid.conf file


request_body_max_size 200 KB

This will set the upload limit to 200 kb

Read more...

Block skype on squid proxy server

acl numeric_IPs url_regex -i ^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)
acl Skype_UA browser ^skype^
acl Skype_Allowed_Users proxy_auth user1 user2


http_access deny numeric_IPS !Skype_Allowed_Users
http_access deny Skype_UA !Skype_Allowed_Users


http_access allow ntlm_users
http_access deny all

Read more...

Set squid proxy server download limit

Squid proxy server download limit | Maximum | Restrict download

acl Group1 proxy_auth user1 user2 acl Group2 proxy_auth user3 user4 reply_body_max_size 20480 KB Group2 reply_body_max_size 10240 KB Group1 reply_body_max_size 5120 KB all For version squid-3.1 and higher , you can use IP based download limit  acl Group1 src 10.5.0.1-10.5.0.10/32 acl Group2 src 10.5.2.1-10.5.2.10/32 reply_body_max_size 20480 KB Group2 reply_body_max_size 10240 KB Group1 reply_body_max_size 5120 KB all Time Based Download Limit acl WorkingHours time 08:00-17:00 reply_body_max_size 10240 KB WorkingHours

Read more...

Samba PDC domain controller on RedHat /Cent OS

In this HowTo we use Samba as primary domain controller for centralized authentication of windows Clients
We Will Configure Samba PDC Server With Domain name corvit.com and also creates some users and make these users to be able login for domain corvit.com from different machines

We are using operating system for this howto is Centos 5.6
but this article will also work on other distributions like RedHat and Fedora etc…

Samba PDC Server Name and ip Address
Server.corvit.com
IP : 192.168.0.100

Windows Machines:
Windows XP Professional SP2
Computer Name : pc1
Domain Name : corvit.com
IP : 192.168.0.11

Lets Install packages via yum command.

Install these samba packages:
[root@server~]# yum install samba-common samba-client samba

Server Configuration:
Edit Samba Configuration file and make the following changes.
[root@server~]# vi /etc/samba/smb.conf

Uncomment (Remove ‘#’ for uncomment) the lines as shown below.

Changes in Global Section:

workgroup = corvit.com # NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
server string = Linux Domain Controller # server string is the equivalent of the NT Description field
local master = yes
preferred master = yes
os level = 64
domain master = yes
domain logons = yes
wins support = yes
security = user

In Share Definitions Section:

[homes] browseable = yes
writable = yes

[netlogon] path = /home/netlogon
writable = no

[Profiles] path = /home/profiles
writable = yes #should give. Else you will get ACCESS DENIED errors

Now Add Windows Machine Account in Samba

Now create a group named lanmachines and add a user with the name of windows client
[root@server ~]# groupadd lanmachines
[root@server ~]# useradd –M –s /sbin/nologin –g lanmachines pc1$
[root@sambapdc ~]# smbpasswd -m -a pc1

Now Start the samba service:

[root@server ~]# service smb start
[root@server ~]# chkconfig smb on

Now generate root samba password which we use for joining domains

[root@server ~]# smbpasswd –a root

#useradd waqas
#smbpasswd -a waqas
[root@server ~]# service smb restart

Client Side Configuration On windows machine:

Right click the My Computer icon go to properties
Click on Computer name tab
Enter Domain Name in Domain Tab corvit.com and hit enter.
you will be prompted for a username and password. Give root and its samba which we generate above password.
System may need to restart
After Restart you can login domain users on this machine

Hope you enjoy This Article
Don’t Forget to leave comments if you like this post

Read more...

Citadel Groupware Install

Base install of required programs.

sudo apt-get install clamav clamav-milter spamassassin citadel-suite amavisd-new

Install and Start Spamassassin

vim  /etc/default/spamassassin

# Change to one to enable spamd
ENABLED=1

sudo /etc/init.d/spamassassin start

Spamassassin is listening on port 783.
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN

Citadel Configuration

Make sure all of your processes are running.
ps -eaf | grep cit 
root      5167     1  0 13:47 ?        00:00:00 /usr/sbin/citserver -d -x3 -lmail -t/dev/null
citadel   5168  5167  0 13:47 ?        00:00:01 /usr/sbin/citserver -d -x3 -lmail -t/dev/null
root      6052     1  0 13:47 ?        00:00:00 /usr/sbin/webcit -D/var/run/webcit/webcit.pid.8504 -p8504 127.0.0.1 504 -i0.0.0.0 -f -t/var/log/webcit//access.8504.log
root      6053  6052  0 13:47 ?        00:00:06 /usr/sbin/webcit -D/var/run/webcit/webcit.pid.8504 -p8504 127.0.0.1 504 -i0.0.0.0 -f -t/var/log/webcit//access.8504.log

Check Network Ports
# netstat -lnp 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      5168/citserver
tcp        0      0 0.0.0.0:5666            0.0.0.0:*               LISTEN      5979/nrpe
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      5168/citserver
tcp        0      0 0.0.0.0:2020            0.0.0.0:*               LISTEN      5168/citserver
tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      5168/citserver
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      5168/citserver
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      5168/citserver
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      8057/spamd.pid
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      5168/citserver
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      6510/apache2
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      5168/citserver
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      6039/vsftpd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      5077/sshd
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      5840/cupsd
tcp        0      0 0.0.0.0:8504            0.0.0.0:*               LISTEN      6053/webcit
tcp        0      0 0.0.0.0:504             0.0.0.0:*               LISTEN      5168/citserver
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      5168/citserver
tcp6       0      0 :::22                   :::*                    LISTEN      5077/sshd
udp        0      0 0.0.0.0:35499           0.0.0.0:*                           5053/avahi-daemon:
udp        0      0 0.0.0.0:68              0.0.0.0:*                           4444/dhclient3
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           5053/avahi-daemon:

Once the server is installed, login to the web interface with your server IP Address and the port 8504 which is the default.

http://192.168.5.100:8504

Enter the Administrator user and no password and this interface will open.  Choose Administration and you can set up your server from this interface.  You will have four categories to work with.  Global Configuration is where you should start.  Select “Edit site-wide configuration” to set up your basic configuration.

The window opens and has a number of tabs that you can modify under General one feature you must modify is the Fully qualified domain name.  You must have a host name and a domain name to complete the FQDN.  It must look something like this:

mail.example.com

Note the name of the system administrator is listed, you can change that if you want but be sure permissions are set correctly.

The Access controls section defines how you want users to have access and what number of levels you will create access.  You do not need to modify this initially as this will work by default.

Network services will define your ports.  The SMTP port is the port you will communicate with other mail servers and so this should remain standard.  IMAP port is 143 and 993 if you run it with SSL.  If you want encrypted connection for your SMTP it will be based on port 465.  Be careful if you make changes here because other programs are expecting connections on these ports as they are standards.

Tuning allows you to set timeouts and also adjust message size. The worker threads represent the number of web connections that are available by default.  Here you see the minimum of 5 and the maximum of 256.  You can save resources by bringing the minimum down to 2 or 3 if you have a small number of users or increase it to 7 to 10 if you have a constant level of users that high.

The Pop3 tab shows you the default ports that are available, 110 for normal connections and port 995 if it is encrypted.

Read more...