linux poison RSS
linux poison Email
2

Apache authentication using pam

Posted by Unknown

1) Download the mod_auth_pam module : here

2) Installing mod_auth_pam

# tar xzf mod_auth_pam.tar.gz
# cd mod_auth_pam-1.0a
# make
# make install

3) Configure PAM

Here’s what the /etc/pam.d/httpd looks like

auth required pam_unix.so
auth required pam_unix.so
account required pam_unix.so

4) Configuring Apache

Now that PAM is configured to authenticate apache’s requests, we’ll configure apache to properly utilize PAM authentication to restrict access to a specific directory. To do so, add the following lines to your httpd.conf (usually stored in /etc/apache/ or /etc/httpd):


AuthPAM_Enabled on
AllowOverride None
AuthName “Secrets”
AuthType “basic”

5) Restart the apache to put configuration to effect

Read more
1

Configure Squid to use other Proxy (cache)

Posted by Unknown
If you want Squid to be part of a hierarchy of proxies or want Squid to fetch content from another proxy
cache_peer proxy.isp.com parent 8080 0 no-query no-digest ever_direct allow all

For Multiple parent
cache_peer proxy.isp1.com parent 8080 0 no-query no-digest default
cache_peer proxy.isp2.com parent 8080 0 no-query no-digest


Multiple parents with weight:
cache_peer proxy.isp1.com parent 8080 0 no-query no-digest weight=1 
cache_peer proxy.isp2.com parent 8080 0 no-query no-digest weight=2


Multiple parents with round-robin:
cache_peer proxy.isp1.com parent 8080 round-robin no-query
cache_peer proxy.isp2.com parent 8080 round-robin no-query
cache_peer proxy.isp3.com parent 8080 round-robin no-query

In above examples proxy.isp1.com, proxy.isp2.com and proxy.isp2.com are other cache servers
Read more
0

Block Ads by using squid and Ad Zapper

Posted by Unknown
It has been observed that 30% of your bandwidth is consume by Ads so if you block these ads you can save this 30% bandwidth and can use to some other things. How we can do this …

Make sure your squid is configured and working fine
Get ad-zapper using following commands:
# cd  /etc/squid
# wget  http://voidmain.is-a-geek.net/files/scripts/update-zapper
# chown  root:root  update-zapper
# chmod  700  update-zapper 
Now run the update-zapper which should automatically download the latest adzapper Perl script from sourceforge: # ./update-zapper

If the script ran properly you should now see an executable Perl script named squid_redirect
# ls  squid_redirect

Edit squid_redirect file and make sure the perl path ( command - # whereis perl) is defined according to your system

#!/usr/bin/perl

Now you want to edit the squid.conf file with your favorite text editor and search for the section containing the tag redirect_program. This is where we tell Squid to use the ad zapper script.

Edit squid.conf file and insert the following line
redirect_program /path/to/squid_redirect

Restart the squid - # service  squid   reload
Read more
2

Block mp3, mpg, mpeg, exe files using Squid proxy server

Posted by Unknown

First open squid.conf file /etc/squid/squid.conf:

# vi /etc/squid/squid.conf

Now add following lines to your squid ACL section:

acl blockfiles urlpath_regex “/etc/squid/multimedia.files.acl”

Now create the the file

# vi /etc/squid/multimedia.files.acl

\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$

Save and close the file and Restart Squid:

# /etc/init.d/squid restart

Read more
0

Lock User Accounts After Too Many Login Failures

Posted by Unknown

Add the following two lines highlighted in blue to the /etc/pam.d/system-auth file as shown below:

auth        required      /lib/security/$ISA/pam_env.so
auth        required      /lib/security/$ISA/pam_tally.so onerr=fail no_magic_root
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so
account     required      /lib/security/$ISA/pam_unix.so
account     required  /lib/security/$ISA/pam_tally.so per_user deny=5 no_magic_root reset
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     required      /lib/security/$ISA/pam_permit.so
password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    required      /lib/security/$ISA/pam_deny.so
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

The first added line counts failed login and failed su attempts for each user. The default location for attempted accesses is recorded in /var/log/faillog.

Read more
Subscribe to: Posts (Atom)
Related Posts with Thumbnails