Friday, March 15, 2013

Block Ultrasurf in RedHat Linux Squid

Subject:
Block "Ultrasurf" in RedHat Linux Squid. Successfully tested on "2.6.STABLE6-4.el5" version.

Hello All,

Prior to do anything in squid configuration, it is necessary to understand about "what ultrasurf is" & why it is popular.!!!!

Ultrasurf is a product of Ultrareach Internet Corporation. Originally created to help internet users in China find security and freedom online, Ultrasurf has now become one of the world's most popular anti-censorship, pro-privacy software, with millions of people using it to bypass internet censorship and protect their online privacy.

Visit https://ultrasurf.us/ for more information.

Coming directly onto "practical", kindly add below lines in "/etc/squid/squid.conf" file.


#####Create New ACL#####
acl UltraSurf port 9666
acl ipacl url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+

#####Deny all ACL#####
http_access deny UltraSurf
http_access deny ipacl
http_access deny numeric_IPs
http_access deny all   --- This is the default line.This is for your reference only to add all lines before this only.

Note: Above configuration is useful if "ultrasurf" is installed in LAN Computers. But, still anyone can download "ultrasurf" from internet. So, it is better to block the "ultrasurf name & domain" using below ACL

##################################
acl blockregexurl url_regex -i ultrasurf
acl block-site dstdomain .ultrasurf.us

http_access deny blockregexurl
http_access deny block-site
##################################

Note: Now, Squid will block all Internet requests, having "ip address" in URL. So, you need to add another ACL to allow certain IP Addresses, In use in your LAN segment for "Hosting or R&D purpose", if any.


##################################
acl bypass_ultrasurf_ip dstdomain 172.24.23.1 192.168.1.2 59.167.154.20

http_access allow bypass_ultrasurf_ip  --- Put this line above the "deny ultrasurf" lines only.

##################################

SUM UP:
This configuration has been tested to block "ultrasurf & all it's alternatives" as given below.

* tor
* GTunnel
* FreeGate
* Tunnelier


Thanks,
Nishith N.Vyas








IBM JFS (Journaling File System) Introduction

IBM JFS is a 128 bit file system available in AIX Operating System. Currently available versions are JFS v1 & v2.

JFS means "keep track of file system changes", before committing them to the main file system. So, in the event of "sudden power failure or system crash", such file systems are quicker to bring back online & less likely to become corrupted. 

JFS & i-nodes
JFS allows you to specify the number of disk i-nodes created within a file system in case more or fewer than the default number of disk i-nodes is desired.
NBPI = The number of disk i-nodes at file system creation is specified in a value called as the number of bytes per i-node or NBPI
For example, an NBPI value of 1024 causes a disk i-node to be created for every 1024 bytes of file system disk space. 

Another way to look at this is that a small NBPI value (512 for instance) results in a large number of i-nodes, while a large NBPI value (such as 16,384) results in a small number of i-nodes.


For JFS file systems, one i-node is created for every NBPI bytes of allocation group space allocated to the file system. The total number of i-nodes in a file system limits the total number of files and the total size of the file system. An allocation group can be partially allocated, though the full number of i-nodes per allocation group is still allocated. NBPI is inversely proportional to the total number of i-nodes in a file system.
The JFS restricts all file systems to 16M (224) i-nodes
The set of allowable NBPI values vary according to the allocation group size (agsize). 
The default is 8 MB. The allowable NBPI values are 512, 1024, 2048, 4096, 8192, and 16,384 with an agsize of 8 MB. A larger agsize can be used. 
The allowable values for agsize are 8, 16, 32, and 64. The range of allowable NBPI values scales up as agsize increases. If the agsize is doubled to 16 MB, the range of NBPI values also double: 1024, 2048, 4096, 8193, 16384, and 32768.
JFS2 & i-nodes
JFS2 allocates i-nodes as needed.
If there is room in the file system for additional i-nodes, they are automatically allocated. Therefore, the number of i-nodes available is limited by the size of the file system itself.

Nishith N.Vyas

Thursday, March 14, 2013

Understanding Load Average in LINUX/UNIX/AIX


The term “load average” is used in many "Linux/UNIX/AIX" Operating Systems as a major utility.
Everybody knows that the numbers the term “load average” refers to, usually three numbers, somehow represent the load on the system’s CPU. In this post I’ll try making this three numbers clearer and understandable.

The easiest way to see the “load average” of your system is by "uptime" command.

It also appears in "top" command in Linux & "topas" command in UNIX/AIX. 

In all three cases the load average refers to a group of three numbers. For example, in the following output of "uptime",

10:41:47 up 5 days, 48 min, 1 user, load average: 0.82, 0.71, 0.66
The last three numbers are the “load average”. Each number represent the systems load as a moving average over 1, 5 and 15 minutes respectively. Now, the important thing is to understand what is being averaged, the load metric.

The metric that represent the load at a given point in time is how many process are queued for running at each given time (including the process that is currently being ran). Generally speaking, on a single core machine, this can be looked at as CPU utilization percentage when multiplied by 100. 

For example if I had a load-average of 0.50 in the last minute, this means that over the last minute half of the time the CPU was idle as it had no running process

On the other hand if I had load average of 2.50 it means that over the last minute an average of 1.5 process were waiting to their turn to run. So, the CPU was overloaded by 150%.

On a multi-core (Like Core 2 Duo, IBM Power Servers, HP Itanium Servers) systems things are a bit different, but in order to avoid unnecessary complications one can usually divide the load-average by the number of cores and treat the result as the load average of single core machine.

For example, let’s say the load average of a two-core machine was 3.00 2.00 0.50

This means that over the last minute we had an average of three runnable process (3.00), this means that one process, in average, was queued as there are two core in the machine that can run to process at a time. So the machine was overloaded had a load of 150% its capability. 

Over the last 5 minutes the load average of 2.00 means that we roughly had 2 process running each time, so the machine was fully utilized but wasn’t overloaded by work

Over last 15 minutes the load-average of 0.50 means that we could handle 4 time that load without overloading the CPU, we only had (0.50/2)*100=25% CPU utilization in that 15 minutes.
Hope now everybody is clear about "Load Average Term".

Nishith N.Vyas