Tuesday, February 9, 2010

HOWTO- Apache "httpd" authentication in Linux


Create a directory on "apache" document root,which is "/var/www/html"

mkdir /var/www/html/nishith
cd /var/www/html/nishith

Create simple "index.html" page.

Now, Open "/etc/httpd/conf/httpd.conf" file and add/modify following lines.

Options Indexes Includes
AllowOverride AuthConfig

Create ".htaccess" file in "/var/www/html/nishith/.htaccess" & add below lines.
AuthType Basic
AuthName "My Private Page"
AuthUserFile /etc/httpd/conf/.htaccess
require valid-user


Now, Create/Add new user to access "/var/www/html/nishith" page

htpasswd -mc /etc/httpd/conf/htpasswd nishith
New password:
Re-type new password:
Adding password for user nishith

View the content of "htpasswd" file
cat /etc/httpd/conf/htpasswd
nishith:$apr1$akwCX...$c3uo.k4oHIQNzlSEDQYMh0

Note:-
To add few more user we should use only -m, the -c option will create the file always, but as the file exist so do not use -cm option once the file was created.

htpasswd -m /etc/httpd/conf/htpasswd alex
New password:
Re-type new password:
Adding password for user alex

cat /etc/httpd/conf/htpasswd
nishith:$apr1$akwCX...$c3uo.k4oHIQNzlSEDQYMh0
alex:$apr1$70g94/..$m8QyD4gQisd265nLW7pbR0

Finally, access your webpage in your browser by typing,
http://ip address/nishith (from remote pc)

OR

http://localhost/nishith ( from local pc only)

That's it.

Increase "swap" space in Linux

How to increase "swap" memory in Linux.

1) Create a new hard drive partition. I will use "/dev/sda" for this practical.

To verify your hard drive identity, use "fdisk -l"

2) Follow these steps.

- fdisk /dev/sda
Press "n" for new partition.
You'll get First Cylinder Name :- Press Enter
You'll get Last Cylinder Name :- type "+500M" (Adding 500MB as a swap space)

- Press "t" to assign "swap" id for a newly created partition. Here,redhat uses "82" as a swap id.
- Press "w" to write changes to disk & exit.

3) Use "partprobe" command

4) mkfs.ext3 /dev/sda6 Making File System on a newly created partition,i.e. /dev/sda6

5) mkswap /dev/sda6 Make this partition as a "swap"

6) swapon /dev/sda6 Enable "swap" partition.

7) Use "top" command to check the total memory size.

8) Make permanent entry of "swap" space during reboot, Write a new line in "/etc/fstab"
/dev/sda6 swap swap defaults 0 0

save & exit (:wq)

9) Reboot Linux & Check.

That's it

Software RAID in Linux (RHEL,CentOS)

This RAID Practical is tested on RHEL & CentOS 5x

Remember :-
For RAID 5, minimum 3 physical partitions.
For RAID 0, minimum 2 physical partitions.(Disk data striping across both drives)
For RAID 1, minimum 2 physical partitions.(Disk Mirroring)

* Use fdisk /dev/sd* OR fdisk /dev/hd* command to create more then two (whatever you need) partitions. (where sd*/hd* means sda,sdb,hda,hdb......)

(sd : SATA/SCSI Drive ; hd : IDE Drive)

* To check your drive identity, use "fdisk -l" & check the partition identity.

I am taking "sda" as physical drive & creating 4 partitions. So, the command will be

fdisk /dev/sda


(Note : Create 4 partitions, 250MB each for practical purpose only,which is necessary to create data redundancy. In real world,you can assign whatever size available in your server/desktop)


Press "n" for new partition.
Press "t" to change the partition id.

Select the partition to want to assign "RAID" id.

Press "L" to select from the available list. In our case, select "fd"

Press "w" to write changes to disk & exit

* use "partprobe" command

Now, to create RAID 5,

mdadm -C /dev/md0 -a yes -l 5 -n 4 /dev/sda{2,3,4,5}

( -l means RAID Level which is 5 here)
( -n means number of physical drives,which is 4 here)


mkfs.ext3 /dev/md0 (To make file system)

mdadm --detail /dev/md0 (To check whether RAID has created or not)

Create a directory,i.e. "data1" on "/" partition.& mount /dev/md0 on it. The commnd is
mount /dev/md0 /data


Finally, mount RAID drives permanently during Linux Reboot,
/etc/fstab, make following entry.

/dev/md0 /data ext3 defaults 0 0

That's it.

Friday, February 5, 2010

"User Quota" in Linux

Please Note:
I have tested this practical on RedHat/CentOS 5x & Fedora 7 linux platform.

This article will show you how to create "User Quota" in Linux.


1) First,Create a user named "eric" & give password.(You can create with any name you like)
useradd eric
passwd eric

2) Open "/etc/fstab" file to enable userquota on your system
vim /etc/fstab

3) Write down below word,indicated in "bold red"
/home/ swap ext3 default,usrquota 0 0
Save & Exit (:wq)

4) Then, use below command to activate "User Quota"
mount -o,remount /home

5) Now, follow all command step by step given below.

- quotacheck -cvu /home
- cd to "/home/" directory & you'll find "aquota.user" file. If not found, create it manually.
touch auota.user
- quotaon /home
- edquota -u ; in our case,the name is "eric"
It'll open a file,which shown all numeric "0" entries.

Now, Please understand the quota f
ile give below.

/home mount point soft hard soft hard
/dev/sda6 0 0 0 0 0

Note : First "soft & hard" columns are used to restrict quota in "file size"
For Example User can't create file more then 100KB.

Second "soft & hard" columns are used to restrict quota in "file numbers"
For Example User can't create file more then 70.

Practically,it can be implemented as given below
/dev/sda6 0 30 100 50 70

100 = File Max. size 100 KB Only.
70 = File Max. number 70 Only.

Note :
If user is exceeding soft limit, the Quota System of Linux will send a warning message to "eric" user.

Finally, use "mount -a" command.

Login with "eric" user & try to create file in it's home directory,which is "/home/eric"

dd if=/dev/zero of=/home/eric/example.txt bs=100 count=70


To check the quota of "eric" user; use
repquota /home

That's it.


Thursday, February 4, 2010

Squid Guard Configuration.

1. Unpack the source
tar xvzf squidGuard-1.2.1.tar.gz

2. Compiling

Let's assume it is squidGuard-1.2.1 we are trying to install:
cd squidGuard-1.2.1
./configure
make

If no errors occurred squidGuard is now installed in /usr/local/. There are a couple of option you can use when running ./configure. For example:

Installing in a different location


./configure --prefix=/some/other/directory
BerkeleyDB not in /usr/local/BerkeleyDB installed

./configure --with-db=/directory/of/BerkeleyDB/installation
When installed from the sources the BerkeleyDB will be located in /usr/local/BerkeleyDBx.y with x.y denoting the version number.
Annotation: Make sure that the shared library of your BerkeleyDB installation is known by your system (check /etc/ld.so.conf, add your BerkeleyDB library path if it is not already there and run ldconfig).

See all ./configure options
./configure --help

3. Installing
make install


4. Installing the blacklists

Download the “Black List” file from http://www.squidguard.org/blacklists.html

Copy your blacklists into the desired blacklist directory (default: /usr/local/squidGuard/db) and unpack them. In the table below we assume that the default location is used. Make sure that you have the proper permissions to write to that directory.

cp /path/to/your/blacklist.tar.gz /usr/local/squidGuard/db cd /usr/local/squidGuard/db gzip -d blacklist.tar.gz tar xfv blacklist.tar

Now the blacklists should be ready to use.
Congratulation.!!!!
You have just completed the installation of squidGuard. The next step is to configure the software according to your needs. After this you should verify your installation before you finally modify your squid configuration to work with squidGuard.

Basic Configuration of squidGuard

Once SquidGuard is successfully installed, you want to configure the software according to your needs. A sample configuration has been installed in the default directory /usr/local/squidGuard (or whatever directory you pointed your installation to).Below you find three examples for the basic configuration of SquidGuard.

1. Most simple configurationMost simple config uration: one category, one rule for all

CONFIG FILE FOR SQUIDGUARD
***************************************************************************
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/logs
dest porn {
domainlist porn/domains
urllist porn/urls
}

acl {
default {
pass !porn all
redirect http://localhost/block.html
}
}
***************************************************************************
Make always sure that the very first line of your squidGuard.conf is not empty!The entries have the following meaning:

dbhome = Location of the blacklists
logdir = Location of the logfiles
dest = Definition of a category to block. You can enter the domain and url file along with a regular expression list (talk about regular expressions later on).
acl = The actual blocking defintion. In our example only the default is displayed. You can have more than one acl in place. The category porn you defined in dest is blocked by the expression !porn. You have to add the identifier all after the blocklist or your users will not be able to surf anyway.The redirect directive is madatory! You must tell SquidGuard which page to display instead of the blocked one.


2. Choosing more than one category to block

First you define your categories. Just like you did above for porn. For example:

Defining three categories for blocking

dest adv {
domainlist adv/domains
urllist adv/urls
}

dest porn {
domainlist porn/domains
urllist porn/urls
}

dest warez {
domainlist warez/domains
urllist warez/urls
}

Now your acl looks like that:
acl {
default {
pass !adv !porn !warez all
redirect http://localhost/block.html
}
}

3. White listing

Sometimes there is a demand to allow specific URLs and domains although they are part of the blocklists for a good reason. In this case you want to whitelist these domains and URLs.
Defining a whitelist
dest white {
domainlist white/domains
urllist white/urls
}
acl {
default {
pass white !adv !porn !warez all
redirect http://localhost/block.html
}
}

In this example we assumed that your whitelists are located in a directory called white whithin the blacklist directory you specified with dbhome.

Make sure that your white identifier is the first in the row of the pass directive. It must not have an exclamation mark in front (otherwise all entries belonging to white will be blocked, too).

4. Initializing the blacklists

Before you start up your squidGuard you should initialize the blacklists i.e. convert them from the textfiles to db files. Using the db format will speed up the checking and blocking.
The initialization is performed by the following command:
Initializing the b lacklists
* squidGuard -C all
* chown -R /usr/local/squidGuard/db/*

The second command ensures that your squid is able to access the blacklists. Please for the uid of your squid.
Depending on the size of your blacklists and the power of your computer this may take a while. If anything is running fine you should see something like the following output in your logfile:

2006-01-29 12:16:14 [31977] squidGuard 1.2.0p2 started (1138533256.959)2006-01-29 12:16:14 [31977] db update done2006-01-29 12:16:14 [31977] squidGuard stopped (1138533374.571)

If you look into the directories holding the files domains and urls you see that additional files have been created: domains.db and urls.db. These new files must not be empty!
Only those files are converted you specified to block or whitelist in your squidGuard.conf file.

Verification of your squidGuard Configuration

Now that you have installed and configured your squidGuard you just check a couple of things before going online.

1. Permissions
Ensure that the blacklist and db files belong to your squid user. If squid cannot access (or modify) them blocking will not work.

2. SquidGuard dry-run

To verify that your configuration is working run the following command (changed to reflect your configuration):
Dry-run squidGuard
echo "http://www.example.com 10.0.0.1/ - - GET" | squidGuard -c /tmp/test.cfg -d

3. If the redirector works properly you should see the redirection URL for the blocked site. For sites not being part of your blacklists the output should end with:
2007-03-25 16:18:05 [30042] squidGuard ready for requests (1174832285.085)2007-03-25 16:18:05 [30042] squidGuard stopped (1174832285.089)

4. Some remarks about the different entries of the echoed line:

* The first entry is the URL you want to test.
* The second entry is the client IP address. If you configured access control based on IP
addresses make sure to test allowed and not allowed IP addresses to ensure proper working.
* In the third entry (the first - ) you can specify a username. This is only of importance if you
have access control based on user names. Make sure to check different names with different
access to verify your configuration.

Finalizing the installation by configuring squid
If everything is working properly add the following line to your squid.conf (assuming that your squidGuard is installed in /usr/local; make sure to change the paths to match your installation accordingly):

url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf


EOF


Wednesday, February 3, 2010

Who Created Linux

In 1991 Linus Torvalds was studying UNIX at a university, where he was using a special educational experimental purpose operating system called Minix (a small version of UNIX to be used in the academic environment). However, Minix had its limitations and Linus felt he could create something better. Therefore, he developed his own version of Minix, known as Linux. Linux was Open Source right from the start.

Linux is a kernel developed by Linus. The kernel was bundled with system utilities and libraries from the GNU project to create a usable operating system. Sometimes people refer to Linux as GNU/Linux because it has system utilities and libraries from the GNU project. Linus Torvalds is credited for creating the Linux Kernel, not the entire Linux operating system[1].

Linux distribution = Linux kernel + GNU system utilities and libraries + Installation scripts + Management utilities etc.

Please note that Linux is now packaged for different uses in Linux distributions, which contain the sometimes modified kernel along with a variety of other software packages tailored to different requirements such as:

1. Server
2. Desktop
3. Workstation
4. Routers
5. Various embedded devices
6. Mobile phones
You can use Linux as a server operating system or as a stand alone operating system on your PC. As a server operating system it provides different services/network resources to a client. A server operating system must be:

* Stable
* Robust
* Secure
* High performance

Linux offers all of the above characteristics plus it is free and open source. It is an excellent operating system for:

* Desktop computer
* Web server
* Software development workstation
* Network monitoring workstation
* Workgroup server
* Killer network services such as DHCP, Firewall, Router, FTP, SSH, Mail, Proxy, Proxy Cache server etc.