Thursday, October 21, 2010

SSH via web with JAVA


If at any time, you have problems with SSH in your workplace. Maybe the admin on your premises to close specific ports eg 443 or 22. This method can be effective, but there are a few tricks to put into the public html server. Maybe the hackers in cyberspace can help.

Okay, ready to empty file can use vi, vim, pico (editor unix) or notepad (windows). type the following script:


<html>

<body>

<APPLET CODE="com.mindbright.application.MindTerm.class" ARCHIVE="mindterm.jar" WIDTH=0 HEIGHT=0>

<PARAM NAME="sepframe" value="true">
<PARAM NAME="x11fwd" value="true">
<PARAM NAME="port" value="7575">

</APPLET>

</body>

</html>

give file name eg javassh.html

as supporting files, you can support the jar file (mindterm.jar). You can search via google.

good luck.


Read More

Wednesday, September 8, 2010

PHP Validate Form

Making the form on the php impressed casual. But one time we faced a problem with the validation of that form, eg filling of data can not be empty. Here are some scripts that can be used to check the validation of a form, especially checking space which can become the things we missed.

To make it easier, can be made a separate file with the parent file. suppose check.inc and later called in the php file using the command required


function check_not_empty($s, $include_whitespace = false)
{
if ($include_whitespace) {
// make it so strings containing white space are treated as empty too
$s = trim($s);
}
return (isset($s) && strlen($s)); // var is set and not an empty string ''
}
?>

Read More

Tuesday, September 7, 2010

Email Services : Linux Ubuntu Server 10.04 Chapter 5

The process of getting an email from one person to another over a network or the Internet involves many systems working together. Each of these systems must be correctly configured for the process to work. The sender uses a Mail User Agent (MUA), or email client, to send the message through one or more Mail Transfer Agents (MTA), the last of which will hand it off to a Mail Delivery Agent (MDA)
for delivery to the recipient's mailbox, from which it will be retrieved by the recipient's email client, usually via a POP3 or IMAP server.


1. POSTFIX
Postfix is the default Mail Transfer Agent (MTA) in Ubuntu. It attempts to be fast and easy to administer and secure. It is compatible with the MTA sendmail. This section explains how to install and configure postfix. It also explains how to set it up as an SMTP server using a secure connection(for sending emails securely).
To install postfix run the following command:
yoyok@yoyok-server:~$ sudo apt-get install postfix

To configure postfix, run the following command:
yoyok@yoyok-server:~$ sudo dpkg-reconfigure postfix
The user interface will be displayed. On each screen, select the following values:
• Internet Site
• mail.example.com
• steve
• mail.example.com, localhost.localdomain, localhost
• No
• 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24
• 0
• +
• all

By default Postfix will use mbox for the mailbox format. Rather than editing the configuration file directly, you can use the postconf command to configure all postfix parameters. The configuration parameters will be stored in /etc/postfix/main.cf file. Later if you wish to re-configure a particular parameter, you can either run the command or change it manually in the file.
To configure the mailbox format for Maildir:
sudo postconf -e 'home_mailbox = Maildir/'

SMTP Authentication
SMTP-AUTH allows a client to identify itself through an authentication mechanism (SASL).
Transport Layer Security (TLS) should be used to encrypt the authentication process. Once authenticated the SMTP server will allow the client to relay mail.
1. Configure Postfix for SMTP-AUTH using SASL (Dovecot SASL):
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_sasl_type = dovecot'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_sasl_path = private/auth-client'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_sasl_local_domain ='
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
yoyok@yoyok-server:~$ sudo postconf -e 'broken_sasl_auth_clients = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_sasl_auth_enable = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_sudo postconf -e 'inet_interfaces = all'


yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_auth_only = no'
yoyok@yoyok-server:~$ sudo postconf -e 'smtp_use_tls = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_use_tls = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_loglevel = 1'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_received_header = yes'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
yoyok@yoyok-server:~$ sudo postconf -e 'tls_random_source = dev:/dev/urandom'
yoyok@yoyok-server:~$ sudo postconf -e 'myhostname = mail.example.com'
yoyok@yoyok-server:~$ sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'


The postfix initial configuration is complete. Run the following command to restart the postfix daemon:
yoyok@yoyok-server:~$ sudo /etc/init.d/postfix restart
To see if SMTP-AUTH and TLS work properly, run the following command:
telnet mail.example.com 25
After you have established the connection to the postfix mail server, type:
ehlo mail.example.com
If you see the following lines among others, then everything is working perfectly. Type quit to exit.
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME

Read More

Monday, August 23, 2010

Apache : Linux Ubuntu Server 10.04 Chapter 4

Apache is the most commonly used Web Server on Linux systems. Web Servers are used to serve Web Pages requested by client computers. Clients typically request and view Web Pages using Web Browser applications such as Firefox, Opera, or Mozilla

Apache Web Servers are often used in combination with the MySQL database engine, the HyperText Preprocessor (PHP) scripting language, and other popular scripting languages such as Python and Perl. This configuration is termed LAMP (Linux, Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform for the development and deployment of Web-based applications.

The Apache2 web server is available in Ubuntu Linux. To install Apache2:
yoyok@yoyok-desktop:~$ sudo apt-get install apache2

Apache Configuration
Apache2 is configured by placing directives in plain text configuration files. These directives are
separated between the following files and directories:
• apache2.conf: the main Apache2 configuration file. Contains settings that are global to Apache2.
• conf.d: contains configuration files which apply globally to Apache2. Other packages that use
Apache2 to serve content may add files, or symlinks, to this directory.
• envvars: file where Apache2 environment variables are set.
• httpd.conf: historically the main Apache2 configuration file, named after the httpd daemon. The file can be used for user specific configuration options that globally effect Apache2.
• mods-available: this directory contains configuration files to both load modules and configure them. Not all modules will have specific configuration files, however
• mods-enabled: holds symlinks to the files in /etc/apache2/mods-available. When a module configuration file is symlinked it will be enabled the next time apache2 is restarted.
• ports.conf: houses the directives that determine which TCP ports Apache2 is listening on.
• sites-available: this directory has configuration files for Apache2 Virtual Hosts. Virtual Hosts allow Apache2 to be configured for multiple sites that have separate configurations.
• sites-enabled: like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sitesavailable directory. Similarly when a configuration file in sites-available is symlinked, the site configured by it will be active once Apache2 is restarted.

Apache2 ships with a virtual-host-friendly default configuration. That is, it is configured with a single default virtual host (using the VirtualHost directive) which can modified or used as-is if you have a single site, or used as a template for additional virtual hosts if you have multiple sites. If left alone, the default virtual host will serve as your default site, or the site users will see if the URL
they enter does not match the ServerName directive of any of your custom sites. To modify the default virtual host, edit the file /etc/apache2/sites-available/default

this example of /etc/apache2/sites-available/default :
NameVirtualHost 192.168.45.126

ServerAdmin webmaster@localhost
DocumentRoot /var/www/yoyok
ServerName www.yoyok.com

Options FollowSymLinks
AllowOverride None


Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# Uncomment this directive is you want to see apache2's
# default start page (in /apache2-default) when you go to /
#RedirectMatch ^/$ /apache2-default/


ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all


ErrorLog /var/log/apache2/errorYOYOK.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/accessYOYOK.log combined
ServerSignature On

Alias /doc/ "/usr/share/doc/"

Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128




after configure the apache, don't forget to restart :
yoyok@yoyok-server:~$ sudo /etc/init.d/apache2 restart
Read More

Friday, August 6, 2010

Linux Ubuntu Server 10.04 Chapter 3 Networking

Networking

Ubuntu ships with a number of graphical utilities to configure your network devices. This document is geared toward server administrators and will focus on managing your network on the command line.

Ethernet interfaces are identified by the system using the naming convention of ethX, where X
represents a numeric value. The first Ethernet interface is typically identified as eth0, the second as eth1, and all others should move up in numerical order.

To quickly identify all available Ethernet interfaces, you can use the ifconfig command as shown
below.
yoyok@yoyok-server:~$ ifconfig -a | grep eth0
eth0 Link encap:Ethernet HWaddr 00:13:d4:0e:32:59


Another application that can help identify all network interfaces available to your system is the lshw command. In the example below, lshw shows a single Ethernet interface with the logical name of eth0 along with bus information, driver details and all supported capabilities.

yoyok@yoyok-server:~$ sudo lshw -class network
[sudo] password for yoyok:
*-network:0
description: Ethernet interface
product: RTL-8139/8139C/8139C+
vendor: Realtek Semiconductor Co., Ltd.
physical id: 2
bus info: pci@0000:02:02.0
logical name: eth0
version: 10
serial: 00:13:d4:0e:32:59
size: 10MB/s
capacity: 100MB/s
width: 32 bits
clock: 33MHz
capabilities: pm bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd autonegotiation
QPPK7DA834B3
configuration: autonegotiation=on broadcast=yes driver=8139too driverversion=0.9.28 duplex=half latency=64 link=no maxlatency=64 mingnt=32 module=8139too multicast=yes port=MII speed=10MB/s

To configure your system to use a static IP address assignment, add the static method to the inet address family statement for the appropriate interface in the file /etc/network/interfaces. The example below assumes you are configuring your first Ethernet interface identified as eth0. Change the address, netmask, and gateway values to meet the requirements of your network.

auto eth0
iface eth0 inet static
address 192.168.45.11
netmask 255.255.255.0
gateway 192.168.45.10

By adding an interface configuration as shown above, you can manually enable the interface through
the ifup command.
sudo ifup eth0

To manually disable the interface, you can use the ifdown command.
sudo ifdown eth0

Loopback Interface
The loopback interface is identified by the system as lo and has a default IP address of 127.0.0.1. It can be viewed using the ifconfig command.

yoyok@yoyok-server:~$ ifconfig lo
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2718 errors:0 dropped:0 overruns:0 frame:0
TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)

By default, there should be two lines in /etc/network/interfaces responsible for automatically
configuring your loopback interface. It is recommended that you keep the default settings unless you have a specific purpose for changing them. An example of the two default lines are shown below.

auto lo
iface lo inet loopback

DHCP
The Dynamic Host Configuration Protocol (DHCP) is a network service that enables host computers
to be automatically assigned settings from a server as opposed to manually configuring each network host. Computers configured to be DHCP clients have no control over the settings they receive from the DHCP server, and the configuration is transparent to the computer's user.
The most common settings provided by a DHCP server to DHCP clients include:
• IP-Address and Netmask
• DNS
• WINS

However, a DHCP server can also supply configuration properties such as:
• Host Name
• Domain Name
• Default Gateway
• Time Server
• Print Server

The advantage of using DHCP is that changes to the network, for example a change in the address of
the DNS server, need only be changed at the DHCP server, and all network hosts will be reconfigured the next time their DHCP clients poll the DHCP server. As an added advantage, it is also easier to integrate new computers into the network, as there is no need to check for the availability of an IP address. Conflicts in IP address allocation are also reduced.
A DHCP server can provide configuration settings using two methods:

MAC Address
This method entails using DHCP to identify the unique hardware address of each network card
connected to the network and then continually supplying a constant configuration each time the
DHCP client makes a request to the DHCP server using that network device.

Address Pool
This method entails defining a pool (sometimes also called a range or scope) of IP addresses from
which DHCP clients are supplied their configuration properties dynamically and on a "first come,
first served" basis. When a DHCP client is no longer on the network for a specified period, the
configuration is expired and released back to the address pool for use by other DHCP Clients.
Ubuntu is shipped with both DHCP server and client. The server is dhcpd (dynamic host
configuration protocol daemon). The client provided with Ubuntu is dhclient and should be installed on all computers required to be automatically configured. Both programs are easy to install and configure and will be automatically started at system boot.

At a terminal prompt, enter the following command to install dhcpd:
sudo apt-get install dhcp3-server
You will probably need to change the default configuration by editing /etc/dhcp3/dhcpd.conf to suit your needs and particular configuration.
You also need to edit /etc/default/dhcp3-server to specify the interfaces dhcpd should listen to. By default it listens to eth0.

# Sample /etc/dhcpd.conf
# (add your comments here)
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
option domain-name-servers 192.168.1.1, 192.168.1.2;
option domain-name "mydomain.example";
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
range 192.168.1.150 192.168.1.200;
}

This will result in the DHCP server giving a client an IP address from the range
192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will lease an IP address for 600
seconds if the client doesn't ask for a specific time frame. Otherwise the maximum (allowed) lease
will be 7200 seconds. The server will also "advise" the client that it should use 255.255.255.0 as
its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as the router/gateway and
192.168.1.1 and 192.168.1.2 as its DNS servers.

Read More

Wednesday, August 4, 2010

Linux Ubuntu Server 10.04 Chapter 2 Package Management

Linux Ubuntu Server 10.04 Chapter 2 is about Package Management


Ubuntu features a comprehensive package management system for the installation, upgrade, configuration, and removal of software. In addition to providing access to an organized base of over 24,000 software packages for your Ubuntu computer, the package management facilities QPPK7DA834B3 also feature dependency resolution capabilities and software update checking.

Several tools are available for interacting with Ubuntu's package management system, from simple
command-line utilities which may be easily automated by system administrators, to a simple graphical interface which is easy to use by those new to Ubuntu.


Ubuntu's package management system is derived from the same system used by the Debian GNU/
Linux distribution. The package files contain all of the necessary files, meta-data, and instructions to implement a particular functionality or software application on your Ubuntu computer.

Debian package files typically have the extension '.deb', and typically exist in repositories which are collections of packages found on various media, such as CD-ROM discs, or online. Packages are normally of the pre-compiled binary format; thus installation is quick and requires no compiling of software.

Many complex packages use the concept of dependencies. Dependencies are additional packages
required by the principal package in order to function properly. For example, the speech synthesis package Festival depends upon the package libasound2, which is a package supplying the ALSA sound library needed for audio playback. In order for Festival to function, it and all of its dependencies must be installed. The software management tools in Ubuntu will do this automatically

dpkg
dpkg is a package manager for Debian based systems. It can install, remove, and build packages, but unlike other package management system's it can not automatically download and install packages and their dependencies. This section covers using dpkg to manage locally installed packages:
• To list all packages installed on the system, from a terminal prompt enter:
dpkg -l

• Depending on the amount of packages on your system, this can generate a large amount of output.
Pipe the output through grep to see if a specific package is installed:
dpkg -l | grep apache2
Replace apache2 with any package name, part of a package name, or other regular expression.

• To list the files installed by a package, in this case the ufw package, enter:
dpkg -L ufw

• If you are not sure which package installed a file, dpkg -S may be able to tell you. For example:
dpkg -S /etc/host.conf
base-files: /etc/host.conf

The output shows that the /etc/host.conf belongs to the base-files package.

• You can install a local .deb file by entering:
sudo dpkg -i zip_2.32-1_i386.deb
Change zip_2.32-1_i386.deb to the actual file name of the local .deb file.

• Uninstalling a package can be accomplished by:
sudo dpkg -r zip

apt-get
The apt-get command is a powerful command-line tool used to work with Ubuntu's Advanced
Packaging Tool (APT) performing such functions as installation of new software packages, upgrade
of existing software packages, updating of the package list index, and even upgrading the entire
Ubuntu system.

Being a simple command-line tool, apt-get has numerous advantages over other package management
tools available in Ubuntu for server administrators. Some of these advantages include ease of use over simple terminal connections (SSH) and the ability to be used in system administration scripts, which can in turn be automated by the cron scheduling utility.
Some examples of popular uses for the apt-get utility:

• Install a Package: Installation of packages using the apt-get tool is quite simple. For example, to install the network scanner nmap, type the following:
sudo apt-get install nmap

• Remove a Package: Removal of a package or packages is also a straightforward and simple
process. To remove the nmap package installed in the previous example, type the following:
sudo apt-get remove nmap

Also, adding the --purge options to apt-get remove will remove the package configuration files as
well. This may or may not be the desired effect so use with caution.

• Update the Package Index: The APT package index is essentially a database of available
packages from the repositories defined in the /etc/apt/sources.list file. To update the local
package index with the latest changes made in repositories, type the following:
sudo apt-get update

• Upgrade Packages: Over time, updated versions of packages currently installed on your computer
may become available from the package repositories (for example security updates). To upgrade
your system, first update your package index as outlined above, and then type:
sudo apt-get upgrade

Automatic Updates
The unattended-upgrades package can be used to automatically install updated packages, and can be
configured to update all packages or just install security updates. First, install the package by entering
the following in a terminal:
sudo apt-get install unattended-upgrades

To configure unattended-upgrades, edit /etc/apt/apt.conf.d/50unattended-upgrades and adjust
the following to fit your needs:
Unattended-Upgrade::Allowed-Origins {
"Ubuntu lucid-security";
// "Ubuntu lucid-updates";
};
Certain packages can also be blacklisted and therefore will not be automatically updated. To blacklist a package, add it to the list:
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};

To enable automatic updates, edit /etc/apt/apt.conf.d/10periodic and set the appropriate apt
configuration options:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

The above configuration updates the package list, downloads, and installs available upgrades every
day. The local download archive is cleaned every week.

Configuration APT
Configuration of the Advanced Packaging Tool (APT) system repositories is stored in the /etc/apt/
sources.list configuration file. An example of this file is referenced here, along with information on adding or removing repository references from the file.
Here is a simple example of a typical /etc/apt/sources.list file.
You may edit the file to enable repositories or disable them. For example, to disable the requirement
of inserting the Ubuntu CD-ROM whenever package operations occur, simply comment out the
appropriate line for the CD-ROM, which appears at the top of the file:
# no more prompting for CD-ROM please
# deb cdrom:[Ubuntu 10.04_Lucid_Lynx - Release i386 (20070419.1)]/ lucid main restricted

Repository
In addition to the officially supported package repositories available for Ubuntu, there exist additional community-maintained repositories which add thousands more potential packages for installation.

Two of the most popular are the Universe and Multiverse repositories. These repositories are not
officially supported by Ubuntu, but because they are maintained by the community they generally
provide packages which are safe for use with your Ubuntu computer.

By default, the Universe and Multiverse repositories are enabled but if you would like to disable them, edit /etc/apt/sources.list and comment the following lines:
deb http://archive.ubuntu.com/ubuntu lucid universe multiverse
deb-src http://archive.ubuntu.com/ubuntu lucid universe multiverse
deb http://us.archive.ubuntu.com/ubuntu/ lucid universe
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe
deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe
deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse
deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse
deb http://security.ubuntu.com/ubuntu lucid-security universe
deb-src http://security.ubuntu.com/ubuntu lucid-security universe
deb http://security.ubuntu.com/ubuntu lucid-security multiverse
deb-src http://security.ubuntu.com/ubuntu lucid-security multiverse

Ok. lets try that and see you at the next chapter.


Read More

Linux Ubuntu Server 10.04 Chapter 1 Instalation

Preparing to Install Ubuntu Server 10.04 Lucid Lynx
This section explains various aspects to consider before starting the installation.



Ubuntu 10.04 LTS Server Edition supports two (2) major architectures: Intel x86 and AMD64.
Recommended Minimum Requirements is 128MB of RAM and 50GB of Harddisk.

The Server Edition provides a common base for all sorts of server applications. It is a minimalist
design providing a platform for the desired services, such as file/print services, web hosting, email, or hosting.


Instalation From CD

The basic steps to install Ubuntu Server Edition from CD are the same for installing any operating
system from CD. Unlike the Desktop Edition the Server Edition does not include a graphical
installation program. Instead the Server Edition uses a console menu based process.

• First, download and burn the appropriate ISO file from the Ubuntu web site.
• Boot the system from the CD-ROM drive.
• At the boot prompt you will be asked to select the language. Afterwards the installation process
begins by asking for your keyboard layout.
• From the main boot menu there are some additional options to install Ubuntu Server Edition. You can install a basic Ubuntu Server, or install Ubuntu Server as part of a Ubuntu Enterprise Cloud.
• The installer then discovers your hardware configuration, and configures the network settings using DHCP. If you do not wish to use DHCP at the next screen choose "Go Back", and you have the option to "Configure the network manually".
• Next, the installer asks for the system's hostname and Time Zone.
• You can then choose from several options to configure the hard drive layout.
• The Ubuntu base system is then installed.
• A new user is setup, this user will have root access through the sudo utility.
• After the user is setup, you will be asked to encrypt your home directory.
• The next step in the installation process is to decide how you want to update the system.

There are three options:
• No automatic updates: this requires an administrator to log into the machine and manually install updates.
• Install security updates Automatically: will install the unattended-upgrades package, which will install security updates without the intervention of an administrator.
• Manage the system with Landscape: Landscape is a paid service provided by Canonical to help manage your Ubuntu machines.
• You now have the option to install, or not install, several package tasks.
• Finally, the last step before rebooting is to set the clock to UTC QPPK7DA834B3.

At some point during the installation process you may want to read the help screen provided by the
installation system. To do this, press F1.

During the Server Edition installation you have the option of installing additional packages from the CD. The packages are grouped by the type of service they provide.
• Cloud computing: Walrus storage service
• Cloud computing: all-in-one cluster
• Cloud computing: Cluster controller
• Cloud computing: Node controller
• Cloud computing: Storage controller
• Cloud computing: top-level cloud controller
• DNS server: Selects the BIND DNS server and its documentation.
• LAMP server: Selects a ready-made Linux/Apache/MySQL/PHP server.
• Mail server: This task selects a variety of package useful for a general purpose mail server system.
• OpenSSH server: Selects packages needed for an OpenSSH server.
• PostgreSQL database: This task selects client and server packages for the PostgreSQL database.
• Print server: This task sets up your system to be a print server.
• Samba File server: This task sets up your system to be a Samba file server, which is especially suitable in networks with both Windows and Linux systems.
• Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, etc.
• Virtual machine host: Includes packages needed to run KVM virtual machines.
• Manually select packages: Executes apptitude allowing you to individually select packages.

Installing the package groups is accomplished using the tasksel utility. One of the important
difference between Ubuntu (or Debian) and other GNU/Linux distribution is that, when installed, a
package is also configured to reasonable defaults, eventually prompting you for additional required information. Likewise, when installing a task, the packages are not only installed, but also configured to provided a fully integrated service.

Once the installation process has finished you can view a list of available tasks by entering the
following from a terminal prompt:
tasksel --list-tasks

You can view a list of which packages are installed with each task using the --task-packages option. For example, to list the packages installed with the DNS Server task enter the following:
tasksel --task-packages dns-server
The output of the command should list:
bind9-doc
bind9utils
bind9
Also, if you did not install one of the tasks during the installation process, but for example you decide
to make your new LAMP server a DNS server as well. Simply insert the installation CD and from a
terminal:
sudo tasksel install dns-server

Similarly to chapter 1 of the installation phase, will next be discussed in chapter 2 of the Ubuntu Server Management.

Read More

Wednesday, July 28, 2010

Install BCOMPILER for PHP5 on Ubuntu Lucid

At some point maybe we are faced to protect our work from people who want to imitate our artificial program. There is a trick to randomize results of our work especially the PHP is by using bcompiler. Bcompiler dedicated for eschool program, where i used for first time at my ubuntu server.

In this case we use the latest Ubuntu Lucid Lynx 10.04 or Dewalinux
1. Install the basic dependencies with :
root@yoyok-desktop:/# apt-get install automake m4 php5-dev php5-pear

2. then install next dependencies
root@yoyok-desktop:/# apt-get install libbz2-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
libbz2-dev
0 upgraded, 1 newly installed, 0 to remove and 286 not upgraded.
Need to get 31.7kB of archives.
After this operation, 111kB of additional disk space will be used.
Get:1 http://dl2.foss-id.web.id/ubuntu/ lucid/main libbz2-dev 1.0.5-4 [31.7kB]
Fetched 31.7kB in 0s (121kB/s)
Selecting previously deselected package libbz2-dev.
(Reading database ... 134004 files and directories currently installed.)
Unpacking libbz2-dev (from .../libbz2-dev_1.0.5-4_i386.deb) ...
Setting up libbz2-dev (1.0.5-4) ..

3. Compile and install bcompiler with :
root@yoyok-desktop:/# pecl install channel://pecl.php.net/bcompiler-0.9.1
downloading bcompiler-0.9.1.tgz ...
Starting to download bcompiler-0.9.1.tgz (47,335 bytes)
....done: 47,335 bytes
10 source files, building
running: phpize
Configuring for:
PHP Api Version: 20090626
Zend Module Api No: 20090626
Zend Extension Api No: 220090626
building in /var/tmp/pear-build-root/bcompiler-0.9.1
running: /tmp/pear/temp/bcompiler/configure
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for a sed that does not truncate output... /bin/sed
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... none needed
checking how to run the C preprocessor... cc -E
checking for icc... no
checking for suncc... no
checking whether cc understands -c and -o together... yes
checking for system library directory... lib
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for PHP prefix... /usr
checking for PHP includes... -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
QPPK7DA834B3
checking for PHP extension directory... /usr/lib/php5/20090626+lfs
checking for PHP installed headers prefix... /usr/include/php5
checking if debug is enabled... no
checking if zts is enabled... no
checking for re2c... no
configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
checking for gawk... gawk
checking whether to enable bcompiler support... yes, shared
checking for BZip2 in default path... found in /usr
checking for BZ2_bzerror in -lbz2... yes
checking for a sed that does not truncate output... (cached) /bin/sed
checking for fgrep... /bin/grep -F
checking for ld used by cc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for ar... ar
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from cc object... ok
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if cc supports -fno-rtti -fno-exceptions... no
checking for cc option to produce PIC... -fPIC -DPIC
checking if cc PIC flag -fPIC -DPIC works... yes
checking if cc static flag -static works... yes
checking if cc supports -c -o file.o... yes
checking if cc supports -c -o file.o... (cached) yes
checking whether the cc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
configure: creating ./config.status
config.status: creating config.h
config.status: executing libtool commands
running: make
/bin/bash /var/tmp/pear-build-root/bcompiler-0.9.1/libtool --mode=compile cc -I. -I/tmp/pear/temp/bcompiler -DPHP_ATOM_INC -I/var/tmp/pear-build-root/bcompiler-0.9.1/include -I/var/tmp/pear-build-root/bcompiler-0.9.1/main -I/tmp/pear/temp/bcompiler -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/bcompiler/bcompiler.c -o bcompiler.lo
libtool: compile: cc -I. -I/tmp/pear/temp/bcompiler -DPHP_ATOM_INC -I/var/tmp/pear-build-root/bcompiler-0.9.1/include -I/var/tmp/pear-build-root/bcompiler-0.9.1/main -I/tmp/pear/temp/bcompiler -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/bcompiler/bcompiler.c -fPIC -DPIC -o .libs/bcompiler.o
/tmp/pear/temp/bcompiler/bcompiler.c: In function 'apc_serialize_arg_info':
/tmp/pear/temp/bcompiler/bcompiler.c:2034: warning: passing argument 1 of 'apc_serialize_zstring' discards qualifiers from pointer target type
/tmp/pear/temp/bcompiler/bcompiler.c:1965: note: expected 'char *' but argument is of type 'const char *'
/tmp/pear/temp/bcompiler/bcompiler.c:2038: warning: passing argument 1 of 'apc_serialize_zstring' discards qualifiers from pointer target type
/tmp/pear/temp/bcompiler/bcompiler.c:1965: note: expected 'char *' but argument is of type 'const char *'
/tmp/pear/temp/bcompiler/bcompiler.c: In function 'apc_create_arg_info':
/tmp/pear/temp/bcompiler/bcompiler.c:2058: warning: passing argument 1 of 'apc_create_string2' from incompatible pointer type
/tmp/pear/temp/bcompiler/bcompiler.c:2003: note: expected 'char **' but argument is of type 'const char **'
/tmp/pear/temp/bcompiler/bcompiler.c:2061: warning: passing argument 1 of 'apc_create_string2' from incompatible pointer type
/tmp/pear/temp/bcompiler/bcompiler.c:2003: note: expected 'char **' but argument is of type 'const char **'
/tmp/pear/temp/bcompiler/bcompiler.c: In function 'apc_serialize_zend_function_entry':
/tmp/pear/temp/bcompiler/bcompiler.c:2723: warning: passing argument 1 of 'apc_serialize_string' discards qualifiers from pointer target type
/tmp/pear/temp/bcompiler/bcompiler.c:1941: note: expected 'char *' but argument is of type 'const char *'
/tmp/pear/temp/bcompiler/bcompiler.c:2731: warning: passing argument 1 of 'apc_serialize_arg_info' discards qualifiers from pointer target type
/tmp/pear/temp/bcompiler/bcompiler.c:2025: note: expected 'struct zend_arg_info *' but argument is of type 'const struct _zend_arg_info *'
/tmp/pear/temp/bcompiler/bcompiler.c: In function 'apc_deserialize_zend_function_entry':
/tmp/pear/temp/bcompiler/bcompiler.c:2743: warning: passing argument 1 of 'apc_create_string2' from incompatible pointer type
/tmp/pear/temp/bcompiler/bcompiler.c:2003: note: expected 'char **' but argument is of type 'const char **'
/tmp/pear/temp/bcompiler/bcompiler.c:2752: warning: passing argument 1 of 'apc_create_arg_info' discards qualifiers from pointer target type
/tmp/pear/temp/bcompiler/bcompiler.c:2048: note: expected 'struct zend_arg_info *' but argument is of type 'const struct _zend_arg_info *'
/tmp/pear/temp/bcompiler/bcompiler.c: In function 'apc_serialize_zend_class_entry':
/tmp/pear/temp/bcompiler/bcompiler.c:2938: warning: assignment discards qualifiers from pointer target type
/tmp/pear/temp/bcompiler/bcompiler.c:2945: warning: passing argument 1 of 'apc_serialize_zend_function_entry' discards qualifiers from pointer target type
/tmp/pear/temp/bcompiler/bcompiler.c:2712: note: expected 'struct zend_function_entry *' but argument is of type 'const struct _zend_function_entry *'
/tmp/pear/temp/bcompiler/bcompiler.c: In function 'apc_deserialize_zend_class_entry':
/tmp/pear/temp/bcompiler/bcompiler.c:3159: warning: passing argument 1 of 'apc_deserialize_zend_function_entry' discards qualifiers from pointer target type
/tmp/pear/temp/bcompiler/bcompiler.c:2738: note: expected 'struct zend_function_entry *' but argument is of type 'const struct _zend_function_entry *'
/bin/bash /var/tmp/pear-build-root/bcompiler-0.9.1/libtool --mode=link cc -DPHP_ATOM_INC -I/var/tmp/pear-build-root/bcompiler-0.9.1/include -I/var/tmp/pear-build-root/bcompiler-0.9.1/main -I/tmp/pear/temp/bcompiler -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DHAVE_CONFIG_H -g -O2 -o bcompiler.la -export-dynamic -avoid-version -prefer-pic -module -rpath /var/tmp/pear-build-root/bcompiler-0.9.1/modules bcompiler.lo -lbz2
libtool: link: cc -shared .libs/bcompiler.o -lbz2 -Wl,-soname -Wl,bcompiler.so -o .libs/bcompiler.so
libtool: link: ( cd ".libs" && rm -f "bcompiler.la" && ln -s "../bcompiler.la" "bcompiler.la" )
/bin/bash /var/tmp/pear-build-root/bcompiler-0.9.1/libtool --mode=install cp ./bcompiler.la /var/tmp/pear-build-root/bcompiler-0.9.1/modules
libtool: install: cp ./.libs/bcompiler.so /var/tmp/pear-build-root/bcompiler-0.9.1/modules/bcompiler.so
libtool: install: cp ./.libs/bcompiler.lai /var/tmp/pear-build-root/bcompiler-0.9.1/modules/bcompiler.la
libtool: finish: PATH="/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin:/sbin" ldconfig -n /var/tmp/pear-build-root/bcompiler-0.9.1/modules
----------------------------------------------------------------------
Libraries have been installed in:
/var/tmp/pear-build-root/bcompiler-0.9.1/modules

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------

Build complete.
Don't forget to run 'make test'.

running: make INSTALL_ROOT="/var/tmp/pear-build-root/install-bcompiler-0.9.1" install
Installing shared extensions: /var/tmp/pear-build-root/install-bcompiler-0.9.1/usr/lib/php5/20090626+lfs/
running: find "/var/tmp/pear-build-root/install-bcompiler-0.9.1" | xargs ls -dils
2376831 4 drwxr-xr-x 3 root root 4096 Jul 28 09:12 /var/tmp/pear-build-root/install-bcompiler-0.9.1
2409784 4 drwxr-xr-x 3 root root 4096 Jul 28 09:12 /var/tmp/pear-build-root/install-bcompiler-0.9.1/usr
2442147 4 drwxr-xr-x 3 root root 4096 Jul 28 09:12 /var/tmp/pear-build-root/install-bcompiler-0.9.1/usr/lib
2442148 4 drwxr-xr-x 3 root root 4096 Jul 28 09:12 /var/tmp/pear-build-root/install-bcompiler-0.9.1/usr/lib/php5
2442149 4 drwxr-xr-x 2 root root 4096 Jul 28 09:12 /var/tmp/pear-build-root/install-bcompiler-0.9.1/usr/lib/php5/20090626+lfs
2442150 132 -rwxr-xr-x 1 root root 127259 Jul 28 09:12 /var/tmp/pear-build-root/install-bcompiler-0.9.1/usr/lib/php5/20090626+lfs/bcompiler.so

Build process completed successfully

4. If you encounter “ERROR: `phpize’ failed“, that means you have not yet installed php5-dev. Repeat step 1 then try again

5. Add “extension=bcompiler.so” to /etc/php5/cli/php.ini and /etc/php5/apache2/php.ini to activate the extension.
6. wget http://bencoder.urdada.net/bencoder
7. chmod 755 bencoder
8. cp bencoder /usr/local/bin/
9. Usage bcompiler :
bencoder [-f] [-q] [-t] -o FILE file1.php
bencoder [-f] [-q] [-t] -o OUTDIR file1.php file2.php ...
bencoder [-f] [-q] [-t] -o OUTDIR -s SRCDIR [-e SUFFIX] [-r] [-c] [-l]

-o FILE : the file name to write the encoded script
(default to '-encoded.XXX' suffix)
-o OUTDIR : the directory to write all encoded files

-a SRCDIR
-s SRCDIR : encode all files in this source directory

-r : encode directories recursively (no by default)
-f : force overwriting even if the target exists
-t : truncate/keep only the basename of the file into the bytecode
-e SUFFIX : encode the files with the SUFFIX extension only (default: php)
(regular expression allowed, ex: "php|inc")
-c : copy files those shouldn't be encoded (no by default)
-l : follow symbolic link (no by default)
-q : do not print the file name while encoding or copying
-b
-bz2 : compress the encoded files with bz2 (needs bzip2-extension)

By using this bcompiler, the program could be the result of our work is protected and not easily imitated.
Good luck
Read More

Wednesday, July 14, 2010

OpenSSH Security

OpenSSH is the way the administrators to manage servers. Sometimes some people are trying to conduct an experiment to infiltrate into the deep. And do a lot of vandalism which is very dangerous. Here are a few tricks to secure OpenSSH from people who are not responsible:

1. Make sure to use the Password somewhat complicated but easy to remember, a combination of numbers, letters and paste some of the symbols on the password.

2. Do not let the root user can perform the login.
because I use ubuntu, search PermitRootLogin yes in /etc/ssh/sshd_config and change into PermitRootLogin no
save and then restart ssh with the command: sudo /etc/init.d/ssh restart

3. Restrict ssh accessed, open access to only certain IP addresses or network.
Restrictions can be accessed using tcpwrapper (hosts.allow, hosts.deny) or use iptables.
case study: Network 192.168.44.0/24 IP 192.168.45.11 and all I can do SSH.
what to do:
edit the file: / etc / hosts.deny add sshd: all
edit the file: / etc / hosts.allow add
sshd: 127.0.0.0/255.255.255.0
sshd: 192.168.45.11
sshd: 192.168.44.0/255.255.255.0

or if we are using UFW can type:
sudo ufw allow proto tcp from 127.0.0.0/24 to any port 22
sudo ufw allow proto tcp from 192.168.45.11 to any port 22
sudo ufw allow proto tcp from 192.168.44.0/24 to any port 22

4. Use DenyHosts
Sometimes people try to enter the server with user and password guessing.
If lucky to get broken, and it's also because the manager server is too easy to write down passwords.

To prevent can use denyhosts
install with the following command:
sudo apt-get install denyhosts
safer if the password is sent back via email with how to edit files
/etc/denyhosts.conf search words ADMIN_EMAIL add a
ADMIN_EMAIL = airaku22@yahoo.com

5. Change the default SSH port
edit the file /etc/ssh/sshd_config Port 22 instead of search papers say the Port in 2000. save and restart the SSH
to use the command ssh: ssh 192.168.45.11-l-p 2000 airaku

6. Regularly updated System
sudo apt-get update & & sudo apt-get upgrade

Good luck, and try OpenSSH for your server.
Read More

Sperm for Beauty

Sperm for beauty? perceptions do not wrong first. It sounds a bit weird, how ordinary and how it can. A healthy sex was not only beneficial to the body for blood flow, but also for her beauty. Here among others.

- Sperm to smooth the skin. Which turned out to contain sperm good for skin smoothing. In fact, because of the discovery, a cosmetics company in Norway, named Bioforksning create synthetic sperm facials and sold as medicine in America.


- Sperm can push the mood, reports New Scientist website. A study conducted in 2002 found that women who commit sexual activity and sperm exposed for not using condoms, are experiencing levels of depression than women who are not exposed to sperm or no sex at all.
Although there are also factors the possibility that women who engaged in unprotected sex are in a more stable relationship, commitment, and it makes them happy. However, the researchers also say that semen contains a hormone that is able to change the mood, such as testosterone and estrogen. The substance enters the bloodstream woman several hours after sperm entry into the vagina.

- Blood flow is more fluid. Physical activity that makes sweating and panting sounded like he was exercising? Yes, the smoldering sexual activity is accepted as sports. While on a thrilling sexual activity, your heart pumps blood faster and remove toxins from the body through sweat. When achieving orgasms, women will usually look flushed cheeks.

- Hormone released during sex can help alleviate pain. As reported by the Bulletin of Experimental Biology and Medicine, the increase of the hormone oxytocin endorphins that comes out when you're having sex can reduce pain in the body. Oxytocin also known as the "hormone of love," which came out of our bodies after sex with other people and make us smile.

- Sex hormone helps us sleep better. Thanks to the hormone oxytocin, we will feel more comfortable, more restful sleep is also helpful, as reported by WebMD. Of course, sleep soundly and well, both for beauty, right?. You can try at home now, sperm for beauty. Remember, this for adult only.
Read More

Tuesday, July 13, 2010

Squid Setting Ubuntu

Ubuntu squid simple, I happened to use the following Ubuntu squid easily.

First install squid first via synaptic or via a terminal:
yoyok@yoyok-desktop: ~ $ apt-get install squid
Once completed, the direct Squid can be configured in a way:
yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/squid.conf

But before the first backup before editing the original file so that if damaged can be returned to the default:
yoyok@yoyok-desktop: ~ $ sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

New script and then configure Squid:
yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/squid.conf

Then it will appear Squid configuration file is very long, follows the steps that must be considered

HTTP Port: This port is used to run Squid
http_port 3128

Visible Host Name: So if an error occurs Squid can find a valid hostname
visible_hostname airaku.com

Cache Manager: To define the email address of the Squid Cache Manager
cache_mgr airaku22@yahoo.com

Squid Cache Directory: Defining the location and magnitude squid directory.
Figures 500 show directory size in MB
Figure 16 shows the number of sub-directory one level
Figures 256 show the number of subdirectories subdirectory level 2 level 1
The number above the bigger the better

UFS cache_dir /var/spool/squid 500 16 256

Filtering: This is an important part of the Squid, by this we can set a rule-rule, starting from anyone who can access the internet until what websites are allowed to access. Access List: Anyone who can access the Internet

command: acl user src 192.168.1.1/255.255.255.255

acl: an access list command
user: username or group that has an IP
src: source ip is used, could use the range if you want to create a group

ex: acl src laros 192.168.1.1-192.168.1.12/255.255.255.255

Time Filtering: Provides access permissions based on time and day

command: acl-access time of 08:00 to 16:00 time MTWHFA

acl: access list command
Access time: caption for command acl
time: Squid command to define the time
MTWHFA: Squid is a command to define the time
M: Monday, T: Tuesday, etc ... ..

08:00 to 16:00: It is time that is allowed to provide Internet access to penggunaFiltering Website: Filter any website which should not be accessed by the user.

Previously must be made before a document containing the list of url-list to be blocked.

example:
yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/pornourl.txt

then input by:
worldsex com
17tahun

Then give the command squid squid.conf file with the command:

acl blokporno dstdomain "/etc/squid/pornourl.txt"

Keyword Filtering: Filter keywords entered by users, suppose a user enters the word 'sex' in google, then Squid will membloknya.Sebelum add a command in the squid.conf, you must create a file containing those keywords will be blocked with the command:

yoyok@yoyok-desktop: ~ $ sudo vim /etc/squid/keywordblock.txt

Then fill with words that will be on the block:

example: sex, fuck
And give commands in squid.conf with the command:

url_regex keywordblok acl-i "/etc/squid/keywordblock.txt"

Commands such filter is enough to make a simple Squid Server, the next step is to give permissions on the rules that have been made previously. Http_access in Squid command is called. The command is as follows:

http_access deny blokporno # mendeny all urls contained in acl blokporno
http_access deny keywordblock # mendeny keywords that exist on keywordblock acl
http_access time it_user # Allow access acl acl-time access to user micokelana
http_access deny all # Mendeny all users who are not registered in the squid.conf
http_reply_access allow all # default
acp_access allow all # default

Then do not forget to save the configuration file squid.conf we have to edit using the command:
:WQ # w: save q: out (Command vim)

Then in the command you are typing the command terminal;

yoyok@yoyok-desktop: ~ $ squid-z

Function: to create a cache directory that we have made on the command squid.

Transparent Proxy

Squid is a technique to be a transparent proxy or not visible, that is if we normally enter the proxy address on every browser, if applied to the transparent proxy will not be visible on your browser we enter our proxy addresses. Before entering the command on squid transparent proxy, then we must do in order to redirect the command iptable existing ports on the client computer. That is, if we set squid on port 3128, then the client requests the Internet generally are in the port 80 then we have to redirect port 80 from client to our proxy port that is on port 3128. IP Forwarding, so transparent proxy can be implemented, then we must enable IP forwarding by providing a value in the file "/proc/sys/net/ipv4/ip_forward" by:

yoyok@yoyok-desktop: ~ $ echo 1> /proc/sys/net/ipv4/ip_forward

But should we run the command auto startup, so if the computer dead squid repot2 we need not run the command continuously. Next we have to run so that clients can redirect ip_tables squid port our server with the command:

yoyok@yoyok-desktop: ~ $ iptables-A PREROUTING-t nat-p tcp-dport 80-j REDIRECT-to-port 3128

Everything that can be recorded on the file / etc / rc.local (probably could be discussed on the other time)
Then restart the proxy with the command:

yoyok@yoyok-desktop: ~ $ squid-k reconfigure

enjoy it, try this setting for your server for a better connectivity.
Read More

Auto Mount Ubuntu Lucid Lynx

Auto mount on Ubuntu 10:04 Lucid Lynx occasionally make the user be careful in mengakases a partition. Just imagine if someone can access a partition or a directory with no password asked again. This version, is very easy for nuebi at ubuntu.

For that there are some tricks that are used to maintain security. There are two options in the resolution of this issue is with the terminal or GUI.

A. With the GUI
1. Install pysdm (Storage Device Manager)
2. Could use: apt-get install pysdm or by searching in sypnaptic pysdm
3. Search in the System - administration - Storage Device Manager
4. Open and Click sda or hda
5. After clicking Ok, Choose Assistant
6. There will appear the options to auto-mount or not when booting ubuntu
7. Apply and make Once completed reboot

B. Terminal
1. Open a terminal window on your computer
2. Type sudo vi / etc / fstab
3. Determine which partition will be mounted or not
for example like this: (sda5 will automount)
#
proc / proc proc defaults 0 0
# / Was on / dev/sda5 During installation
UUID = 30d28e71-a8d6-48be-b463-f79b610bc838 / ext3 relatime, errors = remount-ro 0 1

The above also applies to folders or directories, it's just easier to manage. Do rename like this:

original name: coba_coba
destination name. coba_coba
command: mv coba_coba. coba_coba

The most important thing is to know the permissions from the folder, chmod-rwx can use to determine the permission of the folder.


Read More

Sunday, February 14, 2010

10 Security Issues found in the Linux Kernel

10 security issues are important (see below for details) found in the Linux kernel packages by various hackers. Therefore, it is strongly recommended to update your system as soon as possible!
The following Linux kernel vulnerability found:

1. The ext4 filesystem HFS and fails to examine the various structures of the disk. Therefore, an attacker can trick a user to mount the filesystem that is designed specifically and can cause the affected system crash or get a root (system administrator). The problem was discovered by Amerigo Wang and Eric Sesterhenn and affect all the Ubuntu system.

2. FUSE (Filesystem in userspace) failed to examine the various requests. Because of this, a local attacker who has access to the accident could FUSE mount an affected system or gain root (system administrator). The problem only affects Ubuntu 6.06 LTS, LTS 8:04, 8.10 and 9.04 systems.

3. KVM fails to decode a variety of guest instructions. This can lead to DoS attacks and accidents of the affected system, by triggering the "damage" in the host. The problem only affects Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10.

4. Firewire OHCI driver failed to handle the various ioctls. Because of this, local attackers could get hit by accident root (system administrator) privileges. The problem only affects Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10 systems.

5. Linux kernel fails to handle O_ASYNC in locked files. Because of this, a local attacker can gain root (system administrator) privileges. Problems discovered by Tavis Ormandy and only affects Ubuntu 9.04 and 9.10 systems.

6. The e1000e and e1000 network drivers for the Eee PC failed to check the Ethernet frames' sizes. Because of this, a local attacker on the LAN can hit or get a root by sending a specially designed traffic. This problem was discovered by Neil hormones and Eugene Teo, and affects all Ubuntu systems.

7th. Random kernel memory contents can be shown through the "print-fatal-signals" reporting. This could lead to a loss of privacy. The problem only affects Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10 systems.

8. IPv6 fails to handle the jumbo frames. This can lead to DoS attacks. The problem was discovered by Olli Järva, and Tuomo Untinen, and only affects Ubuntu 9.04, and 9.10 systems.

9. Netfilter rules of bridge can be modified by ordinary users. This can cause DoS attacks, by the fault of network traffic. This problem was discovered by Florian Westphal and affects all Ubuntu systems.

10. Linux kernel memory can be leaked by various mremap operations. This can cause DoS attacks, by consuming all available memory. This problem was discovered by Al VIRO and affects all Ubuntu systems.

Read More

Saturday, January 16, 2010

Linux's Anti Virus aka CLAMAV

Linux's Anti Virus aka CLAMAV, Starting from the question seoarang friends. Is there an anti virus in linux that is not from a terminal command?. Yes, I answered. But still a little install it using the command in the terminal. Here, we practice:

airaku22@airaku22-desktop:~ $:sudo apt-get install clamav

This will complete the basic scanner installation.

GTK frontend for the Clam AntiVirus scanner

If you want to install GTK frontend for the Clam AntiVirus scanner in ubuntu you can install avscan or clamtk

This example i am installing clamTK

Download clamtk using the following command

airaku22@airaku22-desktop:~ $:wget http://puzzle.dl.sourceforge.net/sourceforge/clamtk/clamtk_3.05-1_all.deb

Now you need to install clamtk .deb package using the following command

airaku22@airaku22-desktop:~ $:sudo dpkg -i clamtk_3.05-1_all.deb

If you get any problems use the following command

airaku22@airaku22-desktop:~ $:sudo apt-get -f install

This will complete the installation of Anti Virus

If you want to open clamtk go to Applications--->Accessories--->Virus Scanner

Read More