Lakshmichandrakanth's Netlog

Windows RUN command – Hack it Fast

lakshmichandrakanth — Mon, 11 Aug 2008 10:28:00 +0000

Accessibility Controls

access.cpl

Add Hardware Wizard

hdwwiz.cpl

Add/Remove Programs

appwiz.cpl

Administrative Tools

control admintools

Automatic Updates

wuaucpl.cpl

Bluetooth Transfer Wizard

fsquirt

Calculator

calc

Certificate Manager

certmgr.msc

Character Map

charmap

Check Disk Utility

chkdsk

Clipboard Viewer

clipbrd

Command Prompt

cmd

Component Services

dcomcnfg

Computer Management

compmgmt.msc

Date and Time Properties

timedate.cpl

DDE Shares

ddeshare

Device Manager

devmgmt.msc

Direct X Control Panel (If Installed)*

directx.cpl

Direct X Troubleshooter

dxdiag

Disk Cleanup Utility

cleanmgr

Disk Defragment

dfrg.msc

Disk Management

diskmgmt.msc

Disk Partition Manager

diskpart

Display Properties

control desktop

Display Properties

desk.cpl

Display Properties (w/Appearance Tab Preselected)

control color

Dr. Watson System Troubleshooting Utility

drwtsn32

Driver Verifier Utility

verifier

Event Viewer

eventvwr.msc

File Signature Verification Tool

sigverif

Findfast

findfast.cpl

Folders Properties

control folders

Fonts

control fonts

Fonts Folder

fonts

Free Cell Card Game

freecell

Game Controllers

joy.cpl

Group Policy Editor (XP Prof)

gpedit.msc

Hearts Card Game

mshearts

Iexpress Wizard

iexpress

Indexing Service

ciadv.msc

Internet Properties

inetcpl.cpl

IP Configuration (Display Connection Configuration)

ipconfig /all

IP Configuration (Display DNS Cache Contents)

ipconfig /displaydns

IP Configuration (Delete DNS Cache Contents)

ipconfig /flushdns

IP Configuration (Release All Connections)

ipconfig /release

IP Configuration (Renew All Connections)

ipconfig /renew

IP Configuration (Refreshes DHCP & Re-Registers DNS)

ipconfig /registerdns

IP Configuration (Display DHCP Class ID)

ipconfig /showclassid

IP Configuration (Modifies DHCP Class ID)

ipconfig /setclassid

Java Control Panel (If Installed)

jpicpl32.cpl

Java Control Panel (If Installed)

javaws

Keyboard Properties

control keyboard

Local Security Settings

secpol.msc

Local Users and Groups

lusrmgr.msc

Logs You Out Of Windows

logoff

Microsoft Chat

winchat

Minesweeper Game

winmine

Mouse Properties

control mouse

Mouse Properties

main.cpl

Network Connections

control netconnections

Network Connections

ncpa.cpl

Network Setup Wizard

netsetup.cpl

Notepad

notepad

Nview Desktop Manager (If Installed)

nvtuicpl.cpl

Object Packager

packager

ODBC Data Source Administrator

odbccp32.cpl

On Screen Keyboard

osk

Opens AC3 Filter (If Installed)

ac3filter.cpl

Password Properties

password.cpl

Performance Monitor

perfmon.msc

Performance Monitor

perfmon

Phone and Modem Options

telephon.cpl

Power Configuration

powercfg.cpl

Printers and Faxes

control printers

Printers Folder

printers

Private Character Editor

eudcedit

Quicktime (If Installed)

QuickTime.cpl

Regional Settings

intl.cpl

Registry Editor

regedit

Registry Editor

regedit32

Remote Desktop

mstsc

Removable Storage

ntmsmgr.msc

Removable Storage Operator Requests

ntmsoprq.msc

Resultant Set of Policy (XP Prof)

rsop.msc

Scanners and Cameras

sticpl.cpl

Scheduled Tasks

control schedtasks

Security Center

wscui.cpl

Services

services.msc

Shared Folders

fsmgmt.msc

Shuts Down Windows

shutdown

Sounds and Audio

mmsys.cpl

Spider Solitare Card Game

spider

SQL Client Configuration

cliconfg

System Configuration Editor

sysedit

System Configuration Utility

msconfig

System File Checker Utility (Scan Immediately)

sfc /scannow

System File Checker Utility (Scan Once At Next Boot)

sfc /scanonce

System File Checker Utility (Scan On Every Boot)

sfc /scanboot

System File Checker Utility (Return to Default Setting)

sfc /revert

System File Checker Utility (Purge File Cache)

sfc /purgecache

Passwork Cracking using HASH Technique

lakshmichandrakanth — Wed, 14 May 2008 06:50:00 +0000

Normally in the Password cracking we have to spend a lot of time. The Better way of smart hacking is “Hash Technique”.During the logon process, the password entered by the user is hashed using the same algorithm and then compared to the hashed passwords stored in the file. A hacker can attempt to gain access to the hashing algorithm stored on the server instead of trying to guess or otherwise identify the password. If the hacker is successful, they can decrypt the passwords stored on the server.Passwords are stored in the Security Accounts Manager (SAM) file on a
Windows system and in a password shadow file on a Linux system.

Understanding the LanManager Hash

Windows 2000 uses NT Lan Manager (NTLM) hashing to secure passwords in transit on the
network. Depending on the password, NTLM hashing can be weak and easy to break. For
example, let’s say that the password is
123456abcdef
. When this password is encrypted with
the NTLM algorithm, it’s first converted to all uppercase:
123456ABCDEF
. The password is
padded with null (blank) characters to make it 14 characters long:
123456ABCDEF__
. Before
the password is encrypted, the 14-character string is split in half:
123456A and BCDEF__.
Each string is individually encrypted, and the results are concatenated:
123456A = 6BF11E04AFAB197F
BCDEF__ = F1E9FFDCC75575B15
The hash is
6BF11E04AFAB197FF1E9FFDCC75575B15

Hacking Tools

Legion automates the password guessing in NetBIOS sessions. Legion scans multiple
IP address ranges for Windows shares and also offers a manual dictionary attack tool.
NTInfoScan is a security scanner for NT 4.0. This vulnerability scanner produces an HTMLbased
report of security issues found on the target system and other information.
L0phtCrack is a password auditing and recovery package distributed by @stake software,
which is now owned by Symantec. It performs Server Message Block (SMB) packet captures
on the local network segment and captures individual login sessions. L0phtCrack contains
dictionary, brute-force, and hybrid attack capabilities.
John the Ripper is a command-line tool designed to crack both Unix and NT passwords. The
cracked passwords are case insensitive and may not represent the real mixed-case password.
KerbCrack consists of two programs: kerbsniff and kerbcrack. The sniffer listens on the network
and captures Windows 2000/XP Kerberos logins. The cracker can be used to find the
passwords from the capture file using a brute force attack or a dictionary attack.

Cracking Windows 2000 Passwords

The SAM file in Windows contains the usernames and hashed passwords. It’s located in the
Windows\system32\config
directory. The file is locked when the operating system is running
so a hacker can’t attempt to copy the file while the machine is booted to Windows.
One option for copying the SAM file is to boot to an alternate operating system such as
DOS or Linux with a boot CD. Alternately, the file can be copied from the
repair
directory.
If a systems administrator uses the RDISK feature of Windows to back up the system, then a
compressed copy of the SAM file called
SAM._
is created in
C:\windows\repair
. To expand
this file, use the following command at the command prompt:
C:\>expand sam._ sam
After the file is uncompressed, a dictionary, hybrid, or brute-force attack can be run against
the SAM file using a tool like L0phtCrack.

Redirecting the SMB Logon to the Attacker

Another way to discover passwords on a network is to redirect the Server Message Block
(SMB) logon to an attacker’s computer so that the passwords are sent to the hacker. In order
to do this, the hacker must sniff the NTLM responses from the authentication server and trick
the victim into attempting Windows authentication with the attacker’s computer. A common
technique is to send the victim an e-mail message with an embedded hyperlink to a fraudulent

Hacking Tools

Win32CreateLocalAdminUser is a program that creates a new user with the username and
passwordX and adds the user to the local administrator’s group. This action is part of the
Metasploit Project and can be launched with the Metasploit framework on Windows.
Offline NT Password Resetter is a method of resetting the password to the administrator’s
account when the system isn’t booted to Windows. The most common method is to boot to
a Linux boot CD and then access the NTFS partition, which is no longer protected, and change
the password.SMB server. When the hyperlink is clicked, the user unwittingly sends their credentials over the network.

NetBIOS DoS Attacks

A NetBIOS Denial of Service (DoS) attack sends a NetBIOS Name Release message to the NetBIOS
Name Service on a target Windows systems and forces the system to place its name in conflict
so that the name can no longer be used. This essentially blocks the client from participating in the
NetBIOS network and creates a network DoS for that system.

Password-Cracking Countermeasures

The strongest passwords possible should be implemented to protect against password cracking.
Systems should enforce 8–12 character alphanumeric passwords. The length of time the same
password should be used is discussed in the next section.
To protect against cracking of the hashing algorithm for passwords stored on the server,
you must take care to physically isolate and protect the server. The systems administrator can
use the SYSKEY utility in Windows to further protect hashes stored on the server hard disk.
The server logs should also be monitored for brute-force attacks on user accounts.
A systems administrator can implement the following security precautions to decrease the
effectiveness of a brute-force password-cracking attempt:
1.Never leave a default password.
2.Never use a password that can be found in a dictionary.

Hacking Tools

SMBGrind increases the speed of L0phtCrack sessions on sniffer dumps by removing duplication
and providing a way to target specific users without having to edit the dump files manually.
The SMBDie tool crashes computers running Windows 2000/XP/NT by sending specially
crafted SMB requests.NBTdeputy can register a NetBIOS computer name on a network and respond to NetBIOSover TCP/IP (NetBT) name-query requests. It simplifies the use of SMBRelay. The relay can be
referred to by computer name instead of IP address.

Hacking Tools

1.NBName can disable entire LANs and prevent machines from rejoining them.
2. Nodes on a Net-BIOS network infected by the tool think that their names are already in use by other machines.
3.Never use a password related to the host name, domain name, or anything else that can
be found with whois.
4.Never use a password related to your hobbies, pets, relatives, or date of birth.
5.Use a word that has more than 21 characters from a dictionary as a password.
This subject is discussed further in the section “Monitoring Event Viewer Logs.”
In the following sections, we’ll look at two measures you can take to strengthen passwords
and prevent password-cracking.

Password Change Interval

Passwords should expire after a certain amount of time so that users are forced to change
their passwords. If the password interval is set too low, then users will forget their current
passwords; as a result, a systems administrator will have to reset users’ passwords frequently.
On the other hand, if passwords are allowed to be used for too long, then security
may be compromised. The recommended password-change interval is every 30 days. In
addition, it’s recommended that users not be allowed to reuse the last three passwords.
You cannot completely block brute-force password attacks if the hacker
switches the proxy server where the source packet is generated. A systems
administrator can only add security features to decrease the likelihood that
brute-force password attacks will be useful.

Monitoring Event Viewer Logs

Administrators should monitor Event Viewer logs to recognize any intrusion attempts either
before they take place or while they’re occurring. Generally, several failed attempts are logged
in the system logs before a successful intrusion or password attack. The security logs are only
as good as the systems administrators who monitor them.
Tools such as VisualLast aid a network administrator in deciphering and analyzing the
security log files. VisualLast provides greater insight into the NT event logs so the administrator
can assess the activity of the network more accurately and efficiently. The program is
designed to allow network administrators to view and report individual users’ logon and
logoff times; these events may be searched according to time frame, which is invaluable to
security analysts who are looking for intrusion details.
The event log located at
c:\\windows\system32\config\Sec.Event.Evt
contains the trace of an attacker’s brute-force attempts

Fun With GOOGLE

lakshmichandrakanth — Thu, 17 Apr 2008 10:58:00 +0000

Some Hack Tips:

Finding Directory Listings Most directory listings begin with the phrase Index of, which also shows in the title. An obvious query to find this type of page might be

intitle:index.of,

intitle:index.of “parent directory”

intitle:index.of name size

Most of the web server in bottom contains he word called “server at”. This type of attacks sometimes may work against the server like,

intitle:index.of server.at

intitle:index.of server.at site:annauniv.edu

Inurl and allinurl it is used to find a text in url.

inurl:admin backup

intitle:index.of inurl:admin

Getting some e-mail address to send spam

@gmail.com -www.gmail.com

View some persons information via their resume

“phone * * *”“address *”“e-mail” intitle:”curriculum vitae”

“phone * * *”“address *”“e-mail” intitle:”resume””

Getting some user and Password information

site:tn.gov.in username userid employee.ID “your username is”

site:tn.gov.in password passcode “your password is”

site:annauniv.edu adminadministrator

“admin login”

Getting Microsoft remote RDP files

Filetype:rdp “password”

Getting Webbased VNC remote desktops

“VNC Desktop” inurl:5800

View the Live web cameras

Axis Video Server (CAM) : inurl:indexFrame.shtml Axis

AXIS Video Live Camera: intitle:”Live View / – AXIS”

AXIS Video Live View : intitle:”Live View / – AXIS”

inurl:view/view.sht

AXIS 200 Network Camera: intitle:”The AXIS 200 Home Page”

Canon Network Camera: intitle:liveapplet inurl:LvAppl

Mobotix Network Camera: intext:”MOBOTIX M1” intext:”Open Menu”

Panasonic Network Camera: intitle:”WJ-NT104 Main Page”

Panasonic Network Camera: inurl:”ViewerFrame?Mode=”

Sony Network Camera: SNC-RZ30 HOME

Seyeon FlexWATCH Camera: intitle:flexwatch intext:”Home page ver”

Sony Network Camera: intitle:snc-z20 inurl:home/

webcamXP: “powered by webcamXP” “ProBroadcast”

Canon ImageReady intitle:”remote ui:top page”

Searching for movie and Music

Music: -inurl:htm -inurl:html intitle:”index of” mp3 “Artist Name”

Movies: -inurl:htm -inurl:html -inurl:php intitle:”index of” (mpgmovaviwmv) “Movie Name”

Fedore – Apache2 SSL Enable : Hints

lakshmichandrakanth — Mon, 03 Mar 2008 19:42:00 +0000

1) check the pkg : openssl and modssl
# cd /etc/pki/tls/cert -> It contains default SSL Certificate Key

# make server.key -> then Enter the password

#make server.crt

# cp server.key /etc/pki/tls/private

# vi /etc/httpd/conf.d/ssl.conf

here change the Parameters
SSL Certificate File & SSL Certificate Key

# service httpd restart

Testing the SSL: https://systimanx.com -> It ask the certificate Key to verify.

How to setup NIS for a Linux network

lakshmichandrakanth — Wed, 27 Feb 2008 21:11:00 +0000

Introduction

The NIS system works by designating one (or more) machine in the network as a NIS server, and the rest as NIS clients. The server acts as the central repository for all user names, passwords, and groups. The data is replicated from the regular /etc/passwd file to NIS databases that are normally DBM format.

When a client needs to check the password of someone who is trying to log in, it sends the request to the server, and the server comes back with the result (correct password or not).

Setting up the Server

Installing the software

On the server, you need to install a package called ypserv. This can be done by urpmi on Mandrake, or apt-get on Debian.

Setting the NIS Domain Name

After installing the above package, you have to select and set a NIS Domain Name that will be used by both the server and the client. On some systems you can do so by running the domainname command. On others, you can just add it to a configuration file.

On Mandrake, you need to edit the file: /etc/sysconfig/network and add the following line to it:

NISDOMAIN=somename

Where somename is a name that you choose for the NIS Domain Name for your network.

Initializing NIS files

Then you have to convert the existing passwd, group and shadow files that contain user information and password to the NIS DBM format. You can do this using the following command:

/usr/lib/yp/ypinit -m

Updating the NIS files

From now on, every time you add a user, delete a user, you have to update the NIS database. You can do this using the command:

make -C /var/yp

If you want, you can setup a cron job to run every hour or every day and update the database for you automatically if it detects a change.

Starting the NIS server

Now you have to start the NIS server by entering the following command:

/etc/init.d/ypserv start

The server is now ready to handle authentication requests from the clients.

Setting up the Client machines

Installing the software

On the client, you need the yp-tools package, which depends on the ypbind package.

Configuring the software

First you must setup the NIS Domain Name. See above for how this is done.

Then, you must edit the /etc/yp.conf file, and point it to the appropriate server and domain name. Remember that the domain name must be the same that you set for the server. For example, add the following line:

domain somedomain server somehost

Modifying nsswitch.conf

The /etc/nsswitch.conf file lists the order for how lookups for various things are done, such as DNS lookup, user authentication, and the like. In order to make lookups for user authentication faster, change the following section in this file from:

passwd: files nisplus nisshadow: files nisplus nisgroup: files nisplus nis

To the following:

passwd: nis files nisplusshadow: nis files nisplusgroup: nis files nisplus

Deleting the existing users

If this system had local users before you install NIS, then it is a good idea to delete those users from the local machine before proceeding, provided that they have been added to the server. You can use the administration GUI that comes with your distribution to do this, or the userdel command.

Starting the NIS service

Start the NIS client service by entering:

/etc/init.d/ypbind start

Conclusion

Assuming you have done the above steps correctly, you can now handle all client authentication by using NIS.

Booting process in Solaris

lakshmichandrakanth — Tue, 08 Jan 2008 18:20:00 +0000

Booting process in Solaris can be divided in to different phases for ease of study . First phase starts at the time of switching on the machine and is boot prom level , it displays a identification banner mentioning machine host id serial no , architecture type memory and Ethernet address This is followed by the self test of various systems in the machine.

This process ultimately looks for the default boot device and reads the boot program from the boot block which is located on the 1-15 blocks of boot device. The boot block contains the ufs file system reader which is required by the next boot processes.

The ufs file system reader opens the boot device and loads the secondary boot program from /usr/platform/`uname –i`/ufsboot ( uname –i expands to system architecture type)

The boot program above loads a platform specific kernel along with a generic solaris kernel. The kernel initialize itself and load modules which are required to mount the root partition for continuing the booting process.

The booting process undergoes the following phases afterwards :
1) init phase
2) inittab file
3) rc scripts & Run Level

INIT phase : Init phase is started by the execution of /sbin/init program and starts other processes after reading the /etc/inittab file as per the directives in the /etc/inittab file .
Two most important functions of init are
a) It runs the processes to bring the system to the default run level state ( Run level 3 in Solaris , defined by initdefault parameter in /etc/inittab )
b) It controls the transition between different run levels by executing appropriate rc scripts to start and the stop the processes for that run level.
/etc/inittab file

This file states the default run level and some actions to be performed while the system reaches up to that level. The fields and their explanation are as follows

:S3:3:wait:/sbin/rc3 > /dev/console 2>&1 < /dev/console

S3 denotes a identification if the line
3 is run level
wait is action to be performed
/sbin/rc3 is the command to be run.
So the fields in the inittab are Identification : run level : action : process.The complete line thus means run the command /sbin/rc3 at run level 3 and wait until the rc3 process is complete.The action field can have any of the following keywords:
Initdefault : default run level of the system
Respawn : start and restart the process if it stops.
Powerfail : stop on powerfail
Sysinit : start and wait till console in accessible .
Wait : wait till the process ends before going on to the next line.

RC scripts & Run Levels
Rc scripts performs the following functions :
a) They check and mount the file systems
b) Start and stop the various processes like network , nfs etc
c) Perform some of the house keeping jobs.
System goes in to one of the following run level after booting depending on default run level and the commands issued for changing the run level to some other one.
0 Boot prom level ok> or > prompt in Sun.
1 Administrative run level . Single user mode
2 Multiuser mode with no resource sharing .
3 Multiuser level with nfs resource sharing
4 Not used
5 Shutdown & power off (Sun 4m and 4u architecture )
6 Reboot to default run levelS s Single user mode user logins are disabled.

Broadly speaking the running system can be in any of the folloing state
Single user – Minimum processes running , user logins disabled and root password is required to gain access to the shell .
Multiuser – All system processes are running and user logins are permitted

Run level of a desired state is achieved by a number of scripts executed by the rc program the rc scripts are located in /etc/rc0.d , /etc/rc1.d , /etc/rc2.d , /etc/rc3.d & /etc/rcS.d directories .

All the files of a particular run level are executed in the alphanumeric order .Those files beginning with letter
S starts the processes and those beginning with
K stops the processes.

How To Install Tomcat on Solaris

lakshmichandrakanth — Tue, 08 Jan 2008 18:14:00 +0000

Requirements:
The Java SDK must be install and configured.

Installation

Obtain Jakarta Tomcat from http://jakarta.apache.org/. Tomcat is all in Java, download the binary version containing the class files. The lastest supported version of Jakarta Tomcat is 4.1.x.

Move or copy the file into the /usr/local directory:

jakarta-tomcat-4.1.31.tar.gz /usr/local

-or-

mv jakarta-tomcat-4.1.31.tar.gz /usr/local

Change user to root user using the su command.

Change directory to the /usr/local where you moved or copied the jakarta-tomcat compressed file to cd /usr/local/.

Use the tar command to untar the file for the compressed file:

-zxvf jakarta-tomcat-4.1.31.tar.gz

(If the tar command does not support gunzip for a .gz file, issue a gunzip command before the tar command.)

gunzip jakarta-tomcat-4.1.31.tar.gz
tar -xvf jakarta-tomcat-4.1.31.tar

For simplicity, create a symbolic link as follows:

-s /usr/local/ jakarta-tomcat-4.1.31 /usr/local/tomcat

Create a JAVA_HOME variable that points to the Java SDK installation and export it:

JAVA_HOME=
export JAVA_HOME

Starting and Stopping the Tomcat Daemon

The Tomcat daemon is started and stopped by running a shell script as follows:

To start the Tomcat daemon, use bash-2.03# /usr/local/tomcat/bin/startup.sh.

To stop the Tomcat daemon, use bash-2.03# /usr/local/tomcat/bin/shutdown.sh.

Troubleshooting Jakarta Tomcat Service

Check the log files in /usr/local/tomcat/logs and see if there is any useful information there.

Check the /var/adm/messages.

Below are some common error messages that can occur:

“ERROR: java.net.BindException: Address already in use:8080”

Ensure that nothing else is listening on port 8080:

netstat -na grep 8080

If no other program is using it then you should not get any results.

“ERROR: The JAVA_HOME environment variable is not defined correctly.
This environment variable is needed to run this program.
NB: JAVA_HOME should point to a JDK not a JRE”

Ensure the JAVA_HOME variable is pointing to the correct location. It must point to the JAVA SDK installation package such as j2sdk1.4.2x.

Use the echo $JAVA_HOME command to check its value.

The result should be /usr/java/j2sdk1.4.2_05.

Verifying and Testing Installation

verify that the daemon is running, type bash-2.03# ps –ef grep tomcat.

result is similar to the following:

/usr/java/j2sdk1.4.2_05/bin/java – … =/usr/local/jakarta-tomcat

a Web browser on the local server and go to the following URL:

http://localhost:8080

This should direct one to the Tomcat main page.

DHCP sample configuration

lakshmichandrakanth — Fri, 07 Dec 2007 20:42:00 +0000

/etc/*/dhcpd.conf

ddns-update-style interimignore client-updates subnet 192.168.1.0 netmask 255.255.255.0 { # The range of IP addresses the server # will issue to DHCP enabled PC clients # booting up on the network range 192.168.1.201 192.168.1.220; # Set the amount of time in seconds that # a client may keep the IP address default-lease-time 86400; max-lease-time 86400; # Set the default gateway to be used by # the PC clients option routers 192.168.1.1; # Don't forward DHCP requests from this # NIC interface to any other NIC # interfaces option ip-forwarding off; # Set the broadcast address and subnet mask # to be used by the DHCP clients option broadcast-address 192.168.1.255; option subnet-mask 255.255.255.0; # Set the DNS server to be used by the # DHCP clients option domain-name-servers 192.168.1.100; # Set the NTP server to be used by the # DHCP clients option nntp-server 192.168.1.100; # If you specify a WINS server for your Windows clients, # you need to include the following option in the dhcpd.conf file: option netbios-name-servers 192.168.1.100; # You can also assign specific IP addresses based on the clients' # ethernet MAC address as follows (Host's name is "laser-printer": host laser-printer { hardware ethernet 08:00:2b:4c:59:23; fixed-address 192.168.1.222; }}## List an unused interface here#subnet 192.168.2.0 netmask 255.255.255.0 {

CCNA Interview Questions

lakshmichandrakanth — Wed, 05 Dec 2007 23:09:49 +0000

Setup a proxy server with web content filtering: squid+rejik+squint+sqstat

lakshmichandrakanth — Fri, 09 Nov 2007 21:49:00 +0000

Squid is a proxy server and web cache daemon.
Rejik is a squid redirector, used to block advertising, banners, mp3 and so on.
Squint is used to periodically analyze squid logs, and produce linked HTML reports
SqStat is a php script which allows to look through active squid users connections. It use cachemgr protocol to get information from squid proxy server.

VideoÂ isÂ aboutÂ howÂ to setup a squid proxy-server with web-content filtering (using rejik redirector) with browsableÂ proxyÂ usage statistics (squint for HTML reports and sqstat for realtime statistics).

This video tutorial, as previous, consists from 4 parts:
Part 1. Install and configure squid (13:51 min)
Part 2. Setup rejik for web-content filtering (09:30 min)
Part 3. Setup squint to convert a squid logs into a browsable HTML reports (03:02 min)
Part 4. Install and configure SqStat – to view active squid user connections (02:49 min)

Installation steps.
Part 1. Install and configure squid:

Use logrotate for rotating squid logs:

echo net-proxy/squid logrotate >> /etc/portage/package.use

squid installation:

emerge -av squid

Move the default configuration file for squid and make a new one:
mv /etc/squid/squid.conf /etc/squid/squid.conf.default
vi /etc/squid/squid.conf

# squid listens on the loopback and on
# the internal interface (3128 port)
http_port 127.0.0.1:3128
http_port 172.16.50.63:3128

# Disable ICP and HTCP queries to/from neighbor caches.
# These features are needed only in a multi-level cache
# environment with multiple siblings and parent caches
icp_port 0
htcp_port 0

# Words defined in this tag when matched in the URLs,
# directs squid not to query caches.
# For example dynamic content – php or asp pages.
hierarchy_stoplist cgi-bin ? php asp
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

# Specify the amount of RAM, to be used for caching the
# so called: In-Transit objects, Hot Objects,
# Negative-Cached objects.
cache_mem 16 MB

# If a file size is less than – 100 MB,
# squid will place it in cache
maximum_object_size 100 MB

# Define the path to cache directory where all objects which
# are to be cached are stored:
# 1024 – is the amount of disk space (MB)
# to use under /var/cache/squid directory
# 16 – is the number of first-level subdirectories
# which will be created under the
# /var/cache/squid directory
# 256 – is the number of second-level
# subdirectories which will be created under
# each first-level directory
cache_dir ufs /var/cache/squid 1024 16 256

# Log client request activities to the
# /var/log/squid/access.log file using the squid log format
access_log /var/log/squid/access.log squid

# Define access control lists
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/32
acl manager proto cache_object
acl ssl_ports port 443
acl ftp_ports port 21
acl www_ports port 80 443
acl CONNECT method CONNECT
acl PURGE method PURGE

# Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow PURGE localhost
http_access deny PURGE
# Deny requests to unknown ports
http_access deny !www_ports !ftp_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !ssl_ports

# Rules for our clients
acl video4admin_proxy_users src 172.16.50.0/23
http_access allow video4admin_proxy_users

# Allow the localhost to have access by default
http_access allow localhost

# And deny all other access to this proxy
http_access deny all

# Prevent users from downloading very large files
# (limit to ~100MB)
reply_body_max_size 102400000 allow all

# Supply an e-mail where users can send their remarks
# or problems regarding squid
cache_mgr root@proxy.video4admin.com

# Define the hostname that will be shown in
# error messages etc.
visible_hostname proxy.video4admin.com

# Specify the UID/GID that the squid will run on
cache_effective_user squid
cache_effective_group squid

# Squid has a built in feature for the rotation of the logs.
# But I prefer logrotate
logfile_rotate 0

# Speed up the writing of some log files
buffered_logs on

Check cache dir permissions:
ls -ld /var/cache/squid/
chown squid:squid -R /var/cache/squid

Try to run squid in non-daemon mode with max debugging information to verify config file:
squid -NCd10

Create swap-directories:
squid -z

Re-run squid in non-daemon mode with max debugging information. If squid is saying that is ready to accept connections – config file is correct. Stop squid with Ctrl+C:
squid -NCd10

Now configure logrotate for rotating the squid logs:
vi /etc/logrotate.d/squid

/var/log/squid/*.log {
weekly
# rotate the logs 50 times before removing the old logs
rotate 50
# copy and truncate the original log file in place instead
# of renaming it and creating a new logfile
copytruncate
compress
# Do not rotate the log if it is empty
notifempty
missingok
sharedscripts
}

Start squid and add it to runlevel default:
/etc/init.d/squid start && rc-update add squid default

Part 2. Setup rejik for web-content filtering

Install Perl-compatible regular expression library (needed for rejik):
emerge -av libpcre

Download actual version of Rejik and extract it:

links http://rejik.ru/980/index_en.html
tar xvf redirector-3.2.1.tgz
cd redirector-3.2.1

Edit Makefile (variables SQUID_USER and SQUID_GROUP):
vi Makefile

SQUID_USER=squid
SQUID_GROUP=squid

Make redirector case independent – uncomment #define CASE_INDEPENDENT in vars.h

Compile and install:
make && make install

Download and extract ban-lists:
cd /usr/local/rejik3
links http://rejik.ru/980/index_en.html
tar xvf banlists-2.x.x.tgz
rm banlists-2.x.x.tgz

Download and extract files that will replace banners, mp3 etc.:
cd /var/www/localhost/htdocs/
links http://rejik.ru/980/index_en.html
tar xvf squid-like-www-en.tgz
rm squid-like-www-en.tgz

Files, which will replace advertisements will be placed in /ban dir. Check, if they are accessible via browser:
mv squid-like-www-en ban
links 127.0.0.1/ban
cd /usr/local/rejik3

Configure redirector:
cp redirector.conf.dist redirector.conf
vi redirector.conf
mv banlists/mp3 banlists/audiovideo

Change owner for /usr/local/rejik3 directory:
ls -al /usr/local/rejik3
chown -R squid:squid /usr/local/rejik3

Run the check-redirector from the folder tools and check redirector logs:
tools/check-redirector

If check-redirector says that “This account is currently not avalaible”, temporary enable shell for squid account and re-run check-redirector:
vipw
tools/check-redirector

Watch redirector logs, and if says that “Redirector is start and working” disable shell for squid account:
less redirector.err
vipw
cd

Add redirect program into squid.conf:
vi /etc/squid/squid.conf

url_rewrite_program /usr/local/rejik3/redirector /usr/local/rejik3/redirector.conf

Restart squid and try to open pages in the browser. You can see in logs that redirector works for site xxx.com:
/etc/init.d/squid restart
tail -f /usr/local/rejik3/redirector.log
links -http-proxy 127.0.0.1:3128 xxx.com
tail -f /usr/local/rejik3/redirector.err

For example, letâs try to block youtube.com as forbidden multimedia resource:
vi /usr/local/rejik3/banlists/audiovideo/urls

youtube.com

/etc/init.d/squid restart

Look at redirector log to see if new rule are loaded
tail -f /usr/local/rejik3/redirector.err

Try to open page youtube.com in the browser to see that happens:
links -http-proxy 127.0.0.1:3128 youtube.com

For more documentation about redirector, please consult http://rejik.ru/index280_en.html

Part 3. Setup squint – to convert a squid log into a browsable HTML report:

Download actual version of squint and extract it:

links http://www.ledge.co.za/software/squint/
tar xvf squint.tar.gz
rm squint.tar.gz
cd squint-0.3.18/

Mofidy BASEDIR, LOGDIR and HTTPDCONF in squint.cron.sh:
vi squint.cron.sh

BASEDIR=”/var/www/localhost/htdocs/squint”
LOGDIR=”/var/log/squid”
HTTPDCONF=/etc/apache2/httpd.conf

Install squint:
make install

Create a place for the reports in /var/www/localhost/htdocs/squint and install a crontab entry to run the report daily, weekly and monthly:
make init

Verify if it is installed correctly:
ls -ald /var/www/localhost/htdocs/squint
less /etc/crontab

Clean:
cd ..
rm -r squint*

Point your web-browser to http://proxyhost/squint to see the reports.
In my video the ip of proxyhost is 172.16.50.63

Part 4. Install and configure SqStat – to view active squid user connections:

Download sqstat and extract it:

links http://samm.kiev.ua/sqstat/
unzip sqstat-1.20.zip

Install:
mv sqstat-1.20 /var/www/localhost/htdocs/
rm sqstat-1.20.zip
cd /var/www/localhost/htdocs/sqstat-1.20

Configure:
mv config.inc.php.defaults config.inc.php
vi config.inc.php

DEFINE(“SQSTAT_SHOWLEN”,100);

Edit squid.conf. Make sure that cachemgr protocol is allowed from localhost:
vi /etc/squid/squid.conf

Point your web-browser to http://proxyhost/sqstat-1.20/sqstat.php. In my video the ip of proxyhost is 172.16.50.63