Administrations

OpenLDAP introduction

by

This document describes how to build, configure, and operate OpenLDAP Software to provide directory services. This includes details on how to configure and run the Standalone LDAP Daemon, slapd(8). It is intended for new and experienced administrators alike. This section provides a basic introduction to directory services and, in particular, the directory services provided by slapd(8). This introduction is only intended to provide enough information so one might get started learning about LDAP, X.500, and directory services.

1.1. What is a directory service?

A directory is a specialized database specifically designed for searching and browsing, in additional to supporting basic lookup and update functions.

 

Note: A directory is defined by some as merely a database optimized for read access. This definition, at best, is overly simplistic.

 

Directories tend to contain descriptive, attribute-based information and support sophisticated filtering capabilities. Directories generally do not support complicated transaction or roll-back schemes found in database management systems designed for handling high-volume complex updates. Directory updates are typically simple all-or-nothing changes, if they are allowed at all. Directories are generally tuned to give quick response to high-volume lookup or search operations. They may have the ability to replicate information widely in order to increase availability and reliability, while reducing response time. When directory information is replicated, temporary inconsistencies between the replicas may be okay, as long as inconsistencies are resolved in a timely manner.

There are many different ways to provide a directory service. Different methods allow different kinds of information to be stored in the directory, place different requirements on how that information can be referenced, queried and updated, how it is protected from unauthorized access, etc. Some directory services are local, providing service to a restricted context (e.g., the finger service on a single machine). Other services are global, providing service to a much broader context (e.g., the entire Internet). Global services are usually distributed, meaning that the data they contain is spread across many machines, all of which cooperate to provide the directory service. Typically a global service defines a uniform namespace which gives the same view of the data no matter where you are in relation to the data itself.

A web directory, such as provided by the Open Directory Project <http://dmoz.org>, is a good example of a directory service. These services catalog web pages and are specifically designed to support browsing and searching.

While some consider the Internet Domain Name System (DNS) is an example of a globally distributed directory service, DNS is not browseable nor searchable. It is more properly described as a globally distributed lookup service.

Read more

Share

How To Control Access To Unwanted Websites Using URL Blacklist With SafeSquid Proxy Server

by

SafeSquid – Content Filtering Internet Proxy, has many content filtering features that can be used to decide who is allowed what, when and how much on the net. In this tutorial I will describe how to control access to unwanted categories of websites, by using URL Blacklist database with SafeSquid Proxy Server.

Note: Also see the following articles :
'Deploying A Content Filtering Proxy Server To Distribute Controlled Internet Access With SafeSquid'
Set Up Gateway Level Virus Security With ClamAV And SafeSquid Proxy
How To Set Up Internet Access Control And Internet Filtering With SafeSquid Proxy Server

SafeSquid allows the administrators to use plain text urlblacklist very easily and with a desired level of sophistication. The sites http://www.shallalist.de/ and  http://www.urlblacklist.com maintain a well categorized list of various web-sites and pages like porn, adult, webmail, jobsearch, entertainment, etc. This is an excellent resource for an administrator seeking to granularly enforce a corporate policy that allows or disallows only certain kinds of web-sites to be accessible by specific users, groups or networks.

Note: cProfiles offers the flexibility of many more actions than URL Blacklist, instead of just allowing / blocking categories. For example, you can add a profile to a specific category, and then use that profile in any of SafeSquid's filtering sections, for actions on the category like blocking cookies, ads and banners, ActiveX, Java Scripts, throttling bandwidth (QoS), or simply analyzing what category is most visited, without blocking access.
For Details, see http://www.safesquid.com/html/portal.php?page=132

While Shalla Secure Services offer free downloads and updates for home users, Urlblacklist requires you to subscribe to receive updates. You can download the URL Blacklist by Shalla from HERE, and the trial database by urlblacklist.com from HERE.
Please note that you will be able to download this trial database only once. You need to subscribe to urlblacklist.com to be able to receive regular updates 

Copy the downloaded trial database to /usr/local/bin directory on the SafeSquid Server, and untar the files

cd /usr/local/src
tar -zxvf bigblacklist.tar.gz

This will create a directory 'blacklist'. Create a directory 'urlbl' in /opt/safesquid and copy the contents of blacklist in this directory.

mkdir /opt/safesquid/urlbl
cd blacklist
cp -rf . /opt/safesquid/urlbl

Next, restart SafeSquid

/etc/init.d/safesquid restart

In SafeSquid GUI Interface, click on URL blacklist in the Top Menu It should display a list of all the categories copied to the urlbl directory. Here, you can query the database to find out if a website is listed under any category. For example, to find out what category hackerstuff.com belongs to, type hackerstuff.com in the Domain field and click on Submit below. You should get a screen similar to this –

SafeSquid Interface – URL Blacklist Database Query

Note: This section only allows you to query the database. Selecting or unselecting a category does not enable or disable it. 

Read more

Share

Netstat Command

by

Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc.,

In this article, let us review 10 practical unix netstat command examples.

1. List All Ports (both listening and non listening ports)

Read more

Share

Icinga Sample Host cfg file to monitor Windows Server

by

define host{
use             windows-server  ; Inherit default values from a template
host_name blk-smsgw ; The name we're giving to this host
alias           Windows Server       ; A longer name associated with the host
address        10.10.10.1    ; IP address of the host
        }

definehostgroup{

alias           Windows Servers ; Long name of the group
members localhost, blk-smsgw     ; Comma separated list of hosts that belong to this group
        }
define service{
use                     generic-service
host_name               blk-smsgw
service_description     NSClient++ Version
check_command           check_nt!CLIENTVERSION
}

Read more

Share

Monitor Windows Service using Nagios (Icinga)

by

On the Nagios Server edit the file /usr/local/nagios/etc/objects/windows.cfg:

# vi /usr/local/nagios/etc/objects/windows.cfg

Add the following to create a new service definition to monitor the process state of WinVNC.exe (VNC Server):

# Create a service for monitoring the WinVNC.exe process
# Change the host_name to match the name of the host you defined above

define service{
        use                     generic-service
        hostgroup_name          windows-servers
        service_description     VNC
        check_command           check_nt!PROCSTATE!-d SHOWALL -l WinVNC.exe
        }

Add the following to create a new service definition to monitor the Service state of the Print Spooler service:

define service{
        use                     generic-service
        hostgroup_name          windows-servers
        service_description     eTrust ITM Web Access Service
        check_command           check_nt!SERVICESTATE!-d SHOWALL -l "Print Spooler"
        }

To monitor a Service other then the Print Spooler, substitute Print Spooler with how the Name of the service appears in the Services window Name column

Windows_Services

Share

How to install Java SDK (1.6) and Apache Ant (1.7) on CentOS

by

I had enough with some package managers or alternative ways of installing Java on a server which is running CentOS (RHEL) 4.4 . I think the most straight forward way is the following. I promise by the end of this post you will have Java and Apache Ant running on you server!

SETUP JAVA

Step 1: Download Java SDK for Linux (I have used the .bin file)

Step 2: upload the .bin file to your server – I have picked the following folder /usr/lib/
So it would be /usr/lib/jdk-6u1-linux-i586.bin (this is JDK1.6 update 1 for my case maybe when you read this post is jdk1.7).

Step 3: Unpack – extract the bin file contents of the bin file

    > chmod 777 jdk-6u1-linux-i586.bin
    > ./jdk-6u1-linux-i586.bin

Step 4: Follow the instructions and type yes when prompted to do so! After unpacking you should have the following folder /usr/lib/jdk1.6.0_01/

Read more

Share

Enable Directory Listing in Nginx Webserver

by

Here is a simple way to enable directory listing in Nginx Webserver.
I have a subdomain repository.wowtutorial.org and i want repository.wowtutorial.org to have ability to listing a directory.

All we need to do just modify the vhosts or nginx.conf
Add autoindex on;

Please see the example below

Example :

#nano /usr/local/etc/nginx/vhosts/repository.wowtutorial.org

server {
        listen  80;
        server_name  repository.wowtutorial.org;
        autoindex on;

        location / {
            root   /home/xxx/repository;
            index  index.php index.html index.htm;
        }

        location ~ \.php$ {
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_param  SCRIPT_FILENAME  /home/xxx/repository$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_script_name;
                include        /usr/local/etc/nginx/fastcgi_params;
        }

        location ~ /\.ht {
            deny  all;
        }
}

Share

PowerDNS Cache dump in CSV

by

The objective is simple, a periodic cron cache dump of powerdns recursor on a setup.

1. create a shell code as below using nano-

#nano /usr/local/bin/pdns-cache-dump.sh

#!/bin/sh
DAY=`/bin/date +%Y%m%d`
TFILE="/var/log/pdns-cache/$(basename $0).$DAY.csv"
rec_control dump-cache $TFILE
echo "cache dump completed, dump script by rumi (hasan.emdad@mango.com.bd)"

Read more

Share

Canon scanner N340P/ N640P problem on windows 7 or vista Operating System

by

I was trying to use my old scanner Canon flatbed scanner "CanoScan N 640P ex" model. The driver installation didn't give any compatibility issue. However, after the OEM driver installed and tried to scan something- I was receiving this error-

canocraft cs-p 3.8 profile not found error code 0x24050010

After googling got it up & running :). So here goes the tid bits-

One:: log out of your user account it will not run in the user account.
Two:: log in to admin account then unzip the file in to a blank folder you should have disk one two three.
Three:: open the folder names disk one.
Four:: right click on the file that say's setup.exe right click it. then select properties then on the tabs click on compatibility tab
Five:: check run this program in compatibility mode for : select in the drop down box windows 2000 then click apply
Six:: click on the setup.exe file and run it.
Seven:: when the setup is done check mark i will start my computer me self. the finsh.
Eight:: after the box is gone restart the computer.
Nine:: log back in admin account and load the CanoCraft CS-P 3.8 do a preview scan you should have a preview show up.
Ten:: you get a preview page then test for a save file jpg what I did.
Then when thats done log out and back to your user account. scan all you want. Note do not !!! add it as a device it will blue screen you "blue screen of death"

Share