Monday, October 30, 2006

Ubuntu 6.10(Edgy Eft), has been released

From the official site of Ubuntu, the latest version 6.10 has been released. The code named "Edgy Eft" version has the serveral new features, including:
  • Tomboy, an easy-to-use and efficient note-taking tool

  • F-Spot, a photo management tool that enables tagging, photo editing and automatic uploading to on-line web management sites such as Flickr

  • GNOME 2.16, which in addition to new features such as enhanced power management, makes the GNOME desktop more secure, faster and more stable

  • Upstart, a replacement start-up manager offering a cleaner design, eye-catching effects and a substantially faster boot time

  • The latest Firefox web browser, which offers inline spell check support in web forms, easy recovery of crashed sessions, built-in phishing detectors, enhanced search engine management with built in OpenSearch support, and better support for previewing and subscribing to web feeds

  • Proactive security features, preventing many common security vulnerabilities even before they are discovered

  • Evolution 2.8.0, which brings new features such as vertical message panes

Currently I'm using 6.06 Dapper Kubuntu. But there is a memory leakage problem when using Eclipse. Also the stability of some KDE application is out of my expectataion. Therefore, I'd better upgrade to 6.10 and swtich back to the Gnome world. In addition, I haven't tried the Tomboy and F-Spot before but it sounds very attractive.

I'm now downloading the ISO file and hope to share my experience very soon.

Thursday, October 26, 2006

Setup your own http proxy server

In this document, I will show you how to setup an http proxy server with content filter and virus scanner on Linux platform.

We will use following open-source software to achieve our goal,
Squid - a free and open-source web proxy server

Pre-installation
First of all, you have to create user accounts, which will be used to install the proxy server. Login to your linux machine, and type the following command, if you don't have these user accounts in your system.

command> useradd -M squid
command> groupadd clamav
command> useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

Download all required packages

Please download all following packages to your Linux machine. I used to download them to my "/downloads" folder, so I will refer to this folder in the whole installation process.

Squid - the latest version when this doc. written is squid-2.6.STABLE4
Webmin - the latest version when this doc. written is webmin-1.3
Clamav - the latest version when this doc. written is clamav-0.90RC1.1
SARG - the latest version when this doc. written is sarg-2.2.2

Compile Squid Proxy Server
Now, we are going to start our proxy installation. First, compile your squid proxy server, if you are not advance linux user (like me), you can follow my settings which shown below. If you are advance user, and wanna custom your proxy installation setting, you can check the config parameters and use your own setting.

command> su squid
command> cd /downloads
command> tar -xzvf squid-2.6.STABLE4.tar.gz
command> cd squid-2.6.STABLE4
command> ./configure \
command> --enable-arp-acl \
command> --enable-ssl \
command> --enable-linux-netfilter \
command> --enable-underscores
command> make
command> exit

Notes: You must use the "squid" account to compile the proxy server

Install Squid Proxy Server
command> make install

Okay, we have installed our server and next we will configure it. As usual, I use vi to modify config file. You can use your famous editor to edit the config file.

command> vi /user/local/squid/etc/squid.conf

Search for tag "cache_effective_user" and add the line below after the tag.
"cache_effective_user squid"

Search for tag "visible_hostname" and add the line below after the tag.
"visible_hostname MYPROXYSERVER"
where MYPROXYSERVER is the machine hostname

Save your modification and then exit

Install Webmin
You will like to install webmin which will ease you to play with your proxy server, like add access rule, configure content filter, and generate access reports.

command> cd /downloads
command> tar -xzvf webmin-1.3.tar.gz
command> cd webmin-1.3
command> ./setup.sh /usr/local/webmin

During the installation, you will be ask several questions, where you can custom your installation, I used to answer the them with default values as follows,

1) /etc/webmin
2) /var/webmin
3) /usr/bin/perl
4) port:10000
5) username: admin
6) password:
7) start at boot time: y

After installed webmin, we will configure it, so that it can work with our installed proxy server.

Enable SSL for webmin
Go to "http://host-ipaddress:10000" and login with the username which entered while installation.
Click the tags "Webmin" >> "Webmin Configuration" >> "SSL Encryption"
Click the link "download and install"
After downloaded required packages, click "Continue With Install"
After installation, click the link "Return to webmin configuration"
Click "SSL Encryption" again, select "Yes" under "Enable SSL if availabe"
Select "Yes" under "SSL requests to SSL mode"
Click the "Save" button to confirm the settings

Configure Squid Proxy Server Webmin Module
Go to "http://host-ipaddress:10000" and login with the username which you entered while installation.
Click the tags "Servers" >> "Squid Proxy Server" >> "Module Config"
Edit following fields:
  • Full Path to squid config file: /usr/local/squid/etc/squid.conf
  • Command to start squid: /usr/local/squid/sbin/squid
  • Command to stop squid: /usr/local/squid/sbin/squid -k shutdown
  • Command to apply changes: /usr/local/squid/sbin/squid -k reconfigure
  • Squid Executable: /usr/local/squid/sbin/squid
  • Full path to PID file: /usr/local/squid/var/logs/squid.pid
  • Full path to squid cache directory: /usr/local/squid/var/cache
  • Squid cachemgr.cgi executable: /usr/local/squid/libexec/cachemgr.cgi
  • Full path to squid log directory: /usr/local/squid/var/logs
Press the "Save" button

Start Squid Proxy Server
For a simple web squid proxy server, it is nearly done. Let's start to initialize our server, and then go to next section to install anti-virus software.

Press the button "Initialize Cache"
Click the link "Return to squid index"
Press the button "Start Squid"

Install Clamav
We want our server able to decline all infected files downloading, so we need an anti-virus software to scan download files. Clamav is a free anti-virus tool, I think it is good enough for us as the purpose of filtering, you may try out any other commercial anti-virus software for the same purpose, and you are very welcome to comment it. Let's start to install it.

We install it with its default settings.

command> cd /downloads
command> tar -xzvf clamav-0.90rc1.1.tar.gz
command> cd clamav-0.90rc1.1
command> ./configure
command> make
command> make install
command> make clean

Intall DansGuardian
We need a tool to link up the squid proxy server and clamav anti-virus scanner, and it is where DansGuardian placed in, which is a content filter software.

To be Continue ...

Wednesday, October 25, 2006

Firefox 2.0 Released !

One of the new fucntion "Session memory" can "hold" the session when Firefox restarts, so that I can prevent the trouble of re-login to some website.

其中一個新功能「session memory」,令每次重啟火狐時,會自動載入上次關閉前使用者最後駐足的那些網頁。這樣可以避免因意外關掉火狐而再Login多一次的麻煩。

Tuesday, October 24, 2006

Apache Rewrite

A tricky situation. Support you have two webservers but there is only 1 public IP on your network. You want everybody browse the contents of the servers with different url (say server1.test.com for server1 and server2.test.com for server2).

If the content are in the same server, it would be easy to archieve this by using VirtualHost. So how about in this case? We can use the module "Rewrite".

Support the default webserver is server1 (all traffic from Internet will go to this server first). We add a virtual host and use rewrite to "redirect" request of server2:

...
<VirtualHost *:80>
ServerName :80
ServerAdmin admin@
ErrorLog logs/<hostname/IP>-error_log
CustomLog logs/<hostname/IP>-access_log combined

RewriteEngine on
RewriteRule ^/(.*) http://<hostname/IP>/$1 [L,P]
</VirtualHost>
...

Note:
hostname of server2 should be resolved by server1
you cannot have multitple SSL(443) connection with 1 IP

Reference: http://httpd.apache.org/docs/2.2/misc/rewriteguide.html