Joe-Ma Help with Unix, Apple, Web, Mikrotik and Cisco

Logging Cisco devises to syslog on FreeBSD Overview What we are going to do here is get a FreeBSD server up and running with syslog-ng, so that we can log information from our Cisco devises to it. This How-To will be pretty detailed and we will be logging data from Cisco Routers Switches and Cisco PIX Firewalls. We are going to get the syslog-ng daemon to create the log files automatically and to log to a new file each day, with a date stamp in the file name. Installation This is probable the easiest part All you have to do is “cd /usr/ports/sysutils/syslog-ng” and run “make install clean” Now that the port is installed you can edit the syslog-ng startup script to change the following line from NO to YES : ${syslog_ng_enable:="NO"} : ${syslog_ng_enable:="YES"} also add syslog_ng_enable="YES" to your /etc/rc.conf file Save the file, then edit your /etc/rc.conf file and add syslog_ng_enable="YES" and also add syslogd_enable="NO" this wil...

There are many things to take into account when it comes to trying to secure anything not only PHP or Apache or Postfix or anything else 1. You and your users still need to be able to use it 2. The server can be as secure as possible but a few lines of bad code can really screw up your morning. There are a few things to keep in mind when configuring the php.ini file Firstly its probably not a bad idea to chroot your apache server, there are a few very good examples on how to do this on the web Just do a search in google or something in your php.ini file add the following safe_mode = On safe_mode_gid = Off expose_php = Off register_globals = Off display_errors = Off log_errors = On error_log = "filename" safe_mode = On By switching on the safe_mode, you have just made your server probably twice as secure as it was before. Safe mode will ensure that only the owner of the file or script is able to read or execute that file or script Here is an example -rw-rw-r-- 1 joeuser j...

Securing Apache 1.3 Overview There are many things to keep in mind when trying to secure anything, one of the most important is to make user that the system is usable and secure there is usually a bit of a trade off between security and usability. You could secure Apache by not allowing users to use any sort of scripts or only plain HTML pages but that’s not usually practical. In this article I am going to go over the basic things to keep in mind on how to secure Apache but I will not go into running it in a jailed root mode. There is however a great article on this over at SecurityFocus . Installation Firstly you will need to install Apache if you are using FreeBSD then simply go to your ports directory and run a make install clean /usr/ports/www/apache13 Or any of the other apache 1.3 ports that you might want to install Like apache13-modssl or apache13-ssl/ In the case of the SSL apache versions you would install as follows # make # make certificate ( this is so you can create a s...

Installing and configuring Mod Security ModSecurity is an open source application that acts as a web application firewall or an Intrusion Detection and Prevention system. It can but run as an Apache Module or as standalone. ModSecurity is able to increase web based application security from attacks. Installing ModSecurity This is simple just run a make install clean in FreeBSD's mod_sec port directory, if you are not running FreeBSD and need the source you can get it from the ModSecurity Site. Preparing the ModSecurity config file for use with Apache I have split my httpd.conf file up so I have a separate conf directory in /usr/local/etc/apache you can put your modsecurity.conf directly in that directory but for this example I am going to use /usr/local/etc/apache/conf # mkdir modsec-rules # vi modsecurity,conf AddHandler application/x-httpd-php .php SecAuditEngine RelevantOnly SecAuditLog /var/log/modsec/audit_log SecFilterScanPOST On SecFilterEngine On SecFilterDefaultAction ...

In this How-To, we are going to cover the ability to automatically configure your browser to use a proxy. This should work fine with Mozilla FireFox, Internet Explorer and most other browsers, for Apple's Safari things are a little Different but I will cover that as best I can. There are a few ways of doing thins but the actual proxy.pac or wpad.dat files are the most important. So we will start there. Proxy Configuration Files PROXY.PAC and WPAD.DAT They are actually the same file so you can just Alias or symlink the two files. So that if you edit the one the other “file” will also be updated. (I don’t think you can do this in windows but I might be wrong its been a long time. In the Below Example we are going to tell the browser that if the domain we are going to matches a rule then go directly to the site, this is very useful for Internal sites like intranets that you don’t really need to cache. Then we will also tell the browser to go Direct for port 443 or https sites I doubt ...

One of the things I love about FreeBSD is the ports directory. The ability to install and upgrade any port simply by going to /usr/ports/porttype/portname i.e. /usr/ports/www/apache13 then all you have to do is type in make and make install or in many cases make install clean and you are on your way. The system connects to various mirror sites and downloads the entire source needed to install the port. Of course it can become a little painful if you are trying to install 3 identical ports on 3 different servers or trying to upgrade a port that is on 5 or 6 or more servers. I don’t mind running the portupgrade pkg-name command 5 or 6 times, but the problem is the server downloads the source package 5 or 6 times depending on how many servers that port needs to be installed or upgraded on. So how to save time and bandwidth for port upgrades? Well that’s simple, but as always you have to take in to account some possible security issues. The way we have used here is to use NFS, which by no ...

The TCP_code = requests on the proxy HTTP port (3128 by default) The UDP_code = requests on the proxy ICP port (3130 by default) If ICP Logging was disabled in the config file with the the log_icp_quaries directive, then surprise surprise ICP will not be logged. The following result codes are from Squid version 2+ TCP_HIT A valid copy of the requested object was in the cache. TCP_MISS The requested object was not in the cache. TCP_REFRESH_HIT The requested object was cached but STALE. The IMS query for the object resulted in "304 not modified". TCP_REF_FAIL_HIT The requested object was cached but STALE. The IMS query failed and the stale object was delivered. TCP_REFRESH_MISS The requested object was cached but STALE. The IMS query returned the new content. TCP_CLIENT_REFRESH_MISS The client issued a "no-cache" pragma, or some analogous cache control command along with the request. Thus, the cache has to refetch the object. TCP_IMS_HIT The client issued an IMS reque...

Often when debugging a problem or looking through your logs you will see the apache status codes For Example xxx.xxx.xxx.xxx - - [28/Jul/2006:13:49:28 +0200] "GET /news.php HTTP/1.1" 200 807 "http://www.joe-ma.co.za/news.php" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060703 FreeBSD/amd64 Minefield/3.0a1" Successful Client Requests 200 OK 201 Created 202 Accepted 203 Non-Authorative Information 204 No Content 205 Reset Content 206 Partial Content Client Request Redirected 300 Multiple Choices 301 Moved Permanently 302 Moved Temporarily 303 See Other 304 Not Modified 305 Use Proxy Client Request Errors 400 Bad Request 401 Authorization Required 402 Payment Required (not used yet) 403 Forbidden 404 Not Found 405 Method Not Allowed 406 Not Acceptable (encoding) 407 Proxy Authentication Required 408 Request Timed Out 409 Conflicting Request 410 Gone 411 Content Length Required 412 Precondition Failed 413 Request Entity Too Long 414 Request URI...