Networking
You are currently browsing the articles from KomKid.Net matching the category Networking.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| ' MapNetworkDrive.vbs
' VBScript to map a network drive to a UNC Path.
' Author Guy Thomas http://computerperformance.co.uk/
' Version 2.3 - September 2005
' -----------------------------------------------------------------'
Option Explicit
Dim objNetwork
Dim strDriveLetter, strRemotePath
strDriveLetter = "P:"
strRemotePath = "\\server2\public_data"
' Purpose of script to create a network object. (objNetwork)
' Then to apply the MapNetworkDrive method. Result J: drive
Set objNetwork = CreateObject("WScript.Network")
objNetwork.MapNetworkDrive strDriveLetter, strRemotePath
WScript.Quit
' End of Example VBScript. |
Written by Komkid on January 27th, 2010 with no comments.
Read more articles on Admin and Networking and Programming.
DHCP
*UDP 67, 2535
DNS
*UDP 53
*TCP 53,139, 445
Symantec Systen Center
*TCP 2967
Written by Komkid on January 26th, 2010 with no comments.
Read more articles on Admin and IT Tips and Networking.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
| acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl webblocked url_regex '/etc/squid/webblocked.txt'
acl day_am time 08:00-12:00
acl day_pm time 13:00-17:40
http_access deny webblocked day_am
http_access deny webblocked day_pm
#Block MSN
acl msn_users src '/etc/squid/msn_user_list.txt'
acl msn_server req_mime_type application/x-msn-messenger
acl msn_url url_regex -i gateway.dll
#Block MSN
http_access deny !msn_users msn_server day_am
http_access deny !msn_users msn_server day_pm
http_access deny !msn_users msn_url day_am
http_access deny !msn_users msn_url day_pm
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
icp_access allow all
http_port 8080
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#logformat combined
cache_access_log /var/log/squid/access.log
#cache_access_log syslog combined
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
#http_access allow all
# Active Directory
####################################################################################################
auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=sci,dc=com" -D "cn=Administrator,cn=Users,dc=sci,dc=com" -w "***" -f "sAMAccountName=%s" -h 192.168.0.1
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 minutes
external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=sci,dc=com" -D "cn=Administrator,cn=Users,dc=sci,dc=com" -w "***" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=InternetUser,dc=sci,dc=com))" -h 192.168.0.1
acl localnet proxy_auth REQUIRED src 192.168.0.0/24
acl InetAccess external InetGroup InetAllow
http_access allow InetAccess
####################################################################################################
http_access deny all |
ตัวอย่างนี้ Active Directory ของ domain sci.com อยู่บน Server 192.168.0.1
วิธีการก็คือ สร้าง Security Group (InetAllow) แล้ว add user ที่มีสิทธิใช้งาน internet ได้ให้เป็น member ของ group นี้
จากนั้นก็เอา Security Group ไปไว้ใน OU ชื่อ InternetUser ดังรูป
ในส่วนของ squid.conf
ตั้งค่าให้ใช้การ authen ผ่าน LDAP
1
| auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=sci,dc=com" -D "cn=Administrator,cn=Users,dc=sci,dc=com" -w "***" -f "sAMAccountName=%s" -h 192.168.0.1 |
จากนั้นสร้าง external_acl_type ชื่อ InetGroup ให้ไปตรวจสอบจาก OU ที่ชื่อ InternetUser
1
| external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=sci,dc=com" -D "cn=Administrator,cn=Users,dc=sci,dc=com" -w "***" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=InternetUser,dc=sci,dc=com))" -h 192.168.0.1 |
แล้วก็สร้าง ACL ชื่อ InetAccess ให้ตรวจสอบกับ InetGroup โดยอนุญาตให้ Group InetAllow ผ่าน
1
| acl InetAccess external InetGroup InetAllow |
จากนั้นก็อนุญาตให้ User Group ที่ผ่าน acl ชื่อ InetAccess ใช้ internet ได้ นอกนั้นห้าม (โดยต้อง login ผ่าน proxy ด้วย)
1
2
3
4
| acl InetAccess acl localnet proxy_auth REQUIRED src 192.168.0.0/24
acl InetAccess external InetGroup InetAllow
http_access allow InetAccess
http_access deny all |
Written by Komkid on January 26th, 2010 with no comments.
Read more articles on Admin and Networking.
1.ติดตั้ง Syslog-NG ที่ Log Server และ Server อื่น ๆ ที่เป็น linux
1
| apt-get install syslog-ng |
2.Config Log Server (/etc/syslog-ng/syslog-ng.conf)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
| options {
recv_time_zone (+07:00);
send_time_zone (+07:00);
sync (0);
time_reopen (100);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
chain_hostnames(yes);
keep_hostname (yes);
};
source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
#udp(ip(0.0.0.0) port(514));
#tcp(ip(0.0.0.0) port(514) keep-alive(yes));
};
destination d_mysql {
pipe("/var/log/mysql.pipe"
template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
template-escape(yes));
};
filter f_filter1 { facility (kern); };
filter f_filter2 { level(info..emerg) and not facility(mail,authpriv,cron); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or (facility(news) and level(crit..emerg)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
log { source(s_sys); filter(f_filter1); destination(d_mysql); };
log { source(s_sys); filter(f_filter2); destination(d_mysql); };
log { source(s_sys); filter(f_filter3); destination(d_mysql); };
log { source(s_sys); filter(f_filter4); destination(d_mysql); };
log { source(s_sys); filter(f_filter5); destination(d_mysql); };
log { source(s_sys); filter(f_filter6); destination(d_mysql); };
log { source(s_sys); filter(f_filter7); destination(d_mysql); };
log { source(s_sys); filter(f_filter8); destination(d_mysql); };
#####################################################################
# Source from remote client
source s_client {
tcp(ip(0.0.0.0) port(514) keep-alive(yes) max-connections(300));
udp(ip(0.0.0.0) port(514));
};
log {source(s_client); destination(d_mysql); }; |
3.สร้างคำสั่งสำหรับเขียนลง mysql
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| vi syslog2mysql.sh
#!/bin/bash
if [ ! -e /var/log/mysql.pipe ]
then
mkfifo /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
mysql -u root --password=xxx syslogng < /var/log/mysql.pipe >/dev/null
done
chmod +x syslog2mysql.sh
./syslog2mysql.sh &
/etc/init.d/syslog-ng start |
4.Config Server อื่น ๆ ให้ส่ง log ไปให้ Log Server(/etc/syslog-ng/syslog-ng.conf)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
| options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
};
source s_sys {
file ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log");
internal();
#udp(ip(0.0.0.0) port(514));
#tcp(ip(0.0.0.0) port(5149) keep-alive(yes));
};
destination logserver { tcp("192.168.0.251" port(514)); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync(10)); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };
destination d_mlal { usertty("*"); };
filter f_filter1 { facility(kern); };
filter f_filter2 { level(info..emerg) and not (facility(mail) or facility(authpriv) or facility(cron)); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or (facility(news) and level(crit..emerg)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
# Remove the 'squid' log entries from 'user' log facility
filter f_remove { not program("squid"); };
log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter1); destination(d_kern); };
log { source(s_sys); filter(f_filter2); filter(f_remove); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
filter f_squid { program("squid") and facility(user); };
destination d_squid {
file("/var/log/$HOST/$YEAR/$MONTH/squid.$YEAR-$MONTH-$DAY"
owner(root) group(adm) perm(665)
create_dirs(yes) dir_perm(0775));
};
log { source(s_sys); destination(logserver); }; |
5.ส่ง Log จาก Windows Server
5.1 Download Lasso (Windows Event Collector) จาก http://open.loglogic.com/
5.2 ตั้งค่า hostlist.ini
5.3 ตั้งค่า lasso.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| SkipInitDLLScan,0
LogAppliance,192.168.0.251
RepositoryPath,C:\Program Files\Lasso\LassoRepository\
SpoolPath,C:\Program Files\Lasso\LassoRepository\Spool\
EventPollInterval,10
SpoolFileSize,1.0
WatermarkWriteInterval,100
MaxTraceFileSize,20
MaxNumWorkerThreads,4
DllLoadInterval,3600
HighWaterMarks,ON
#DefaultLassoShare,LassoShare=C:\LassoTemp
CheckHostListInterval,3600
NewHostSkipHistorical,0
EnableShareDlls,1
CheckRemHostAvail,0
EnableAdminSharesIfDisabled,0
DebugLevel,0
LogLevel,1
DebugHostFileSize,20
AccessReport,0 |
5.4 start service Lasso Windows Event Collector
Written by Komkid on November 22nd, 2009 with no comments.
Read more articles on Admin and Internet and Networking and Ubuntu.
1.ดาวน์โหลดและติดตั้ง PHP SYSLOGVIEWER
1
2
3
| wget http://jaist.dl.sourceforge.net/sourceforge/phpsyslogviewer/phpsyslogviewer-7.2.1.tar.bz2
tar xjvf phpsyslogviewer-7.2.1.tar.bz2
cd phpsyslogviewer-7.2.1 |
2.สร้างฐานข้อมูล
1
2
3
4
| mysql -u root -p
mysql > create database syslogng;
mysql > exit;
mysql -u root -p syslogng < install/phpsyslogviewer.sql |
3.สร้างรายชื่อผู้ใช้
1
2
3
| vi install/newuser.sql.php
php install/newuser.sql.php (ถ้ายังไม่มี php-cli ต้องลงก่อน apt-get install php5-cli)
php install/newuser.sql.php | mysql -u root -p syslogng |
4.สร้างและตั้งค่าหน้าเว็บ
1
2
3
4
| cp -R htdocs /var/www/phpsyslogviewer
vi /var/www/phpsyslogviewer/config.php
chown root:www-data /var/www/phpsyslogviewer/config.php
chmod 440 /var/www/phpsyslogviewer/config.php |
5.ลองเข้าดูได้ที่ http://192.168.0.251/phpsyslogviewer
6.เพิ่มความเร็วให้การป้อนข้อมูลลง mysql
1
2
3
4
5
6
7
8
9
10
| wget http://jaist.dl.sourceforge.net/sourceforge/phpsyslogviewer/speedupd-7.3.2.tar.bz2
tar xjvf speedupd-7.3.2.tar.bz2
cd speedup-7.3.2ฝ
apt-get install debhelper cmake libdaemon-dev libconfuse-dev fakeroot
apt-get install build-essential libmysqlclient15-dev
dpkg-buildpackage -rfakeroot
cd ..
dpkg -i speedupd_7.3.0_i386.deb
vi /etc/speedupd.conf
/etc/init.d/speedupd start |
Written by Komkid on November 22nd, 2009 with no comments.
Read more articles on Admin and Internet and Networking and Ubuntu.
