websitelogo_transparency.png

  • Increase font size
  • Default font size
  • Decrease font size

Install & Configure SquidGuard in Ubuntu

E-mail Print

Install and Configure SquidGuard Overview

It is very useful to be able to block users on your network from accessing millions of websites with nefarious content. A great way to accomplish this is with a proxy server like Squid. Squid is a free and powerful proxy server that is capable of blocking users from accessing web content. A great way of enhancing Squid's ability to block unwanted websites, domains and IP addresses is to install SquidGuard. SquidGuard is an add-on program for the Squid proxy server (see my previous article on Squid), that's main purpose is to block unwanted web traffic.

SquidGuard works with databases of blacklists to block, filter, and redirect requested URLs and domains. You manually download and add blacklist files to SquidGuard and compile them into the SquidGuard database, then Squid can redirect web requests, checking them against SquidGuard's database of blacklisted websites, domains and IP addresses. It seems like this process would slow down a network, but SquidGuard is an extremely fast web content filter with the ability to check web requests against millions of blacklisted sites in a matter of seconds. There is great information about SquidGuard's capabilities on the SquidGuard website, including links to download the program, well written installation and configuration instructions, and links to websites that maintain blacklists.

Steps to manually install SquidGuard in Ubuntu

You can download and install SquidGuard using a package manager program like apt-get or yum, or even a graphical software installer tool like the software center program. Instead, I chose to outline the steps involved in manually downloading and installing SquidGuard.

1. Download the current stable version of SquidGuard at http://www.squidguard.org and save it to your downloads folder.

2. Download the Berkeley DB from Oracle at http://oracle.com. Download version 4.8.30.NC.tar.gz with no encryption and save it to your Downloads folder

3. Open a terminal and navigate to the directory where you downloaded SquidGuard and the BerkeleyDB. You should see the tar.gz files 
cd ~/Downloads
ls

4. Decompress the tar.gz files (substitute the file names for the versions you downloaded)
tar -xvzf squidGuard-1.5-beta.tar.gz
tar -xvzf db-4.8.30.NC.tar.gz
ls

You should see two folders one for squidGuard and one for BerkeleyDB (e.g. squidGuard-1.5, and db-4.8.30)

5. Install the Berkeley DB first, since SquidGuard requires it for installation. By default, the Berkeley DB will install itself to a directory in /usr/local/ in a folder named BerkeleyDB.4.8 you will need this information when preparing SquidGuard for installation.
cd db-4.8.30
cd build_unix
../dist/configure
make
sudo make install

6. Install SquidGuard by navigating to the extracted SquidGuard folder and then during the configure process you will pass the configure script the location of the Berkeley DB directory and correctly change the squiduser to 'proxy' for Ubuntu. The squiduser and group is typically "squid" in other Linux distributions like Fedora.   
cd ~/Downloads/squidGuard-1.5
./configure --with-db=/usr/local/BerkeleyDB.4.8 --with-squiduser=proxy
make
sudo make install

You should get a message that the initial SquidGuard configuration is complete. Congratulation, SquidGuard is successfully installed! Make a note of the directory locations of the SquidGurad db, log, and conf files:
/usr/local/squidGuard/db
/usr/local/squidGuard/log
/usr/local/squidGuard/squidGuard.conf

Blacklists

7. Now that SquidGuard is installed you will want to download some blacklists. The SquidGuard website provides a few options. Click on Blacklists link and download a few blacklists. I recommend going here http://cri.univ-tlse1.fr/blacklists/index_en.php and downloading the blacklists.tar.gz file from the top of the Descriptions section

Now you can move the blacklists to the SquidGuard db directory and extract them so they are ready to use.

cd ~/Downloads
sudo cp blacklists.tar.gz /usr/local/squidGuard/db/blacklists.tar.gz
cd /usr/local/squidGuard/db
sudo tar -xvf blacklists.tar.gz

Configuring SquidGuard

8. Now you are ready to configure SquidGuard you will want to open the configuration file with a text editor.
cd /usr/local/squidGuard/
ls

You should see a squidGuard.conf file. Copy the conf file to a backup and open it with a text editor
sudo cp squidGuard.conf squidGuard.conf.bak
sudo su
gedit squidGuard.conf &

If your squidGuard.conf file is janked i.e. blank, then you can copy the configuration directly from the SquidGuard website: http://www.squidguard.org/Doc/configure.html

Looking at your squidGuard.conf file in the text editor make sure that the lines beginning with dbhome and logdir point to the correct directory. For my install the dbhome and logdir lines read:
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log

So I changed the dbhome line to:
dbhome /usr/local/squidGuard/db/blacklists

Try to running squidGuard in an output to stderr mode:
squidGuard -d

I had errors showing on line 23 so I commented out lines 22 to 25 with # signs:
#rew dmz{
#          s@://admin/...
#          s@://foo.bar....
#}

Now try running squidGuard:
squidGuard -d

If squidGuard ran with no errors it is time to compile your Blacklists from text to DB with a -C all command
squidGuard -d -C all

I had additional errors caused by the Destination Classes area in the squidGuard.conf file. The dest adult block of code had the following lines that needed to have the "dest/" edited out, because they are not the correct directory paths following from the "/usr/local/squidGuard/db/blacklists" directory:

dest adult{
domainlist          dest/adult/domains
urllist                   dest/adult/urls
expressionlist    dest/adult/expressions
redirect               http://admin.foo.bar.de...
}

to

dest adult{
domainlist          adult/domains
urllist                   adult/urls
expressionlist    adult/expressions
redirect               http://google.com
}

I also edited the ACL block of code at the end of the config file. I commented out areas that I was not going to use, and focused on the default acl block of code, which I changed to pass only the not(!) adult sites (pass     !adult all):

acl {
#    admin {
#        pass     any
#    }
#
#    foo-clients within workhours {
#        pass     good !in-addr !adult any
#    } else {
#        pass any
#    }
#
#    bar-clients {
#        pass    local none
#    }
#
default {
pass     !adult all
#rewrite dmz
redirect http://google.com
}
}

9. After editing your config file try to compile your Blacklists from text to DB with a "-C all" command
squidGuard -d -C all

If there are no errors make sure the blacklists have correct ownership and group for Squid. You can check ownership of files and folders using the ls-l command. For Ubuntu the correct owner and group for Squid is "proxy", in other distributions it is "squid".
chown -R proxy:proxy /usr/local/squidGuard/db/blacklists

10. To finish the installation, add the following line to the squid.conf file in /etc/squid/squid.conf. I added the following line around line 1083 although you could add it anywhere, notice that it is directing the squidGuard program to the configuration file. If your squidGuard installation and configuration file is located in a different directory then adjust the paths in the line accordingly:

url_rewrite_program  /usr/local/bin/squidGuard  -c  /usr/local/squidGuard/squidGuard.conf

11. Now restart Squid or reload the Squid configuration file which is much faster.
service squid reload
or
pkill -9 squid
service squid start

12. In order to test if squidGuard configuration is working correctly and that Squid is passing web requests and checking them against the SquidGuard database. The SquidGuard website recommends running a dry-run test using the following command. You can substitute one of the blacklisted URLs from your blacklists instead of the "http://www.example.com" URL in the example. Also, If you do not have a "test.cfg" file, just remove the part of the line from, "-c ... to ... test.cfg" (see example below):

echo "http://www.example.com 10.0.0.1/ - - GET" | squidGuard -c /tmp/test.cfg -d
to
echo "http://www.blacklisted.com - - - GET" | squidGuard -d

After running the command above, if you see the following 3 messages in the output then squidGuard is functioning correctly:
- the redirected URL website address from the squidGuard.conf file
- "squidGuard ready for requests",
- "squidguard stopped"

Now you can try using your web browser to see if it will block blacklisted domains and websites!

Note: If you are in a situation where you do not want to risk requesting blacklisted sites in your browser and having them not be filtered, then you can add one of your own entries in a blacklist, recompile the squidGuard blacklist database, and test to see if your manually entered website is blocked by squidGuard.

Last Updated on Thursday, 12 September 2013 09:32
 

Install Apache, PHP, MySQL, & phpMyAdmin in Ubuntu

E-mail Print

Overview

Apache - Apache web server is the most widely utilized web server in the world and most of the world's websites are served on Apache web servers. Apache development is run by the Apache Software Foundation, which is a community of software developers. Apache is released with an open-source software license.

There are releases of Apache that can run on most operating systems including Unix, Linux, Windows and Apple to name a few. Most often Apache is run on Linux web servers. The danscourses.com website is hosted on an Apache webserver, using shared webhosting. Shared webhosting utilizes Apache's ability to host multiple websites on one web server, called virtual hosts.

PHP - is a programming or scripting language that is typically installed on a web server, but it can also be installed on an end user computer system. It is one of the most popular scripting languages to install on web servers in order to create dynamic web content. It is called a server-side scripting language in that the PHP code is interpreted by the web server, and html content is generated, and sent to the user's web browser. The PHP code is interpreted and executed by the PHP engine or interpreter which is often installed as a module in the web server. PHP is very useful for retrieving and sending data to and from relational databases like MySQL. PHP is freely distributed software and has available releases for most major operating systems. PHP is a competitor with other server-side programming languages, like Microsoft's Active Server Pages (ASP) and Sun's JavaServer Pages (JSP).

MySQL - MySQL is currently the most popular relational database management system (RDBMS) in the world. MySQL functions as a database server that allows users to connect to its stored databases. MySQL is open-source software released under the GNU public license (GPL). MySQL is used in conjunction with many popular web applications and content management systems like Joomla (this website), WordPress, and Drupal to name only a few.

PhpMyAdmin - is a graphical, browser-based management interface, for working with MySQL. PhpMyAdmin is an open-source project written in PHP. PhpMyAdmin can make managing MySQL databases more intuitive, and easier to learn.

 

Installation Steps

  1. Open a terminal

  2. Type in the following command to install Apache:
    sudo apt-get install apache2

  3. To check to see if Apache is running open Firefox and type in the following web address:
    http://localhost   or,    http://127.0.0.1
    You should see the message, "It Works!" This is the Apache homepage, the index.html file and it means the server has installed correctly and is currently running.

  4. If you didn't see "It Works!" try starting the server. The commands to start, stop and restart Apache are:
    sudo /etc/init.d/apache2 start
    sudo /etc/init.d/apache2 stop
    sudo /etc/init.d/apache2 restart

  5. Go to the Apache web directory (i.e. where you put your webpages and websites) and look for the index.html file. Type in the following commands:
    cd /var/www/
    ls
        In Mint 17 the directory is:
          cd /var/www/html
          ls

    You should see the index.html file listed in the directory

  6. Open the index.html file, edit it and save it. Type in the following command:
    sudo gedit index.html
    Edit the file by personalizing it, and save:
    <html><body><h1>Your Name's Website</h1>
    <p>Hello everyone, this is my homepage!</p>
    <p>I will update this page soon.</p>
    </body></html>

  7. Refresh the web page in Firefox to see your changes. You now have an Apache web server running on your local computer and you know how to add/edit webpage content. Time to learn HTML, XHTML, and CSS... :-)

  8. To install PHP5 and the Apache library/module for PHP type in the following command:
    sudo apt-get install php5 libapache2-mod-php5

  9. Once PHP has been installed restart Apache. Type in the following command:
    sudo /etc/init.d/apache2 restart

  10. Now we need to test PHP by writing a PHP file and calling the phpinfo function. Type in the following command to create a php text file and open it in gedit:
    sudo touch /var/www/test.php
    sudo gedit /var/www/test.php

      
    In Mint 17 the command and directory is:
           sudo touch /var/www/html/test.php

  11. In Gedit type in the following lines and then file > save:
    <?php phpinfo(); ?>
  12. Open your Firefox browser and put in the following web address:
    http://localhost/test.php

  13. If PHP is working you should see a long page of information about the installed version of PHP and its configuration parameters.


  14. Now to install MySQL server. Type in the following command:
    sudo apt-get install mysql-server
    During the installation you will be prompted to enter a password for MySQL root user, do so and hit the Tab key to highlight the <Ok> button and press enter. If you leave the password blank you can always enter it later by typing the following command:
    mysql -u root
    mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('yourpassword');



  15. Once you have MySQL installed you will want to install the phpMyAdmin tool as an easy interface to working with MySQL. Type in the following command:
    sudo apt-get install libapache2-mod-auth-mysql php5-mysql phpmyadmin
    During the installation you may need to choose Apache2 to be the database associated with MySQL and phpmyadmin. Make sure Apache2 is selected and tab, click enter
    During the installation you may need to choose 'yes' to have 'dbconfig-common' handle the database configuration for you. Choose yes and hit enter. You will be prompted twice for your MySQL root user password.

  16. Create a symbolic link from phpMyAdmin to the Apache www directory. Type in the following command:
    sudo ln -s /usr/share/phpmyadmin /var/www/phpmyadmin

     
    In Mint 17 the command and directory is:
       
    sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin

  17. Now put the following web address in Firefox:
    http://localhost/phpmyadmin
    You should see the phpMyAdmin login page, but if you get an error page instead, then restart the Apache webserver, and refresh the webpage in the web browser:
    sudo /etc/init.d/apache2 restart 
  18. Refresh http://localhost/phpmyadmin in your browser to get to the phpMyAdmin login page. Type in the user field as 'root' and the password you set during the installation process and log in. Cheers!

 

Video Tutorial

In this video I download, install, and run Apache web server in Ubuntu

In this video I install PHP to an Apache web server in Ubuntu

In this video I install MySQL and PhpMyAdmin to an Apache web server in Ubuntu

Troubleshooting

If you choose advanced configuration option you may need to configure php to work with MySQL by editing the php.ini file:

sudo gedit /etc/php5/apache2/php.ini
Uncomment the following line by removing the semicolon:
;extension=mysql.so (to)
extension=mysql.so
Also people report mysql.so missing the "y" like this:
;extension=msql.so (to)
extension=mysql.so

sudo /etc/init.d/apache2 restart

Options

If you choose to have your MySQL server on a network you may need to edit the bind-address. To do that type the following commands to edit the my.cnf file:
      sudo gedit /etc/mysql/my.cnf
Change the following line to your ip address:
      bind-address = 127.0.0.1

 

Last Updated on Wednesday, 11 February 2015 10:51
 

Cracking Hashes with Rainbow Tables and Ophcrack

E-mail Print

You may have heard of dictionary password attacks or brute force attacks but recently a popular way of cracking a Windows password uses a rainbow table. This method was made popular by Philippe Oechslin one of the creators of the program Ophcrack a tool for cracking Windows passwords.

You can use Ophcrack in a few different ways. Firstly, you can download the Ophcrack program and run it on your computer. Used this manner you will need to download the tables separately, save them to your hard drive, install them into the Ophcrack program, and then run the program which compares the hashed password to the hashes in the rainbow table searching for a match. Secondly, you can download an Ophcrack LiveCD .iso file, burn it as a bootable image, and booting to the CD use it to search for a system's password by comparing hashes in a similar manner. In this method the CD loads the password hashes directly from the Windows SAM (security accounts manager) files. This can be helpful for someone who has forgot their password, and needs to recover it. However, you do not want to use this method to attack a user's computer. You can download XP, and Vista / Windows 7 versions of Ophcrack.

Ophcrack website: http://ophcrack.sourceforge.net/ (download)
About Ophcrack: http://en.wikipedia.org/wiki/Ophcrack

Hash functions: http://en.wikipedia.org/wiki/Hash_function  

Network Authentication Protocols (one aspect of these protocols is to turn clear text passwords into a hash)

  • Windows LM hash (Lan Manager ) a flawed implementation based on DES, which was particularly easy to crack: http://en.wikipedia.org/wiki/LM_hash
  • Windows NTLM (NT Lan Manager) - little to no improvement over LM hash partially due to backwards compatibility issues allowing the LM hash along with the NTLM hash; http://en.wikipedia.org/wiki/NTLM
  • Windows NTLMv2 - an improvement is still used in Windows Vista and Windows 7 in work group environments
  • Kerberos - Open Source project, MIT - Secure network authentication protocol used in Windows Domains and Active Directory; http://en.wikipedia.org/wiki/Kerberos_%28protocol%29

Ophcrack step by step

  1.  When I installed the program I installed it to my Program Files folder so consequently it was not able to automatically download any rainbow tables. No matter, you can download the tables and install them after installing the program. Go to the Ophcrack.sourceforge.net website click on tables and download the free tables or just click here to go there directly: http://ophcrack.sourceforge.net/tables.php. I downloaded the xp free small and the Vista free tables. Once you have downloaded the tables you will need to unzip them in separate folders. I made a folder called "hash-tables" and then made 2 more folders within for each table to unzip to. 
  2. Run the program and click on "Tables" button. Select the table you downloaded and click "Install", navigate to the folder where you unzipped the table, select it and then click "ok." You should see green lights next to the tables you installed.
  3. You need to supply the program with a hash for it to try and crack. For testing purposes you can generate one at this website. Go to http://objectif-securite.ch/en/products.php? scroll to the bottom of the page and submit a password using the web tool. The tool will output a hash that you can copy to a text file or copy to memory by selecting and pressing (Ctrl+C).
  4. On the website, I submitted the password "BlockMe" with the capital letters and I got the hash output: 9d79790fa072b69baad3b435b51404ee:facbe3fa7932e0d024590e0633d28510 
    On the Ophcrack program I clicked "Load" > "Single hash", pasted in the hash, clicked "ok", and then clicked "Crack" to start the process. It took a few minutes but Ophcrack was able to crack the password, from the hash, with the "XP Small Free" table installed and loaded into Ophcrack. I also installed the "Vista free" table but that must have been a non matching table to hash because it was unable to crack the password. One thing I learned was that you need the right kind of table to crack the right kind of hash.

  5. I want you to play with the program get it working and test out 5 different passwords of increasing complexity. Can you find a website that will generate a Vista NTLMv2 hash? 
  6. Post your experience and results using Ophcrack, in a comment at the bottom of this page.
    Note: You have to have a user account in order to login and post comments. You can create a user account on this site by going to the home page, or by clicking here.

Video Tutorial


 

 

Configure a DHCP Server in Ubuntu 11

E-mail Print

Installation and Configuration

To install dhcp server on Ubuntu 11.10 open a terminal (Dash Home > search "terminal") and follow these steps and terminal commands:

  • sudo apt-get update (update your repositories)
  • sudo apt-get install dhcp3-server (installs dhcp server - after the installation, Linux will try to start the server and it will fail to start, because the server has not been configured yet)
  • Next you need to edit the dhcp configuration file. Put in the following commands to edit in gedit or nano:
    sudo gedit /etc/dhcp/dhcpd.conf
    or
    sudo nano /etc/dhcp/dhcpd.conf

  • In gedit go to Edit > Preferences > and checkmark "display line numbers." Now you can see line numbers as a reference. In the conf file any line that begins with a "#" character has been commented out. Meaning it does not effect the server. The lines that do not begin with "#" have been uncommented and are active configurations for the dhcp server. To configure your dhcp server you will want to uncomment and alter the following lines in the conf file:

    Lines 38  through 46 make the following changes and remove the "#" comment from the beginning of the lines:

    subnet 192.168.11.0 netmask 255.255.255.0 {
        range 192.168.11.166 192.168.11.170;
        option domain-name-servers 8.8.4.4;
        # option domain-name "myDomain.local"
        option routers 192.168.11.1;
        option broadcast-address 192.168.11.255;
        default-lease-time 600;
        max-lease-time 7200;
    }

    Save the file and close.
    The example above would work on the Linux network in my classroom lab, where all the linux machines are on a 192.168.11.0 network, the addresses to be handed out are were specific to the user (e.g. Daniel handed out the range 192.168.11.166 to 192.168.11.170), the router is 192.168.11.1, there is no local domain/domain controller, and the DNS server 8.8.4.4 is Google's
    .
  • Now you need to restart your DHCP server. Type in the following commands:
      sudo /etc/init.d/isc-dhcp-server restart
  • If you want to check to see if your DHCP server has leased any ip addresses type in the following command:
        sudo tail /var/lib/dhcp/dhcpd.leases
    and you should see information if any computer has picked up an ip address!

 

 

Video Tutorial

In this video, I install and configure DHCP server in Ubuntu, and then lease an IP address to a client on the network

Notes on troubleshooting

  • On my dhcp server when I restarted, it failed. Bummer.
  • For my dhcp server, I used a laptop with both a wireless ethernet card and a wired ethernet card. Following the online example I used the line  INTERFACES="wlan0 eth0" in the dhcp3-server file, which seemed logical. However, I have enough experience to know that the network cards could be recognized differently by the operating system, so I used the following command in order to check my network configuration:
        ifconfig 

    and I could see that my system had recognized my network cards as "eth0" and "eth1", with eth1 being the active interface. So I changed my configuration to  INTERFACES="eth1", restarted my server and it worked!
  • I put this tutorial together, using the following web page as my reference: https://help.ubuntu.com/community/dhcp3-server
  • In my example, in order to test my Ubuntu DHCP server, I logged into my linksys wireless router, disabled the dhcp server on the "basic setup" page, and from another Windows computer on the network, released and renewed my ip address with an "ipconfig /release" and an "ipconfig /renew". Afterward, I ran the "ipconfig /all" command a couple times and I noticed I had successfully pulled an ip address from my Ubuntu server and had internet connectivity! If I had been on another Ubuntu computer I could have restarted my network interface cards or used the following commands to restart my network interfaces:
       
    ifconfig eth0 down
      ifconfig eth0 up

      The example infers my active interface is eth0, otherwise use eth1, wlan0, etc..

 

Last Updated on Friday, 09 January 2015 02:01
 


Page 11 of 16

Pearson Education (InformIT)