我個女今日出世了!

Caroline好叻啊, 女女今朝7點幾响屯門醫院出世了!

I found our Gateway recorded in CBL

Today I found our gateway was recorded in the Spam list:CBL, I feel unhappy as I don't know which machine goes wrong.

I found the useful guide from CBL and a link to Wireshark, which is a packet monitoring.

I will try it on my machine and check what is going on in our network.

Apache Mod_Security and XAMPP

終於安裝了mod security!

In order to secure my Apache using XAMPP, I have install the mod_security and disable some php function:

Install mod security on windows:

1. download mod_security2.so at http://www.apachelounge.com/ (a binary package)
2. unzip the package and you will get mod_security2.so and a libxml2.dll
3. read the readme.txt
4. create a folder .../apache2/modules/mod_security2
5. and copy mod_security2.so and libxml2.dll to this folder
6. Install the Visual C++ 2008 Redistributable Package (Since this binary is make my VC++2008)
7. At httpd.conf:
- LoadModule security2_module modules/mod_security2/mod_security2.so
- LoadModule unique_id_module modules/mod_unique_id.so
8. You can using Include directive to include the mod_security configure file,
(you can take a look on this website.)

but I put all the things under httpd.conf , my configure file is found from the package downloaded - mod_security2.conf-minimal
Like this (under httpd.conf):

### Start Mod_Security ###
LoadModule security2_module modules/mod_security2/mod_security2.so


# Basic configuration options
SecRuleEngine On
SecRequestBodyAccess On
SecResponseBodyAccess Off

# Handling of file uploads
# TODO Choose a folder private to Apache.
# SecUploadDir /opt/apache-frontend/tmp/
SecUploadKeepFiles Off
..........
..........


9. Start and stop the Apache and look at the phpinfo and see it loaded or not.


Disable PHP function:
1. go to php.ini (xampp located at c:\xammp\apache\bin\ )and do the following:
disable_functions = "phpinfo,dir,readfile,shell_exec,exec,virtual,passthru,
proc_close,proc_get_status,proc_open,proc_terminate,system"

2. Besides, open safe mode

3. open_basedir = C:\ foo\bar

學校Server中左 C99Shell

昨天Technican話我知學校個Server首頁俾人改左, 跟住好快咁攪番佢, 我再仔細睇吓DFile的時候,
我先知道我應該中左C99Shell 呢隻Hacker tools.

Find from the web so far:
http://www.webhostingtalk.com/showthread.php?t=632699

and a good one:
http://www.honeynet.org/papers/webapp/

I think I have to enable the mod_security in Apache and disable several function at php.ini under disable_functions = " http://www.honeynet.org/papers/webapp/

samba vfs audit

You have to create a folder (.recycle) first and chmod or chown to let user writable

[homes]
comment = Home Directories
valid users = %D\%S
read only = No
browseable = No
#Enable the vfs audit
vfs object = recycle
#Keep the tree directory structure
recycle: keeptree = yes
#Touch the time of the file when move to recycle bin (but I found my samba version get this error)
recycle: touch = yes
#Specify the recycle bin location, remember the user have to the right to write, otherwise you will get error
recycle: repository = ../.recycle/%U
#If same name find in the recycle bin, it will make another copy
recycle: versions = yes
#no versions, no other copy
recycle: noversions = *.doc|*.ppt|*.xls
#such kind of file will not keep
recycle: exclude = ?~$*|~$*|*.tmp|*.temp|*.TMP|Thumbs.db|*.lnk

[share2]
comment = share2
path = /share2
invalid users = root, @somegroup1
valid users = @somegroup2
write list = @somegroup2
force user = someone
read only = No
create mask = 0660
directory mask = 0770
force directory mode = 02770
browseable = No
#Other then recycle, it will log who have access the file (move, rename, delete, etc...)
vfs object = extd_audit recycle
recycle: keeptree = yes
recycle: repository = .recycle/%U
recycle: versions = yes
recycle: touch = yes
recycle: maxsize = 50000000
recycle: exclude = ?~$*|~$*|*.tmp|*.temp|*.TMP|Thumbs.db|*.lnk

squidGuard

昨天收到squid-users寄來的一些mail, 網友提到可使用squidGuard來過濾網業。

因為使用debian的關係, 使用apt-get便安裝了, 然後到http://www.squidguard.org
看看相關的安裝程序, 亦非常簡單, 但是不知什麼原因當加入了
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
到squid.conf後, squid硬是不能啟動,
經過一輪的googling及找尋mailing list後, 發現原來要將權限設定好

所有關於squid及squidGuard的檔案權限最好設定為某一使用者(e.g. proxy or squid)
執行檔:
/usr/bin/squidGuard

資料庫:
/var/lib/squidguard/db/*

log file:
/var/log/squid/*

cache file:
/var/spool/squid/

----------------------------------------------------------------------
此外, 當要新加入某些blocklist後,可依執行
squidGuard -C all
來建立資料庫 (需一點時間, 大約1~2分鐘) , 不要忘記將權限設定
chown proxy.proxy /var/lib/squidGurad/db/* -R

作測試的話, 則如下:
echo "http://www.example.com 10.0.0.1/ - - GET" squidGuard -c /etc/squid/squidGuard.conf -d

你可以用一些不穩許的網址作測試。

考完最後科試了!

2007年5月15日, 我終於考完最後一後MSCS的考試了, 經過兩年的艱苦歲月, 終於可以鬆返一口氣了!好開心呀!

Create abunch of users quota

edquota -p somebody `cat somelist.txt`

more : http://tldp.org/HOWTO/Quota-4.html#ss4.3