IT Resource

There is often a requirement to block/deny user access to certain websites and this post shows how administrators can utilise Squid to achieve this:

Squid is a popular open source web proxy server and web caching software. It has a wide variety of uses, from speeding up a web server by caching repeated requests, to caching web, DNS and other network lookups for groups of people sharing network resources and (which is of most interest to us for the purposes of this post) by aiding security via traffic filtering. It was originally inteneded for Unix/Linux but has been ported to a number of platforms.

Squid has powerful ACL (access control list). The primary use of the ACL system is to implement simple access control. This can be used to deny a user from accessing particular site.

In order to do this we have to edit the Squid configuration file.

e.g. # vi /etc/squid/squid.conf

Search for `Access Controls’ and append the following lines (in this example we are blocking access to ‘nastysite.com’):
acl badsite dstdomain .nastysite.com
http_access deny badsite

Save and close the file, and then restart Squid:
# /etc/init.d/squid restart

 If required, you can specify more than one site to be blocked:
acl badsite dstdomain .nastysite.com  .anothernastysite.com
http_access deny badsite

You can also use regex expressions to block access to more than one website. for example,  if you would like to deny access for any sites where the URL contains the word “twitter”, use the following ACL lines:
acl badsitegroup url_regex -i twitter
http_access deny badsitegroup

More information on Squid commands can be found at: http://wiki.squid-cache.org/FrontPage

Ping verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol (ICMP) Echo Request messages. The receipt of corresponding Echo Reply messages are displayed, along with round-trip times. Ping is the primary TCP/IP command used to troubleshoot connectivity, reachability, and name resolution.

Examples of Ping

Windows
ping google.com

Pinging google.com [64.223.167.99] with 32 bytes of data:
Reply from 64.223.167.99: bytes=32 time=37ms TTL=57
Reply from 64.223.167.99: bytes=32 time=37ms TTL=57
Reply from 64.223.167.99: bytes=32 time=75ms TTL=57
Reply from 64.223.167.99: bytes=32 time=40ms TTL=57

Ping statistics for 64.223.167.99:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 75ms, Average = 47ms

Linux
ping -c 5 itresource.com.au

PING itresource.com.au(203.88.118.177) 56(84) bytes of data.
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=1 ttl=57 time=36.6 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=2 ttl=57 time=36.5 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=3 ttl=57 time=37.0 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=4 ttl=57 time=36.9 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=5 ttl=57 time=36.6 ms

— itresource.com.au ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 9000ms
rtt min/avg/max/mdev = 35.918/36.638/37.106/0.400 ms

Mac OS X
ping -c 10 itresource.com.au

PING kookaburra.cbr.hosting-server.com.au (203.88.118.177): 56 data bytes
64 bytes from 203.88.118.177: icmp_seq=0 ttl=53 time=40.019 ms
64 bytes from 203.88.118.177: icmp_seq=1 ttl=53 time=47.502 ms
64 bytes from 203.88.118.177: icmp_seq=2 ttl=53 time=43.208 ms
64 bytes from 203.88.118.177: icmp_seq=3 ttl=53 time=50.851 ms
64 bytes from 203.88.118.177: icmp_seq=4 ttl=53 time=46.556 ms

— ping statistics —
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 40.019/45.575/50.851/3.588 ms

Useful links:
http://en.wikipedia.org/wiki/Ping

http://www.computerhope.com/jargon/p/ping.htm

Acer Australia has recently launched the Aspire One, its first 8.9″ Netbook. Powered by the latest Intel Atom processor, Aspire One is an internet device designed to make online activities fast, simple and convenient.

Aspire One features an 8.9″ CrystalBrite LED backlit display (resolution of 1024×600 pixels), CrystalEye webcam and 802.11b/g WiFi built-in as standard for access to available wireless networks.

Aspire One will be available with Linpus Linux Lite or Windows XP Home, and comes with 512MB or 1GB of memory respectively. There are two alternatives for data storage: a NAND flash module of 8GB or an 80GB internal HDD. In addition the Aspire One reads 5 different types of memory card.

The bundled OneMail application integrates up to five email accounts into one central inbox. Similarly, users can have multiple instant messenger accounts via a single point of access.

Available in a range of colours, the Aspire One has a RRP of $599AUD (linux version).

• Linux version weighs less than 1kg
• Windows XP version weighs 1.1kg
• Up to 3 hours battery life with standard 3-cell battery
• Up to 7 hours battery life with optional 6-cell battery

IBM has built the biggest ever dual-boot Windows/Linux HPC system for a consortium of Swedish research groups and universities.

The record-chasing firm will apparently unveil its 5,376 Intel Xeon quad-core processor blade system later on today. Computer World claims the system is able to reach an impressive 46 sustained teraflops on a beta version of Windows HPC Server 2008, with each chip apparently running at 2.5GHz and using 50 watts.

What makes the achievement particularly noteworthy is the fact that it is a relative rarity for an HPC system to be built on Windows rather than exclusively on Linux, which makes up around 85 percent of all HPC systems in the world.

Microsoft has long been interested in catching up with its rivals in the HPC field, and mow it looks like it might finally be making inroads.

The mega computer, which sits in the Umea University, about 680km north of Stockholm, is amongst the top 50 most powerful machines currently in existence.

A research posting to the Debian security list last week has led to the confirmation of a serious hole in two flavours of the Open Source Linux operating system.

Frederick Lee, a researcher at insecurity company Fortify, said that the flaw, which affects Ubuntu as well as Debian, had been “seriously underestimated ” as it makes the Secure Sockets Layer (SSL) of the two Linux sustems vulnerable to malicious attack.

“We’re calling this vulnerability ‘insecure randomness’ since it allows an attacker to predict the SSL cryptographic keys used for supposedly secure online transactions,” he said.

Lee reckons that the flaw, which tinkers with the randomness engine used to encrypt secure transactions, could be used to intercept traffic between a user and supposedly secure connection between a user and, for example, an online banking site.

Debian Linux got a bit of a black eye this week with the announcement that a nasty cryptographic vulnerability exists in its version of the OpenSSL package.

Debian, especially its stable branch, is widely regarded as perhaps the most bulletproof Linux distribution.

Debian also has the not undeserved reputation of being difficult for those new to Linux to install and manage.

The Debian maintainers apparently created the vulnerability by deleting code that seeded the random number generation used to calculate encryption keys.
Read more…

Fedora 9, the latest release from the Fedora Project, is available for download since yesterday. The free, open source Linux operating system sponsored by Red Hat, promises to include significant new versions of many key components and technologies.

The following Release Notes provide an overview of the important changes from the last release of Fedora.

To download the new Fedora 9 OS click here.

A Unix developer has discovered and fixed a filesystem bug in Berkeley Software Distribution, a widely used, open-source, Unix-like operating system, discovering in the process that the bug was at least 25 years’ old.

BSD’s variants include OpenBSD, FreeBSD and NetBSD, and it forms the basis of Apple’s Mac OS X operating system. All BSD derivatives were found to contain the bug, according to Marc Balmer, a Swiss developer closely involved with OpenBSD.

“Much to my surprise, I not only found this problem in all other BSDs or BSD-derived systems, like Mac OS X, but also in very old BSD versions,” Balmer wrote in a Web site post on the issue. “The bug has been around for roughly 25 years or more.”
Read more…

Linus Torvalds has released the latest version of the “stable” Linux kernel, version 2.6.25, which includes changes to Wi-Fi support, virtualisation, real-time scheduling and file systems.

The kernel, which was released approximately 10 weeks after its predecessor, includes broader Wi-Fi hardware support and the integration of more Wi-Fi drivers, according to Linux developers. Among the drivers integrated is Ath5k, which is compatible with chips by semiconductor system Wi-Fi developer Atheros.

On the virtualisation front, the KVM x86 emulator has been updated with more instructions and components, designed to improve performance and compatibility. Virtual prototyping platforms framework Virtio has also been updated, while paravirt_ops now works on the x86-64 architecture.
Read more…

Yesterday, a supplier of Linux for driving time critical applications — such as intercepting ballistic missiles — released RedHawk Linux 5.1, its latest “real-time” operating system distribution.

Concurrent is a Linux distributor specializing in real-time technologies that can be utilized by some very serious businesses. For example, Concurrent is the key supplier of RedHawk Linux for the US Navy’s Aegis cruisers, which are equipped with anti-air, anti-surface, and anti-submarine weapons systems.

The company’s trademark architecture relies on the presence of multiple processors, and the ability to schedule threading between CPUs and cores to ensure higher reliability for user tasks, as opposed to hardware-specific tasks. One way it does this is through a mechanism Concurrent calls processor shielding, which grants higher priorities to selected cores that run user applications…such as anti-submarine algorithmic operations.
Read more…

The downtime experienced by Windows Server 2003 increased 25 percent to nine hours per server per year, while the reliability of mainstream server-based Linux distributions improved significantly, according to a Yankee Group survey.

The 2007-2008 Global Server Operating System Reliability Survey presents a substantially different picture compared to the results of the last such survey in 2006, in which Windows administrators reported less downtime than their counterparts who used Linux — a result that stirred up controversy at the time.

Over 2007 and 2008, Linux distributions from Red Hat and Novell increased reliability by an average of 75 percent, respondents to the survey said.

Downtime on Windows Server 2003, increased by 25 percent, to nearly nine hours per server, per year.
Read more…