+acl ads dstdom_regex -i "/etc/squid.adservers"
+http_access deny ads
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
update-squid-adservers.sh:
#!/bin/sh
### short script that downloads a list of ad servers for use with
### squid to block ads.
###
### details on configuring squid itself can be found here:
###
### http://pgl.yoyo.org/adservers/#withsquid
###
### - originally by Stephen Patterson <steve@lexx.uklinux.net>
### - butchered by Peter Lowe <pgl@yoyo.org>
###
## set things
##
# URL of the ad server list to download
#listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml'
listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex;showintro=0'
# location of the list of ad servers used by Squid
targetfile='/etc/squid.adservers'
# location of a file where hostnames not listed can be added
extrasfile='/etc/squid-extra.adservers'
# command to reload squid - change according to your system
reloadcmd='/etc/init.d/squid reload'
# temp file to use
tmpfile="/tmp/.adlist.$$"
# command to fetch the list (alternatives commented out)
fetchcmd="wget -q $listurl -O $tmpfile"
#fetchcmd="lynx -dump $listurl > $tmpfile"
#fetchcmd="fetch -qo $tmpfile $listurl"
## do things
##
# get a fresh list of ad server addresses for squid to refuse
$fetchcmd
# add the extras
[ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile
# check the temp file exists OK before overwriting the existing list
if [ ! -s $tmpfile ]
then
echo "temp file '$tmpfile' either doesn't exist or is empty; quitting"
exit
fi
# sort and filter out duplicates
sort $tmpfile > $targetfile
# clean up
rm $tmpfile
# delete needed trackers
#sed -i -e '/etracker\\\.de/d' -e '/sitestat\\\.com/d' $targetfile
# restart Squid
$reloadcmd
[ view entry ] ( 1349 views ) | print article
apt-get install ppp
edit /etc/ppp/pap-secrets
/etc/network/interfaces
auto modem
iface modem inet ppp
provider modem
/etc/ppp/peers/modem
ttyS0
38400
connect "/usr/sbin/chat -v -f /etc/ppp/peers/modem.chat"
disconnect "/usr/sbin/chat -v -f /etc/ppp/peers/modem.hangup"
192.168.1.3:192.168.1.1
user USERNAME
noauth
asyncmap 0
crtscts
lock
modem
lcp-echo-interval 30
lcp-echo-failure 4
ipcp-accept-local
ipcp-accept-remote
noproxyarp
noipx
noipv6
nodefaultroute
mru 542
debug
#updetach
demand
idle 120
holdoff 10
/etc/ppp/peers/modem.chat
ABORT BUSY
ABORT "NO CARRIER"
ABORT VOICE
ABORT "NO DIALTONE"
SAY "\nConnecing..."
"" ATDTnumber
TIMEOUT 90
CONNECT ""
SAY "\nConnected.
/etc/ppp/peers/modem.hangup
"" '\K\d'
"" '+++\d'
"" 'ATH\d'
"" 'ATZ'
[ view entry ] ( 1177 views ) | print article
apt-get install isdnutils-base
isdnconfig - choose 1, ippp1 to prevent default gateway to ippp0
/etc/isdn/device.ippp1:
edit all lines marked with XXX_:
LOCALIP=
REMOTEIP=AAA.BBB.CCC.DDD
LOCALMSN=''
REMOTEMSN=XXXXX
LEADINGZERO=''
# FIREWALL RULES (start)
iptables -A OUTPUT -o $device -p tcp --dport 22 -j ACCEPT
# FIREWALL RULES (stop)
iptables -D OUTPUT -o $device -p tcp --dport 22 -j ACCEPT
only ssh should trigger a dialout
/etc/isdn/ipppd.ippp1:
-pap
+chap
name USERNAME
noccp
nolzs
noipdefault
nodefaultroute
mru 1524
mtu 1500
ipcp-accept-local
ipcp-accept-remote
useifip
/etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
USERNAME * PASSWORD
[ view entry ] ( 855 views ) | print article
apt-get install scponly
gunzip /usr/share/doc/scponly/setup_chroot/setup_chroot.sh.gz
chmod 755 /usr/share/doc/scponly/setup_chroot/setup_chroot.sh
cd /usr/share/doc/scponly/setup_chroot/
./setup_chroot.sh /home/USERNAME USERNAME RELATIVE_WRITEABLE_DIR
cp /dev/null /home/USERNAME/dev
maybe cp /etc/groups /home/USERNAME/etc
HINT: login via ssh is not possible BUT PORTFORWARDING
[ view entry ] ( 657 views ) | print article
chroot a user logging in via ssh
apt-get install libpam-chroot
less /usr/share/doc/libpam-chroot/examples/README.example
/usr/share/doc/libpam-chroot/examples/setup-chrootdir-shell.sh
/etc/security/chroot.conf:
+USERNAME /var/chroot/sshd/home/USERNAME
/etc/pam.d/login:
+session required pam_chroot.so
To copy all linked libs (but not libs loaded at runtime) of a programm to our chroot
ldd /usr/bin/pprogram | awk '{if ($3 ~ /^[^ (]/) print $3}' | \
cpio -pdvuL $CHROOTDIR
[ view entry ] ( 498 views ) | print article
<<First <Back | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | Next> Last>>