Friday, August 30, 2013

Samba Restrict File Sharing To Particular Users or Network Addresses

hosts allow: Samba Configuration
Open your smb.conf file and add the following line to [share]
[share]
  hosts allow = 192.168.2. 127.0.0.1
valid users: Samba Configuration
Open your smb.conf file and add the following line to [share]
[share]
  valid users = user1 user2 @group1 @group2
read only & write only: Samba Configuration
You can also set read and write access to set of users with the read list and write list directives.
[share]
     read only = yes
     write list = user1 user2 @group1 @group2
Examples
Make [sales] share read only but allow user tom and jerry to write it:
[sales]
     comment = All Printers
     path = /nas/fs/sales
     read only = yes
     write list = tom jerry
You can also configure iptables to allow access to the Samba server
Posted by at No comments:

Thursday, August 15, 2013

Lightsquid : Monitoring SQUID users


Install LightSquid to generate Squid Log Report.

 In Redhat 6.4

[1]Install LightSquid
[root@prox ~]# 
yum --enablerepo=epel -y install lightsquid lightsquid-apache 
  
# install from EPEL
[root@prox ~]# 
vi /etc/httpd/conf.d/lightsquid.conf
<Directory /usr/share/lightsquid/cgi>
     DirectoryIndex index.cgi
     Options ExecCGI
     AddHandler cgi-script .cgi
     AllowOverride None
     
# IP address you permit

     Order Deny,Allow
     Deny from all
     Allow from 127.0.0.1 10.0.0.0/24
</Directory>
[root@prox ~]# 
/etc/rc.d/init.d/httpd restart 

Stopping httpd: [ OK ]
Starting httpd: [ OK ]
# generate log report

[root@prox ~]# 
/usr/sbin/lightparser.pl
# log report is generated every day by cron
[2]Access to "http://(server's hostname or IP address)/lightsquid/" with web browser


IN Redaht 5

1. Download the lightsquid from “http://lightsquid.sourceforge.net/”
2. Install apache and start it
3. Copy the lightsquid folder to any web location like ” /var/www/html/”
4. Add an entry like as below in httpd.conf
#vi /etc/httpd/conf/httpd.conf   
 <Directory "/var/www/html/lightsquid">
   AddHandler cgi-script .cgi
   AllowOverride All
   deny from all
   allow from <my ip>
   </Directory>
Configuring lightsquid
A. Switch to lightsquid directory and check necessary perl libraries are present.
[root@rc-009 lightsquid]# perl check-setup.pl
LightSquid Config Checker, (c) 2005-9 Sergey Erokhin GNU GPL
LogPath   : /var/log/squid
reportpath: /var/www/html/lightsquid/report
Lang      : /var/www/html/lightsquid/lang/eng
Template  : /var/www/html/lightsquid/tpl/base
Ip2Name   : /var/www/html/lightsquid/ip2name/ip2name.simple
all check passed, now try access to cgi part in browser
[root@rc-009 lightsquid]#
Pls note you may need to install perl “CGI” and “GD” library. GD is an optional to enable graph support. Sometime you may get error as follows,
Can’t locate CGI.pm in @INC (@INC contains: /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
Solution is
[root@rc-009 lightsquid]# perl -MCPAN -e shell
Terminal does not support AddHistory.
cpan shell -- CPAN exploration and modules installation (v1.7602)
ReadLine support available (try 'install Bundle::CPAN')
cpan> install CGI
cpan> install GD
B. Set the scheduler to parse the squid log file.
a. Open the “lighsquid.cfg ” file and verify the squid log path is correctly set. You may also change the certain values as you wish like to get best graph size change the value to “$graphmaxall=3.50*(1024*1024*1024);” etc.
  $logpath             ="/var/log/squid";
b. Set the cronjob as follows
#crontab -l
        */50 * * * * /usr/bin/perl /var/www/html/lightsquid/lightparser.pl >/dev/null 2>&<code>
<strong>C. Customize the User-IP mapping file</strong>
      You need to  add all the users entry inside the "realname.cfg" file 
       Eg: < IP>    <User name >
      <code>[root@rc-009 lightsquid]# grep "Liju"  realname.cfg
      192.168.0.14    Liju
You may also create groups by editing group.cfg. Add the entry like this
#cat  group.cfg
           Liju      01 SysAdmin
           Arun    01   SysAdmin
           Jacob  02    Support 
           Tom   02         Support
That’s it. Try to run the parser to get first report.
/usr/bin/perl /var/www/html/lightsquid/lightparser.pl
Now it’s your turn to keep eye on user’s activity. Access the lightsquid over the ip ie http://squidserver ip/lightsquid

Thanks 



Posted by at No comments:
Subscribe to: Posts (Atom)