Category Archives: Linux
WeBWorK with Moodle
What is WeBWorK ?
WeBWorK is an open-source web based homework system for math and sciences courses. WeBWorK is supported by the MAA (Mathematical association of America) and the NSA (National Science Foundation) and comes with a NPL (National Problem Library) of over 20,000 homework problems. Webwork can be used for college algebra, discrete mathematics, probability and statistics, single and multivariable calculus, differential equations, linear algebra and complex analysis.
Brief history of WeBWorK
Webwork is being used in many colleges and universities. This application has been developed and maintained by mathematicians since 1994 with the goal of providing a robust, flexible mathematically capable online homework system for science and math educators.
Webwork being open source, allow users and organizations to deploy and work with it for free on their own servers.
Running pdnsd with split dns, bind and windows dns for your internal network
As a follow up to my last post on installing and configuring a sample pdnsd setup for cache only dns server, I wanted to share the context I made my setup in.
In our scenario we have a windows AD environment supporting all windows workstations and domain authentication. We also have a bind dns server on the side where we update all other local dns server entry for various servers.
We have placed couple of pdnsd server to process all dns requests from the local network
All dns requests are served by pdnsd server, while pdnsd server forwards appropriate requests to appropriate server and cache the data as per the systems configuration.
pdnsd Server: 192.168.XXX.99 Active directory dns1: 192.168.XXX.X1 Active directory dns2: 192.168.XXX.X2 Bind dns: active directory dns1: 192.168.XXX.X2
Read the rest of this entry
Howto pdnsd on redhat/centos from Source
What is pdnsd
pdnsd is a cache only name server can be used independently or alongside your authoritative name server for faster name lookup.
pdnsd does not aim to be a complete name server implementation, such as the BIND. It is optimized for caching, and you can only specify a small subset of all dns record types pdnsd knows in your local “zone” definitions. This of course reduces the code size drastically, and such the memory footprint. There are some features especially interesting for dialin networks, ordinary (non-server) internet hosts and computers that are often not connected to to their network, e.g. notebooks (I originally wrote this program for use with my notebook). These features are:
- permanent disk cache (useful for frequent power-offs/reboots)
- usually smaller memory footprint (depends on cache size) (see next question)
- better control about timeouts (also to prevent hangs)
- better control over the cache
- better run-time control of the cached records
Content control software/ Web Content filtering using SquidGuard for enterprise network
Content filtering for enterprise network or educational institution can be a mandatory requirement in many institutions/organizations. Besides filtering web content by category, content control/filtering software can also helps us to filter out malware and virus sites, unwanted advertisements etc. Finding the right product and making it work for your organization can be a challenge. Click to find a list of content control software. When I first tried to implement content filtering system in my organization, the biggest challenge was to find the right product and get a demo running to check the integration aspects. After spending significant amount of time to identify a content filtering system that best fits my organization I did not get enough support from the local vendors. So later one decided to go with Squid Proxy with SquidGuard (some thing I used before). This works out very well for me. Besides being a little heavy on administration side, I have not much to complain about. This content filter can sit on the network as a proxy server and filter all web traffic as per the organization policy.
Educational institutors in many part of the world are bound by the law to protect children from inappropriate Internet contents. In business organizations or organizations of any type, Internet resources can be filtered for unwanted advertisements, malware, virus, pornography sites etc. Web content filtering or content control software is a smart way to address these issues and help enforce organizations policy and protect the network and its users.
Some of the categories that can be used to guide browsing behaviors are following
Advertisements, automobile, dating, education, gamble, hobby, isp, models, podcasts, recreation, ringtones, shopping, updatesites, weapons, webtv, aggressive, chat, downloads, finance, homestyle, jobsearch, movies, politics, redirector, science, socialnetwork, urlshortener, webmail, alcohol, drugs, fortunetelling, government, hospitals, library, music, pornography, religion, searchengines, spyware, violence, webphone, anonymous vpn, hacking, imagehosting, military, news, radio, tv, remotecontrol, sex, tracker, warez, webradio and more. These lists can be used to allow or disallow certain category of sites
SquidGuard implementation for enterprise network
SquidGuard is a content filtering tool used in enterprise network to control/filter sites that end users/hosts can access.
SquidGuard is built to work as a plug-in for squid. It uses black lists and url redirection technology to make this content filter work.
There are many free/paid black lists available in the internet, that SquidGuard can work with. These black lists includes, list of url and domain, usually categorized into content group such as advertising, chat, social network, proxy, porn, webmail, education and many more.
We see content filtering requirements in educational institutions, corporate network etc.
SquidGuard is open source, works with your Squid Proxy server. I have done my implementation on Redhat EL 5.x with squid 2.6
Squid transparent proxy for https / ssl traffic
We use transparent proxy is when we want to avoid getting into client side proxy configuration or force the users traffic through proxy server.
Some of the key reasons/advantage of using a transparent proxy can be following
- Cashing of the web contents and DNS lookup
- Access control to internet resources (who can access)
- Client bandwidth control/ proxy level QOS
- Assist with content filtering (like SquidGuard)
- Maintaining client access log for security compliance
- Protecting client machines from direct exposure to Internet
Setting up a transparent proxy for http(clear web traffic with no encryption) is a simple job.
Setting up Web Proxy Autodiscovery Protocol (WPAD) using DNS
In order to use the DNS only method to setup Web Proxy Autodiscovery Protocol (WPAD) you need to check on the following
- To use WPAD using DNS method a DNS entry is needed for a host named WPAD. This name should be resolvable from the clients machine
- Web server must be configured to serve the WPAD file with a MIME type of “application/x-ns-proxy-autoconfig”
- A file named wpad.dat must be located in the WPAD Web server’s root directory.
- The host at the WPAD address must be able to serve a Web page.
- So if you are a member of example.com domain the browser is looking for this url for the PAC file http://wpad.example.com/wpad.dat
Setting up Automatic Proxy Configuration (PAC) file
I tried to make this tutorial for users with medium to advance linux administrative skills. Even if you are not one of those one of them feel free to leave a comment and I shall try to help you out.
To make your Proxy Auto Configuration APC work you need a PAC file and a server to host it.
We shall do it in the following steps
- Write a PAC file with appropriate proxy configuration
- Hosting the file: Put it on a web server where the client browser can access it
- Setting up client browser for suing the PAC file to get and use proxy configuration
- Check if the traffic is going through the proxy server
Proxy auto configuration for an enterprise network
Proxy servers are commonly used in corporate network. I prefer using squid proxy, probably one of the most robust, feature rich proxy servers out there.
I usually use web proxy servers (squid) for end users are used for the following reason
- Cashing of the web contents and DNS, which helps with Internet bandwidth optimization and Faster website load time
- Access control to internet resources, client bandwidth control
- Assist with content filtering (like SquidGuard)
- Maintaining client access log for security compliance
- Protecting client machines from direct exposure to Internet
Setting up proxy server setting in all client machine can be a time consuming business, if we have to manually configure and maintain each and every browser running on the network. However running a transparent proxy on the gateway is a quick and easy to way ensure all traffic goes through proxy server.
Essential tcp ip network tools, network Swiss army knife
Being a Network administrators, systems administrators we always like to have some tools handy to look into, troubleshoot or just to figure things out. There are many open source, free tools available specialized for different purposes
In this blog I shall attempt to list some of them, give a brief description and list the available platform. I prefer to run these tools from a laptop on both windows and linux platform. I also prefer to have the ability to carry them around in a pen drive in a portable format. Linux boot disks are also useful in these cases
The basic tools to check tcp/ip
Ping is the most basic tool we use to check connectivity. We also use arp to check the local broadcast domain and the arp resolution table. traceroute(linux)/tracert(windows) is used to check the path to the destination host. “mtr” is a powerful tool to view the network part for a longer period of time, usually installed as an additional package. Windows version of mtr is also available, even a portable version. One more useful tool comes mostly of out the box is nslookup (windows and linux) and dig for linux; they are very useful troubleshooting identifying dns related investigation. “whois” is one more tool useful to find out more in some ip or domain name, owner, contact authority, as number etc. Last but not the least netstat available both in windows and linux is a useful tool to find out the local network status easily. A follow the link for a detail tutorial on how to use these basic tools.
OpenVAS Screen shot
