Monday, December 20, 2010

Installing and Configuring ISCSI Initiator on Ubuntu 10.10

To configure the iSCSI initiator on Ubuntu 10.10, do the following:

1. Install the initiator software if not already done: sudo apt-get install open-iscsi.

2. Edit the iscsi configuration file. It is located under /etc/iscsi
a. Set the startup to automatic by removing the comment from node.startup = automatic
b. Turn off the manual startup by placing a comment in front of node.startup = manual

3. Restart the initiator by executing sudo /etc/init.d/open-iscsi restart

4. Configure the iscsi target:
a. Execute iscsiadm -m discovery -t st -p <target_ip>. This will discover the target. It will create a configuration file under /etc/iscsi/nodes. THere will be a separte folder for each target and then for each interface.
b. If username and password are required by the target, edit the config files by executing the following series of commands:
iscsiadm -m node --targetname "iqn.2001-04.com.example:storage.lun1" --portal "<target_ip>:3260" --op=update --name node.session.auth.authmethod --value=CHAP
iscsiadm -m node --targetname "iqn.2001-04.com.example:storage.lun1" --portal "<target_ip>:3260" --op=update --name node.session.auth.username --value=someuser
iscsiadm -m node --targetname "iqn.2001-04.com.example:storage.lun1" --portal "<target_ip>:3260" --op=update --name node.session.auth.password --value=secret

5. Restart the initiator by executing sudo /etc/init.d/open-iscsi restart

You should now be connected to the target. Verify by executing fdisk -l. You should now see the disk. Using fdisk utilites partition as desired.

Tuesday, December 14, 2010

Installing and Configuring SQUIDGUARD on Ubuntu 10.10

Squidguard is a content filtering daemon that working in conjunction with Squid proxy on Linux. Many articles have been written that discusses installation and configuration. Most notably for Ubuntu see https://help.ubuntu.com/community/SquidGuard. This document briefly outlines what I did to get it working in my environment.

1. sudo apt-get install squid

2. sudo apt-get install squidguard

3. sudo apt-get update && sudo apt-get upgrade

This install squid and squidguard on the system. The following are the working directories and files

/etc/squid - squid and squidguard configuration folders

/usr/bin/squidGuard - application file

/var/log/squid - default squid and squidguard logging folder

/var/lib/squidguard/db - location of blocking database files

Now to go to the configuration...

1. Download a list of publicly available database blacklists. In my case I got them from urlblacklist.com.

2. As root, extract the contents into /var/lib/squidguard/db. The compressed file has a blacklist subfolder in it. Copy the items under this compressed subfolder into /var/lib/squidguard/db. The folder structure should now be /var/lib/squidguard/db/<category>.

3. As root, alter the ownership of all files in /var/lib/squidguard/db and under to the proxy account. Issue the command sudo chown -R proxy:proxy /var/lib/squidguard/db to accomplish this.

4. Change permissions on all of these files using the command sudo chmod -R 755 /var/lib/squidguard/db. While this is not the most secure thing, it's the only way I got it to work.

5. Modify the squid.conf file in /etc/squid to do the following:
a. Locate the url_rewrite_program line to read url_rewrite_program /usr/bin/squidGuard –c /etc/squid/squidGuard.conf
b. Uncomment #http_access allow localnet
c. Add visible_hostname localhost

6. Save the squid.conf file

7. Alter the squidGuard.conf file in /etc/squid to perform the following:
a. Remove all entries after logdir /var/log/squid
b. Add category definitions and acl lists in the following format:

dest <category_name> {
domainlist <category_name>/domains
urllist <category_name>/urls
}
acl {
default {
pass !<category_name>
redirect http://<url_of_blocking_page>
}

}

Note: THis file can have multiple dest categories. The category_names are those extracted in step 2. If blocking multiple categories, specify those as multiple category entries in the acl section. For noob's (!) means to block the list contents

8. Save the file and change the owner to proxy by issuing the command sudo chown proxy:proxy /etc/squid/squidGuard.conf

9. Issue the following commands to change permissions on these required files:

chmod 644 /etc/squid/squidGuard.conf
chmod -R 644 /var/log/squid/
chmod 755 /var/log/squid

10. Import all definitions configured in squidGuard.conf by issuing the command sudo squidGuard -C all.

11. Restart squidguard by issuing sudo squid -k reconfigure

12. Verify proper startup by reviewing the logs in /var/log/squid/squidGuard.log

Squidguard is now configured. Set the client to proxy all requests through <squid_server>:3128