Monitor apt sources for upgrades

apt-watch 

apt-watch - Monitor apt sources for upgrades

apt-watch is a GNOME applet which will inform you when upgrades are available for your computer. It is similar to Windows Update or the Red Hat Network applet.

Install apt-watch in Debian
#apt-get install apt-watch

checkservice

checkservice - Checks the status of services on (remote) hosts

Checkservice is a simple and fast service checking perl script. It is able to show the results in many ways: by keeping logs, showing it on the PHP status page, output that MRTG can use or warning(plugins) if something is wrong. Checkservice features grouping of hosts, very easy configuration and thorough service checking using checkplugins

Install checkservice in Debian
#apt-get install checkservice

Debian Administration Utilities (Realtime Apache monitoring tool)

apachetop

apachetop - Realtime Apache monitoring tool

Apache top is a curses-based realtime utility to display information from a running copy of Apache.

It is modelled after the standard 'top' utility, and displays information such as the requests pers second, bytes per second
and the most popular URLs displayed.

It must be run from a machine running Apache, as it works by processing the logfiles found in /var/log/apache.

Install apachetop in Debian

#apt-get install apachetop

If you want to monitor your apache log files need to be in /var/log/apache location

Output

last hit: 00:00:00 atop runtime: 0 days, 00:04:05 17:21:05
All: 0 reqs ( 0.0/sec) 0.0B ( 0.0B/sec) 0.0B/req
2xx: 0 ( 0.0%) 3xx: 0 ( 0.0%) 4xx: 0 ( 0.0%) 5xx: 0 ( 0.0%)
R ( 30s): 0 reqs ( 0.0/sec) 0.0B ( 0.0B/sec) 0.0B/req
2xx: 0 ( 0.0%) 3xx: 0 ( 0.0%) 4xx: 0 ( 0.0%) 5xx: 0 ( 0.0%)

Seven ways to troubleshoot Ubuntu

Ubuntu strives to be suitable even for novice Linux users, but as with any operating system, problems will inevitably arise. Resolving issues with an unfamiliar OS can be daunting, but never fear. Plenty of resources exist to help get you back on the right track. Here are just a few ways to troubleshoot your Ubuntu desktop.

1. Use the online help. Clicking the question mark icon in the main menu bar will bring up Ubuntu’s extensive collection of formatted help documents. Use these to get up to speed with major features and applications.

2. Read the documentation. The Ubuntu developers maintain a documentation site athelp.ubuntu.com. The quality of the instruction varies, but it’s a good way to familiarize yourself with the day-to-day workings of a Linux desktop. If you prefer paper manuals, a growing list of volumes is available, including The Official Ubuntu Book, published by Prentice-Hall.

3. Join the forums. By and large, Linux is developed and supported by the open source community. Your fellow users are your first and best resource for answers and advice about your Ubuntu desktop. Become an active participant in the community discussions atubuntuforums.org, and ask your questions there. There’s a good chance that someone else has already experienced the same problems you have and has already begun the discussion -- use the search feature.

4. Search the Web. If the official forums can’t provide the answers you seek, by all means search elsewhere. Ubuntu’s popularity has inspired any number of enthusiasts to produce their own documentation and tutorial Web sites. Much of this advice is high quality.

5. Get paid support. Canonical, the company that maintains the Ubuntu Linux distribution, earns its money by offering enterprise-level support for Ubuntu users. You can purchase a 9-to-5 support contract for yourself or your business, or pay a little more to receive around-the-clock support. Contact Canonical Global Support Services for more information.

6. Enable the remote desktop feature. Under the System > Preferences menu you’ll find an option called Remote Desktop. With this enabled, IT staff (or your Linux-savvy friends) can use an application called a VNC (virtual network computing) client to view and control your PC remotely, in order to help diagnose and fix your problems. Just make sure your firewall is configured to let VNC connections in.

7. Make peace with the command line. Linux newbies dread the prospect of working with a text-based interface, but the command line prompt can be your best friend in a troubleshooting emergency. Although it’s similar to the old MS-DOS command shell, the Unix command line is more complex and also much more powerful. Once you’ve learned to use it, you’ll find that Linux is packed with hidden tools that get you back on your feet when the GUI fails you. A Web search will reveal a number of online tutorials to teach you the basics. To get started, you can access the command line in Ubuntu by launching the Terminal from the Applications > Accessories menu.

Downloading Debian CD/DVD images via HTTP/FTP

Official CD/DVD images of the stable release

To install Debian on a machine without an Internet connection, it's possible to use CD images (650 MB each) or DVD images (4.4 GB each). Download the first CD or DVD image file, write it using a CD/DVD recorder, and then reboot from that.

The first CD/DVD disk contains all the files necessary to install a standard Debian system.
To avoid needless downloads, please do not download other CD or DVD image files unless you know that you need packages on them.

CD

The following links point to image files which are up to 650 MB in size, making them suitable for writing to normal CD-R(W) media:

• amd64
• armel
• kfreebsd-i386
• kfreebsd-amd64
• i386
• ia64
• mips
• mipsel
• powerpc
• sparc
• s390
• source
• multi-arch

DVD

The following links point to image files which are up to 4.4 GB in size, making them suitable for writing to normal DVD-R/DVD+R and similar media:

• amd64
• armel
• kfreebsd-i386
• kfreebsd-amd64
• i386
• ia64
• mips
• mipsel
• powerpc
• sparc
• s390
• source
• multi-arch

Squid content filtering: Block / download of music MP3, mpg, mpeg, exec files

Q. For security and to save bandwidth I would like to configure Squid proxy server such way that I do not want my users to download all of the following files:
MP3
MPEG
MPG
AVG
AVI
EXE

How do I configure squid content filtering?

A. You can use squid ACL (access control list) to block all these files easily.

How do I block music files using squid content filtering ACL?

First open squid.conf file /etc/squid/squid.conf:

# vi /etc/squid/squid.conf
Now add following lines to your squid ACL section:

acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
You want display custom error message when a file is blocked:
# Deny all blocked extension
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles

Save and close the file.

Create custom error message HTML file called ERR_BLOCKED_FILES in /etc/squid/error/ directory or /usr/share/squid/errors/English directory.
# vi ERR_BLOCKED_FILES
Append following content:

<HTML>
<HEAD>
<TITLE>ERROR: Blocked file content</TITLE>
</HEAD>
<BODY>
<H1>File is blocked due to new IT policy</H1>
<p>Please contact helpdesk for more information:</p>
Phone: 555-12435 (ext 44)<br>
Email: helpdesk@yourcorp.com<br>

Caution: Do not include HTML close tags </HTML> </BODY> as it will be closed by squid.
Now create /etc/squid/blocks.files.acl file:
# vi /etc/squid/blocks.files.acl
Append following text:
\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$

Save and close the file. Restart Squid:
# /etc/init.d/squid restart

Squid in action:

Block Torrent Files on Squid Proxies

Block Torrent Files on Squid Proxies

"BitTorrent is a peer-to-peer file sharing protocol used for distributing large amounts of data. BitTorrent is one of the most common protocols for transferring large files, and it has been estimated that it accounts for approximately 27-55% of all Internet traffic (depending on geographical location) as of February 2009" (see Wikipedia.org).

1. BitTorrent and Downloads

BitTorrent is a decentralized network to provide files of any size to other internet users. You may use BitTorrent as a powerful successor of FTP servers with the additional features (highly available download resources and contents are findable via search engines). E.g. the major Linux distributions are available via the BitTorrent network.

Beside these and other nice features there is a dark side that may be considered then providing internet access to employees or customers. A number of users are using the BitTorrent network to distribute contents for free by breaking national and international law. This is a problem that is not dedicated to BitTorrent but if you decide to restrict internet access for your users and you are running a Squid proxy server you may build up a basic barrier to prevent the download of torrent files containing meta data required for finding resources in the BitTorrent network.

2. Configure your Squid Proxy

To prevent your users to download torrent files, you have to add the following lines to your squid configuration file. The new rules will prevent users from downloading contents specified in a separate file called/etc/squid/extensiondeny.

acl extensiondeny url_regex -i "/etc/squid/extensiondeny"
acl download method GET
http_access deny extensiondeny download
http_access deny extensiondeny

The file  /etc/squid/extensiondeny will contain regular expressions. If one of these expressions matches the download request squid will veto and will not provide the requested contents. Example of a basic configuration entry.

\.torrent$

This regular expression will match file names with the extension '.torrent'.

Port forwarding for iptables (DMZ)

If you have a network gateway which is running Linux you might sometimes want to allow access to machines behind it from the internet.
This is simple enough to do with iptables, which you will probably be using for the gateway's normal operation anyway.
Normally you'd deny all incoming connections to a gateway machine as opening up services and ports could be a security risk.
If you have a gateway machine and wish to forward connections on port 80 to an internal machine then you'd create the following rules:

iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.50:80
iptables -A INPUT -p tcp -m state --state NEW --dport 80 -i eth1 -j ACCEPT

These two rules are fairly simple - the first says that all incoming tcp connections arriving destined for port 80 should be sent to the internal machine 192.168.1.50 (also on port 80).
This rule alone doesn't do the job though, we also have to accept the incoming connection. This is the job of the second rule which says that new connections on port 80 should be accepted on the external device eth1.
To increase security you could limit this forwarding to only work when connections are coming from a particular address with the use of the "--source" flag:

iptables -A PREROUTING -t nat -i eth1 -p tcp --source 11.22.33.44 \
--dport 80 -j DNAT --to 192.168.1.50:80