Hello Reader,
Thanks for your interest in this blog.
See you there (redirecting ......).
13 October, 2008
09 October, 2008
Virtual Machine on Fedora
Fedora comes with a virtual machine manager( similar to vmware products) which enables you to create a virtual machine and run various other operating system. I tried installing Windows XP on a virtual machine created using virt-manager in my Fedora. Key steps to begin ..
- Make sure libvirtd demon is running
- Allocate the space as per your needs viz hard disk, RAM etc
- This one is the key step, do not forget to add a cdrom (/dev/hdc) pointning to iso image of Windows XP Disc, as after the first boot, XP installation searches for the Windows XP disk and it cannot read the host's CDROM.
Everything goes on smooth with all these parameters.
25 September, 2008
SELinux, Apache and Postgres SQL Connectivity
Recently, I decided to migrate the work from Apache windows to the Apache running on my Vmware fedora machine. Everything was supposed to work like a charm. Unfortunately, it did not. The perl in the cgi-bin directory was throwing internal server error 500. The apache error log indicated 'permission denied to create a socket', 'premature end of the script headers'. The stuff was supposed to be retrieved from postgres sql database by the perl thingy. It appeared to me that database server is not allowing my IP address to establish a connection, as recomended by pgadmin as well. After a successful entry of my IP in the conf file of postgres database server, problem still persisted. I tried almost everything, changing the file owner to apache, suexec in apache and hell lots of other possibilities. Then in the trial process I noticed a small pop up in the corner of the window, SELinux denial. SELinux is an enhanced feature in Linux, that can put restrictions on your applications in apache making database connection, nmap, access to network filesystem and lots and lots more. After giving apache persmission to make database connections, the error was resolved and application ran smoothly.
21 September, 2008
SQUID Proxy Server Authenticated Mode
We run a squid proxy server at our two system network at home :) in unauthenticated mode. I was just going through the squid logs at /var/logs/squid/access.log, and I saw few miscreant IPs eating up my network bandwith by using our proxy server. Then, I decided to tune up the authentication mode for squid proxy server. Squid doesn't have its authentication module and we need to us LDAP,PAM or NCSA. I came accross NCSA based authentication at http://www.cyberciti.biz/tips/linux-unix-squid-proxy-server-authentication.html. Given below. It worked very well in our case.
Configure an NCSA-style username and password authentication
I am going to assume that squid is installed and working fine.
Tip: Before going further, test basic Squid functionality. Make sure squid is functioning without requiring authorization :)
Step # 1: Create a username/password
First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of squid users.
# htpasswd /etc/squid/passwd user1
Output:
New password:
Re-type new password:
Adding password for user user1
Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd
Step # 2: Locate nsca_auth authentication helper
Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:
# dpkg -L squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
# rpm -ql squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
Step # 3: Configure nsca_auth for squid proxy authentication
Now open /etc/squid/squid.conf file
# vi /etc/squid/squid.conf
Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Make sure that you do not have any other http_access statement.
Save and close the file.
Where,
* auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
* auth_param basic children 5 : The number of authenticator processes to spawn.
* auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
* auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
* auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
* acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
* http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.
Restart squid:
# /etc/init.d/squid restart
Configure an NCSA-style username and password authentication
I am going to assume that squid is installed and working fine.
Tip: Before going further, test basic Squid functionality. Make sure squid is functioning without requiring authorization :)
Step # 1: Create a username/password
First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of squid users.
# htpasswd /etc/squid/passwd user1
Output:
New password:
Re-type new password:
Adding password for user user1
Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd
Step # 2: Locate nsca_auth authentication helper
Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:
# dpkg -L squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
# rpm -ql squid | grep ncsa_auth
Output:
/usr/lib/squid/ncsa_auth
Step # 3: Configure nsca_auth for squid proxy authentication
Now open /etc/squid/squid.conf file
# vi /etc/squid/squid.conf
Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Make sure that you do not have any other http_access statement.
Save and close the file.
Where,
* auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
* auth_param basic children 5 : The number of authenticator processes to spawn.
* auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
* auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
* auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
* acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
* http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.
Restart squid:
# /etc/init.d/squid restart
16 September, 2008
Vaccum kills us, space kills javascript
I was exporting certain attributes viz roadname, ids, ways etc which were of alphanumeric type by appending them with a '+' charachter from my server side perl program to the javascript program at the client. The firebug popped up, unterminated string literal, lets see whats that .... Googling did not turned out to be of much help. I tried making the string short, taking into an array etc. Sometimes it worked, sometimes it did not. Amazed, I came to a stupid conclusion on the size of the arguments that need to be passed. Perhaps, that was not the cause.On of my appended field was having a space, and string thereafter was considered as a different argument by javascript. Due to mismatch in the number of arguments for that js function, it was breaking. Such a silly mistake !!! :).
Hence, Vaccum kills us, space kills javascript or rather any function in any damn
language.
language.
09 September, 2008
Firebug, turned out to be a real bug
Firebug, an addon for the popular web browser firefox became a pain in the a** once at work. It helps you to monitor HTTP request - response, Web Design layout etc. We were trying to make certain changes in our javascript file and review the changes. Clear the private data ( Ctrl-Shift-Delete), restart the browser, we tried almost everything . Later on after breaking head for sometime, we found out that firebug maintains its own cache of all the images, js and other component files being loaded that needs to be cleared in the console and the net tabs.
So folks, if you use firebug with firefox , better be watchful else keep scratching your head. :)
So folks, if you use firebug with firefox , better be watchful else keep scratching your head. :)
Subscribe to:
Posts (Atom)
