作業請放在--更換密碼、大頭貼--資料夾
3排8顆蘋果
派大星走路
彈簧床
作業請放在--更換密碼、大頭貼--資料夾
2016年8月30日 星期二
2016年8月26日 星期五
2016年8月23日 星期二
解決使用SFS3 LDAP模組學校密碼到期問題-潘爸的喃喃自語
因為改版的緣故,現在學務系統密碼使用滿30天會提示更改
但是使用LDAP學校因為必須停用該頁面,會導致使用者登入後無權限存取,
而跳出帳號密碼登入畫面,使用者會以為自己沒有登入成功
但是因為LDAP不是官方模組
所以必須要自救
解決的方式是在
/var/www/html/sfs3/modules/chpass/teach_cpass.php2 /var/www/html/sfs3/modules/chpass/teach_cpass.php
的前面加上一行
<meta http-equiv="refresh" content="0;url=http://sfs3.??es.tc.edu.tw/sfs3/" />
但只做這樣更新就沒了
所以要限制這個檔案不能被覆蓋
下這個指令
chattr +i /var/www/html/sfs3/modules/chpass/teach_cpass.php
但是因為怕偶爾這個檔案會有更新
所以一段時間得拿掉標記
chattr -i /var/www/html/sfs3/modules/chpass/teach_cpass.php
更新過學務系統再把前面的轉址補回去
但是使用LDAP學校因為必須停用該頁面,會導致使用者登入後無權限存取,
而跳出帳號密碼登入畫面,使用者會以為自己沒有登入成功
但是因為LDAP不是官方模組
所以必須要自救
解決的方式是在
/var/www/html/sfs3/modules/chpass/teach_cpass.php2 /var/www/html/sfs3/modules/chpass/teach_cpass.php
的前面加上一行
<meta http-equiv="refresh" content="0;url=http://sfs3.??es.tc.edu.tw/sfs3/" />
但只做這樣更新就沒了
所以要限制這個檔案不能被覆蓋
下這個指令
chattr +i /var/www/html/sfs3/modules/chpass/teach_cpass.php
但是因為怕偶爾這個檔案會有更新
所以一段時間得拿掉標記
chattr -i /var/www/html/sfs3/modules/chpass/teach_cpass.php
更新過學務系統再把前面的轉址補回去
2016年8月15日 星期一
IPADDR=192.168.7.254--IPADDR=10.209.1.254--GATEWAY=163.17.209.254
IPADDR=192.168.7.254--GATEWAY=163.17.209.254
DEVICE=eth1
TYPE=Ethernet
UUID=9f069484-0db4-4838-9fd4-47cea6d639ff
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=00:0C:29:20:F4:68
NETMASK=255.255.0.0
IPADDR=192.168.7.254
PREFIX=16
GATEWAY=163.17.209.254
DNS1=163.17.209.1
DOMAIN=wcjs.tc.edu.tw
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth1"
IPADDR=10.209.1.254--GATEWAY=163.17.209.254
DEVICE=eth2
HWADDR=00:0c:29:16:50:e4
TYPE=Ethernet
UUID=a6efb302-9a9f-45ed-a3ab-c2bcb68f667c
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
USERCTL=no
PEERDNS=yes
IPV6INIT=no
IPADDR=10.209.1.254
NETMASK=255.255.0.0
DNS2=163.17.40.1
GATEWAY=163.17.209.254
DNS1=163.17.209.1
DEVICE=eth1
TYPE=Ethernet
UUID=9f069484-0db4-4838-9fd4-47cea6d639ff
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=00:0C:29:20:F4:68
NETMASK=255.255.0.0
IPADDR=192.168.7.254
PREFIX=16
GATEWAY=163.17.209.254
DNS1=163.17.209.1
DOMAIN=wcjs.tc.edu.tw
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth1"
IPADDR=10.209.1.254--GATEWAY=163.17.209.254
DEVICE=eth2
HWADDR=00:0c:29:16:50:e4
TYPE=Ethernet
UUID=a6efb302-9a9f-45ed-a3ab-c2bcb68f667c
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
USERCTL=no
PEERDNS=yes
IPV6INIT=no
IPADDR=10.209.1.254
NETMASK=255.255.0.0
DNS2=163.17.40.1
GATEWAY=163.17.209.254
DNS1=163.17.209.1
2016年8月12日 星期五
【Linux】在 CentOS 6 上安裝 LDAP Server 2.4
最近因任務需求必須將 LDAP Server 從 FreeBSD 移至 CentOS 上面,做個簡單的小筆記
原則上在 CentOS 下安裝 OpenLDAP 是件很輕鬆的事,用 YUM 裝一下就好了,我的環境如下
CentOS:6. x86_64
OpenLDAP:2.4.40
####################
yum install -y openldap-servers openldap-clients openldap-devel
/bin/cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG -f
#/bin/cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf -f
複製前一版slapd.conf.obsolete
/bin/cp /163.17.209.1/etc/slapd.conf.obsolete /etc/openldap/slapd.conf -f
slappasswd
###################
/bin/cp /163.17.209.1/etc/openldap/slapd.conf /etc/openldap/. -f
vim /etc/openldap/slapd.conf
change root password
####################################
/bin/cp /163.17.209.1/etc/rsyslog.conf /etc/. -f
mkdir /etc/openldap/ldif
/bin/cp /163.17.209.1/etc/openldap/ldif/base.ldif /etc/openldap/ldif/. -f
vim /etc/openldap/ldif/base.ldif
###########################################
rm -rf /etc/openldap/slapd.d/*
############建立架構########################
slapadd -v -l /etc/openldap/ldif/base.ldif
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d
chown -R ldap:ldap /var/lib/ldap
chown -R ldap:ldap /etc/openldap/slapd.d
systemctl start slapd.service
systemctl status slapd.service
systemctl enable slapd.service
##############################################
ldapsearch -x -b "dc=wcjs,dc=tc,dc=edu,dc=tw"
############################################
rm -rf /var/lib/ldap/*
cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
############匯入資料####/home/lia/slapcat/y/20150301ldap.ldif####################
############匯入資料####/home/lia/slapcat/y/20150301ldap.ldif####################
############匯入資料####/home/lia/slapcat/y/20150301ldap.ldif####################
############匯入資料####/home/lia/slapcat/y/20150301ldap.ldif####################
slapadd -v -l /163.17.209.1/etc/ldap.ldif.1
chown -R ldap:ldap /var/lib/ldap
systemctl restart slapd.service
firewall-cmd --add-service=ldap --permanent
firewall-cmd --reload
####################
2016年8月11日 星期四
Configure DHCP ( Dynamic Host Configuration Protocol ) Server.
yum -y install dhcp
cp /163.17.209.1/etc/dhcp/dhcpd.conf /etc/dhcp/.
vim /etc/dhcp/dhcpd.conf
ddns-update-style none;
ignore client-updates;
option nis-domain "wcjs.tc.edu.tw";
option routers 163.17.209.254;
option domain-name "w252.wcjs.tc.edu.tw";
option domain-name-servers 163.17.209.1, 168.95.1.1, 8.8.8.8;
option time-offset -18000; # Eastern Standard Time
default-lease-time 28800;
max-lease-time 28800;
authoritative;
subnet 163.17.209.0 netmask 255.255.255.0 {
range dynamic-bootp 163.17.209.75 163.17.209.200;
host Epson6500 {
hardware ethernet 00:00:48:cc:9b:e5;
fixed-address 163.17.209.81;
}
}
systemctl start dhcpd
systemctl status dhcpd
systemctl enable dhcpd
firewall-cmd --add-service=dhcp --permanent
firewall-cmd --reload
cp /163.17.209.1/etc/dhcp/dhcpd.conf /etc/dhcp/.
vim /etc/dhcp/dhcpd.conf
ddns-update-style none;
ignore client-updates;
option nis-domain "wcjs.tc.edu.tw";
option routers 163.17.209.254;
option domain-name "w252.wcjs.tc.edu.tw";
option domain-name-servers 163.17.209.1, 168.95.1.1, 8.8.8.8;
option time-offset -18000; # Eastern Standard Time
default-lease-time 28800;
max-lease-time 28800;
authoritative;
subnet 163.17.209.0 netmask 255.255.255.0 {
range dynamic-bootp 163.17.209.75 163.17.209.200;
host Epson6500 {
hardware ethernet 00:00:48:cc:9b:e5;
fixed-address 163.17.209.81;
}
}
systemctl start dhcpd
systemctl status dhcpd
systemctl enable dhcpd
firewall-cmd --add-service=dhcp --permanent
firewall-cmd --reload
CentOS 7.2 Proxy Server (Squid) 安裝及基本設定(一)
yum -y install squid
cp /163.17.209.1/etc/squid/squid.conf /etc/squid/.
vim /etc/squid/squid.conf
# add follows to the end
request_header_access Referer deny all
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all
# do not display IP address
forwarded_for off
chown -R squid:squid /cache1
systemctl start squid
systemctl status squid
systemctl enable squid
firewall-cmd --add-service=squid --permanent
firewall-cmd --reload
cp /163.17.209.1/etc/squid/squid.conf /etc/squid/.
vim /etc/squid/squid.conf
# add follows to the end
request_header_access Referer deny all
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all
# do not display IP address
forwarded_for off
chown -R squid:squid /cache1
systemctl start squid
systemctl status squid
systemctl enable squid
firewall-cmd --add-service=squid --permanent
firewall-cmd --reload
CentOS 6.8 Proxy Server (Squid) 安裝及基本設定(一)
網頁代理伺服器 (Squid)
利用yum 安裝即可
指令:
yum install squid -y
/bin/cp /163.17.209.6/etc/squid/squid.conf /etc/squid/. -f chown -R squid:squid /cache1
service squid restart
預設設定檔路徑 /etc/squid/squid.conf
預設使用 port : 3128 (可自行修改)
啟動服務指令 : service squid start
檢查 port 3128 有沒有正常開啟
指令 : netstat –antp
一些常用基本設定
修改/etc/squid/squid.conf
1. 設定開啟快取目錄
快取目錄就是squid 的硬碟,當USER要求網頁資料時,squid 就快將資料存放置快取目錄如果使用者連線到網站時,squid 會先檢查快取目錄是否有相同的資料,如果有相同資料就不會去網路下載一份, 而是直接將快取目錄中的資料給使用者,如果又有另外一個USER要求相同的網頁資料,但是squid如果發現網頁內容有變動也會自動去下載一份新版資料放置快取區
cache_dir ufs /var/spool/squid 100 16 256 (預設不啟用,移除#將他起用)
如過要將cache 修改為2G 則
cache_dir ufs /var/spool/squid 2000 16 256
2.設定自動清除快取資料
- cache_swap_low 90
- cache_swap_high 95
以上設定表示當磁碟使用量達 95% 時,比較舊的快取資料將會被刪除,當刪除到剩下磁碟使用量達 90% 時,就停止持續刪除的動作
3.清除快取資料
- 須先停止squid 服務 —-> service squid stop
- 切換到快取目錄 cd /var/spool/squid
- 刪除 sqap.state —-> rm –rf /var/spool/squid/swap.state
- 刪除後重新啟動服務即可 —-> service squid start
Squid ACL 設定
限制單一IP(192.168.1.150)無法連線
acl test src 192.168.1.150/32
http_access deny test
說明 :
test 是自訂名稱,上下兩個名稱要一致才可以
限制某一區段無法連線(192.168.1.150-192.168.1.200)無法連線
acl test src 192.168.1.150-192.168.0.200/32
http_access deny test
限制某個網域下的網站無法存取
acl domain dstdomain .pchome.com.tw
http_access deny domain
2015/02/25 15:53:42| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
................ [ 確定 ]
正在啟動 squid:. [ 確定 ]
[root@w231 ~]#
Trying other mirror.
http://ftp.stu.edu.tw/Linux/CentOS/6/updates/x86_64/Packages/squid-3.1.10-22.el6_5.x86_64.rpm: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Trying other mirror.
ftp://ftp.free.fr/mirrors/ftp.centos.org/6/updates/x86_64/Packages/squid-3.1.10-22.el6_5.x86_64.rpm: [Errno 14] PYCURL ERROR 19 - "Given file does not exist"
Trying other mirror.
ftp://mirror.anl.gov/pub/centos/6/updates/x86_64/Packages/squid-3.1.10-22.el6_5.x86_64.rpm: [Errno 12] Timeout on ftp://mirror.anl.gov/pub/centos/6/updates/x86_64/Packages/squid-3.1.10-22.el6_5.x86_64.rpm: (28, 'connect() timed out!')
Trying other mirror.
Error Downloading Packages:
7:squid-3.1.10-22.el6_5.x86_64: failure: Packages/squid-3.1.10-22.el6_5.x86_64.rpm from updates: [Errno 256] No more mirrors to try.
[root@www6 ~]# ^C
[root@www6 ~]#
清除下載資料(/var/cache/yum)
yum clean all
###################
centos 6.8 本機名稱
vim /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=dns.wcjs.tc.edu.tw
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=dns.wcjs.tc.edu.tw
2016年8月10日 星期三
firewalld
sfs3主机存放的是學生的各种相關資料, 為了小心謹慎保護好資料, 我們還是討論一下firewalld
安裝firewalld
# yum
install -y firewalld
start
firewalld service
#
systemctl start firewalld
start
at boot
#systemctl
enable firewalld
Check the firewall
status.
#firewall-cmd --state
Firewall Zones
Zones are pre-constructed rulesets for various trust levels you
would likely have for a given location or scenario (e.g. home, public, trusted,
etc.).
To view the available zones
#firewall-cmd --get-zones
To view the default zone
#firewall-cmd
--get-default-zone
Showing
the currently allowed services and ports on your system List all the allowed
services :
#firewall-cmd
--list-services
Working with Services
To
view the d predefined services :
#firewall-cmd --get-services
For
instance, if we are running a web server serving conventional HTTP traffic, we
can allow this traffic for interfaces in our "public" zone for this
session by typing:
#firewall-cmd
--zone=public --add-service=http
#firewall-cmd
--zone=public --add-service=http --permanent
#firewall-cmd
--zone=public --remove-service=http --permanent
Thus,
#firewall-cmd --permanent --zone=public
--add-service=http
#firewall-cmd --permanent --zone=public --add-service=https
#firewall-cmd
–reload
For
sfs3
#firewall-cmd
--permanent --zone=public --add-rich-rule='rule family="ipv4" source
address="192.168.20.0/24" port protocol="tcp"
port="80" accept' --permanent
#firewall-cmd
--reload
#firewall-cmd
--zone=public --list-all
remove
#
firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4"
source address="192.168.20.0/24" port protocol="tcp"
port="80" accept' --permanent
#firewall-cmd
--zone=public --list-all
參考
TCP Wrappers
檢查sshd 是否支援
#ldd
/usr/sbin/sshd |grep wrap
設定檔,擇一編輯即可
/etc/hosts.allow
/etc/hosts.deny
sshd : 192.168.2.107 : deny
sshd : 192.168.2. : allow
忘記MariaDB的密碼?
1. 停止MariaDB service
#
systemctl stop mariadb.service
2.啟動safe mode
#
mysqld_safe --skip-grant-tables &
3.
access the MySQL console and connect to
the database:
#
mysql -u root
>use
mysql;
4.create
a new password for the root user, flush the new privileges, and exit
the MySQL console like this:
>
update user set password=PASSWORD("NEW_PASSWORD") where User='root';
>
flush privileges;
>
exit
6、改用iptables服務
在CentOS/RHEL 7系統中,要用iptables和ip6tables服務代替FirewallD服務,需要以root身份運行以下命令,先禁用FirewallD:
systemctl disable firewalld
systemctl stop firewalld
然後安裝iptables-services程序包,以root身份輸入以下命令:
iptables-services程序包包含了iptables和ip6tables服務。然後,以root身份運行iptables和ip6tables命令:
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables
原文網址:https://read01.com/QQ0R5.html
2016年8月9日 星期二
To-Enable-“setup”-command-in-CentOS-minimal-install.md
no “setup” command found in CentOS minimal install
In Minimum Install this will not get install
If we get below Error, we need to install some packages to get work with setup command
[root@masterdns ~] setup
-bash: setup: command not found
Here we can see how to install in minimal install
yum install setuptool -y
yum install system-config-network* -y
yum install system-config-firewall* -y
yum install system-config-securitylevel-tui -y
yum install system-config-keyboard -y
yum install ntsysv -y
Now we can use the setup utility, That's it.
Install sarg on ClearOS Version 6.x or Version 7.x for great proxy reports
Installation of SARG on ClearOS 6.x or ClearOS 7.x Reports for your web proxy i.e. squid...
First you need to understand this...
It is your responsibility to determine the suitability of any information
and/or software you receive from this site.If they happen to break
something, that's solely your own problem and you get to keep any and all
of the pieces :-) Also, as this program generates web pages, it is your
responsibility to validate the security of your web-site against attacks
etc. The rpm version below is current as of the time of writing.
The access security for the install below is more suitable if you use
static address(s) for your workstations that will be used to access the sarg
reports. A better alternative method may be available in the future for
using dynamic addresses...
A pre-requisite for this install is squid (web proxy) running, in use
generating records and the webserver (httpd/apache) running... If this is
NOT the case - then fix and come back later... Another pre-requisite is that
you are comfortable using the cli, familiar with rpms, repositories and
yum and lastly, editing configuration files.
1) Install SARG
Currently could find no rpm for ClearOS7, CentOS7 or rhel7 so have build one
using the latest source code from https://sourceforge.net/projects/sarg/
To add get the rpm file we require wget, and for SARG a pre-requisite is gd.
If not already installed install them...
to check if wget installed...
# rpm -q wget
to check if gd installed...
# rpm -q gd
ClearOS 7.x to install wget and gd...
# yum install wget gd --enablerepo=clearos-centos,clearos-epel,clearos-centos-updates
ClearOS 6.x to install wget and gd...
# yum install wget gd --enablerepo=clearos*
Now download the rpm...
ClearOS Version 7.x
# wget http://danda.poweredbyclear.com/sarg7/sarg-2.3.10-3.v7.x86_64.rpm
ClearOS Version 6.x
# wget http://danda.poweredbyclear.com/kmod-clearos/sarg-2.3.10-3.v6.x86_64.rpm
# then install it...
ClearOS Version 7.x
# yum localinstall sarg-2.3.10-3.v7.x86_64.rpm
Clear)S Version 6.x
# yum localinstall sarg-2.3.10-3.v6.x86_64.rpm
If you are using CleaOS 6.x 32 bit then substitute "sarg-2.3.10-3.v6.i686.rpm"
2) Configure SARG
Edit "/etc/sarg/sarg.conf" and make changes as necessary, e.g.
search for "#date_format u" and change if necessary to your local
format e.g. "date_format e" for European (remove the comment or #).
That should do for now as the defaults are reasonable, but by all means
check them all for suitability :-) (especially if you have changed some
of the squid or https/apache defaults).
3) Fix problem sub-directory locations...
# mkdir /usr/share/sarg/
# ln -s /etc/sarg/fonts/ /usr/share/sarg/
# ln -s /etc/sarg/languages/ /usr/share/sarg/
# ln -s /etc/sarg/images/ /usr/share/sarg/
4) Now we check that we can generate a report
# sarg -x
We now need to allow access to the sarg pages from your workstation.
edit "/etc/httpd/conf.d/sarg.conf" and add the ip address(s) you will
use (quad decimal format is OK if you prefer that). Add extra lines
for more workstations if required. An example :-
Restart the webserver using the following command...
ClearOS 7.x
# systemctl restart httpd.service
ClearOS 6.x
# service httpd restart
Run the following to check the cron scripts, there should be no output on
the command line...
# /etc/cron.daily/sarg
# /etc/cron.weekly/sarg
# /etc/cron.monthly/sarg
5) Testing SARG - bliss :-) or despair :-( ?
Now go to http://your_webserver_ip/sarg and you should see the sarg home
page...
Click on "ONE-SHOT" and some data should appear, assuming squid has data
available, the rest will get populated as when the data from squid is
created and the various cron jobs run to create the reports (daily, weekly
and monthly). Note these cron jobs to update the reports run during the early
hours of the morning, so if you shut of the server over-night you will need
to make changes to ensure your reports are generated.
Access is limited to the name(s) or address(s) you enabled above. However,
if you use dynamic dhcp addresses, a different security method would be more
appropriate... This may be the subject of another "How-To" as and when time
permits...
Good Luck!
Home Page for sarg - http://sarg.sourceforge.net/
see https://www.clearos.com/clearfoundation/social/community/install-sarg-on-clearos-version-6-x-or-version-7-x-for-great-proxy-reports#reply-121561
for Andy Godber's tip for SARG Realtime, and a few posts above for more details regarding the logs
First you need to understand this...
It is your responsibility to determine the suitability of any information
and/or software you receive from this site.If they happen to break
something, that's solely your own problem and you get to keep any and all
of the pieces :-) Also, as this program generates web pages, it is your
responsibility to validate the security of your web-site against attacks
etc. The rpm version below is current as of the time of writing.
The access security for the install below is more suitable if you use
static address(s) for your workstations that will be used to access the sarg
reports. A better alternative method may be available in the future for
using dynamic addresses...
A pre-requisite for this install is squid (web proxy) running, in use
generating records and the webserver (httpd/apache) running... If this is
NOT the case - then fix and come back later... Another pre-requisite is that
you are comfortable using the cli, familiar with rpms, repositories and
yum and lastly, editing configuration files.
1) Install SARG
Currently could find no rpm for ClearOS7, CentOS7 or rhel7 so have build one
using the latest source code from https://sourceforge.net/projects/sarg/
To add get the rpm file we require wget, and for SARG a pre-requisite is gd.
If not already installed install them...
to check if wget installed...
# rpm -q wget
to check if gd installed...
# rpm -q gd
ClearOS 7.x to install wget and gd...
# yum install wget gd --enablerepo=clearos-centos,clearos-epel,clearos-centos-updates
ClearOS 6.x to install wget and gd...
# yum install wget gd --enablerepo=clearos*
Now download the rpm...
ClearOS Version 7.x
# wget http://danda.poweredbyclear.com/sarg7/sarg-2.3.10-3.v7.x86_64.rpm
ClearOS Version 6.x
# wget http://danda.poweredbyclear.com/kmod-clearos/sarg-2.3.10-3.v6.x86_64.rpm
# then install it...
ClearOS Version 7.x
# yum localinstall sarg-2.3.10-3.v7.x86_64.rpm
Clear)S Version 6.x
# yum localinstall sarg-2.3.10-3.v6.x86_64.rpm
If you are using CleaOS 6.x 32 bit then substitute "sarg-2.3.10-3.v6.i686.rpm"
2) Configure SARG
Edit "/etc/sarg/sarg.conf" and make changes as necessary, e.g.
search for "#date_format u" and change if necessary to your local
format e.g. "date_format e" for European (remove the comment or #).
That should do for now as the defaults are reasonable, but by all means
check them all for suitability :-) (especially if you have changed some
of the squid or https/apache defaults).
3) Fix problem sub-directory locations...
# mkdir /usr/share/sarg/
# ln -s /etc/sarg/fonts/ /usr/share/sarg/
# ln -s /etc/sarg/languages/ /usr/share/sarg/
# ln -s /etc/sarg/images/ /usr/share/sarg/
4) Now we check that we can generate a report
# sarg -x
We now need to allow access to the sarg pages from your workstation.
edit "/etc/httpd/conf.d/sarg.conf" and add the ip address(s) you will
use (quad decimal format is OK if you prefer that). Add extra lines
for more workstations if required. An example :-
Alias /sarg /var/www/sarg
<Directory /var/www/sarg>
DirectoryIndex index.html
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
# Allow from your-workstation.com
Allow from 192.168.2.28
Allow from 192.168.1.17
Allow from 192.168.3.27
</Directory>
Restart the webserver using the following command...
ClearOS 7.x
# systemctl restart httpd.service
ClearOS 6.x
# service httpd restart
Run the following to check the cron scripts, there should be no output on
the command line...
# /etc/cron.daily/sarg
# /etc/cron.weekly/sarg
# /etc/cron.monthly/sarg
5) Testing SARG - bliss :-) or despair :-( ?
Now go to http://your_webserver_ip/sarg and you should see the sarg home
page...
Click on "ONE-SHOT" and some data should appear, assuming squid has data
available, the rest will get populated as when the data from squid is
created and the various cron jobs run to create the reports (daily, weekly
and monthly). Note these cron jobs to update the reports run during the early
hours of the morning, so if you shut of the server over-night you will need
to make changes to ensure your reports are generated.
Access is limited to the name(s) or address(s) you enabled above. However,
if you use dynamic dhcp addresses, a different security method would be more
appropriate... This may be the subject of another "How-To" as and when time
permits...
Good Luck!
Home Page for sarg - http://sarg.sourceforge.net/
see https://www.clearos.com/clearfoundation/social/community/install-sarg-on-clearos-version-6-x-or-version-7-x-for-great-proxy-reports#reply-121561
for Andy Godber's tip for SARG Realtime, and a few posts above for more details regarding the logs
yum install clamav-server
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd -y
sed -i -e 's/^Example/#Example/' /etc/clamd.d/scan.conf
sed -i -e 's/^Example/#Example/' /etc/freshclam.conf
vim /etc/clamd.d/clamd.conf
User clamscan
LocalSocket /var/run/clamd.<SERVICE>/clamd.sock
freshclam
freshclam
freshclam
vim /usr/lib/systemd/system/clam-freshclam.service
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
ls -l /usr/lib/systemd/system/clam*
mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service
vim /usr/lib/systemd/system/clamd@scan.service ->.include
/lib/systemd/system/clamd@.service -> remove @
vim /usr/lib/systemd/system/clamd.service
[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
systemctl enable clamd.service
systemctl start clamd.service
systemctl enable clamd@scan.service
systemctl start clamd@scan.service
setsebool -P antivirus_can_scan_system 1
setsebool -P clamd_use_jit 1
sed -i -e 's/^Example/#Example/' /etc/clamd.d/scan.conf
sed -i -e 's/^Example/#Example/' /etc/freshclam.conf
vim /etc/clamd.d/clamd.conf
User clamscan
LocalSocket /var/run/clamd.<SERVICE>/clamd.sock
freshclam
freshclam
freshclam
vim /usr/lib/systemd/system/clam-freshclam.service
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
ls -l /usr/lib/systemd/system/clam*
mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service
vim /usr/lib/systemd/system/clamd@scan.service ->.include
/lib/systemd/system/clamd@.service -> remove @
vim /usr/lib/systemd/system/clamd.service
[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
systemctl enable clamd.service
systemctl start clamd.service
systemctl enable clamd@scan.service
systemctl start clamd@scan.service
setsebool -P antivirus_can_scan_system 1
setsebool -P clamd_use_jit 1