Command1. curl -x 192.168.2.95:8080 --proxy-ntlm -U 'gajdomainadministrator'
http://www.yahoo.com
============================================================
#acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
#http_access deny blockfiles
# vi /etc/squid/blocks.files.acl
Append following text:
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
acl blocksites url_regex "/etc/squid/squid-block.acl"
http_access deny blocksites
=================
proxy error ===== the requested url could not be retrived
Without proxy ====== page cannot be display
===========================================
traceroute -n -i eth1 yhh -I
=============================
acl myip dstdomain 192.168.1.200
acl exceptionsites dstdomain "/etc/squid/exceptionsites"
http_access deny myip
http_access allow exceptionsites
================================
iptables -I INPUT -p tcp -s 59.181.98.140 --dport 443 -j ACCEPT ======443 access
58.68.55.140
============
curl -x 192.168.1.221:8080 http://images.orkut.com
time curl -x 172.16.72.25:3128 http://www.ndtv.com -U helpdesk
===================================================
$squidstat = `ps auxwww | grep squid`;
$file = "squid -D";
if (!($squidstat =~ m/$file/)) {
$new = system("/usr/local/https/scripts/admin/restartproxy restart
>/dev/null 2>&1 &");
================================================================================
===============
$namedstat = `ps auxwww | grep named`;
$file = "/usr/sbin/named";
if (!($namedstat =~ m/$file/)) {
$new = system("/usr/sbin/named");
================================================================================
===============
/usr/sbin/snmpd
ps -ef |grep -i snmp
$snmpstat = `ps auxwww | grep snmp`;
$file = "/usr/sbin/snmpd";
if (!($snmpstat =~ m/$file/)) {
$new = system("/etc/init.d/snmpd restart >/dev/null 2>&1 &");
=====================================================================
du -h --max-depth=30
du -h --max-depth=1
====================
nslookup
> set type=MX
> bata.co.in
============
dig MX deseinindure.com
2. less /var/log/squid/access.log |grep -i safechild |awk '{print $3}' | cut -f2
-d'' |wc -l
less /var/log/squid/access.log |awk '{print $3}'
echo arjun=`less /var/log/squid/access.log |grep -i arjun |awk '{print $3}' | wc
-l `
less 20091029 |awk '{print $2}' |cut -f3 -d"|"
less 20091029 |awk '{print $2}' |cut -f3 -d"|" |grep -iv postmaster
find all files with name  testfile  in /home directory recursively and
contains the word hello.
find /home -type f -name testfile | xargs grep -l -i hello
## This scrip to count no of mails comes to perticular person
## you have to enter currect email id
echo " TO CHECK MAIL FOR PERTICULAR PERSON "
echo -e " enter persons mail ID :- c"
read 'mailid'
#echo " $mailid"
veri=`grep -e "$mailid" 20091029 | cut -f3 -d"|" |wc -l`
echo -e "$mailid = "$veri" "
#echo "$veri"
##echo "$veri"
##awk '{print $2}' 20091027 | cut -f3 -d"|" |grep -iv postmaster |grep -i
amit@gajshield.com
================================================================================
=============
start-browse
cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules
installfwrules
############################################################################
stop-browse
cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules
installfwrules
stop-browse
start-browse
ank@web!1
/var/tmp/gaj
============
-------------------
1 secure to secure fwnet-secure http fwip-insecure
 
mailserver
2 secure to secure fwnet-secure http mailserver
 
fwip-secure
========================================
Edit /etc/snort/snort.template and add below policy at the end of the file to
block gmail and yahoo mail https access at IPS level itself. After adding below
3. policy restart IPS service from frontend.
#### Rule to Block Gmail access ####
drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS Gmail Access -55";
flow:from_server,established; content:"mail.google.com"; offset:320; depth:50;
sid:510000079; )
#### Rule to Block yahoo mail access ####
drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS yahoo mail Access -55";
flow:from_server,established; content:"login.yahoo.com"; offset:320; depth:50;
sid:510000080; )
### IPS Rule to block Gtalk ###
drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55";
content:"jabber"; sid:510000079; )
drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55";
content:"etherx.jabber.org/streams"; sid:510000080; )
### Add below rules in additionalrules file to bypass users from IPS to access
Gtalk ###
/sbin/iptables -t mangle -I FORWARD -s 192.168.100.35 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -d 192.168.100.35 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 443 -j
ACCEPT
/sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 443 -j
ACCEPT
/sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 5222 -j
ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 5222 -j
ACCEPT
================================================================================
======
/sbin/iptables -t mangle -I OUTPUT -p tcp -s 192.168.1.1 -d 192.168.1.100
--sport 8080 -j ACCEPT
/sbin/iptables -t mangle -I POSTROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100
--sport 8080 -j ACCEPT
/sbin/iptables -t mangle -I PREROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100
--sport 8080 -j ACCEPT
/sbin/iptables -t mangle -I INPUT -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport
8080 -j ACCEPT
================================================================
python /usr/local/https/suid/maillinkdown.pyc
=============================================
arping -s (source ipaddress) (Gateway ip) -f -I eth(X)
===========================================================
*All*|Generic|File Upload|block|AllTime|n|y||active
*All*|Web Mails|All of Above|allow|AllTime|n|y||active
*All*|Orkut|Orkut Scrap|allow|AllTime|n|y||active
*All*|Orkut|Orkut Message|allow|AllTime|n|y||active
*All*|Orkut|Orkut Forum Post|allow|AllTime|n|y||active
*All*|Orkut|Orkut Forum Event|allow|AllTime|n|y||active
*All*|Facebook|Facebook Wall|allow|AllTime|n|y||active
*All*|Facebook|Facebook Message|allow|AllTime|n|y||active
*All*|Facebook|Facebook Forum Post|allow|AllTime|n|y||active
*All*|Facebook|Facebook Comment|allow|AllTime|n|y||active
4. *All*|Facebook|Facebook Note|allow|AllTime|n|y||active
*All*|Facebook|Facebook Event|allow|AllTime|n|y||active
*All*|IM Chat|All Above IM Chat|allow|AllTime|n|y||active
*All*|Web Chat|All Above Web Chat|allow|AllTime|n|y||active
============================================================
$squidstat = `ps auxwww | grep squid`;
$file = "squid -D";
if (!($squidstat =~ m/$file/)) {
$new = system("/usr/local/https/scripts/admin/restartproxy restart
>/dev/null 2>&1 &");
================================================================================
===============
$squidhttpsstat = `ps auxwww | grep squid`;
$file = "squid.https";
if (!($squidhttpsstat =~ m/$file/)) {
$new = system("/usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D
>/dev/null 2>&1 &");
================================================================================
===============
cd /var/named/
ll
cp gajshield.com.hosts gajshield.com.hosts.20090522a
vi gajshield.com.hosts
/etc/init.d/named restart
cd /etc/mail
ll
cp mailertable mailertable.20090222a
vi mailertable
makemap hash mailertable1.db < mailertable
strings mailertable1.db
/etc/init.d/sendmail restart
ping gajshield.com
cp /etc/mail/access /etc/mail/access.20090523a
vi /etc/mail/access
/etc/init.d/sendmail restart
ping ndtv.com.blacklist.gajshield.com
============================================
jmitra.gajshield.fw
CRON RECREATE
tail -f /var/log/cron
fcrontab -l > /var/tmp/vimcron
cat /var/tmp/vimcron
cd /var/spool/cron/
ls
/etc/init.d/crond stop
mv root root.vimbak
cat /var/tmp/vimcron | fcrontab -l
cat /var/tmp/vimcron | fcrontab -
ls -larth
/etc/init.d/crond start
ls -larth
tail -f /var/log/cron
===========================================
Please find the command to create the user account. please take the backup of
two files.
Run the below command for backup :-
5. cp -i /etc/passwd /etc/passwd.orignal
cp -i /etc/group /etc/group.orignal
Administrative level privilege account use this command :-
useradd -mg root -ou 0 (username)
For read-only privilege use below command :-
useradd -m (username)
Now Finally assign password to all created users for that use below command :-
passwd (username)
Aircel Circuit ID - C2407
===================================
eth0|192.168.128.200|LAN|||e100|||1500|std|||255.255.255.0|||0
eth1|116.72.54.87|WAN|116.72.48.1||e100|||1500|std||defaultroute|
255.255.248.0|||0
=====================================
$winbin = `ps auxwww | grep winbindd`;
$file = "/usr/sbin/winbindd";
if (!($winbin =~ m/$file/)) {
$new = system("/usr/sbin/restartntlm >/dev/null 2>&1");
}
$wbinfo = `wbinfo -t |grep "RPC calls failed"`;
if ($wbinfo) {
$new = system("/usr/local/https/scripts/admin/restartntlm >/dev/null
2>&1 &");
}
0-59/1 * * * * python /var/temp/arjun/wbinfo.py
======================================
$icap = `ps auxwww | grep icap`;
$file = "/usr/sbin/c-icap";
if (!($icap =~ m/$file/)) {
$new = system("/usr/sbin/c-icap -f /etc/c-icap.conf >/dev/null 2>&1 &");
}
$icap = `ps auxwww | grep icap | grep -i defunct`;
$file = '<defunct>';
if ($icap =~ m/$file/) {
$new = system("killall -9 /usr/sbin/c-icap ; /usr/sbin/c-icap -f /etc/c-
icap.conf >/dev/null 2>&1 &");
}
$smtp = `ps auxwww | grep smtp`;
$file = "/usr/sbin/smtpdscantransparent -f /usr/local/etc/clamsmtpdspam.conf
-p /var/run/clamsmtpdspam.conf.pid";
if (!($smtp =~ m/$file/)) {
$new = system("/usr/local/https/scripts/admin/restartantispam restart
>/dev/null 2>&1");
================================================
ethtool -s eth0 autoneg off speed 100 duplex half
ethtool -s eth7 autoneg on speed 10 duplex half
=================================================
snort -devi eth0 host 10.148.192.229 and port 21
6. ================================================
python /usr/local/https/suid/sendreport.pyc
===============================================
:/lib/modules/2.4.26-grsec/kernel/drivers/net/e100
cp /var/tmp/Parekh Marine/e100.o .
:/usr/local/https/scripts/admin # cat additionalrules
=================================================
/etc/init.d/proxy stop
cd /var/
ls -larth
mv cache cache.20200210
mkdir cache
chown web.root cache
killall -9 squid
killall -9 squid
squid -z
/usr/local/https/scripts/admin/restartproxy restart
squid -z
/etc/init.d/proxy start
============================================
%s/searchword/replace word/g
==========================
ram28patil@gmail.com
cat file-name | sed -e 's/first_pattern/next_pattern/g' > new-file
cat /proc/net/ip_conntrack |grep 1433
122.252.232.179 ----Patanjali gsfw@PyP
Awash@3779 / 118.67.228.162
ping -c 3 -I 57.56.224.12 57.56.130.1
172.16.1.55
/var/spool/imap/user/spam/db/
/etc/mail/spamassassin/custom.cf
/usr/local/https/data/antispamrule
/usr/sbin/sendmail -C/etc/mail/sendmail-nospam.cf -f
Gaurav.Shetye@enerconindia.net support@gajshield.com < 745724.
sendmail -f sales@siskom.co.in -C/etc/mail/sendmail.cf pooja@techinfra.in <
2324881.
sendmail -C/etc/mail/sendmail-local.nonspam.cf -f
rasool.acct.bom@riyagroup.travel Riya.Travels@enerconindia.net < 281669.
smbpasswd -j GAJNEW (domain name) -r gajnew (netbios name) -U Administrator
net ads join -U username%passwd -S netbios name
net ads lookup -U 'username%passwd' -S servername
cat ntlmdata
testgaj.com|win-sr2unpvbdco|AD-Srv2008|administrator|gaj@1234|testgaj
WAN Failover in new kernal
### Ping allowed from all interfaces ###
/sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.1.5 -j ACCEPT
/sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.10.2 -j ACCEPT
###
7. ======================================================================
7.2.1
md5sum /usr/lib/c_icap/srv_clamav.so 259611bb3b9773a23b99ab356c6616e3 OLD
freshclam -V ClamAV 0.96/10763/Tue Apr 20 18:10:59 2010
md5sum srv_clamav.so 95da956aba84de9e0b5d7eccd733f141 NEW
======================================================================
/sbin/iptables -I INPUT -s 172.1.1.1 -p tcp --dport 222 -i ppp0 -j ACCEPT
route add -net 192.168.25.0/24 gw 172.1.1.1
route add -net 172.1.1.0/24 gw 192.168.2.3
route del -net 172.1.1.0 netmask 255.255.255.0 gw 192.168.2.3
/sbin/iptables -I INPUT -s 192.168.25.23 -p tcp --dport 443 -i ppp0 -j ACCEPT
0-59/5 * * * * rm -frv /var/log/proxy/__db*
$httpsinspect = `ps auxwww | grep httpsinspect`;
$file = "/usr/sbin/httpsinspect";
if (!($httpsinspect =~ m/$file/)) {
$new = system("/usr/sbin/httpsinspect >/dev/null 2>&1 &");
iptables -I OUTPUT -s 220.227.158.10 -d 220.226.206.22 -j ACCEPT
=============
$stunnel = `ps auxwww | grep stunnel`;
$file = "/usr/sbin/stunnel";
if (!($stunnel =~ m/$file/)) {
$new = system("/usr/sbin/stunnel >/dev/null 2>&1 &");
==================
stunnel -d 443 -v 1 -D 7 -L /usr/sbin/pppd -- pppd 172.1.1.1: noauth local
passive
squid -f /etc/squid/squid.conf -D
===================================================
while true;do ps aux|grep logzip |grep -v grep;done
while true;do ps aux|grep generate |grep -v grep;done
python /usr/local//icichttps/suid/firewalllogzip.pyc -createzip 20100504
20100504 downloaddlpuploadlog
================================================================================
=================
tune2fs -c 0 /dev/hda1 2 4
/usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D
/usr/ctasd/bin/http_client.pl
/var/spool/quarantine/20100614/spam.1276456323.27972
ipsec whack --status
chmod 666 /dev/null
http://www.gajshield.com/technical_document.htm
•••••••••
http://www.hideipvpn.com/2010/03/howto-windows-7-ipsecl2tp-vpn-setup-tutorial/
/sbin/iptables -I PREROUTING -t mangle -s 57.56.130.0/24 -d 145.228.181.96 -p
tcp --dport 80 -j ROUTE --gw 57.56.130.1
8. /sbin/iptables -I PREROUTING -t mangle -s 172.1.1.27 -d 192.168.2.7 -p tcp
--dport 80 -j ROUTE --gw 172.1.1.1
http://www.careerride.com/job-skills.aspx
http://studyhat.blogspot.com/
route add 192.168.2.7 gw 172.1.1.1
###destination d_fw
{ program("/usr/local/https/scripts/admin/manageidentitylog"
template("$MSGn")); };
###destination d_identity_log { file("/var/log/firewall/$YEAR$MONTH$DAY"
template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); };
###filter f_identity_log { facility(local3) and level(info);};
###destination d_identity_login { file("/var/log/identity/
$YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); };
###filter f_identity_login { level(notice) and program("python"); };
###log { source(s_sys); filter(f_identity_login); destination(d_identity_login);
};
###log { source(s_sys); filter(f_identity_log); destination(d_identity_log); };
*** Note the first line needs to be replaced with the following line.
destination d_fw { file("/var/log/firewall/$YEAR$MONTH$DAY"
template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); };
route add 192.168.2.7 gw 172.1.1.1
iptables -t filter -I OUTPUT -d 192.168.2.7 -p tcp --dport 80 -j ACCEPT
GajShield Infotech (I) Pvt. Ltd.
Unit 103, Building No. 5, Sector III,
Millennium Business Park, Mahape,
Navi Mumbai   400 701.
==========================
killall -9 squid.https
sleep 2
/usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D
squid -f /etc/squid/squid.conf -D
=======================
modprobe xt_statistic
/sbin/modprobe ipt_TTL
/sbin/modprobe ipt_ttl
tcpdump -eni eth0
iptables -I OUTPUT -s <SRC IP> -p tcp --dport 80 -j DROP
23 0-23/2 * * *
./redirect 1 0 1
www.onlinegames.net 192.168.0.49 - GET
http://127.0.0.1/cgi-bin/blocked.ggi?
blockedurl=www.onlinegames.net&reason=hitesh|192.168.0.49|Blocked|
Site+in+Advanced+Blocked+Category+Games,+for+group+Default
127.0.0.1 - GET
9. http://www.gajshield.com/technical_document.htm
/usr/local/bin/ctasd-3.01.0017-linux-x86-gcc323-
kernel24/samples/http_client.pl /var/ankur/ILFS-Spam-1
/usr/local/bin/ctasd-3.00.0028-linux-x86-gcc335/samples/http_client.pl
/tmp/414760.
chkconfig --level 3 ntpd off
cat services |sort -u > services.origin
proxylogs.SBI
squid.02-09-2010
squidconf.template.20090216
.virtualearth.net
.gta-travel.com
EHLO webmail.gajshield.com
MAIL From:<gajshield-list-bounce@gajshield.com> SIZE=297331
RCPT To:<info@vintage3.com>
DATA
<!--**URL-FILTERING**-->_ng 0 0 1
################################################################################
##
icap_service service_1 reqmod_precache 1 icap://127.0.0.1:1344/gajdlp_module
icap_service service_3 respmod_precache 1 icap://127.0.0.1:1344/gajdlp_module
---
icap_access class_3 allow simpletext
icap_access class_3 allow gmailchat
icap_access class_3 allow gmailchat1
icap_access class_3 allow sifychat
icap_access class_3 allow sifychat1
icap_access class_3 allow yahoochat
icap_access class_3 allow facebookchat
icap_access class_1 deny whitedomain
icap_access class_1 deny localmachine
icap_access class_1 allow FTP
icap_access class_1 allow HTTP
icap_access class_1 allow GET
icap_access class_1 allow POST
################################################################################
#####
replace srv_echo.so with srv_clamav.so
< ### Rules to bypass ICMP from IPS ###
<
< /sbin/iptables -t mangle -I INPUT -p icmp -j ACCEPT
< /sbin/iptables -t mangle -I FORWARD -p icmp -j ACCEPT
< /sbin/iptables -t mangle -I OUTPUT -p icmp -j ACCEPT
<
dlpoptions
**Sify Mail
*SMTP Mails
**SMTP Mails
dlpservicefunc
Sify Web Chat|
321b17265cab11d20c5d0b0238a8e5f433f50684c4e1285748edefc6780a929016140ff247c5da08
9f|
10. SMTP Mails|
4545bdaf247ae477c9feeb2805caafbd25967c4a6e8337c21acdf505d5d3c9e9e287776835|
SMTP|8c1b3561c2ae1e4c570b5b5ea9d3b05ab360443b958c4233d5e5babdc0082b007b06ca|
Sify Mail|
2dc78855525b7ad32e8c1178fdc0dea261e6beb1bf7a106c1cd78508b32cceead15ea96816|
http://productsearch.rediff.com/productlist.aspx?
category=television&brand=LG&price=Below%20Rs%205000
snort --daq-dir=/usr/lib/daq -i eth0 host 192.168.0.67 and port 443
snort --daq-dir=/usr/lib/daq -C -d -i lo port 1709
snort --daq-dir=/usr/lib/daq -C -d -i lo port 1344
snort -C -d -v -i lo port 1344
http://en.wikipedia.org/wiki/AAA_protocol
Hi,
Please export users from Radius server and save it in csv file. And upload that
file in Browsing->User Settings->Users->CSV File Upload.
http://www.gajshield.com/manual/SNMP_configuration_with_in_GajShield.pdf
10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata-
123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None-
None:None:None:None:None|||
20|Airtel to Any|fwip-Airtel||http,https||internet||default|accept|no|Airtel-
122.169.101.1,Tata-123.252.239.1|yes|active||None:None:None:None:None-
None:None:None:None:None|||
http://www.4shared.com/dir/34402089/7a2b8b50/Ajay_Atul_Music_fanss_collecti.html
Please give us a goto meeting access to check the issue.
https://www.gotomeeting.com/join/187194339
10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata-
123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None-
None:None:None:None:None|||
< ##<!--**AUTHENTICATION**-->
<
< auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
< auth_param ntlm children 30
/usr/local/https/scripts/admin/resetdefault
OR
/usr/local/https/scripts/admin/resetdefault clearlog
cat additionalrules.changes
cp /var/temp/arjun/restartntlm.pyc /usr/local/https/suid/restartntlm.pyc >
/dev/null 2>&1
chmod 755 /usr/local/https/suid/restartntlm.pyc > /dev/null 2>&1
/usr/sbin/c-icap -f /etc/c-icap.conf -D -d 9
squid -f /etc/squid/squid.conf -D -d 9
11. EXPRESS DIGITAL SYSTEMS,
SAMSUNG EXCLUSIVE SERVICE CENTER,
Navyog Niwas, Shop No. 6, Gr. Floor,
1767 Lamington Road, Opp Minerva Cinema,
Grant Road(East) Mumbai-400 008.
tel no. (91-22) 2301 3198.
======================
facebook blocking
channel.facebook.com
facebook.com/ajax/chat/
==============
root@gsfw:/etc/ipsec.d # find . |grep -i gaj
./squid/cert/gajsslcert.req
./squid/cert/gajsslcert.pem
./squid/key/gajsslcert.pemc
/etc/ipsec.d/cakeys
guest
b1pl@b
194 --- sendmail
55 --- newspam
root@gsfw:/var/log/DLP/imlogs/webchat/facebook/656111326/640816416
=============================================
tun0|172.16.6.1|CloudConnect|||e1000e|||1500|std|||255.255.255.0|||0
CloudNw|172.16.6.0|255.255.255.0
Cloud|1024:65535|1195|udp|0
1|Beam to Beam|internet||cloud||fwip-Beam||default|accept|no|none|yes|active||
None:None:None:None:None-None:None:None:None:None|||
2|TTSL to TTSL|internet||cloud||fwip-TTSL||default|accept|no|none|yes|active||
None:None:None:None:None-None:None:None:None:None|||
3|CloudConnect to LAN|cloudnetwork||DNS||fwip-LAN||default|accept|no|none|yes|
active||None:None:None:None:None-None:None:None:None:None|||
4|CloudConnect to LAN|cloudnetwork||Any||fwnet-LAN||default|accept|no|none|yes|
active||None:None:None:None:None-None:None:None:None:None|||
5|CloudConnect to Any|cloudnetwork||http-transparent-proxy,https,DNS||internet||
default|accept|no|Beam-183.83.192.1,TTSL-192.168.1.1|yes|active||
None:None:None:None:None-None:None:None:None:None|||
root@gsfw:/usr/local/https/data # cat cloud
clouddomain cloudexepass cloudusers
root@gsfw:/usr/local/https/data # cat clouddomain
ct|IP|fwip-Beam|Encryption:3des|Compression:on|cloudnetwork|cloud|fwip-LAN|fwip-
LAN|fwip-TTSL
===========================================
/proc/sys/net/ipv4/ip_forward
/usr/local/https/templates/newaccessdenied.html
30 22 * * * /sbin/shutdown -h now
30 22 * * * init 0
Awash@3779
12. chmod 1777 tmp
drwxrwxrwt 4 root root 4.0K 2014-05-14 12:11 tmp
ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9 "$2);}'
0,30 * * * * ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9
"$2);}'
$ctwsd = `ps auxwww | grep ctwsd`;
$file = "./ctwsd.bin -l /usr/lib/ctwsd -c /etc/ctwsd/ctwsd.conf --pid
/var/run/ctwsd/ctwsd.pid";
if (!($ctwsd =~ m/$file/)) {
if(-e "/usr/lib/ctwsd/ctwsd"){
$new = system("/etc/init.d/ctwsd start >/dev/null 2>&1 &");
iptables -t filter -I FORWARD -s 192.168.0.0/20 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.0/20 -j ACCEPT
undes gajshield 20110801.backup 20110801.backup.tgz
tar -zxvf 20110801.backup.tgz
##<!--**SSL_CRTD**-->
sslcrtd_program /usr/sbin/ssl_crtd -s /var/spool/ssl_db -M 4MB
sslcrtd_children 10
##<!--**SSL_GET_DOMAIND**-->
sslgetdomaind_program /usr/local/https/squid/ssl_getdomaind
sslgetdomaind_children 250
/usr/local/https/etc/ipsrules
backup /usr/sbin/proxylogs (replace 530 with access log time)
POP3 :- tagging
SMTP :- tagging and blocking
login4tpg@123
0-59/5 * * * * rm -frv /var/log/proxy/__db*
/usr/local/https/gajcloud/template/server.conf.template
/etc/openvpn/server.conf
==========================================================
webex network
96.6.38.212
210.4.200.96
114.29.194.39
62.109.202.160
64.191.223.37
62.109.202.153
62.109.202.151
173.222.154.212
62.109.202.162
72.247.50.212
114.29.195.80
14. cat /etc/init.d/newmknodfiles |grep -i sip
/sbin/modprobe ip_conntrack_sip
##/sbin/modprobe ip_nat_sip
root@gsfw:~ # cat /etc/init.d/newmknodfiles |grep -i 323
/sbin/modprobe ip_conntrack_h323
##/sbin/modprobe ip_nat_h323
iptables -L -n -t mangle |less
/sbin/iptables -t mangle -D FORWARD -o ! lo -j QUEUE
/sbin/iptables -t mangle -D INPUT -i ! lo -j QUEUE
/sbin/iptables -t mangle -D OUTPUT -o ! lo -j QUEUE
################## DC ################
0-59/1 * * * * /usr/local/https/data/restartNTLMScript.sh ( Restart NTLM )
/sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 ( Disable
IPS for failover in DC)
/sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1
/sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 --queue-
bypass
/sbin/iptables -t mangle -D OUTPUT -m state --state RELATED,ESTABLISHED -j
CONNMARK --restore-mark
##########################################
tar zxvf /var/tmp/VARForAkashPack.20111229.tgz
ps -ef |grep -i dhcp
root 13565 1717 0 17:52 pts/0 00:00:00 grep -i dhcp
root 25067 1 0 Jan18 ? 00:02:24 /usr/sbin/dhcpd -lf
/var/lib/dhcp/dhcpd.leases eth0 eth1
GT-S5263
====================
Dropbox IP
Dropbox1|108.160.160.0|255.255.240.0
Dropbox2|199.47.216.0|255.255.252.0
Dropbox3|199.47.217.0|255.255.255.0
Dropbox4|199.47.218.0|255.255.255.0
Dropbox5|199.47.219.0|255.255.255.0
Dropbox6|23.21.220.0|255.255.255.0
Dropbox7|107.22.245.0|255.255.255.0
Dropbox8|50.17.246.0|255.255.255.0
Dropbox9|174.129.195.0|255.255.255.0
Dropbox10|23.23.226.0|255.255.255.0
Dropbox11|54.221.249.0|255.255.255.0
Dropbox12|108.160.165.0|255.255.224.0
Dropbox13|108.160.162.0|255.255.255.0
Dropbox14|108.160.166.0|255.255.255.0
Dropbox15|54.221.234.0|255.255.255.0
Dropbox16|107.20.249.120|255.255.255.0
Dropbox17|50.19.214.0|255.255.255.0
Dropbox18|23.23.229.0|255.255.255.0
====================
neo@howallbkd
15. /usr/sbin/c-icap -f /etc/c-icap.conf -D -N -d 9
client ldap sasl wrapping = sign
Linux 2.6.18-238.19.1.el5xen (32-bit)
/usr/bin/nice -n 19 /usr/local/https/scripts/admin/dumpdashboard
Front End Password: ITSInvisiblE (after b is small L)
Backend Password: Security@1981 (S is Capital)
-rw-r----- 1 web wheel 1488857 2012-05-19 15:24 /var/tmp/sslcrtd.log
-rw-r----- 1 web wheel 14200 2012-05-19 09:30 /var/tmp/getdomaind.log
9.4.7.4.34.3.4
winbindd -d 9 -i
Sec5re license
11 10 * * * /bin/rm /usr/local/https/ramdata/ssldomains.db
leave@tra!l4me
cat /etc/rc.local |grep -i tso
/usr/sbin/ethtool -K eth0 tso off
/usr/sbin/ethtool -K eth1 tso off
/usr/sbin/ethtool -K eth3 tso off
vi /etc/ctwsd/ctwsd.conf
ServerAddress = webres1.t.ctmail.com
openssl verify /etc/ipsec.d/squid/cert/gajsslcert.pem
/usr/local/https/gajcloud/template/server.conf.template
fbcdn-dragon-a.akamaihd.net = *.akamaihd.net
killall -9 /usr/sbin/c-icap;killall -9 /usr/sbin/c-
icap;/usr/local/https/scripts/admin/restarticap ;killall -9 squid;killall -9
squid;/usr/local/https/scripts/admin/restartproxy start
ping yahoo.com -I eth2 -i 0.2 -s 1400
Microsoft
96.17.182.42
157.56.67.221
Rajesh :- surf_499
Ushacomm
/sbin/iptables -t mangle -I FORWARD -s 172.16.0.0/16 -d 10.240.1.0/24 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.16.0.0/16 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 172.28.0.0/16 -d 10.240.1.0/24 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.28.0.0/16 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 192.168.123.0/24 -d 192.168.123.0/24 -j
ACCEPT ( DC PPTP VPN )
### Bandwidth Quota was not working and to work that below MARK policy added for
16. http and https transparent proxy ###
##/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 80 -j CONNMARK --set-mark
2
#/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 443 -j CONNMARK --set-mark
2
#/sbin/iptables -t nat -I OUTPUT -p tcp --dport 80 -j CONNMARK --set-mark 2
#/sbin/iptables -t nat -I OUTPUT -p tcp --dport 443 -j CONNMARK --set-mark 2
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j CONNMARK --set-mark 2
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 -j CONNMARK --set-mark 2
python
Python 2.3.4 (#1, Sep 30 2004, 03:19:26)
[GCC 3.3.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> f = open("interfacemarkdict")
>>> a =
KeyboardInterrupt
>>> pickle
KeyboardInterrupt
>>> import pickle
>>> a = pickle.load(f)
>>> a
{'LAN': 1, 'BSNL': 3, 'MPLS': 4, 'AirTel4M': 5, 'AIRTEL': 2}
>>>
/usr/sbin/imspector -c /usr/local/https/etc/imspector/imspector.conf -D 4
/etc/init.d/S90Apache start ( httpd )
0-59/1 * * * * /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num
1
/usr/sbin/clamsslsmtpd -d 4 -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p
/var/run/clamsslsmtpdspamvirus.conf.pid
/var/temp/clamsslsmtpd -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p
/var/run/clamsslsmtpdspamvirus.conf.pid -d 4
bypass from httpsinspect
/usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 182.73.181.124 -m state
--state ESTABLISHED -j ACCEPT
/usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 172.16.9.4 -m state --state
ESTABLISHED -j ACCEPT
cat conftacacs
gsfw|fwip-LAN|49|12345|chap|
confldap
gsfw|ADSERVER|389|cn|r|j|superuser|wonderdream|g|
ap.corp.ipgnetwork.com|bomgdc01|ADServer|kumaraadmin|AmbiEnce@001|ipgap
whatsapp1|174.37.217.92|255.255.255.255
whatsapp2|50.22.231.49|255.255.255.255
whatsapp3|174.37.199.194|255.255.255.255
whatsapp4|208.43.115.207|255.255.255.255
whatsappnw1|50.22.231.32|255.255.255.224
whatsappnw10|173.192.219.96|255.255.255.224
whatsappnw11|174.37.199.194|255.255.255.224
whatsappnw12|184.173.179.41|255.255.255.224
whatsappnw13|184.173.136.64|255.255.255.224
18. ==================
Patanjali
DishTV1|180.179.201.170|255.255.255.255
DishTV2|74.63.224.173|255.255.255.255
DishTV3|217.23.15.146|255.255.255.255
DishTV4|93.190.138.104|255.255.255.255
DishTV5|109.236.86.209|255.255.255.255
DishTV6|74.63.224.172|255.255.255.255
DishTV7|103.5.198.210|255.255.255.255
DishTV8|202.46.197.164|255.255.255.255
===============
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 192.168.0.0/24 -j
ROUTE --gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.0.128.0/24 -j ROUTE
--gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.2.0/24 -j ROUTE
--gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.5.0/24 -j ROUTE
--gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.4.0/24 -j ROUTE
--gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.6.0/24 -j ROUTE
--gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.11.0/24 -j ROUTE
--gw 10.53.0.1
Kaspersky1|94.75.236.122|255.255.255.255
Kaspersky2|93.159.230.19|255.255.255.255
Kaspersky3|85.12.58.17|255.255.255.255
Kaspersky4|80.239.174.44|255.255.255.255
Kaspersky5|80.239.174.40|255.255.255.255
Kaspersky6|80.239.169.135|255.255.255.255
Kaspersky7|66.235.148.65|255.255.255.255
Kaspersky8|63.245.216.134|255.255.255.255
Kaspersky9|4.28.136.42|255.255.255.255
Kaspersky10|4.28.136.39|255.255.255.255
Kaspersky11|4.28.136.36|255.255.255.255
Kaspersky12|38.124.168.125|255.255.255.255
Kaspersky13|38.124.168.119|255.255.255.255
Kaspersky14|38.124.168.116|255.255.255.255
Kaspersky15|38.117.98.253|255.255.255.255
Kaspersky16|38.117.98.230|255.255.255.255
Kaspersky17|38.117.98.212|255.255.255.255
Kaspersky18|38.117.98.202|255.255.255.255
Kaspersky19|38.117.98.199|255.255.255.255
Kaspersky20|38.117.98.196|255.255.255.255
Kaspersky21|23.67.100.236|255.255.255.255
Kaspersky22|212.73.221.199|255.255.255.255
Kaspersky23|212.47.219.89|255.255.255.255
Kaspersky24|212.47.219.86|255.255.255.255
Kaspersky25|195.27.252.18|255.255.255.255
Kaspersky26|195.122.169.18|255.255.255.255
Kaspersky27|193.45.6.7|255.255.255.255
Kaspersky28|193.45.6.13|255.255.255.255
Kaspersky29|193.45.6.10|255.255.255.255
600*8/1024
13 0-23/6 * * * python /root/Desktop/Pycfile/restartTrafficCollector.py
13 0-23/6 * * * python /var/gs/restartTrafficCollector.py
19. chart ==> DASHBOARD = Download
Total = LAN = Downlaod
WAN = Upload
Capping = LAN = Downlaod
WAN = Upload ( not show )
url == Report->Browsing->Browsing Logs
acl likephp url_regex http://www.facebook.com/plugins/like.php
acl exceptionsites dstdomain "/etc/squid/exceptionsites"
redirector_access deny likephp
redirector_access deny exceptionsites
http_access allow likephp
http_access allow exceptionsites
acl loginbutton url_regex http://www.facebook.com/plugins/login_button.php
acl exceptionsites dstdomain "/etc/squid/exceptionsites"
redirector_access deny loginbutton
redirector_access deny exceptionsites
http_access allow loginbutton
http_access allow exceptionsites
Sajjan Mum :- 115.112.40.170 :- gsfw@login :- dreamwonder@sajjan
Sajjan Ank :- 117.239.82.33 / 210.212.133.129 :- gsfw@login :-
dreamwonder@sajjan
chmod 755 download
killall -9 squid.localauth
sleep 3
squid.localauth -f /etc/squid/squid.conf.localauth -D
Cheers firewall.
IP :- 59.160.81.37
Password :- EM2q-47*Ewkh@n
yahoonet1|66.196.114.0
yahoonet2|66.196.112.0
yahoonet3|106.10.193.0
arjun|Generic|Http|allow|AllTime|n|y|"Http Post" ~= "google.com/notes";or;"Http
Header" ~= "google.com/notes";or;|active
-----------------------------------
wetransfer.net
wetransfer.com
amazonaws.com
quantserve.com
Wetransfer1|176.34.103.229|255.255.255.255
Wetransfer2|192.229.145.207|255.255.255.255
Wetransfer3|46.137.107.237|255.255.255.255
wetransfer4|173.241.248.180|255.255.255.255
Wetransfer5|46.137.106.221|255.255.255.255
Wetransfer6|203.190.124.25|255.255.255.255
Wetransfer7|54.254.111.85|255.255.255.255
Wetransfer8|176.34.177.108|255.255.255.255
Wetransfer9|178.236.7.33|255.255.255.255