Downloaded 20 times
![curl -x 192.168.2.95:8080 --proxy-ntlm -U 'gajdomainadministrator'
http://www.yahoo.com
============================================================
#acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
#http_access deny blockfiles
# vi /etc/squid/blocks.files.acl
Append following text:
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
acl blocksites url_regex "/etc/squid/squid-block.acl"
http_access deny blocksites
=================
proxy error ===== the requested url could not be retrived
Without proxy ====== page cannot be display
===========================================
traceroute -n -i eth1 yhh -I
=============================
acl myip dstdomain 192.168.1.200
acl exceptionsites dstdomain "/etc/squid/exceptionsites"
http_access deny myip
http_access allow exceptionsites
================================
iptables -I INPUT -p tcp -s 59.181.98.140 --dport 443 -j ACCEPT ======443 access
58.68.55.140
============
curl -x 192.168.1.221:8080 http://images.orkut.com
time curl -x 172.16.72.25:3128 http://www.ndtv.com -U helpdesk
===================================================
$squidstat = `ps auxwww | grep squid`;
$file = "squid -D";
if (!($squidstat =~ m/$file/)) {
$new = system("/usr/local/https/scripts/admin/restartproxy restart
>/dev/null 2>&1 &");
================================================================================
===============
$namedstat = `ps auxwww | grep named`;
$file = "/usr/sbin/named";
if (!($namedstat =~ m/$file/)) {
$new = system("/usr/sbin/named");
================================================================================
===============
/usr/sbin/snmpd
ps -ef |grep -i snmp
$snmpstat = `ps auxwww | grep snmp`;
$file = "/usr/sbin/snmpd";
if (!($snmpstat =~ m/$file/)) {
$new = system("/etc/init.d/snmpd restart >/dev/null 2>&1 &");
=====================================================================
du -h --max-depth=30
du -h --max-depth=1
====================
nslookup
> set type=MX
> bata.co.in
============
dig MX deseinindure.com](https://image.slidesharecdn.com/command-140801035618-phpapp02/85/Command-1-320.jpg)
![curl -x 192.168.2.95:8080 --proxy-ntlm -U 'gajdomainadministrator'
http://www.yahoo.com
============================================================
#acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
#http_access deny blockfiles
# vi /etc/squid/blocks.files.acl
Append following text:
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
acl blocksites url_regex "/etc/squid/squid-block.acl"
http_access deny blocksites
=================
proxy error ===== the requested url could not be retrived
Without proxy ====== page cannot be display
===========================================
traceroute -n -i eth1 yhh -I
=============================
acl myip dstdomain 192.168.1.200
acl exceptionsites dstdomain "/etc/squid/exceptionsites"
http_access deny myip
http_access allow exceptionsites
================================
iptables -I INPUT -p tcp -s 59.181.98.140 --dport 443 -j ACCEPT ======443 access
58.68.55.140
============
curl -x 192.168.1.221:8080 http://images.orkut.com
time curl -x 172.16.72.25:3128 http://www.ndtv.com -U helpdesk
===================================================
$squidstat = `ps auxwww | grep squid`;
$file = "squid -D";
if (!($squidstat =~ m/$file/)) {
$new = system("/usr/local/https/scripts/admin/restartproxy restart
>/dev/null 2>&1 &");
================================================================================
===============
$namedstat = `ps auxwww | grep named`;
$file = "/usr/sbin/named";
if (!($namedstat =~ m/$file/)) {
$new = system("/usr/sbin/named");
================================================================================
===============
/usr/sbin/snmpd
ps -ef |grep -i snmp
$snmpstat = `ps auxwww | grep snmp`;
$file = "/usr/sbin/snmpd";
if (!($snmpstat =~ m/$file/)) {
$new = system("/etc/init.d/snmpd restart >/dev/null 2>&1 &");
=====================================================================
du -h --max-depth=30
du -h --max-depth=1
====================
nslookup
> set type=MX
> bata.co.in
============
dig MX deseinindure.com](https://image.slidesharecdn.com/command-140801035618-phpapp02/75/Command-1-2048.jpg)
![policy restart IPS service from frontend.
#### Rule to Block Gmail access ####
drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS Gmail Access -55";
flow:from_server,established; content:"mail.google.com"; offset:320; depth:50;
sid:510000079; )
#### Rule to Block yahoo mail access ####
drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS yahoo mail Access -55";
flow:from_server,established; content:"login.yahoo.com"; offset:320; depth:50;
sid:510000080; )
### IPS Rule to block Gtalk ###
drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55";
content:"jabber"; sid:510000079; )
drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55";
content:"etherx.jabber.org/streams"; sid:510000080; )
### Add below rules in additionalrules file to bypass users from IPS to access
Gtalk ###
/sbin/iptables -t mangle -I FORWARD -s 192.168.100.35 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -d 192.168.100.35 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 443 -j
ACCEPT
/sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 443 -j
ACCEPT
/sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 5222 -j
ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 5222 -j
ACCEPT
================================================================================
======
/sbin/iptables -t mangle -I OUTPUT -p tcp -s 192.168.1.1 -d 192.168.1.100
--sport 8080 -j ACCEPT
/sbin/iptables -t mangle -I POSTROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100
--sport 8080 -j ACCEPT
/sbin/iptables -t mangle -I PREROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100
--sport 8080 -j ACCEPT
/sbin/iptables -t mangle -I INPUT -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport
8080 -j ACCEPT
================================================================
python /usr/local/https/suid/maillinkdown.pyc
=============================================
arping -s (source ipaddress) (Gateway ip) -f -I eth(X)
===========================================================
*All*|Generic|File Upload|block|AllTime|n|y||active
*All*|Web Mails|All of Above|allow|AllTime|n|y||active
*All*|Orkut|Orkut Scrap|allow|AllTime|n|y||active
*All*|Orkut|Orkut Message|allow|AllTime|n|y||active
*All*|Orkut|Orkut Forum Post|allow|AllTime|n|y||active
*All*|Orkut|Orkut Forum Event|allow|AllTime|n|y||active
*All*|Facebook|Facebook Wall|allow|AllTime|n|y||active
*All*|Facebook|Facebook Message|allow|AllTime|n|y||active
*All*|Facebook|Facebook Forum Post|allow|AllTime|n|y||active
*All*|Facebook|Facebook Comment|allow|AllTime|n|y||active](https://image.slidesharecdn.com/command-140801035618-phpapp02/85/Command-3-320.jpg)
![http and https transparent proxy ###
##/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 80 -j CONNMARK --set-mark
2
#/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 443 -j CONNMARK --set-mark
2
#/sbin/iptables -t nat -I OUTPUT -p tcp --dport 80 -j CONNMARK --set-mark 2
#/sbin/iptables -t nat -I OUTPUT -p tcp --dport 443 -j CONNMARK --set-mark 2
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j CONNMARK --set-mark 2
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 -j CONNMARK --set-mark 2
python
Python 2.3.4 (#1, Sep 30 2004, 03:19:26)
[GCC 3.3.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> f = open("interfacemarkdict")
>>> a =
KeyboardInterrupt
>>> pickle
KeyboardInterrupt
>>> import pickle
>>> a = pickle.load(f)
>>> a
{'LAN': 1, 'BSNL': 3, 'MPLS': 4, 'AirTel4M': 5, 'AIRTEL': 2}
>>>
/usr/sbin/imspector -c /usr/local/https/etc/imspector/imspector.conf -D 4
/etc/init.d/S90Apache start ( httpd )
0-59/1 * * * * /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num
1
/usr/sbin/clamsslsmtpd -d 4 -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p
/var/run/clamsslsmtpdspamvirus.conf.pid
/var/temp/clamsslsmtpd -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p
/var/run/clamsslsmtpdspamvirus.conf.pid -d 4
bypass from httpsinspect
/usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 182.73.181.124 -m state
--state ESTABLISHED -j ACCEPT
/usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 172.16.9.4 -m state --state
ESTABLISHED -j ACCEPT
cat conftacacs
gsfw|fwip-LAN|49|12345|chap|
confldap
gsfw|ADSERVER|389|cn|r|j|superuser|wonderdream|g|
ap.corp.ipgnetwork.com|bomgdc01|ADServer|kumaraadmin|AmbiEnce@001|ipgap
whatsapp1|174.37.217.92|255.255.255.255
whatsapp2|50.22.231.49|255.255.255.255
whatsapp3|174.37.199.194|255.255.255.255
whatsapp4|208.43.115.207|255.255.255.255
whatsappnw1|50.22.231.32|255.255.255.224
whatsappnw10|173.192.219.96|255.255.255.224
whatsappnw11|174.37.199.194|255.255.255.224
whatsappnw12|184.173.179.41|255.255.255.224
whatsappnw13|184.173.136.64|255.255.255.224](https://image.slidesharecdn.com/command-140801035618-phpapp02/85/Command-16-320.jpg)
Command
- 1. curl -x 192.168.2.95:8080--proxy-ntlm -U 'gajdomainadministrator' http://www.yahoo.com ============================================================ #acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl" #http_access deny blockfiles # vi /etc/squid/blocks.files.acl Append following text: .[Ee][Xx][Ee]$ .[Aa][Vv][Ii]$ .[Mm][Pp][Gg]$ .[Mm][Pp][Ee][Gg]$ .[Mm][Pp]3$ acl blocksites url_regex "/etc/squid/squid-block.acl" http_access deny blocksites ================= proxy error ===== the requested url could not be retrived Without proxy ====== page cannot be display =========================================== traceroute -n -i eth1 yhh -I ============================= acl myip dstdomain 192.168.1.200 acl exceptionsites dstdomain "/etc/squid/exceptionsites" http_access deny myip http_access allow exceptionsites ================================ iptables -I INPUT -p tcp -s 59.181.98.140 --dport 443 -j ACCEPT ======443 access 58.68.55.140 ============ curl -x 192.168.1.221:8080 http://images.orkut.com time curl -x 172.16.72.25:3128 http://www.ndtv.com -U helpdesk =================================================== $squidstat = `ps auxwww | grep squid`; $file = "squid -D"; if (!($squidstat =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartproxy restart >/dev/null 2>&1 &"); ================================================================================ =============== $namedstat = `ps auxwww | grep named`; $file = "/usr/sbin/named"; if (!($namedstat =~ m/$file/)) { $new = system("/usr/sbin/named"); ================================================================================ =============== /usr/sbin/snmpd ps -ef |grep -i snmp $snmpstat = `ps auxwww | grep snmp`; $file = "/usr/sbin/snmpd"; if (!($snmpstat =~ m/$file/)) { $new = system("/etc/init.d/snmpd restart >/dev/null 2>&1 &"); ===================================================================== du -h --max-depth=30 du -h --max-depth=1 ==================== nslookup > set type=MX > bata.co.in ============ dig MX deseinindure.com
- 2. less /var/log/squid/access.log |grep-i safechild |awk '{print $3}' | cut -f2 -d'' |wc -l less /var/log/squid/access.log |awk '{print $3}' echo arjun=`less /var/log/squid/access.log |grep -i arjun |awk '{print $3}' | wc -l ` less 20091029 |awk '{print $2}' |cut -f3 -d"|" less 20091029 |awk '{print $2}' |cut -f3 -d"|" |grep -iv postmaster find all files with name  testfile  in /home directory recursively and contains the word hello. find /home -type f -name testfile | xargs grep -l -i hello ## This scrip to count no of mails comes to perticular person ## you have to enter currect email id echo " TO CHECK MAIL FOR PERTICULAR PERSON " echo -e " enter persons mail ID :- c" read 'mailid' #echo " $mailid" veri=`grep -e "$mailid" 20091029 | cut -f3 -d"|" |wc -l` echo -e "$mailid = "$veri" " #echo "$veri" ##echo "$veri" ##awk '{print $2}' 20091027 | cut -f3 -d"|" |grep -iv postmaster |grep -i amit@gajshield.com ================================================================================ ============= start-browse cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules installfwrules ############################################################################ stop-browse cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules installfwrules stop-browse start-browse ank@web!1 /var/tmp/gaj ============ ------------------- 1 secure to secure fwnet-secure http fwip-insecure   mailserver 2 secure to secure fwnet-secure http mailserver   fwip-secure ======================================== Edit /etc/snort/snort.template and add below policy at the end of the file to block gmail and yahoo mail https access at IPS level itself. After adding below
- 3. policy restart IPSservice from frontend. #### Rule to Block Gmail access #### drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS Gmail Access -55"; flow:from_server,established; content:"mail.google.com"; offset:320; depth:50; sid:510000079; ) #### Rule to Block yahoo mail access #### drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS yahoo mail Access -55"; flow:from_server,established; content:"login.yahoo.com"; offset:320; depth:50; sid:510000080; ) ### IPS Rule to block Gtalk ### drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55"; content:"jabber"; sid:510000079; ) drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55"; content:"etherx.jabber.org/streams"; sid:510000080; ) ### Add below rules in additionalrules file to bypass users from IPS to access Gtalk ### /sbin/iptables -t mangle -I FORWARD -s 192.168.100.35 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.100.35 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 443 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 443 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 5222 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 5222 -j ACCEPT ================================================================================ ====== /sbin/iptables -t mangle -I OUTPUT -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I POSTROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I PREROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I INPUT -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT ================================================================ python /usr/local/https/suid/maillinkdown.pyc ============================================= arping -s (source ipaddress) (Gateway ip) -f -I eth(X) =========================================================== *All*|Generic|File Upload|block|AllTime|n|y||active *All*|Web Mails|All of Above|allow|AllTime|n|y||active *All*|Orkut|Orkut Scrap|allow|AllTime|n|y||active *All*|Orkut|Orkut Message|allow|AllTime|n|y||active *All*|Orkut|Orkut Forum Post|allow|AllTime|n|y||active *All*|Orkut|Orkut Forum Event|allow|AllTime|n|y||active *All*|Facebook|Facebook Wall|allow|AllTime|n|y||active *All*|Facebook|Facebook Message|allow|AllTime|n|y||active *All*|Facebook|Facebook Forum Post|allow|AllTime|n|y||active *All*|Facebook|Facebook Comment|allow|AllTime|n|y||active
- 4. *All*|Facebook|Facebook Note|allow|AllTime|n|y||active *All*|Facebook|Facebook Event|allow|AllTime|n|y||active *All*|IMChat|All Above IM Chat|allow|AllTime|n|y||active *All*|Web Chat|All Above Web Chat|allow|AllTime|n|y||active ============================================================ $squidstat = `ps auxwww | grep squid`; $file = "squid -D"; if (!($squidstat =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartproxy restart >/dev/null 2>&1 &"); ================================================================================ =============== $squidhttpsstat = `ps auxwww | grep squid`; $file = "squid.https"; if (!($squidhttpsstat =~ m/$file/)) { $new = system("/usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D >/dev/null 2>&1 &"); ================================================================================ =============== cd /var/named/ ll cp gajshield.com.hosts gajshield.com.hosts.20090522a vi gajshield.com.hosts /etc/init.d/named restart cd /etc/mail ll cp mailertable mailertable.20090222a vi mailertable makemap hash mailertable1.db < mailertable strings mailertable1.db /etc/init.d/sendmail restart ping gajshield.com cp /etc/mail/access /etc/mail/access.20090523a vi /etc/mail/access /etc/init.d/sendmail restart ping ndtv.com.blacklist.gajshield.com ============================================ jmitra.gajshield.fw CRON RECREATE tail -f /var/log/cron fcrontab -l > /var/tmp/vimcron cat /var/tmp/vimcron cd /var/spool/cron/ ls /etc/init.d/crond stop mv root root.vimbak cat /var/tmp/vimcron | fcrontab -l cat /var/tmp/vimcron | fcrontab - ls -larth /etc/init.d/crond start ls -larth tail -f /var/log/cron =========================================== Please find the command to create the user account. please take the backup of two files. Run the below command for backup :-
- 5. cp -i /etc/passwd/etc/passwd.orignal cp -i /etc/group /etc/group.orignal Administrative level privilege account use this command :- useradd -mg root -ou 0 (username) For read-only privilege use below command :- useradd -m (username) Now Finally assign password to all created users for that use below command :- passwd (username) Aircel Circuit ID - C2407 =================================== eth0|192.168.128.200|LAN|||e100|||1500|std|||255.255.255.0|||0 eth1|116.72.54.87|WAN|116.72.48.1||e100|||1500|std||defaultroute| 255.255.248.0|||0 ===================================== $winbin = `ps auxwww | grep winbindd`; $file = "/usr/sbin/winbindd"; if (!($winbin =~ m/$file/)) { $new = system("/usr/sbin/restartntlm >/dev/null 2>&1"); } $wbinfo = `wbinfo -t |grep "RPC calls failed"`; if ($wbinfo) { $new = system("/usr/local/https/scripts/admin/restartntlm >/dev/null 2>&1 &"); } 0-59/1 * * * * python /var/temp/arjun/wbinfo.py ====================================== $icap = `ps auxwww | grep icap`; $file = "/usr/sbin/c-icap"; if (!($icap =~ m/$file/)) { $new = system("/usr/sbin/c-icap -f /etc/c-icap.conf >/dev/null 2>&1 &"); } $icap = `ps auxwww | grep icap | grep -i defunct`; $file = '<defunct>'; if ($icap =~ m/$file/) { $new = system("killall -9 /usr/sbin/c-icap ; /usr/sbin/c-icap -f /etc/c- icap.conf >/dev/null 2>&1 &"); } $smtp = `ps auxwww | grep smtp`; $file = "/usr/sbin/smtpdscantransparent -f /usr/local/etc/clamsmtpdspam.conf -p /var/run/clamsmtpdspam.conf.pid"; if (!($smtp =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartantispam restart >/dev/null 2>&1"); ================================================ ethtool -s eth0 autoneg off speed 100 duplex half ethtool -s eth7 autoneg on speed 10 duplex half ================================================= snort -devi eth0 host 10.148.192.229 and port 21
- 6. ================================================ python /usr/local/https/suid/sendreport.pyc =============================================== :/lib/modules/2.4.26-grsec/kernel/drivers/net/e100 cp /var/tmp/ParekhMarine/e100.o . :/usr/local/https/scripts/admin # cat additionalrules ================================================= /etc/init.d/proxy stop cd /var/ ls -larth mv cache cache.20200210 mkdir cache chown web.root cache killall -9 squid killall -9 squid squid -z /usr/local/https/scripts/admin/restartproxy restart squid -z /etc/init.d/proxy start ============================================ %s/searchword/replace word/g ========================== ram28patil@gmail.com cat file-name | sed -e 's/first_pattern/next_pattern/g' > new-file cat /proc/net/ip_conntrack |grep 1433 122.252.232.179 ----Patanjali gsfw@PyP Awash@3779 / 118.67.228.162 ping -c 3 -I 57.56.224.12 57.56.130.1 172.16.1.55 /var/spool/imap/user/spam/db/ /etc/mail/spamassassin/custom.cf /usr/local/https/data/antispamrule /usr/sbin/sendmail -C/etc/mail/sendmail-nospam.cf -f Gaurav.Shetye@enerconindia.net support@gajshield.com < 745724. sendmail -f sales@siskom.co.in -C/etc/mail/sendmail.cf pooja@techinfra.in < 2324881. sendmail -C/etc/mail/sendmail-local.nonspam.cf -f rasool.acct.bom@riyagroup.travel Riya.Travels@enerconindia.net < 281669. smbpasswd -j GAJNEW (domain name) -r gajnew (netbios name) -U Administrator net ads join -U username%passwd -S netbios name net ads lookup -U 'username%passwd' -S servername cat ntlmdata testgaj.com|win-sr2unpvbdco|AD-Srv2008|administrator|gaj@1234|testgaj WAN Failover in new kernal ### Ping allowed from all interfaces ### /sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.1.5 -j ACCEPT /sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.10.2 -j ACCEPT ###
- 7. ====================================================================== 7.2.1 md5sum /usr/lib/c_icap/srv_clamav.so 259611bb3b9773a23b99ab356c6616e3OLD freshclam -V ClamAV 0.96/10763/Tue Apr 20 18:10:59 2010 md5sum srv_clamav.so 95da956aba84de9e0b5d7eccd733f141 NEW ====================================================================== /sbin/iptables -I INPUT -s 172.1.1.1 -p tcp --dport 222 -i ppp0 -j ACCEPT route add -net 192.168.25.0/24 gw 172.1.1.1 route add -net 172.1.1.0/24 gw 192.168.2.3 route del -net 172.1.1.0 netmask 255.255.255.0 gw 192.168.2.3 /sbin/iptables -I INPUT -s 192.168.25.23 -p tcp --dport 443 -i ppp0 -j ACCEPT 0-59/5 * * * * rm -frv /var/log/proxy/__db* $httpsinspect = `ps auxwww | grep httpsinspect`; $file = "/usr/sbin/httpsinspect"; if (!($httpsinspect =~ m/$file/)) { $new = system("/usr/sbin/httpsinspect >/dev/null 2>&1 &"); iptables -I OUTPUT -s 220.227.158.10 -d 220.226.206.22 -j ACCEPT ============= $stunnel = `ps auxwww | grep stunnel`; $file = "/usr/sbin/stunnel"; if (!($stunnel =~ m/$file/)) { $new = system("/usr/sbin/stunnel >/dev/null 2>&1 &"); ================== stunnel -d 443 -v 1 -D 7 -L /usr/sbin/pppd -- pppd 172.1.1.1: noauth local passive squid -f /etc/squid/squid.conf -D =================================================== while true;do ps aux|grep logzip |grep -v grep;done while true;do ps aux|grep generate |grep -v grep;done python /usr/local//icichttps/suid/firewalllogzip.pyc -createzip 20100504 20100504 downloaddlpuploadlog ================================================================================ ================= tune2fs -c 0 /dev/hda1 2 4 /usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D /usr/ctasd/bin/http_client.pl /var/spool/quarantine/20100614/spam.1276456323.27972 ipsec whack --status chmod 666 /dev/null http://www.gajshield.com/technical_document.htm ••••••••• http://www.hideipvpn.com/2010/03/howto-windows-7-ipsecl2tp-vpn-setup-tutorial/ /sbin/iptables -I PREROUTING -t mangle -s 57.56.130.0/24 -d 145.228.181.96 -p tcp --dport 80 -j ROUTE --gw 57.56.130.1
- 8. /sbin/iptables -I PREROUTING-t mangle -s 172.1.1.27 -d 192.168.2.7 -p tcp --dport 80 -j ROUTE --gw 172.1.1.1 http://www.careerride.com/job-skills.aspx http://studyhat.blogspot.com/ route add 192.168.2.7 gw 172.1.1.1 ###destination d_fw { program("/usr/local/https/scripts/admin/manageidentitylog" template("$MSGn")); }; ###destination d_identity_log { file("/var/log/firewall/$YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; ###filter f_identity_log { facility(local3) and level(info);}; ###destination d_identity_login { file("/var/log/identity/ $YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; ###filter f_identity_login { level(notice) and program("python"); }; ###log { source(s_sys); filter(f_identity_login); destination(d_identity_login); }; ###log { source(s_sys); filter(f_identity_log); destination(d_identity_log); }; *** Note the first line needs to be replaced with the following line. destination d_fw { file("/var/log/firewall/$YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; route add 192.168.2.7 gw 172.1.1.1 iptables -t filter -I OUTPUT -d 192.168.2.7 -p tcp --dport 80 -j ACCEPT GajShield Infotech (I) Pvt. Ltd. Unit 103, Building No. 5, Sector III, Millennium Business Park, Mahape, Navi Mumbai   400 701. ========================== killall -9 squid.https sleep 2 /usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D squid -f /etc/squid/squid.conf -D ======================= modprobe xt_statistic /sbin/modprobe ipt_TTL /sbin/modprobe ipt_ttl tcpdump -eni eth0 iptables -I OUTPUT -s <SRC IP> -p tcp --dport 80 -j DROP 23 0-23/2 * * * ./redirect 1 0 1 www.onlinegames.net 192.168.0.49 - GET http://127.0.0.1/cgi-bin/blocked.ggi? blockedurl=www.onlinegames.net&reason=hitesh|192.168.0.49|Blocked| Site+in+Advanced+Blocked+Category+Games,+for+group+Default 127.0.0.1 - GET
- 9. http://www.gajshield.com/technical_document.htm /usr/local/bin/ctasd-3.01.0017-linux-x86-gcc323- kernel24/samples/http_client.pl /var/ankur/ILFS-Spam-1 /usr/local/bin/ctasd-3.00.0028-linux-x86-gcc335/samples/http_client.pl /tmp/414760. chkconfig --level3 ntpd off cat services |sort -u > services.origin proxylogs.SBI squid.02-09-2010 squidconf.template.20090216 .virtualearth.net .gta-travel.com EHLO webmail.gajshield.com MAIL From:<gajshield-list-bounce@gajshield.com> SIZE=297331 RCPT To:<info@vintage3.com> DATA <!--**URL-FILTERING**-->_ng 0 0 1 ################################################################################ ## icap_service service_1 reqmod_precache 1 icap://127.0.0.1:1344/gajdlp_module icap_service service_3 respmod_precache 1 icap://127.0.0.1:1344/gajdlp_module --- icap_access class_3 allow simpletext icap_access class_3 allow gmailchat icap_access class_3 allow gmailchat1 icap_access class_3 allow sifychat icap_access class_3 allow sifychat1 icap_access class_3 allow yahoochat icap_access class_3 allow facebookchat icap_access class_1 deny whitedomain icap_access class_1 deny localmachine icap_access class_1 allow FTP icap_access class_1 allow HTTP icap_access class_1 allow GET icap_access class_1 allow POST ################################################################################ ##### replace srv_echo.so with srv_clamav.so < ### Rules to bypass ICMP from IPS ### < < /sbin/iptables -t mangle -I INPUT -p icmp -j ACCEPT < /sbin/iptables -t mangle -I FORWARD -p icmp -j ACCEPT < /sbin/iptables -t mangle -I OUTPUT -p icmp -j ACCEPT < dlpoptions **Sify Mail *SMTP Mails **SMTP Mails dlpservicefunc Sify Web Chat| 321b17265cab11d20c5d0b0238a8e5f433f50684c4e1285748edefc6780a929016140ff247c5da08 9f|
- 10. SMTP Mails| 4545bdaf247ae477c9feeb2805caafbd25967c4a6e8337c21acdf505d5d3c9e9e287776835| SMTP|8c1b3561c2ae1e4c570b5b5ea9d3b05ab360443b958c4233d5e5babdc0082b007b06ca| Sify Mail| 2dc78855525b7ad32e8c1178fdc0dea261e6beb1bf7a106c1cd78508b32cceead15ea96816| http://productsearch.rediff.com/productlist.aspx? category=television&brand=LG&price=Below%20Rs%205000 snort--daq-dir=/usr/lib/daq -i eth0 host 192.168.0.67 and port 443 snort --daq-dir=/usr/lib/daq -C -d -i lo port 1709 snort --daq-dir=/usr/lib/daq -C -d -i lo port 1344 snort -C -d -v -i lo port 1344 http://en.wikipedia.org/wiki/AAA_protocol Hi, Please export users from Radius server and save it in csv file. And upload that file in Browsing->User Settings->Users->CSV File Upload. http://www.gajshield.com/manual/SNMP_configuration_with_in_GajShield.pdf 10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata- 123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None- None:None:None:None:None||| 20|Airtel to Any|fwip-Airtel||http,https||internet||default|accept|no|Airtel- 122.169.101.1,Tata-123.252.239.1|yes|active||None:None:None:None:None- None:None:None:None:None||| http://www.4shared.com/dir/34402089/7a2b8b50/Ajay_Atul_Music_fanss_collecti.html Please give us a goto meeting access to check the issue. https://www.gotomeeting.com/join/187194339 10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata- 123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None- None:None:None:None:None||| < ##<!--**AUTHENTICATION**--> < < auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp < auth_param ntlm children 30 /usr/local/https/scripts/admin/resetdefault OR /usr/local/https/scripts/admin/resetdefault clearlog cat additionalrules.changes cp /var/temp/arjun/restartntlm.pyc /usr/local/https/suid/restartntlm.pyc > /dev/null 2>&1 chmod 755 /usr/local/https/suid/restartntlm.pyc > /dev/null 2>&1 /usr/sbin/c-icap -f /etc/c-icap.conf -D -d 9 squid -f /etc/squid/squid.conf -D -d 9
- 11. EXPRESS DIGITAL SYSTEMS, SAMSUNGEXCLUSIVE SERVICE CENTER, Navyog Niwas, Shop No. 6, Gr. Floor, 1767 Lamington Road, Opp Minerva Cinema, Grant Road(East) Mumbai-400 008. tel no. (91-22) 2301 3198. ====================== facebook blocking channel.facebook.com facebook.com/ajax/chat/ ============== root@gsfw:/etc/ipsec.d # find . |grep -i gaj ./squid/cert/gajsslcert.req ./squid/cert/gajsslcert.pem ./squid/key/gajsslcert.pemc /etc/ipsec.d/cakeys guest b1pl@b 194 --- sendmail 55 --- newspam root@gsfw:/var/log/DLP/imlogs/webchat/facebook/656111326/640816416 ============================================= tun0|172.16.6.1|CloudConnect|||e1000e|||1500|std|||255.255.255.0|||0 CloudNw|172.16.6.0|255.255.255.0 Cloud|1024:65535|1195|udp|0 1|Beam to Beam|internet||cloud||fwip-Beam||default|accept|no|none|yes|active|| None:None:None:None:None-None:None:None:None:None||| 2|TTSL to TTSL|internet||cloud||fwip-TTSL||default|accept|no|none|yes|active|| None:None:None:None:None-None:None:None:None:None||| 3|CloudConnect to LAN|cloudnetwork||DNS||fwip-LAN||default|accept|no|none|yes| active||None:None:None:None:None-None:None:None:None:None||| 4|CloudConnect to LAN|cloudnetwork||Any||fwnet-LAN||default|accept|no|none|yes| active||None:None:None:None:None-None:None:None:None:None||| 5|CloudConnect to Any|cloudnetwork||http-transparent-proxy,https,DNS||internet|| default|accept|no|Beam-183.83.192.1,TTSL-192.168.1.1|yes|active|| None:None:None:None:None-None:None:None:None:None||| root@gsfw:/usr/local/https/data # cat cloud clouddomain cloudexepass cloudusers root@gsfw:/usr/local/https/data # cat clouddomain ct|IP|fwip-Beam|Encryption:3des|Compression:on|cloudnetwork|cloud|fwip-LAN|fwip- LAN|fwip-TTSL =========================================== /proc/sys/net/ipv4/ip_forward /usr/local/https/templates/newaccessdenied.html 30 22 * * * /sbin/shutdown -h now 30 22 * * * init 0 Awash@3779
- 12. chmod 1777 tmp drwxrwxrwt4 root root 4.0K 2014-05-14 12:11 tmp ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9 "$2);}' 0,30 * * * * ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9 "$2);}' $ctwsd = `ps auxwww | grep ctwsd`; $file = "./ctwsd.bin -l /usr/lib/ctwsd -c /etc/ctwsd/ctwsd.conf --pid /var/run/ctwsd/ctwsd.pid"; if (!($ctwsd =~ m/$file/)) { if(-e "/usr/lib/ctwsd/ctwsd"){ $new = system("/etc/init.d/ctwsd start >/dev/null 2>&1 &"); iptables -t filter -I FORWARD -s 192.168.0.0/20 -j ACCEPT iptables -t nat -I PREROUTING -s 192.168.0.0/20 -j ACCEPT undes gajshield 20110801.backup 20110801.backup.tgz tar -zxvf 20110801.backup.tgz ##<!--**SSL_CRTD**--> sslcrtd_program /usr/sbin/ssl_crtd -s /var/spool/ssl_db -M 4MB sslcrtd_children 10 ##<!--**SSL_GET_DOMAIND**--> sslgetdomaind_program /usr/local/https/squid/ssl_getdomaind sslgetdomaind_children 250 /usr/local/https/etc/ipsrules backup /usr/sbin/proxylogs (replace 530 with access log time) POP3 :- tagging SMTP :- tagging and blocking login4tpg@123 0-59/5 * * * * rm -frv /var/log/proxy/__db* /usr/local/https/gajcloud/template/server.conf.template /etc/openvpn/server.conf ========================================================== webex network 96.6.38.212 210.4.200.96 114.29.194.39 62.109.202.160 64.191.223.37 62.109.202.153 62.109.202.151 173.222.154.212 62.109.202.162 72.247.50.212 114.29.195.80
- 13. Webex-net10|114.29.194.0|255.255.255.0 Webex-net1|114.29.200.0|255.255.255.0 Webex-net2|64.68.107.0|255.255.255.0 Webex-net3|210.4.201.0|255.255.255.0 Webex-net4|64.68.96.0|255.255.255.0 Webex-net5|64.68.105.0|255.255.255.0 Webex-net6|209.197.200.0|255.255.255.0 Webex-net7|209.197.222.0|255.255.255.0 Webex-net8|184.31.40.0|255.255.255.0 Webex-net9|64.68.104.0|255.255.255.0 Webex-net0|66.114.168.0|255.255.255.0 173.223.42.212 210.4.200.96 114.29.195.83 95.100.40.36 173.243.5.18 114.29.195.83 173.243.0.152 ========================================== $monitor = `psax | grep monitor`; $file = "python /usr/local/https/suid/pyc_exec_suid /usr/local/https/suid/monitor.pyc /usr/local/https/data/ /etc/ipsec.d/"; if (!($monitor =~ m/$file/)) { if(-e "/etc/init.d/monitor"){ $new = system("/etc/init.d/monitor start >/dev/null 2>&1 &"); $checkvpn = `ps auxwww | grep checkvpn`; $file = "/usr/sbin/checkvpn"; if (!($checkvpn =~ m/$file/)) { $new = system("/usr/sbin/checkvpn >/dev/null 2>&1 &"); } $checkISP = `ps auxwww | grep checkISP`; $file = "/usr/sbin/checkISP"; if (!($checkISP =~ m/$file/)) { $new = system("/usr/sbin/checkISP >/dev/null 2>&1 &"); } mca1|14.140.191.120|255.255.255.255 mca2|202.54.179.120|255.255.255.255 mca3|115.114.108.120|255.255.255.255 mca4|216.163.188.49|255.255.255.255 mca5|14.114.191.120|255.255.255.255 mca6|202.137.239.30|255.255.255.255 /usr/sbin/c-icap -f /etc/c-icap.conf -N -D -d 9 fsck -c /dev/hda1 111.93.11.126 tar zcvf AkashPack.20111221.tgz /usr/local/https/ /etc/ /usr/sbin/sslcrtd -c -s /tmp/ssl_db/ chmod -R 777 /tmp/ssl_db/ squid.localauth -f /etc/squid/squid.conf.localauth -D -d 9 squid -f /tmp/squid.conf -D -d 9
- 14. cat /etc/init.d/newmknodfiles |grep-i sip /sbin/modprobe ip_conntrack_sip ##/sbin/modprobe ip_nat_sip root@gsfw:~ # cat /etc/init.d/newmknodfiles |grep -i 323 /sbin/modprobe ip_conntrack_h323 ##/sbin/modprobe ip_nat_h323 iptables -L -n -t mangle |less /sbin/iptables -t mangle -D FORWARD -o ! lo -j QUEUE /sbin/iptables -t mangle -D INPUT -i ! lo -j QUEUE /sbin/iptables -t mangle -D OUTPUT -o ! lo -j QUEUE ################## DC ################ 0-59/1 * * * * /usr/local/https/data/restartNTLMScript.sh ( Restart NTLM ) /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 ( Disable IPS for failover in DC) /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 --queue- bypass /sbin/iptables -t mangle -D OUTPUT -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark ########################################## tar zxvf /var/tmp/VARForAkashPack.20111229.tgz ps -ef |grep -i dhcp root 13565 1717 0 17:52 pts/0 00:00:00 grep -i dhcp root 25067 1 0 Jan18 ? 00:02:24 /usr/sbin/dhcpd -lf /var/lib/dhcp/dhcpd.leases eth0 eth1 GT-S5263 ==================== Dropbox IP Dropbox1|108.160.160.0|255.255.240.0 Dropbox2|199.47.216.0|255.255.252.0 Dropbox3|199.47.217.0|255.255.255.0 Dropbox4|199.47.218.0|255.255.255.0 Dropbox5|199.47.219.0|255.255.255.0 Dropbox6|23.21.220.0|255.255.255.0 Dropbox7|107.22.245.0|255.255.255.0 Dropbox8|50.17.246.0|255.255.255.0 Dropbox9|174.129.195.0|255.255.255.0 Dropbox10|23.23.226.0|255.255.255.0 Dropbox11|54.221.249.0|255.255.255.0 Dropbox12|108.160.165.0|255.255.224.0 Dropbox13|108.160.162.0|255.255.255.0 Dropbox14|108.160.166.0|255.255.255.0 Dropbox15|54.221.234.0|255.255.255.0 Dropbox16|107.20.249.120|255.255.255.0 Dropbox17|50.19.214.0|255.255.255.0 Dropbox18|23.23.229.0|255.255.255.0 ==================== neo@howallbkd
- 15. /usr/sbin/c-icap -f /etc/c-icap.conf-D -N -d 9 client ldap sasl wrapping = sign Linux 2.6.18-238.19.1.el5xen (32-bit) /usr/bin/nice -n 19 /usr/local/https/scripts/admin/dumpdashboard Front End Password: ITSInvisiblE (after b is small L) Backend Password: Security@1981 (S is Capital) -rw-r----- 1 web wheel 1488857 2012-05-19 15:24 /var/tmp/sslcrtd.log -rw-r----- 1 web wheel 14200 2012-05-19 09:30 /var/tmp/getdomaind.log 9.4.7.4.34.3.4 winbindd -d 9 -i Sec5re license 11 10 * * * /bin/rm /usr/local/https/ramdata/ssldomains.db leave@tra!l4me cat /etc/rc.local |grep -i tso /usr/sbin/ethtool -K eth0 tso off /usr/sbin/ethtool -K eth1 tso off /usr/sbin/ethtool -K eth3 tso off vi /etc/ctwsd/ctwsd.conf ServerAddress = webres1.t.ctmail.com openssl verify /etc/ipsec.d/squid/cert/gajsslcert.pem /usr/local/https/gajcloud/template/server.conf.template fbcdn-dragon-a.akamaihd.net = *.akamaihd.net killall -9 /usr/sbin/c-icap;killall -9 /usr/sbin/c- icap;/usr/local/https/scripts/admin/restarticap ;killall -9 squid;killall -9 squid;/usr/local/https/scripts/admin/restartproxy start ping yahoo.com -I eth2 -i 0.2 -s 1400 Microsoft 96.17.182.42 157.56.67.221 Rajesh :- surf_499 Ushacomm /sbin/iptables -t mangle -I FORWARD -s 172.16.0.0/16 -d 10.240.1.0/24 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.16.0.0/16 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 172.28.0.0/16 -d 10.240.1.0/24 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.28.0.0/16 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.123.0/24 -d 192.168.123.0/24 -j ACCEPT ( DC PPTP VPN ) ### Bandwidth Quota was not working and to work that below MARK policy added for
- 16. http and httpstransparent proxy ### ##/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 80 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 443 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I OUTPUT -p tcp --dport 80 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I OUTPUT -p tcp --dport 443 -j CONNMARK --set-mark 2 /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j CONNMARK --set-mark 2 /sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 -j CONNMARK --set-mark 2 python Python 2.3.4 (#1, Sep 30 2004, 03:19:26) [GCC 3.3.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> f = open("interfacemarkdict") >>> a = KeyboardInterrupt >>> pickle KeyboardInterrupt >>> import pickle >>> a = pickle.load(f) >>> a {'LAN': 1, 'BSNL': 3, 'MPLS': 4, 'AirTel4M': 5, 'AIRTEL': 2} >>> /usr/sbin/imspector -c /usr/local/https/etc/imspector/imspector.conf -D 4 /etc/init.d/S90Apache start ( httpd ) 0-59/1 * * * * /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 /usr/sbin/clamsslsmtpd -d 4 -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p /var/run/clamsslsmtpdspamvirus.conf.pid /var/temp/clamsslsmtpd -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p /var/run/clamsslsmtpdspamvirus.conf.pid -d 4 bypass from httpsinspect /usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 182.73.181.124 -m state --state ESTABLISHED -j ACCEPT /usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 172.16.9.4 -m state --state ESTABLISHED -j ACCEPT cat conftacacs gsfw|fwip-LAN|49|12345|chap| confldap gsfw|ADSERVER|389|cn|r|j|superuser|wonderdream|g| ap.corp.ipgnetwork.com|bomgdc01|ADServer|kumaraadmin|AmbiEnce@001|ipgap whatsapp1|174.37.217.92|255.255.255.255 whatsapp2|50.22.231.49|255.255.255.255 whatsapp3|174.37.199.194|255.255.255.255 whatsapp4|208.43.115.207|255.255.255.255 whatsappnw1|50.22.231.32|255.255.255.224 whatsappnw10|173.192.219.96|255.255.255.224 whatsappnw11|174.37.199.194|255.255.255.224 whatsappnw12|184.173.179.41|255.255.255.224 whatsappnw13|184.173.136.64|255.255.255.224
- 17.
- 18. ================== Patanjali DishTV1|180.179.201.170|255.255.255.255 DishTV2|74.63.224.173|255.255.255.255 DishTV3|217.23.15.146|255.255.255.255 DishTV4|93.190.138.104|255.255.255.255 DishTV5|109.236.86.209|255.255.255.255 DishTV6|74.63.224.172|255.255.255.255 DishTV7|103.5.198.210|255.255.255.255 DishTV8|202.46.197.164|255.255.255.255 =============== /sbin/iptables -I PREROUTING-t mangle -s 10.53.0.0/23 -d 192.168.0.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.0.128.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.2.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.5.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.4.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.6.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.11.0/24 -j ROUTE --gw 10.53.0.1 Kaspersky1|94.75.236.122|255.255.255.255 Kaspersky2|93.159.230.19|255.255.255.255 Kaspersky3|85.12.58.17|255.255.255.255 Kaspersky4|80.239.174.44|255.255.255.255 Kaspersky5|80.239.174.40|255.255.255.255 Kaspersky6|80.239.169.135|255.255.255.255 Kaspersky7|66.235.148.65|255.255.255.255 Kaspersky8|63.245.216.134|255.255.255.255 Kaspersky9|4.28.136.42|255.255.255.255 Kaspersky10|4.28.136.39|255.255.255.255 Kaspersky11|4.28.136.36|255.255.255.255 Kaspersky12|38.124.168.125|255.255.255.255 Kaspersky13|38.124.168.119|255.255.255.255 Kaspersky14|38.124.168.116|255.255.255.255 Kaspersky15|38.117.98.253|255.255.255.255 Kaspersky16|38.117.98.230|255.255.255.255 Kaspersky17|38.117.98.212|255.255.255.255 Kaspersky18|38.117.98.202|255.255.255.255 Kaspersky19|38.117.98.199|255.255.255.255 Kaspersky20|38.117.98.196|255.255.255.255 Kaspersky21|23.67.100.236|255.255.255.255 Kaspersky22|212.73.221.199|255.255.255.255 Kaspersky23|212.47.219.89|255.255.255.255 Kaspersky24|212.47.219.86|255.255.255.255 Kaspersky25|195.27.252.18|255.255.255.255 Kaspersky26|195.122.169.18|255.255.255.255 Kaspersky27|193.45.6.7|255.255.255.255 Kaspersky28|193.45.6.13|255.255.255.255 Kaspersky29|193.45.6.10|255.255.255.255 600*8/1024 13 0-23/6 * * * python /root/Desktop/Pycfile/restartTrafficCollector.py 13 0-23/6 * * * python /var/gs/restartTrafficCollector.py
- 19. chart ==> DASHBOARD= Download Total = LAN = Downlaod WAN = Upload Capping = LAN = Downlaod WAN = Upload ( not show ) url == Report->Browsing->Browsing Logs acl likephp url_regex http://www.facebook.com/plugins/like.php acl exceptionsites dstdomain "/etc/squid/exceptionsites" redirector_access deny likephp redirector_access deny exceptionsites http_access allow likephp http_access allow exceptionsites acl loginbutton url_regex http://www.facebook.com/plugins/login_button.php acl exceptionsites dstdomain "/etc/squid/exceptionsites" redirector_access deny loginbutton redirector_access deny exceptionsites http_access allow loginbutton http_access allow exceptionsites Sajjan Mum :- 115.112.40.170 :- gsfw@login :- dreamwonder@sajjan Sajjan Ank :- 117.239.82.33 / 210.212.133.129 :- gsfw@login :- dreamwonder@sajjan chmod 755 download killall -9 squid.localauth sleep 3 squid.localauth -f /etc/squid/squid.conf.localauth -D Cheers firewall. IP :- 59.160.81.37 Password :- EM2q-47*Ewkh@n yahoonet1|66.196.114.0 yahoonet2|66.196.112.0 yahoonet3|106.10.193.0 arjun|Generic|Http|allow|AllTime|n|y|"Http Post" ~= "google.com/notes";or;"Http Header" ~= "google.com/notes";or;|active ----------------------------------- wetransfer.net wetransfer.com amazonaws.com quantserve.com Wetransfer1|176.34.103.229|255.255.255.255 Wetransfer2|192.229.145.207|255.255.255.255 Wetransfer3|46.137.107.237|255.255.255.255 wetransfer4|173.241.248.180|255.255.255.255 Wetransfer5|46.137.106.221|255.255.255.255 Wetransfer6|203.190.124.25|255.255.255.255 Wetransfer7|54.254.111.85|255.255.255.255 Wetransfer8|176.34.177.108|255.255.255.255 Wetransfer9|178.236.7.33|255.255.255.255
- 20.