SlideShare a Scribd company logo

Command

Download as TXT, PDF
G
gajshield
1 of 20
curl -x 192.168.2.95:8080 --proxy-ntlm -U 'gajdomainadministrator' http://www.yahoo.com ============================================================ #acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl" #http_access deny blockfiles # vi /etc/squid/blocks.files.acl Append following text: .[Ee][Xx][Ee]$ .[Aa][Vv][Ii]$ .[Mm][Pp][Gg]$ .[Mm][Pp][Ee][Gg]$ .[Mm][Pp]3$ acl blocksites url_regex "/etc/squid/squid-block.acl" http_access deny blocksites ================= proxy error ===== the requested url could not be retrived Without proxy ====== page cannot be display =========================================== traceroute -n -i eth1 yhh -I ============================= acl myip dstdomain 192.168.1.200 acl exceptionsites dstdomain "/etc/squid/exceptionsites" http_access deny myip http_access allow exceptionsites ================================ iptables -I INPUT -p tcp -s 59.181.98.140 --dport 443 -j ACCEPT ======443 access 58.68.55.140 ============ curl -x 192.168.1.221:8080 http://images.orkut.com time curl -x 172.16.72.25:3128 http://www.ndtv.com -U helpdesk =================================================== $squidstat = `ps auxwww | grep squid`; $file = "squid -D"; if (!($squidstat =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartproxy restart >/dev/null 2>&1 &"); ================================================================================ =============== $namedstat = `ps auxwww | grep named`; $file = "/usr/sbin/named"; if (!($namedstat =~ m/$file/)) { $new = system("/usr/sbin/named"); ================================================================================ =============== /usr/sbin/snmpd ps -ef |grep -i snmp $snmpstat = `ps auxwww | grep snmp`; $file = "/usr/sbin/snmpd"; if (!($snmpstat =~ m/$file/)) { $new = system("/etc/init.d/snmpd restart >/dev/null 2>&1 &"); ===================================================================== du -h --max-depth=30 du -h --max-depth=1 ==================== nslookup > set type=MX > bata.co.in ============ dig MX deseinindure.com
less /var/log/squid/access.log |grep -i safechild |awk '{print $3}' | cut -f2 -d'' |wc -l less /var/log/squid/access.log |awk '{print $3}' echo arjun=`less /var/log/squid/access.log |grep -i arjun |awk '{print $3}' | wc -l ` less 20091029 |awk '{print $2}' |cut -f3 -d"|" less 20091029 |awk '{print $2}' |cut -f3 -d"|" |grep -iv postmaster find all files with name  testfile  in /home directory recursively and contains the word hello. find /home -type f -name testfile | xargs grep -l -i hello ## This scrip to count no of mails comes to perticular person ## you have to enter currect email id echo " TO CHECK MAIL FOR PERTICULAR PERSON " echo -e " enter persons mail ID :- c" read 'mailid' #echo " $mailid" veri=`grep -e "$mailid" 20091029 | cut -f3 -d"|" |wc -l` echo -e "$mailid = "$veri" " #echo "$veri" ##echo "$veri" ##awk '{print $2}' 20091027 | cut -f3 -d"|" |grep -iv postmaster |grep -i amit@gajshield.com ================================================================================ ============= start-browse cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules installfwrules ############################################################################ stop-browse cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules installfwrules stop-browse start-browse ank@web!1 /var/tmp/gaj ============ ------------------- 1 secure to secure fwnet-secure http fwip-insecure   mailserver 2 secure to secure fwnet-secure http mailserver   fwip-secure ======================================== Edit /etc/snort/snort.template and add below policy at the end of the file to block gmail and yahoo mail https access at IPS level itself. After adding below
policy restart IPS service from frontend. #### Rule to Block Gmail access #### drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS Gmail Access -55"; flow:from_server,established; content:"mail.google.com"; offset:320; depth:50; sid:510000079; ) #### Rule to Block yahoo mail access #### drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS yahoo mail Access -55"; flow:from_server,established; content:"login.yahoo.com"; offset:320; depth:50; sid:510000080; ) ### IPS Rule to block Gtalk ### drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55"; content:"jabber"; sid:510000079; ) drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55"; content:"etherx.jabber.org/streams"; sid:510000080; ) ### Add below rules in additionalrules file to bypass users from IPS to access Gtalk ### /sbin/iptables -t mangle -I FORWARD -s 192.168.100.35 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.100.35 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 443 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 443 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 5222 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 5222 -j ACCEPT ================================================================================ ====== /sbin/iptables -t mangle -I OUTPUT -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I POSTROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I PREROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I INPUT -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT ================================================================ python /usr/local/https/suid/maillinkdown.pyc ============================================= arping -s (source ipaddress) (Gateway ip) -f -I eth(X) =========================================================== *All*|Generic|File Upload|block|AllTime|n|y||active *All*|Web Mails|All of Above|allow|AllTime|n|y||active *All*|Orkut|Orkut Scrap|allow|AllTime|n|y||active *All*|Orkut|Orkut Message|allow|AllTime|n|y||active *All*|Orkut|Orkut Forum Post|allow|AllTime|n|y||active *All*|Orkut|Orkut Forum Event|allow|AllTime|n|y||active *All*|Facebook|Facebook Wall|allow|AllTime|n|y||active *All*|Facebook|Facebook Message|allow|AllTime|n|y||active *All*|Facebook|Facebook Forum Post|allow|AllTime|n|y||active *All*|Facebook|Facebook Comment|allow|AllTime|n|y||active
*All*|Facebook|Facebook Note|allow|AllTime|n|y||active *All*|Facebook|Facebook Event|allow|AllTime|n|y||active *All*|IM Chat|All Above IM Chat|allow|AllTime|n|y||active *All*|Web Chat|All Above Web Chat|allow|AllTime|n|y||active ============================================================ $squidstat = `ps auxwww | grep squid`; $file = "squid -D"; if (!($squidstat =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartproxy restart >/dev/null 2>&1 &"); ================================================================================ =============== $squidhttpsstat = `ps auxwww | grep squid`; $file = "squid.https"; if (!($squidhttpsstat =~ m/$file/)) { $new = system("/usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D >/dev/null 2>&1 &"); ================================================================================ =============== cd /var/named/ ll cp gajshield.com.hosts gajshield.com.hosts.20090522a vi gajshield.com.hosts /etc/init.d/named restart cd /etc/mail ll cp mailertable mailertable.20090222a vi mailertable makemap hash mailertable1.db < mailertable strings mailertable1.db /etc/init.d/sendmail restart ping gajshield.com cp /etc/mail/access /etc/mail/access.20090523a vi /etc/mail/access /etc/init.d/sendmail restart ping ndtv.com.blacklist.gajshield.com ============================================ jmitra.gajshield.fw CRON RECREATE tail -f /var/log/cron fcrontab -l > /var/tmp/vimcron cat /var/tmp/vimcron cd /var/spool/cron/ ls /etc/init.d/crond stop mv root root.vimbak cat /var/tmp/vimcron | fcrontab -l cat /var/tmp/vimcron | fcrontab - ls -larth /etc/init.d/crond start ls -larth tail -f /var/log/cron =========================================== Please find the command to create the user account. please take the backup of two files. Run the below command for backup :-
cp -i /etc/passwd /etc/passwd.orignal cp -i /etc/group /etc/group.orignal Administrative level privilege account use this command :- useradd -mg root -ou 0 (username) For read-only privilege use below command :- useradd -m (username) Now Finally assign password to all created users for that use below command :- passwd (username) Aircel Circuit ID - C2407 =================================== eth0|192.168.128.200|LAN|||e100|||1500|std|||255.255.255.0|||0 eth1|116.72.54.87|WAN|116.72.48.1||e100|||1500|std||defaultroute| 255.255.248.0|||0 ===================================== $winbin = `ps auxwww | grep winbindd`; $file = "/usr/sbin/winbindd"; if (!($winbin =~ m/$file/)) { $new = system("/usr/sbin/restartntlm >/dev/null 2>&1"); } $wbinfo = `wbinfo -t |grep "RPC calls failed"`; if ($wbinfo) { $new = system("/usr/local/https/scripts/admin/restartntlm >/dev/null 2>&1 &"); } 0-59/1 * * * * python /var/temp/arjun/wbinfo.py ====================================== $icap = `ps auxwww | grep icap`; $file = "/usr/sbin/c-icap"; if (!($icap =~ m/$file/)) { $new = system("/usr/sbin/c-icap -f /etc/c-icap.conf >/dev/null 2>&1 &"); } $icap = `ps auxwww | grep icap | grep -i defunct`; $file = '<defunct>'; if ($icap =~ m/$file/) { $new = system("killall -9 /usr/sbin/c-icap ; /usr/sbin/c-icap -f /etc/c- icap.conf >/dev/null 2>&1 &"); } $smtp = `ps auxwww | grep smtp`; $file = "/usr/sbin/smtpdscantransparent -f /usr/local/etc/clamsmtpdspam.conf -p /var/run/clamsmtpdspam.conf.pid"; if (!($smtp =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartantispam restart >/dev/null 2>&1"); ================================================ ethtool -s eth0 autoneg off speed 100 duplex half ethtool -s eth7 autoneg on speed 10 duplex half ================================================= snort -devi eth0 host 10.148.192.229 and port 21
================================================ python /usr/local/https/suid/sendreport.pyc =============================================== :/lib/modules/2.4.26-grsec/kernel/drivers/net/e100 cp /var/tmp/Parekh Marine/e100.o . :/usr/local/https/scripts/admin # cat additionalrules ================================================= /etc/init.d/proxy stop cd /var/ ls -larth mv cache cache.20200210 mkdir cache chown web.root cache killall -9 squid killall -9 squid squid -z /usr/local/https/scripts/admin/restartproxy restart squid -z /etc/init.d/proxy start ============================================ %s/searchword/replace word/g ========================== ram28patil@gmail.com cat file-name | sed -e 's/first_pattern/next_pattern/g' > new-file cat /proc/net/ip_conntrack |grep 1433 122.252.232.179 ----Patanjali gsfw@PyP Awash@3779 / 118.67.228.162 ping -c 3 -I 57.56.224.12 57.56.130.1 172.16.1.55 /var/spool/imap/user/spam/db/ /etc/mail/spamassassin/custom.cf /usr/local/https/data/antispamrule /usr/sbin/sendmail -C/etc/mail/sendmail-nospam.cf -f Gaurav.Shetye@enerconindia.net support@gajshield.com < 745724. sendmail -f sales@siskom.co.in -C/etc/mail/sendmail.cf pooja@techinfra.in < 2324881. sendmail -C/etc/mail/sendmail-local.nonspam.cf -f rasool.acct.bom@riyagroup.travel Riya.Travels@enerconindia.net < 281669. smbpasswd -j GAJNEW (domain name) -r gajnew (netbios name) -U Administrator net ads join -U username%passwd -S netbios name net ads lookup -U 'username%passwd' -S servername cat ntlmdata testgaj.com|win-sr2unpvbdco|AD-Srv2008|administrator|gaj@1234|testgaj WAN Failover in new kernal ### Ping allowed from all interfaces ### /sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.1.5 -j ACCEPT /sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.10.2 -j ACCEPT ###
====================================================================== 7.2.1 md5sum /usr/lib/c_icap/srv_clamav.so 259611bb3b9773a23b99ab356c6616e3 OLD freshclam -V ClamAV 0.96/10763/Tue Apr 20 18:10:59 2010 md5sum srv_clamav.so 95da956aba84de9e0b5d7eccd733f141 NEW ====================================================================== /sbin/iptables -I INPUT -s 172.1.1.1 -p tcp --dport 222 -i ppp0 -j ACCEPT route add -net 192.168.25.0/24 gw 172.1.1.1 route add -net 172.1.1.0/24 gw 192.168.2.3 route del -net 172.1.1.0 netmask 255.255.255.0 gw 192.168.2.3 /sbin/iptables -I INPUT -s 192.168.25.23 -p tcp --dport 443 -i ppp0 -j ACCEPT 0-59/5 * * * * rm -frv /var/log/proxy/__db* $httpsinspect = `ps auxwww | grep httpsinspect`; $file = "/usr/sbin/httpsinspect"; if (!($httpsinspect =~ m/$file/)) { $new = system("/usr/sbin/httpsinspect >/dev/null 2>&1 &"); iptables -I OUTPUT -s 220.227.158.10 -d 220.226.206.22 -j ACCEPT ============= $stunnel = `ps auxwww | grep stunnel`; $file = "/usr/sbin/stunnel"; if (!($stunnel =~ m/$file/)) { $new = system("/usr/sbin/stunnel >/dev/null 2>&1 &"); ================== stunnel -d 443 -v 1 -D 7 -L /usr/sbin/pppd -- pppd 172.1.1.1: noauth local passive squid -f /etc/squid/squid.conf -D =================================================== while true;do ps aux|grep logzip |grep -v grep;done while true;do ps aux|grep generate |grep -v grep;done python /usr/local//icichttps/suid/firewalllogzip.pyc -createzip 20100504 20100504 downloaddlpuploadlog ================================================================================ ================= tune2fs -c 0 /dev/hda1 2 4 /usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D /usr/ctasd/bin/http_client.pl /var/spool/quarantine/20100614/spam.1276456323.27972 ipsec whack --status chmod 666 /dev/null http://www.gajshield.com/technical_document.htm ••••••••• http://www.hideipvpn.com/2010/03/howto-windows-7-ipsecl2tp-vpn-setup-tutorial/ /sbin/iptables -I PREROUTING -t mangle -s 57.56.130.0/24 -d 145.228.181.96 -p tcp --dport 80 -j ROUTE --gw 57.56.130.1
/sbin/iptables -I PREROUTING -t mangle -s 172.1.1.27 -d 192.168.2.7 -p tcp --dport 80 -j ROUTE --gw 172.1.1.1 http://www.careerride.com/job-skills.aspx http://studyhat.blogspot.com/ route add 192.168.2.7 gw 172.1.1.1 ###destination d_fw { program("/usr/local/https/scripts/admin/manageidentitylog" template("$MSGn")); }; ###destination d_identity_log { file("/var/log/firewall/$YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; ###filter f_identity_log { facility(local3) and level(info);}; ###destination d_identity_login { file("/var/log/identity/ $YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; ###filter f_identity_login { level(notice) and program("python"); }; ###log { source(s_sys); filter(f_identity_login); destination(d_identity_login); }; ###log { source(s_sys); filter(f_identity_log); destination(d_identity_log); }; *** Note the first line needs to be replaced with the following line. destination d_fw { file("/var/log/firewall/$YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; route add 192.168.2.7 gw 172.1.1.1 iptables -t filter -I OUTPUT -d 192.168.2.7 -p tcp --dport 80 -j ACCEPT GajShield Infotech (I) Pvt. Ltd. Unit 103, Building No. 5, Sector III, Millennium Business Park, Mahape, Navi Mumbai   400 701. ========================== killall -9 squid.https sleep 2 /usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D squid -f /etc/squid/squid.conf -D ======================= modprobe xt_statistic /sbin/modprobe ipt_TTL /sbin/modprobe ipt_ttl tcpdump -eni eth0 iptables -I OUTPUT -s <SRC IP> -p tcp --dport 80 -j DROP 23 0-23/2 * * * ./redirect 1 0 1 www.onlinegames.net 192.168.0.49 - GET http://127.0.0.1/cgi-bin/blocked.ggi? blockedurl=www.onlinegames.net&reason=hitesh|192.168.0.49|Blocked| Site+in+Advanced+Blocked+Category+Games,+for+group+Default 127.0.0.1 - GET
http://www.gajshield.com/technical_document.htm /usr/local/bin/ctasd-3.01.0017-linux-x86-gcc323- kernel24/samples/http_client.pl /var/ankur/ILFS-Spam-1 /usr/local/bin/ctasd-3.00.0028-linux-x86-gcc335/samples/http_client.pl /tmp/414760. chkconfig --level 3 ntpd off cat services |sort -u > services.origin proxylogs.SBI squid.02-09-2010 squidconf.template.20090216 .virtualearth.net .gta-travel.com EHLO webmail.gajshield.com MAIL From:<gajshield-list-bounce@gajshield.com> SIZE=297331 RCPT To:<info@vintage3.com> DATA <!--**URL-FILTERING**-->_ng 0 0 1 ################################################################################ ## icap_service service_1 reqmod_precache 1 icap://127.0.0.1:1344/gajdlp_module icap_service service_3 respmod_precache 1 icap://127.0.0.1:1344/gajdlp_module --- icap_access class_3 allow simpletext icap_access class_3 allow gmailchat icap_access class_3 allow gmailchat1 icap_access class_3 allow sifychat icap_access class_3 allow sifychat1 icap_access class_3 allow yahoochat icap_access class_3 allow facebookchat icap_access class_1 deny whitedomain icap_access class_1 deny localmachine icap_access class_1 allow FTP icap_access class_1 allow HTTP icap_access class_1 allow GET icap_access class_1 allow POST ################################################################################ ##### replace srv_echo.so with srv_clamav.so < ### Rules to bypass ICMP from IPS ### < < /sbin/iptables -t mangle -I INPUT -p icmp -j ACCEPT < /sbin/iptables -t mangle -I FORWARD -p icmp -j ACCEPT < /sbin/iptables -t mangle -I OUTPUT -p icmp -j ACCEPT < dlpoptions **Sify Mail *SMTP Mails **SMTP Mails dlpservicefunc Sify Web Chat| 321b17265cab11d20c5d0b0238a8e5f433f50684c4e1285748edefc6780a929016140ff247c5da08 9f|
SMTP Mails| 4545bdaf247ae477c9feeb2805caafbd25967c4a6e8337c21acdf505d5d3c9e9e287776835| SMTP|8c1b3561c2ae1e4c570b5b5ea9d3b05ab360443b958c4233d5e5babdc0082b007b06ca| Sify Mail| 2dc78855525b7ad32e8c1178fdc0dea261e6beb1bf7a106c1cd78508b32cceead15ea96816| http://productsearch.rediff.com/productlist.aspx? category=television&brand=LG&price=Below%20Rs%205000 snort --daq-dir=/usr/lib/daq -i eth0 host 192.168.0.67 and port 443 snort --daq-dir=/usr/lib/daq -C -d -i lo port 1709 snort --daq-dir=/usr/lib/daq -C -d -i lo port 1344 snort -C -d -v -i lo port 1344 http://en.wikipedia.org/wiki/AAA_protocol Hi, Please export users from Radius server and save it in csv file. And upload that file in Browsing->User Settings->Users->CSV File Upload. http://www.gajshield.com/manual/SNMP_configuration_with_in_GajShield.pdf 10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata- 123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None- None:None:None:None:None||| 20|Airtel to Any|fwip-Airtel||http,https||internet||default|accept|no|Airtel- 122.169.101.1,Tata-123.252.239.1|yes|active||None:None:None:None:None- None:None:None:None:None||| http://www.4shared.com/dir/34402089/7a2b8b50/Ajay_Atul_Music_fanss_collecti.html Please give us a goto meeting access to check the issue. https://www.gotomeeting.com/join/187194339 10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata- 123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None- None:None:None:None:None||| < ##<!--**AUTHENTICATION**--> < < auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp < auth_param ntlm children 30 /usr/local/https/scripts/admin/resetdefault OR /usr/local/https/scripts/admin/resetdefault clearlog cat additionalrules.changes cp /var/temp/arjun/restartntlm.pyc /usr/local/https/suid/restartntlm.pyc > /dev/null 2>&1 chmod 755 /usr/local/https/suid/restartntlm.pyc > /dev/null 2>&1 /usr/sbin/c-icap -f /etc/c-icap.conf -D -d 9 squid -f /etc/squid/squid.conf -D -d 9
EXPRESS DIGITAL SYSTEMS, SAMSUNG EXCLUSIVE SERVICE CENTER, Navyog Niwas, Shop No. 6, Gr. Floor, 1767 Lamington Road, Opp Minerva Cinema, Grant Road(East) Mumbai-400 008. tel no. (91-22) 2301 3198. ====================== facebook blocking channel.facebook.com facebook.com/ajax/chat/ ============== root@gsfw:/etc/ipsec.d # find . |grep -i gaj ./squid/cert/gajsslcert.req ./squid/cert/gajsslcert.pem ./squid/key/gajsslcert.pemc /etc/ipsec.d/cakeys guest b1pl@b 194 --- sendmail 55 --- newspam root@gsfw:/var/log/DLP/imlogs/webchat/facebook/656111326/640816416 ============================================= tun0|172.16.6.1|CloudConnect|||e1000e|||1500|std|||255.255.255.0|||0 CloudNw|172.16.6.0|255.255.255.0 Cloud|1024:65535|1195|udp|0 1|Beam to Beam|internet||cloud||fwip-Beam||default|accept|no|none|yes|active|| None:None:None:None:None-None:None:None:None:None||| 2|TTSL to TTSL|internet||cloud||fwip-TTSL||default|accept|no|none|yes|active|| None:None:None:None:None-None:None:None:None:None||| 3|CloudConnect to LAN|cloudnetwork||DNS||fwip-LAN||default|accept|no|none|yes| active||None:None:None:None:None-None:None:None:None:None||| 4|CloudConnect to LAN|cloudnetwork||Any||fwnet-LAN||default|accept|no|none|yes| active||None:None:None:None:None-None:None:None:None:None||| 5|CloudConnect to Any|cloudnetwork||http-transparent-proxy,https,DNS||internet|| default|accept|no|Beam-183.83.192.1,TTSL-192.168.1.1|yes|active|| None:None:None:None:None-None:None:None:None:None||| root@gsfw:/usr/local/https/data # cat cloud clouddomain cloudexepass cloudusers root@gsfw:/usr/local/https/data # cat clouddomain ct|IP|fwip-Beam|Encryption:3des|Compression:on|cloudnetwork|cloud|fwip-LAN|fwip- LAN|fwip-TTSL =========================================== /proc/sys/net/ipv4/ip_forward /usr/local/https/templates/newaccessdenied.html 30 22 * * * /sbin/shutdown -h now 30 22 * * * init 0 Awash@3779
chmod 1777 tmp drwxrwxrwt 4 root root 4.0K 2014-05-14 12:11 tmp ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9 "$2);}' 0,30 * * * * ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9 "$2);}' $ctwsd = `ps auxwww | grep ctwsd`; $file = "./ctwsd.bin -l /usr/lib/ctwsd -c /etc/ctwsd/ctwsd.conf --pid /var/run/ctwsd/ctwsd.pid"; if (!($ctwsd =~ m/$file/)) { if(-e "/usr/lib/ctwsd/ctwsd"){ $new = system("/etc/init.d/ctwsd start >/dev/null 2>&1 &"); iptables -t filter -I FORWARD -s 192.168.0.0/20 -j ACCEPT iptables -t nat -I PREROUTING -s 192.168.0.0/20 -j ACCEPT undes gajshield 20110801.backup 20110801.backup.tgz tar -zxvf 20110801.backup.tgz ##<!--**SSL_CRTD**--> sslcrtd_program /usr/sbin/ssl_crtd -s /var/spool/ssl_db -M 4MB sslcrtd_children 10 ##<!--**SSL_GET_DOMAIND**--> sslgetdomaind_program /usr/local/https/squid/ssl_getdomaind sslgetdomaind_children 250 /usr/local/https/etc/ipsrules backup /usr/sbin/proxylogs (replace 530 with access log time) POP3 :- tagging SMTP :- tagging and blocking login4tpg@123 0-59/5 * * * * rm -frv /var/log/proxy/__db* /usr/local/https/gajcloud/template/server.conf.template /etc/openvpn/server.conf ========================================================== webex network 96.6.38.212 210.4.200.96 114.29.194.39 62.109.202.160 64.191.223.37 62.109.202.153 62.109.202.151 173.222.154.212 62.109.202.162 72.247.50.212 114.29.195.80
Webex-net10|114.29.194.0|255.255.255.0 Webex-net1|114.29.200.0|255.255.255.0 Webex-net2|64.68.107.0|255.255.255.0 Webex-net3|210.4.201.0|255.255.255.0 Webex-net4|64.68.96.0|255.255.255.0 Webex-net5|64.68.105.0|255.255.255.0 Webex-net6|209.197.200.0|255.255.255.0 Webex-net7|209.197.222.0|255.255.255.0 Webex-net8|184.31.40.0|255.255.255.0 Webex-net9|64.68.104.0|255.255.255.0 Webex-net0|66.114.168.0|255.255.255.0 173.223.42.212 210.4.200.96 114.29.195.83 95.100.40.36 173.243.5.18 114.29.195.83 173.243.0.152 ========================================== $monitor = `ps ax | grep monitor`; $file = "python /usr/local/https/suid/pyc_exec_suid /usr/local/https/suid/monitor.pyc /usr/local/https/data/ /etc/ipsec.d/"; if (!($monitor =~ m/$file/)) { if(-e "/etc/init.d/monitor"){ $new = system("/etc/init.d/monitor start >/dev/null 2>&1 &"); $checkvpn = `ps auxwww | grep checkvpn`; $file = "/usr/sbin/checkvpn"; if (!($checkvpn =~ m/$file/)) { $new = system("/usr/sbin/checkvpn >/dev/null 2>&1 &"); } $checkISP = `ps auxwww | grep checkISP`; $file = "/usr/sbin/checkISP"; if (!($checkISP =~ m/$file/)) { $new = system("/usr/sbin/checkISP >/dev/null 2>&1 &"); } mca1|14.140.191.120|255.255.255.255 mca2|202.54.179.120|255.255.255.255 mca3|115.114.108.120|255.255.255.255 mca4|216.163.188.49|255.255.255.255 mca5|14.114.191.120|255.255.255.255 mca6|202.137.239.30|255.255.255.255 /usr/sbin/c-icap -f /etc/c-icap.conf -N -D -d 9 fsck -c /dev/hda1 111.93.11.126 tar zcvf AkashPack.20111221.tgz /usr/local/https/ /etc/ /usr/sbin/sslcrtd -c -s /tmp/ssl_db/ chmod -R 777 /tmp/ssl_db/ squid.localauth -f /etc/squid/squid.conf.localauth -D -d 9 squid -f /tmp/squid.conf -D -d 9
cat /etc/init.d/newmknodfiles |grep -i sip /sbin/modprobe ip_conntrack_sip ##/sbin/modprobe ip_nat_sip root@gsfw:~ # cat /etc/init.d/newmknodfiles |grep -i 323 /sbin/modprobe ip_conntrack_h323 ##/sbin/modprobe ip_nat_h323 iptables -L -n -t mangle |less /sbin/iptables -t mangle -D FORWARD -o ! lo -j QUEUE /sbin/iptables -t mangle -D INPUT -i ! lo -j QUEUE /sbin/iptables -t mangle -D OUTPUT -o ! lo -j QUEUE ################## DC ################ 0-59/1 * * * * /usr/local/https/data/restartNTLMScript.sh ( Restart NTLM ) /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 ( Disable IPS for failover in DC) /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 --queue- bypass /sbin/iptables -t mangle -D OUTPUT -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark ########################################## tar zxvf /var/tmp/VARForAkashPack.20111229.tgz ps -ef |grep -i dhcp root 13565 1717 0 17:52 pts/0 00:00:00 grep -i dhcp root 25067 1 0 Jan18 ? 00:02:24 /usr/sbin/dhcpd -lf /var/lib/dhcp/dhcpd.leases eth0 eth1 GT-S5263 ==================== Dropbox IP Dropbox1|108.160.160.0|255.255.240.0 Dropbox2|199.47.216.0|255.255.252.0 Dropbox3|199.47.217.0|255.255.255.0 Dropbox4|199.47.218.0|255.255.255.0 Dropbox5|199.47.219.0|255.255.255.0 Dropbox6|23.21.220.0|255.255.255.0 Dropbox7|107.22.245.0|255.255.255.0 Dropbox8|50.17.246.0|255.255.255.0 Dropbox9|174.129.195.0|255.255.255.0 Dropbox10|23.23.226.0|255.255.255.0 Dropbox11|54.221.249.0|255.255.255.0 Dropbox12|108.160.165.0|255.255.224.0 Dropbox13|108.160.162.0|255.255.255.0 Dropbox14|108.160.166.0|255.255.255.0 Dropbox15|54.221.234.0|255.255.255.0 Dropbox16|107.20.249.120|255.255.255.0 Dropbox17|50.19.214.0|255.255.255.0 Dropbox18|23.23.229.0|255.255.255.0 ==================== neo@howallbkd
/usr/sbin/c-icap -f /etc/c-icap.conf -D -N -d 9 client ldap sasl wrapping = sign Linux 2.6.18-238.19.1.el5xen (32-bit) /usr/bin/nice -n 19 /usr/local/https/scripts/admin/dumpdashboard Front End Password: ITSInvisiblE (after b is small L) Backend Password: Security@1981 (S is Capital) -rw-r----- 1 web wheel 1488857 2012-05-19 15:24 /var/tmp/sslcrtd.log -rw-r----- 1 web wheel 14200 2012-05-19 09:30 /var/tmp/getdomaind.log 9.4.7.4.34.3.4 winbindd -d 9 -i Sec5re license 11 10 * * * /bin/rm /usr/local/https/ramdata/ssldomains.db leave@tra!l4me cat /etc/rc.local |grep -i tso /usr/sbin/ethtool -K eth0 tso off /usr/sbin/ethtool -K eth1 tso off /usr/sbin/ethtool -K eth3 tso off vi /etc/ctwsd/ctwsd.conf ServerAddress = webres1.t.ctmail.com openssl verify /etc/ipsec.d/squid/cert/gajsslcert.pem /usr/local/https/gajcloud/template/server.conf.template fbcdn-dragon-a.akamaihd.net = *.akamaihd.net killall -9 /usr/sbin/c-icap;killall -9 /usr/sbin/c- icap;/usr/local/https/scripts/admin/restarticap ;killall -9 squid;killall -9 squid;/usr/local/https/scripts/admin/restartproxy start ping yahoo.com -I eth2 -i 0.2 -s 1400 Microsoft 96.17.182.42 157.56.67.221 Rajesh :- surf_499 Ushacomm /sbin/iptables -t mangle -I FORWARD -s 172.16.0.0/16 -d 10.240.1.0/24 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.16.0.0/16 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 172.28.0.0/16 -d 10.240.1.0/24 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.28.0.0/16 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.123.0/24 -d 192.168.123.0/24 -j ACCEPT ( DC PPTP VPN ) ### Bandwidth Quota was not working and to work that below MARK policy added for
http and https transparent proxy ### ##/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 80 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 443 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I OUTPUT -p tcp --dport 80 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I OUTPUT -p tcp --dport 443 -j CONNMARK --set-mark 2 /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j CONNMARK --set-mark 2 /sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 -j CONNMARK --set-mark 2 python Python 2.3.4 (#1, Sep 30 2004, 03:19:26) [GCC 3.3.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> f = open("interfacemarkdict") >>> a = KeyboardInterrupt >>> pickle KeyboardInterrupt >>> import pickle >>> a = pickle.load(f) >>> a {'LAN': 1, 'BSNL': 3, 'MPLS': 4, 'AirTel4M': 5, 'AIRTEL': 2} >>> /usr/sbin/imspector -c /usr/local/https/etc/imspector/imspector.conf -D 4 /etc/init.d/S90Apache start ( httpd ) 0-59/1 * * * * /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 /usr/sbin/clamsslsmtpd -d 4 -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p /var/run/clamsslsmtpdspamvirus.conf.pid /var/temp/clamsslsmtpd -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p /var/run/clamsslsmtpdspamvirus.conf.pid -d 4 bypass from httpsinspect /usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 182.73.181.124 -m state --state ESTABLISHED -j ACCEPT /usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 172.16.9.4 -m state --state ESTABLISHED -j ACCEPT cat conftacacs gsfw|fwip-LAN|49|12345|chap| confldap gsfw|ADSERVER|389|cn|r|j|superuser|wonderdream|g| ap.corp.ipgnetwork.com|bomgdc01|ADServer|kumaraadmin|AmbiEnce@001|ipgap whatsapp1|174.37.217.92|255.255.255.255 whatsapp2|50.22.231.49|255.255.255.255 whatsapp3|174.37.199.194|255.255.255.255 whatsapp4|208.43.115.207|255.255.255.255 whatsappnw1|50.22.231.32|255.255.255.224 whatsappnw10|173.192.219.96|255.255.255.224 whatsappnw11|174.37.199.194|255.255.255.224 whatsappnw12|184.173.179.41|255.255.255.224 whatsappnw13|184.173.136.64|255.255.255.224
whatsappnw14|184.173.147.32|255.255.255.224 whatsappnw15|66.228.112.0|255.255.240.0 whatsappnw16|173.192.231.32|255.255.255.224 whatsappnw2|50.22.210.128|255.255.255.224 whatsappnw3|50.22.198.224|255.255.255.252 whatsappnw4|50.22.198.204|255.255.255.252 whatsappnw5|50.22.194.224|255.255.255.224 whatsappnw6|208.43.96.4|255.255.255.252 whatsappnw7|208.43.122.128|255.255.255.224 whatsappnw8|184.173.136.64|255.255.255.224 whatsappnw9|184.172.19.64|255.255.255.224 =================================== Facebook1|69.63.167.0|255.255.240.0 Facebook2|66.220.144.0|255.255.240.0 Facebook3|69.63.181.0|255.255.240.0 Facebook4|69.171.224.0|255.255.0.0 Facebook5|66.220.152.0|255.255.240.0 Facebook6|69.63.184.0|255.255.240.0 Facebook7|69.171.228.0|255.255.240.0 Facebook8|69.171.224.0|255.255.240.0 Facebook9|31.13.64.0|255.255.255.0 Facebook10|203.92.39.0|255.255.255.0 Facebook11|23.57.194.0|255.255.255.0 Facebook12|31.13.72.0|255.255.255.0 Facebook13|173.252.110.0|255.255.0.0 Facebook14|204.15.20.0|255.255.252.0 Facebook15|203.92.39.0|255.255.255.0 =================== tally1|124.153.107.130|255.255.255.255 tally2|124.153.107.132|255.255.255.255 tally3|124.153.107.139|255.255.255.255 tally4|124.153.107.150|255.255.255.255 tally5|124.153.107.151|255.255.255.255 tally6|124.153.107.134|255.255.255.255 tally7|124.153.107.145|255.255.255.255 tally8|124.153.107.146|255.255.255.255 tally9|124.153.107.147|255.255.255.255 tally10|124.153.107.131|255.255.255.255 tally11|124.153.107.133|255.255.255.255 tally12|124.153.107.140|255.255.255.255 tally13|124.153.107.148|255.255.255.255 tally14|124.153.107.149|255.255.255.255 tally15|124.153.107.135|255.255.255.255 tally16|124.153.107.136|255.255.255.255 tally17|124.153.107.137|255.255.255.255 tally18|124.153.107.138|255.255.255.255 tally19|124.153.107.66|255.255.255.255 tally20|124.153.107.96|255.255.255.255 .tallysolutions.com .tallyenterprise.com .tallybss.com ==================== email bindlalbahadur@gmail.com pass kishan123 202.46.197.164 DISHTV
================== Patanjali DishTV1|180.179.201.170|255.255.255.255 DishTV2|74.63.224.173|255.255.255.255 DishTV3|217.23.15.146|255.255.255.255 DishTV4|93.190.138.104|255.255.255.255 DishTV5|109.236.86.209|255.255.255.255 DishTV6|74.63.224.172|255.255.255.255 DishTV7|103.5.198.210|255.255.255.255 DishTV8|202.46.197.164|255.255.255.255 =============== /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 192.168.0.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.0.128.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.2.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.5.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.4.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.6.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.11.0/24 -j ROUTE --gw 10.53.0.1 Kaspersky1|94.75.236.122|255.255.255.255 Kaspersky2|93.159.230.19|255.255.255.255 Kaspersky3|85.12.58.17|255.255.255.255 Kaspersky4|80.239.174.44|255.255.255.255 Kaspersky5|80.239.174.40|255.255.255.255 Kaspersky6|80.239.169.135|255.255.255.255 Kaspersky7|66.235.148.65|255.255.255.255 Kaspersky8|63.245.216.134|255.255.255.255 Kaspersky9|4.28.136.42|255.255.255.255 Kaspersky10|4.28.136.39|255.255.255.255 Kaspersky11|4.28.136.36|255.255.255.255 Kaspersky12|38.124.168.125|255.255.255.255 Kaspersky13|38.124.168.119|255.255.255.255 Kaspersky14|38.124.168.116|255.255.255.255 Kaspersky15|38.117.98.253|255.255.255.255 Kaspersky16|38.117.98.230|255.255.255.255 Kaspersky17|38.117.98.212|255.255.255.255 Kaspersky18|38.117.98.202|255.255.255.255 Kaspersky19|38.117.98.199|255.255.255.255 Kaspersky20|38.117.98.196|255.255.255.255 Kaspersky21|23.67.100.236|255.255.255.255 Kaspersky22|212.73.221.199|255.255.255.255 Kaspersky23|212.47.219.89|255.255.255.255 Kaspersky24|212.47.219.86|255.255.255.255 Kaspersky25|195.27.252.18|255.255.255.255 Kaspersky26|195.122.169.18|255.255.255.255 Kaspersky27|193.45.6.7|255.255.255.255 Kaspersky28|193.45.6.13|255.255.255.255 Kaspersky29|193.45.6.10|255.255.255.255 600*8/1024 13 0-23/6 * * * python /root/Desktop/Pycfile/restartTrafficCollector.py 13 0-23/6 * * * python /var/gs/restartTrafficCollector.py
chart ==> DASHBOARD = Download Total = LAN = Downlaod WAN = Upload Capping = LAN = Downlaod WAN = Upload ( not show ) url == Report->Browsing->Browsing Logs acl likephp url_regex http://www.facebook.com/plugins/like.php acl exceptionsites dstdomain "/etc/squid/exceptionsites" redirector_access deny likephp redirector_access deny exceptionsites http_access allow likephp http_access allow exceptionsites acl loginbutton url_regex http://www.facebook.com/plugins/login_button.php acl exceptionsites dstdomain "/etc/squid/exceptionsites" redirector_access deny loginbutton redirector_access deny exceptionsites http_access allow loginbutton http_access allow exceptionsites Sajjan Mum :- 115.112.40.170 :- gsfw@login :- dreamwonder@sajjan Sajjan Ank :- 117.239.82.33 / 210.212.133.129 :- gsfw@login :- dreamwonder@sajjan chmod 755 download killall -9 squid.localauth sleep 3 squid.localauth -f /etc/squid/squid.conf.localauth -D Cheers firewall. IP :- 59.160.81.37 Password :- EM2q-47*Ewkh@n yahoonet1|66.196.114.0 yahoonet2|66.196.112.0 yahoonet3|106.10.193.0 arjun|Generic|Http|allow|AllTime|n|y|"Http Post" ~= "google.com/notes";or;"Http Header" ~= "google.com/notes";or;|active ----------------------------------- wetransfer.net wetransfer.com amazonaws.com quantserve.com Wetransfer1|176.34.103.229|255.255.255.255 Wetransfer2|192.229.145.207|255.255.255.255 Wetransfer3|46.137.107.237|255.255.255.255 wetransfer4|173.241.248.180|255.255.255.255 Wetransfer5|46.137.106.221|255.255.255.255 Wetransfer6|203.190.124.25|255.255.255.255 Wetransfer7|54.254.111.85|255.255.255.255 Wetransfer8|176.34.177.108|255.255.255.255 Wetransfer9|178.236.7.33|255.255.255.255
Wetransfer10|203.190.124.12|255.255.255.255 Wetransfer11|203.90.124.25|255.255.255.255 Wetransfer12|54.239.34.25|255.255.255.255 Wetransfernet1|176.32.0.0|255.0.0.0 Wetransfernet2|178.236.0.0|255.0.0.0 ----------------------------------- cd /etc/named edit orixindia.com.external.hosts /etc/init.d/named stop /etc/init.d/named start

Recommended

Differences
DifferencesDifferences
Differences
Jitendra Gangwar
 
Structure of java program diff c- cpp and java
Structure of java program diff c- cpp and javaStructure of java program diff c- cpp and java
Structure of java program diff c- cpp and java
Madishetty Prathibha
 
OOP with Java - Continued
OOP with Java - Continued OOP with Java - Continued
OOP with Java - Continued
Hitesh-Java
 
Geb with spock
Geb with spockGeb with spock
Geb with spock
Monika Gurram
 
Java Programming | Java Tutorial For Beginners | Java Training | Edureka
Java Programming | Java Tutorial For Beginners | Java Training | EdurekaJava Programming | Java Tutorial For Beginners | Java Training | Edureka
Java Programming | Java Tutorial For Beginners | Java Training | Edureka
Edureka!
 
Solarwinds port requirement
Solarwinds port requirementSolarwinds port requirement
Solarwinds port requirement
Ezahir Amer
 
Spring boot
Spring bootSpring boot
Spring boot
Pradeep Shanmugam
 
Java Enterprise Edition
Java Enterprise EditionJava Enterprise Edition
Java Enterprise Edition
Francesco Nolano
 

Recommended

Differences
DifferencesDifferences
Differences
Jitendra Gangwar
 
Structure of java program diff c- cpp and java
Structure of java program diff c- cpp and javaStructure of java program diff c- cpp and java
Structure of java program diff c- cpp and java
Madishetty Prathibha
 
OOP with Java - Continued
OOP with Java - Continued OOP with Java - Continued
OOP with Java - Continued
Hitesh-Java
 
Geb with spock
Geb with spockGeb with spock
Geb with spock
Monika Gurram
 
Java Programming | Java Tutorial For Beginners | Java Training | Edureka
Java Programming | Java Tutorial For Beginners | Java Training | EdurekaJava Programming | Java Tutorial For Beginners | Java Training | Edureka
Java Programming | Java Tutorial For Beginners | Java Training | Edureka
Edureka!
 
Solarwinds port requirement
Solarwinds port requirementSolarwinds port requirement
Solarwinds port requirement
Ezahir Amer
 
Spring boot
Spring bootSpring boot
Spring boot
Pradeep Shanmugam
 
Java Enterprise Edition
Java Enterprise EditionJava Enterprise Edition
Java Enterprise Edition
Francesco Nolano
 
Introduction to Java
Introduction to JavaIntroduction to Java
Introduction to Java
Soumya Suman
 
Collections - Maps
Collections - Maps Collections - Maps
Collections - Maps
Hitesh-Java
 
Java presentation
Java presentationJava presentation
Java presentation
surajdmk
 
More mastering the art of indexing
More mastering the art of indexingMore mastering the art of indexing
More mastering the art of indexing
Yoshinori Matsunobu
 
[Kotlin 讀書會第五梯次] 深入淺出 Kotlin 第一章導讀
[Kotlin 讀書會第五梯次] 深入淺出 Kotlin 第一章導讀[Kotlin 讀書會第五梯次] 深入淺出 Kotlin 第一章導讀
[Kotlin 讀書會第五梯次] 深入淺出 Kotlin 第一章導讀
Shengyou Fan
 
Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...
Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...
Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...
panagenda
 
Java Interview Questions and Answers | Spring and Hibernate Interview Questio...
Java Interview Questions and Answers | Spring and Hibernate Interview Questio...Java Interview Questions and Answers | Spring and Hibernate Interview Questio...
Java Interview Questions and Answers | Spring and Hibernate Interview Questio...
Edureka!
 
Java Classes | Java Tutorial for Beginners | Java Classes and Objects | Java ...
Java Classes | Java Tutorial for Beginners | Java Classes and Objects | Java ...Java Classes | Java Tutorial for Beginners | Java Classes and Objects | Java ...
Java Classes | Java Tutorial for Beginners | Java Classes and Objects | Java ...
Edureka!
 
Running High-Speed Serverless with nuclio
Running High-Speed Serverless with nuclioRunning High-Speed Serverless with nuclio
Running High-Speed Serverless with nuclio
iguazio
 
Exception handling
Exception handling Exception handling
Exception handling
M Vishnuvardhan Reddy
 
Android Task Hijacking
Android Task HijackingAndroid Task Hijacking
Android Task Hijacking
Positive Hack Days
 
Node mailer example how to send email using nodemailer with gmail &amp; mailtrap
Node mailer example how to send email using nodemailer with gmail &amp; mailtrapNode mailer example how to send email using nodemailer with gmail &amp; mailtrap
Node mailer example how to send email using nodemailer with gmail &amp; mailtrap
Katy Slemon
 
Spring framework aop
Spring framework aopSpring framework aop
Spring framework aop
Taemon Piya-Lumyong
 
Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...
Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...
Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...
Edureka!
 
SaaSy maps - using django-tenants and geodjango to provide web-gis software-a...
SaaSy maps - using django-tenants and geodjango to provide web-gis software-a...SaaSy maps - using django-tenants and geodjango to provide web-gis software-a...
SaaSy maps - using django-tenants and geodjango to provide web-gis software-a...
Anusha Chickermane
 
Lecture - 1 introduction to java
Lecture - 1 introduction to javaLecture - 1 introduction to java
Lecture - 1 introduction to java
manish kumar
 
こわくないよ❤️ Playframeworkソースコードリーディング入門
こわくないよ❤️ Playframeworkソースコードリーディング入門こわくないよ❤️ Playframeworkソースコードリーディング入門
こわくないよ❤️ Playframeworkソースコードリーディング入門
tanacasino
 
Final JAVA Practical of BCA SEM-5.
Final JAVA Practical of BCA SEM-5.Final JAVA Practical of BCA SEM-5.
Final JAVA Practical of BCA SEM-5.
Nishan Barot
 
Java ee 8 + security overview
Java ee 8 + security overviewJava ee 8 + security overview
Java ee 8 + security overview
Rudy De Busscher
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you are
David Brossard
 
Build service with_docker_in_90mins
Build service with_docker_in_90minsBuild service with_docker_in_90mins
Build service with_docker_in_90mins
Larry Cai
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Michael Coates
 

More Related Content

What's hot

Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...
Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...
Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...
panagenda
 
Android Task Hijacking
Android Task HijackingAndroid Task Hijacking
Android Task Hijacking
Positive Hack Days
 
Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...
Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...
Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...
Edureka!
 
Java ee 8 + security overview
Java ee 8 + security overviewJava ee 8 + security overview
Java ee 8 + security overview
Rudy De Busscher
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you are
David Brossard
 

What's hot (20)

Introduction to Java
Introduction to JavaIntroduction to Java
Introduction to Java
 
Collections - Maps
Collections - Maps Collections - Maps
Collections - Maps
 
Java presentation
Java presentationJava presentation
Java presentation
 
More mastering the art of indexing
More mastering the art of indexingMore mastering the art of indexing
More mastering the art of indexing
 
[Kotlin 讀書會第五梯次] 深入淺出 Kotlin 第一章導讀
[Kotlin 讀書會第五梯次] 深入淺出 Kotlin 第一章導讀[Kotlin 讀書會第五梯次] 深入淺出 Kotlin 第一章導讀
[Kotlin 讀書會第五梯次] 深入淺出 Kotlin 第一章導讀
 
Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...
Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...
Ihre HCL Nomad Konfiguration immer & ueberall griffbereit-MarvelClient Roamin...
 
Java Interview Questions and Answers | Spring and Hibernate Interview Questio...
Java Interview Questions and Answers | Spring and Hibernate Interview Questio...Java Interview Questions and Answers | Spring and Hibernate Interview Questio...
Java Interview Questions and Answers | Spring and Hibernate Interview Questio...
 
Java Classes | Java Tutorial for Beginners | Java Classes and Objects | Java ...
Java Classes | Java Tutorial for Beginners | Java Classes and Objects | Java ...Java Classes | Java Tutorial for Beginners | Java Classes and Objects | Java ...
Java Classes | Java Tutorial for Beginners | Java Classes and Objects | Java ...
 
Running High-Speed Serverless with nuclio
Running High-Speed Serverless with nuclioRunning High-Speed Serverless with nuclio
Running High-Speed Serverless with nuclio
 
Exception handling
Exception handling Exception handling
Exception handling
 
Android Task Hijacking
Android Task HijackingAndroid Task Hijacking
Android Task Hijacking
 
Node mailer example how to send email using nodemailer with gmail &amp; mailtrap
Node mailer example how to send email using nodemailer with gmail &amp; mailtrapNode mailer example how to send email using nodemailer with gmail &amp; mailtrap
Node mailer example how to send email using nodemailer with gmail &amp; mailtrap
 
Spring framework aop
Spring framework aopSpring framework aop
Spring framework aop
 
Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...
Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...
Java Threads Tutorial | Multithreading In Java Tutorial | Java Tutorial For B...
 
SaaSy maps - using django-tenants and geodjango to provide web-gis software-a...
SaaSy maps - using django-tenants and geodjango to provide web-gis software-a...SaaSy maps - using django-tenants and geodjango to provide web-gis software-a...
SaaSy maps - using django-tenants and geodjango to provide web-gis software-a...
 
Lecture - 1 introduction to java
Lecture - 1 introduction to javaLecture - 1 introduction to java
Lecture - 1 introduction to java
 
こわくないよ❤️ Playframeworkソースコードリーディング入門
こわくないよ❤️ Playframeworkソースコードリーディング入門こわくないよ❤️ Playframeworkソースコードリーディング入門
こわくないよ❤️ Playframeworkソースコードリーディング入門
 
Final JAVA Practical of BCA SEM-5.
Final JAVA Practical of BCA SEM-5.Final JAVA Practical of BCA SEM-5.
Final JAVA Practical of BCA SEM-5.
 
Java ee 8 + security overview
Java ee 8 + security overviewJava ee 8 + security overview
Java ee 8 + security overview
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you are
 

Viewers also liked

Oración miércoles de ceniza febrero 2012 dios te dice power point
Oración miércoles de ceniza febrero 2012 dios te dice power pointOración miércoles de ceniza febrero 2012 dios te dice power point
Oración miércoles de ceniza febrero 2012 dios te dice power point
sdbpastoralhorta
 
Argumento a favor da existência de deus
Argumento a favor da existência de deusArgumento a favor da existência de deus
Argumento a favor da existência de deus
Isabel Moura
 
Gramática aula4-tipos-de-sujeito-acesso-marta
Gramática aula4-tipos-de-sujeito-acesso-martaGramática aula4-tipos-de-sujeito-acesso-marta
Gramática aula4-tipos-de-sujeito-acesso-marta
Flávio Ferreira
 

Viewers also liked (20)

Build service with_docker_in_90mins
Build service with_docker_in_90minsBuild service with_docker_in_90mins
Build service with_docker_in_90mins
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
 
Ihre Leistung erfolgreich vermarkten_TA03-05-A
Ihre Leistung erfolgreich vermarkten_TA03-05-AIhre Leistung erfolgreich vermarkten_TA03-05-A
Ihre Leistung erfolgreich vermarkten_TA03-05-A
 
Technik verständlich kommunizieren_TA03-31c-A
Technik verständlich kommunizieren_TA03-31c-ATechnik verständlich kommunizieren_TA03-31c-A
Technik verständlich kommunizieren_TA03-31c-A
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0
 
08 - Web-технологии. Архитектура frontend-backend
08 - Web-технологии. Архитектура frontend-backend08 - Web-технологии. Архитектура frontend-backend
08 - Web-технологии. Архитектура frontend-backend
 
Медицинский прейскурант
Медицинский прейскурантМедицинский прейскурант
Медицинский прейскурант
 
Oración miércoles de ceniza febrero 2012 dios te dice power point
Oración miércoles de ceniza febrero 2012 dios te dice power pointOración miércoles de ceniza febrero 2012 dios te dice power point
Oración miércoles de ceniza febrero 2012 dios te dice power point
 
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
 
Renewable non-renewable-energy-resources-110308030738-phpapp02
Renewable non-renewable-energy-resources-110308030738-phpapp02Renewable non-renewable-energy-resources-110308030738-phpapp02
Renewable non-renewable-energy-resources-110308030738-phpapp02
 
J C Bose
J C BoseJ C Bose
J C Bose
 
Romanos 7 (parte -2)
Romanos 7 (parte -2)Romanos 7 (parte -2)
Romanos 7 (parte -2)
 
Jov Aula15
Jov Aula15Jov Aula15
Jov Aula15
 
Argumento a favor da existência de deus
Argumento a favor da existência de deusArgumento a favor da existência de deus
Argumento a favor da existência de deus
 
No tempo de deus.pubpptx
No tempo de deus.pubpptxNo tempo de deus.pubpptx
No tempo de deus.pubpptx
 
1 capa deus pai
1 capa deus pai1 capa deus pai
1 capa deus pai
 
Gramática aula4-tipos-de-sujeito-acesso-marta
Gramática aula4-tipos-de-sujeito-acesso-martaGramática aula4-tipos-de-sujeito-acesso-marta
Gramática aula4-tipos-de-sujeito-acesso-marta
 
E.b.d jovens 4ºtrimestre 2016 lição 10
E.b.d jovens 4ºtrimestre 2016 lição 10E.b.d jovens 4ºtrimestre 2016 lição 10
E.b.d jovens 4ºtrimestre 2016 lição 10
 
Rene descartes
Rene descartesRene descartes
Rene descartes
 
Revista Duda 997 gnosticismo residuos de ua secta
Revista Duda 997 gnosticismo residuos de ua sectaRevista Duda 997 gnosticismo residuos de ua secta
Revista Duda 997 gnosticismo residuos de ua secta
 

Similar to Command

Codementor Office Hours with Eric Chiang: Stdin, Stdout: pup, Go, and life at...
Codementor Office Hours with Eric Chiang: Stdin, Stdout: pup, Go, and life at...Codementor Office Hours with Eric Chiang: Stdin, Stdout: pup, Go, and life at...
Codementor Office Hours with Eric Chiang: Stdin, Stdout: pup, Go, and life at...
Arc & Codementor
 
Curscatalyst
CurscatalystCurscatalyst
Curscatalyst
Kar Juan
 
Perl web frameworks
Perl web frameworksPerl web frameworks
Perl web frameworks
diego_k
 
Exploiting the newer perl to improve your plugins
Exploiting the newer perl to improve your pluginsExploiting the newer perl to improve your plugins
Exploiting the newer perl to improve your plugins
Marian Marinov
 
glance replicator
glance replicatorglance replicator
glance replicator
irix_jp
 

Similar to Command (20)

How to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos oHow to install squid proxy on server or how to install squid proxy on centos o
How to install squid proxy on server or how to install squid proxy on centos o
 
Capital onehadoopclass
Capital onehadoopclassCapital onehadoopclass
Capital onehadoopclass
 
Love The Terminal
Love The TerminalLove The Terminal
Love The Terminal
 
Simple Ways To Be A Better Programmer (OSCON 2007)
Simple Ways To Be A Better Programmer (OSCON 2007)Simple Ways To Be A Better Programmer (OSCON 2007)
Simple Ways To Be A Better Programmer (OSCON 2007)
 
Puppet Camp 2012
Puppet Camp 2012Puppet Camp 2012
Puppet Camp 2012
 
Learning the command line
Learning the command lineLearning the command line
Learning the command line
 
Codementor Office Hours with Eric Chiang: Stdin, Stdout: pup, Go, and life at...
Codementor Office Hours with Eric Chiang: Stdin, Stdout: pup, Go, and life at...Codementor Office Hours with Eric Chiang: Stdin, Stdout: pup, Go, and life at...
Codementor Office Hours with Eric Chiang: Stdin, Stdout: pup, Go, and life at...
 
Curscatalyst
CurscatalystCurscatalyst
Curscatalyst
 
Perl web frameworks
Perl web frameworksPerl web frameworks
Perl web frameworks
 
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
파이썬 개발환경 구성하기의 끝판왕 - Docker Compose
 
Stacki - The1600+ Server Journey
Stacki - The1600+ Server JourneyStacki - The1600+ Server Journey
Stacki - The1600+ Server Journey
 
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
StackiFest16: Stacki 1600+ Server Journey - Dave Peterson, Salesforce
 
Exploiting the newer perl to improve your plugins
Exploiting the newer perl to improve your pluginsExploiting the newer perl to improve your plugins
Exploiting the newer perl to improve your plugins
 
How-to Integração Postfi
How-to Integração PostfiHow-to Integração Postfi
How-to Integração Postfi
 
mail server
mail servermail server
mail server
 
Hacking ansible
Hacking ansibleHacking ansible
Hacking ansible
 
Cadence flow
Cadence flowCadence flow
Cadence flow
 
Salesforce at Stacki Atlanta Meetup February 2016
Salesforce at Stacki Atlanta Meetup February 2016Salesforce at Stacki Atlanta Meetup February 2016
Salesforce at Stacki Atlanta Meetup February 2016
 
glance replicator
glance replicatorglance replicator
glance replicator
 
New text document (2)
New text document (2)New text document (2)
New text document (2)
 

Command

  • 1. curl -x 192.168.2.95:8080 --proxy-ntlm -U 'gajdomainadministrator' http://www.yahoo.com ============================================================ #acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl" #http_access deny blockfiles # vi /etc/squid/blocks.files.acl Append following text: .[Ee][Xx][Ee]$ .[Aa][Vv][Ii]$ .[Mm][Pp][Gg]$ .[Mm][Pp][Ee][Gg]$ .[Mm][Pp]3$ acl blocksites url_regex "/etc/squid/squid-block.acl" http_access deny blocksites ================= proxy error ===== the requested url could not be retrived Without proxy ====== page cannot be display =========================================== traceroute -n -i eth1 yhh -I ============================= acl myip dstdomain 192.168.1.200 acl exceptionsites dstdomain "/etc/squid/exceptionsites" http_access deny myip http_access allow exceptionsites ================================ iptables -I INPUT -p tcp -s 59.181.98.140 --dport 443 -j ACCEPT ======443 access 58.68.55.140 ============ curl -x 192.168.1.221:8080 http://images.orkut.com time curl -x 172.16.72.25:3128 http://www.ndtv.com -U helpdesk =================================================== $squidstat = `ps auxwww | grep squid`; $file = "squid -D"; if (!($squidstat =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartproxy restart >/dev/null 2>&1 &"); ================================================================================ =============== $namedstat = `ps auxwww | grep named`; $file = "/usr/sbin/named"; if (!($namedstat =~ m/$file/)) { $new = system("/usr/sbin/named"); ================================================================================ =============== /usr/sbin/snmpd ps -ef |grep -i snmp $snmpstat = `ps auxwww | grep snmp`; $file = "/usr/sbin/snmpd"; if (!($snmpstat =~ m/$file/)) { $new = system("/etc/init.d/snmpd restart >/dev/null 2>&1 &"); ===================================================================== du -h --max-depth=30 du -h --max-depth=1 ==================== nslookup > set type=MX > bata.co.in ============ dig MX deseinindure.com
  • 2. less /var/log/squid/access.log |grep -i safechild |awk '{print $3}' | cut -f2 -d'' |wc -l less /var/log/squid/access.log |awk '{print $3}' echo arjun=`less /var/log/squid/access.log |grep -i arjun |awk '{print $3}' | wc -l ` less 20091029 |awk '{print $2}' |cut -f3 -d"|" less 20091029 |awk '{print $2}' |cut -f3 -d"|" |grep -iv postmaster find all files with name  testfile  in /home directory recursively and contains the word hello. find /home -type f -name testfile | xargs grep -l -i hello ## This scrip to count no of mails comes to perticular person ## you have to enter currect email id echo " TO CHECK MAIL FOR PERTICULAR PERSON " echo -e " enter persons mail ID :- c" read 'mailid' #echo " $mailid" veri=`grep -e "$mailid" 20091029 | cut -f3 -d"|" |wc -l` echo -e "$mailid = "$veri" " #echo "$veri" ##echo "$veri" ##awk '{print $2}' 20091027 | cut -f3 -d"|" |grep -iv postmaster |grep -i amit@gajshield.com ================================================================================ ============= start-browse cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules installfwrules ############################################################################ stop-browse cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules installfwrules stop-browse start-browse ank@web!1 /var/tmp/gaj ============ ------------------- 1 secure to secure fwnet-secure http fwip-insecure   mailserver 2 secure to secure fwnet-secure http mailserver   fwip-secure ======================================== Edit /etc/snort/snort.template and add below policy at the end of the file to block gmail and yahoo mail https access at IPS level itself. After adding below
  • 3. policy restart IPS service from frontend. #### Rule to Block Gmail access #### drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS Gmail Access -55"; flow:from_server,established; content:"mail.google.com"; offset:320; depth:50; sid:510000079; ) #### Rule to Block yahoo mail access #### drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS yahoo mail Access -55"; flow:from_server,established; content:"login.yahoo.com"; offset:320; depth:50; sid:510000080; ) ### IPS Rule to block Gtalk ### drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55"; content:"jabber"; sid:510000079; ) drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55"; content:"etherx.jabber.org/streams"; sid:510000080; ) ### Add below rules in additionalrules file to bypass users from IPS to access Gtalk ### /sbin/iptables -t mangle -I FORWARD -s 192.168.100.35 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.100.35 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 443 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 443 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 5222 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 5222 -j ACCEPT ================================================================================ ====== /sbin/iptables -t mangle -I OUTPUT -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I POSTROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I PREROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I INPUT -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT ================================================================ python /usr/local/https/suid/maillinkdown.pyc ============================================= arping -s (source ipaddress) (Gateway ip) -f -I eth(X) =========================================================== *All*|Generic|File Upload|block|AllTime|n|y||active *All*|Web Mails|All of Above|allow|AllTime|n|y||active *All*|Orkut|Orkut Scrap|allow|AllTime|n|y||active *All*|Orkut|Orkut Message|allow|AllTime|n|y||active *All*|Orkut|Orkut Forum Post|allow|AllTime|n|y||active *All*|Orkut|Orkut Forum Event|allow|AllTime|n|y||active *All*|Facebook|Facebook Wall|allow|AllTime|n|y||active *All*|Facebook|Facebook Message|allow|AllTime|n|y||active *All*|Facebook|Facebook Forum Post|allow|AllTime|n|y||active *All*|Facebook|Facebook Comment|allow|AllTime|n|y||active
  • 4. *All*|Facebook|Facebook Note|allow|AllTime|n|y||active *All*|Facebook|Facebook Event|allow|AllTime|n|y||active *All*|IM Chat|All Above IM Chat|allow|AllTime|n|y||active *All*|Web Chat|All Above Web Chat|allow|AllTime|n|y||active ============================================================ $squidstat = `ps auxwww | grep squid`; $file = "squid -D"; if (!($squidstat =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartproxy restart >/dev/null 2>&1 &"); ================================================================================ =============== $squidhttpsstat = `ps auxwww | grep squid`; $file = "squid.https"; if (!($squidhttpsstat =~ m/$file/)) { $new = system("/usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D >/dev/null 2>&1 &"); ================================================================================ =============== cd /var/named/ ll cp gajshield.com.hosts gajshield.com.hosts.20090522a vi gajshield.com.hosts /etc/init.d/named restart cd /etc/mail ll cp mailertable mailertable.20090222a vi mailertable makemap hash mailertable1.db < mailertable strings mailertable1.db /etc/init.d/sendmail restart ping gajshield.com cp /etc/mail/access /etc/mail/access.20090523a vi /etc/mail/access /etc/init.d/sendmail restart ping ndtv.com.blacklist.gajshield.com ============================================ jmitra.gajshield.fw CRON RECREATE tail -f /var/log/cron fcrontab -l > /var/tmp/vimcron cat /var/tmp/vimcron cd /var/spool/cron/ ls /etc/init.d/crond stop mv root root.vimbak cat /var/tmp/vimcron | fcrontab -l cat /var/tmp/vimcron | fcrontab - ls -larth /etc/init.d/crond start ls -larth tail -f /var/log/cron =========================================== Please find the command to create the user account. please take the backup of two files. Run the below command for backup :-
  • 5. cp -i /etc/passwd /etc/passwd.orignal cp -i /etc/group /etc/group.orignal Administrative level privilege account use this command :- useradd -mg root -ou 0 (username) For read-only privilege use below command :- useradd -m (username) Now Finally assign password to all created users for that use below command :- passwd (username) Aircel Circuit ID - C2407 =================================== eth0|192.168.128.200|LAN|||e100|||1500|std|||255.255.255.0|||0 eth1|116.72.54.87|WAN|116.72.48.1||e100|||1500|std||defaultroute| 255.255.248.0|||0 ===================================== $winbin = `ps auxwww | grep winbindd`; $file = "/usr/sbin/winbindd"; if (!($winbin =~ m/$file/)) { $new = system("/usr/sbin/restartntlm >/dev/null 2>&1"); } $wbinfo = `wbinfo -t |grep "RPC calls failed"`; if ($wbinfo) { $new = system("/usr/local/https/scripts/admin/restartntlm >/dev/null 2>&1 &"); } 0-59/1 * * * * python /var/temp/arjun/wbinfo.py ====================================== $icap = `ps auxwww | grep icap`; $file = "/usr/sbin/c-icap"; if (!($icap =~ m/$file/)) { $new = system("/usr/sbin/c-icap -f /etc/c-icap.conf >/dev/null 2>&1 &"); } $icap = `ps auxwww | grep icap | grep -i defunct`; $file = '<defunct>'; if ($icap =~ m/$file/) { $new = system("killall -9 /usr/sbin/c-icap ; /usr/sbin/c-icap -f /etc/c- icap.conf >/dev/null 2>&1 &"); } $smtp = `ps auxwww | grep smtp`; $file = "/usr/sbin/smtpdscantransparent -f /usr/local/etc/clamsmtpdspam.conf -p /var/run/clamsmtpdspam.conf.pid"; if (!($smtp =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartantispam restart >/dev/null 2>&1"); ================================================ ethtool -s eth0 autoneg off speed 100 duplex half ethtool -s eth7 autoneg on speed 10 duplex half ================================================= snort -devi eth0 host 10.148.192.229 and port 21
  • 6. ================================================ python /usr/local/https/suid/sendreport.pyc =============================================== :/lib/modules/2.4.26-grsec/kernel/drivers/net/e100 cp /var/tmp/Parekh Marine/e100.o . :/usr/local/https/scripts/admin # cat additionalrules ================================================= /etc/init.d/proxy stop cd /var/ ls -larth mv cache cache.20200210 mkdir cache chown web.root cache killall -9 squid killall -9 squid squid -z /usr/local/https/scripts/admin/restartproxy restart squid -z /etc/init.d/proxy start ============================================ %s/searchword/replace word/g ========================== ram28patil@gmail.com cat file-name | sed -e 's/first_pattern/next_pattern/g' > new-file cat /proc/net/ip_conntrack |grep 1433 122.252.232.179 ----Patanjali gsfw@PyP Awash@3779 / 118.67.228.162 ping -c 3 -I 57.56.224.12 57.56.130.1 172.16.1.55 /var/spool/imap/user/spam/db/ /etc/mail/spamassassin/custom.cf /usr/local/https/data/antispamrule /usr/sbin/sendmail -C/etc/mail/sendmail-nospam.cf -f Gaurav.Shetye@enerconindia.net support@gajshield.com < 745724. sendmail -f sales@siskom.co.in -C/etc/mail/sendmail.cf pooja@techinfra.in < 2324881. sendmail -C/etc/mail/sendmail-local.nonspam.cf -f rasool.acct.bom@riyagroup.travel Riya.Travels@enerconindia.net < 281669. smbpasswd -j GAJNEW (domain name) -r gajnew (netbios name) -U Administrator net ads join -U username%passwd -S netbios name net ads lookup -U 'username%passwd' -S servername cat ntlmdata testgaj.com|win-sr2unpvbdco|AD-Srv2008|administrator|gaj@1234|testgaj WAN Failover in new kernal ### Ping allowed from all interfaces ### /sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.1.5 -j ACCEPT /sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.10.2 -j ACCEPT ###
  • 7. ====================================================================== 7.2.1 md5sum /usr/lib/c_icap/srv_clamav.so 259611bb3b9773a23b99ab356c6616e3 OLD freshclam -V ClamAV 0.96/10763/Tue Apr 20 18:10:59 2010 md5sum srv_clamav.so 95da956aba84de9e0b5d7eccd733f141 NEW ====================================================================== /sbin/iptables -I INPUT -s 172.1.1.1 -p tcp --dport 222 -i ppp0 -j ACCEPT route add -net 192.168.25.0/24 gw 172.1.1.1 route add -net 172.1.1.0/24 gw 192.168.2.3 route del -net 172.1.1.0 netmask 255.255.255.0 gw 192.168.2.3 /sbin/iptables -I INPUT -s 192.168.25.23 -p tcp --dport 443 -i ppp0 -j ACCEPT 0-59/5 * * * * rm -frv /var/log/proxy/__db* $httpsinspect = `ps auxwww | grep httpsinspect`; $file = "/usr/sbin/httpsinspect"; if (!($httpsinspect =~ m/$file/)) { $new = system("/usr/sbin/httpsinspect >/dev/null 2>&1 &"); iptables -I OUTPUT -s 220.227.158.10 -d 220.226.206.22 -j ACCEPT ============= $stunnel = `ps auxwww | grep stunnel`; $file = "/usr/sbin/stunnel"; if (!($stunnel =~ m/$file/)) { $new = system("/usr/sbin/stunnel >/dev/null 2>&1 &"); ================== stunnel -d 443 -v 1 -D 7 -L /usr/sbin/pppd -- pppd 172.1.1.1: noauth local passive squid -f /etc/squid/squid.conf -D =================================================== while true;do ps aux|grep logzip |grep -v grep;done while true;do ps aux|grep generate |grep -v grep;done python /usr/local//icichttps/suid/firewalllogzip.pyc -createzip 20100504 20100504 downloaddlpuploadlog ================================================================================ ================= tune2fs -c 0 /dev/hda1 2 4 /usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D /usr/ctasd/bin/http_client.pl /var/spool/quarantine/20100614/spam.1276456323.27972 ipsec whack --status chmod 666 /dev/null http://www.gajshield.com/technical_document.htm ••••••••• http://www.hideipvpn.com/2010/03/howto-windows-7-ipsecl2tp-vpn-setup-tutorial/ /sbin/iptables -I PREROUTING -t mangle -s 57.56.130.0/24 -d 145.228.181.96 -p tcp --dport 80 -j ROUTE --gw 57.56.130.1
  • 8. /sbin/iptables -I PREROUTING -t mangle -s 172.1.1.27 -d 192.168.2.7 -p tcp --dport 80 -j ROUTE --gw 172.1.1.1 http://www.careerride.com/job-skills.aspx http://studyhat.blogspot.com/ route add 192.168.2.7 gw 172.1.1.1 ###destination d_fw { program("/usr/local/https/scripts/admin/manageidentitylog" template("$MSGn")); }; ###destination d_identity_log { file("/var/log/firewall/$YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; ###filter f_identity_log { facility(local3) and level(info);}; ###destination d_identity_login { file("/var/log/identity/ $YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; ###filter f_identity_login { level(notice) and program("python"); }; ###log { source(s_sys); filter(f_identity_login); destination(d_identity_login); }; ###log { source(s_sys); filter(f_identity_log); destination(d_identity_log); }; *** Note the first line needs to be replaced with the following line. destination d_fw { file("/var/log/firewall/$YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; route add 192.168.2.7 gw 172.1.1.1 iptables -t filter -I OUTPUT -d 192.168.2.7 -p tcp --dport 80 -j ACCEPT GajShield Infotech (I) Pvt. Ltd. Unit 103, Building No. 5, Sector III, Millennium Business Park, Mahape, Navi Mumbai   400 701. ========================== killall -9 squid.https sleep 2 /usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D squid -f /etc/squid/squid.conf -D ======================= modprobe xt_statistic /sbin/modprobe ipt_TTL /sbin/modprobe ipt_ttl tcpdump -eni eth0 iptables -I OUTPUT -s <SRC IP> -p tcp --dport 80 -j DROP 23 0-23/2 * * * ./redirect 1 0 1 www.onlinegames.net 192.168.0.49 - GET http://127.0.0.1/cgi-bin/blocked.ggi? blockedurl=www.onlinegames.net&reason=hitesh|192.168.0.49|Blocked| Site+in+Advanced+Blocked+Category+Games,+for+group+Default 127.0.0.1 - GET
  • 9. http://www.gajshield.com/technical_document.htm /usr/local/bin/ctasd-3.01.0017-linux-x86-gcc323- kernel24/samples/http_client.pl /var/ankur/ILFS-Spam-1 /usr/local/bin/ctasd-3.00.0028-linux-x86-gcc335/samples/http_client.pl /tmp/414760. chkconfig --level 3 ntpd off cat services |sort -u > services.origin proxylogs.SBI squid.02-09-2010 squidconf.template.20090216 .virtualearth.net .gta-travel.com EHLO webmail.gajshield.com MAIL From:<gajshield-list-bounce@gajshield.com> SIZE=297331 RCPT To:<info@vintage3.com> DATA <!--**URL-FILTERING**-->_ng 0 0 1 ################################################################################ ## icap_service service_1 reqmod_precache 1 icap://127.0.0.1:1344/gajdlp_module icap_service service_3 respmod_precache 1 icap://127.0.0.1:1344/gajdlp_module --- icap_access class_3 allow simpletext icap_access class_3 allow gmailchat icap_access class_3 allow gmailchat1 icap_access class_3 allow sifychat icap_access class_3 allow sifychat1 icap_access class_3 allow yahoochat icap_access class_3 allow facebookchat icap_access class_1 deny whitedomain icap_access class_1 deny localmachine icap_access class_1 allow FTP icap_access class_1 allow HTTP icap_access class_1 allow GET icap_access class_1 allow POST ################################################################################ ##### replace srv_echo.so with srv_clamav.so < ### Rules to bypass ICMP from IPS ### < < /sbin/iptables -t mangle -I INPUT -p icmp -j ACCEPT < /sbin/iptables -t mangle -I FORWARD -p icmp -j ACCEPT < /sbin/iptables -t mangle -I OUTPUT -p icmp -j ACCEPT < dlpoptions **Sify Mail *SMTP Mails **SMTP Mails dlpservicefunc Sify Web Chat| 321b17265cab11d20c5d0b0238a8e5f433f50684c4e1285748edefc6780a929016140ff247c5da08 9f|
  • 10. SMTP Mails| 4545bdaf247ae477c9feeb2805caafbd25967c4a6e8337c21acdf505d5d3c9e9e287776835| SMTP|8c1b3561c2ae1e4c570b5b5ea9d3b05ab360443b958c4233d5e5babdc0082b007b06ca| Sify Mail| 2dc78855525b7ad32e8c1178fdc0dea261e6beb1bf7a106c1cd78508b32cceead15ea96816| http://productsearch.rediff.com/productlist.aspx? category=television&brand=LG&price=Below%20Rs%205000 snort --daq-dir=/usr/lib/daq -i eth0 host 192.168.0.67 and port 443 snort --daq-dir=/usr/lib/daq -C -d -i lo port 1709 snort --daq-dir=/usr/lib/daq -C -d -i lo port 1344 snort -C -d -v -i lo port 1344 http://en.wikipedia.org/wiki/AAA_protocol Hi, Please export users from Radius server and save it in csv file. And upload that file in Browsing->User Settings->Users->CSV File Upload. http://www.gajshield.com/manual/SNMP_configuration_with_in_GajShield.pdf 10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata- 123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None- None:None:None:None:None||| 20|Airtel to Any|fwip-Airtel||http,https||internet||default|accept|no|Airtel- 122.169.101.1,Tata-123.252.239.1|yes|active||None:None:None:None:None- None:None:None:None:None||| http://www.4shared.com/dir/34402089/7a2b8b50/Ajay_Atul_Music_fanss_collecti.html Please give us a goto meeting access to check the issue. https://www.gotomeeting.com/join/187194339 10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata- 123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None- None:None:None:None:None||| < ##<!--**AUTHENTICATION**--> < < auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp < auth_param ntlm children 30 /usr/local/https/scripts/admin/resetdefault OR /usr/local/https/scripts/admin/resetdefault clearlog cat additionalrules.changes cp /var/temp/arjun/restartntlm.pyc /usr/local/https/suid/restartntlm.pyc > /dev/null 2>&1 chmod 755 /usr/local/https/suid/restartntlm.pyc > /dev/null 2>&1 /usr/sbin/c-icap -f /etc/c-icap.conf -D -d 9 squid -f /etc/squid/squid.conf -D -d 9
  • 11. EXPRESS DIGITAL SYSTEMS, SAMSUNG EXCLUSIVE SERVICE CENTER, Navyog Niwas, Shop No. 6, Gr. Floor, 1767 Lamington Road, Opp Minerva Cinema, Grant Road(East) Mumbai-400 008. tel no. (91-22) 2301 3198. ====================== facebook blocking channel.facebook.com facebook.com/ajax/chat/ ============== root@gsfw:/etc/ipsec.d # find . |grep -i gaj ./squid/cert/gajsslcert.req ./squid/cert/gajsslcert.pem ./squid/key/gajsslcert.pemc /etc/ipsec.d/cakeys guest b1pl@b 194 --- sendmail 55 --- newspam root@gsfw:/var/log/DLP/imlogs/webchat/facebook/656111326/640816416 ============================================= tun0|172.16.6.1|CloudConnect|||e1000e|||1500|std|||255.255.255.0|||0 CloudNw|172.16.6.0|255.255.255.0 Cloud|1024:65535|1195|udp|0 1|Beam to Beam|internet||cloud||fwip-Beam||default|accept|no|none|yes|active|| None:None:None:None:None-None:None:None:None:None||| 2|TTSL to TTSL|internet||cloud||fwip-TTSL||default|accept|no|none|yes|active|| None:None:None:None:None-None:None:None:None:None||| 3|CloudConnect to LAN|cloudnetwork||DNS||fwip-LAN||default|accept|no|none|yes| active||None:None:None:None:None-None:None:None:None:None||| 4|CloudConnect to LAN|cloudnetwork||Any||fwnet-LAN||default|accept|no|none|yes| active||None:None:None:None:None-None:None:None:None:None||| 5|CloudConnect to Any|cloudnetwork||http-transparent-proxy,https,DNS||internet|| default|accept|no|Beam-183.83.192.1,TTSL-192.168.1.1|yes|active|| None:None:None:None:None-None:None:None:None:None||| root@gsfw:/usr/local/https/data # cat cloud clouddomain cloudexepass cloudusers root@gsfw:/usr/local/https/data # cat clouddomain ct|IP|fwip-Beam|Encryption:3des|Compression:on|cloudnetwork|cloud|fwip-LAN|fwip- LAN|fwip-TTSL =========================================== /proc/sys/net/ipv4/ip_forward /usr/local/https/templates/newaccessdenied.html 30 22 * * * /sbin/shutdown -h now 30 22 * * * init 0 Awash@3779
  • 12. chmod 1777 tmp drwxrwxrwt 4 root root 4.0K 2014-05-14 12:11 tmp ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9 "$2);}' 0,30 * * * * ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9 "$2);}' $ctwsd = `ps auxwww | grep ctwsd`; $file = "./ctwsd.bin -l /usr/lib/ctwsd -c /etc/ctwsd/ctwsd.conf --pid /var/run/ctwsd/ctwsd.pid"; if (!($ctwsd =~ m/$file/)) { if(-e "/usr/lib/ctwsd/ctwsd"){ $new = system("/etc/init.d/ctwsd start >/dev/null 2>&1 &"); iptables -t filter -I FORWARD -s 192.168.0.0/20 -j ACCEPT iptables -t nat -I PREROUTING -s 192.168.0.0/20 -j ACCEPT undes gajshield 20110801.backup 20110801.backup.tgz tar -zxvf 20110801.backup.tgz ##<!--**SSL_CRTD**--> sslcrtd_program /usr/sbin/ssl_crtd -s /var/spool/ssl_db -M 4MB sslcrtd_children 10 ##<!--**SSL_GET_DOMAIND**--> sslgetdomaind_program /usr/local/https/squid/ssl_getdomaind sslgetdomaind_children 250 /usr/local/https/etc/ipsrules backup /usr/sbin/proxylogs (replace 530 with access log time) POP3 :- tagging SMTP :- tagging and blocking login4tpg@123 0-59/5 * * * * rm -frv /var/log/proxy/__db* /usr/local/https/gajcloud/template/server.conf.template /etc/openvpn/server.conf ========================================================== webex network 96.6.38.212 210.4.200.96 114.29.194.39 62.109.202.160 64.191.223.37 62.109.202.153 62.109.202.151 173.222.154.212 62.109.202.162 72.247.50.212 114.29.195.80
  • 13. Webex-net10|114.29.194.0|255.255.255.0 Webex-net1|114.29.200.0|255.255.255.0 Webex-net2|64.68.107.0|255.255.255.0 Webex-net3|210.4.201.0|255.255.255.0 Webex-net4|64.68.96.0|255.255.255.0 Webex-net5|64.68.105.0|255.255.255.0 Webex-net6|209.197.200.0|255.255.255.0 Webex-net7|209.197.222.0|255.255.255.0 Webex-net8|184.31.40.0|255.255.255.0 Webex-net9|64.68.104.0|255.255.255.0 Webex-net0|66.114.168.0|255.255.255.0 173.223.42.212 210.4.200.96 114.29.195.83 95.100.40.36 173.243.5.18 114.29.195.83 173.243.0.152 ========================================== $monitor = `ps ax | grep monitor`; $file = "python /usr/local/https/suid/pyc_exec_suid /usr/local/https/suid/monitor.pyc /usr/local/https/data/ /etc/ipsec.d/"; if (!($monitor =~ m/$file/)) { if(-e "/etc/init.d/monitor"){ $new = system("/etc/init.d/monitor start >/dev/null 2>&1 &"); $checkvpn = `ps auxwww | grep checkvpn`; $file = "/usr/sbin/checkvpn"; if (!($checkvpn =~ m/$file/)) { $new = system("/usr/sbin/checkvpn >/dev/null 2>&1 &"); } $checkISP = `ps auxwww | grep checkISP`; $file = "/usr/sbin/checkISP"; if (!($checkISP =~ m/$file/)) { $new = system("/usr/sbin/checkISP >/dev/null 2>&1 &"); } mca1|14.140.191.120|255.255.255.255 mca2|202.54.179.120|255.255.255.255 mca3|115.114.108.120|255.255.255.255 mca4|216.163.188.49|255.255.255.255 mca5|14.114.191.120|255.255.255.255 mca6|202.137.239.30|255.255.255.255 /usr/sbin/c-icap -f /etc/c-icap.conf -N -D -d 9 fsck -c /dev/hda1 111.93.11.126 tar zcvf AkashPack.20111221.tgz /usr/local/https/ /etc/ /usr/sbin/sslcrtd -c -s /tmp/ssl_db/ chmod -R 777 /tmp/ssl_db/ squid.localauth -f /etc/squid/squid.conf.localauth -D -d 9 squid -f /tmp/squid.conf -D -d 9
  • 14. cat /etc/init.d/newmknodfiles |grep -i sip /sbin/modprobe ip_conntrack_sip ##/sbin/modprobe ip_nat_sip root@gsfw:~ # cat /etc/init.d/newmknodfiles |grep -i 323 /sbin/modprobe ip_conntrack_h323 ##/sbin/modprobe ip_nat_h323 iptables -L -n -t mangle |less /sbin/iptables -t mangle -D FORWARD -o ! lo -j QUEUE /sbin/iptables -t mangle -D INPUT -i ! lo -j QUEUE /sbin/iptables -t mangle -D OUTPUT -o ! lo -j QUEUE ################## DC ################ 0-59/1 * * * * /usr/local/https/data/restartNTLMScript.sh ( Restart NTLM ) /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 ( Disable IPS for failover in DC) /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 --queue- bypass /sbin/iptables -t mangle -D OUTPUT -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark ########################################## tar zxvf /var/tmp/VARForAkashPack.20111229.tgz ps -ef |grep -i dhcp root 13565 1717 0 17:52 pts/0 00:00:00 grep -i dhcp root 25067 1 0 Jan18 ? 00:02:24 /usr/sbin/dhcpd -lf /var/lib/dhcp/dhcpd.leases eth0 eth1 GT-S5263 ==================== Dropbox IP Dropbox1|108.160.160.0|255.255.240.0 Dropbox2|199.47.216.0|255.255.252.0 Dropbox3|199.47.217.0|255.255.255.0 Dropbox4|199.47.218.0|255.255.255.0 Dropbox5|199.47.219.0|255.255.255.0 Dropbox6|23.21.220.0|255.255.255.0 Dropbox7|107.22.245.0|255.255.255.0 Dropbox8|50.17.246.0|255.255.255.0 Dropbox9|174.129.195.0|255.255.255.0 Dropbox10|23.23.226.0|255.255.255.0 Dropbox11|54.221.249.0|255.255.255.0 Dropbox12|108.160.165.0|255.255.224.0 Dropbox13|108.160.162.0|255.255.255.0 Dropbox14|108.160.166.0|255.255.255.0 Dropbox15|54.221.234.0|255.255.255.0 Dropbox16|107.20.249.120|255.255.255.0 Dropbox17|50.19.214.0|255.255.255.0 Dropbox18|23.23.229.0|255.255.255.0 ==================== neo@howallbkd
  • 15. /usr/sbin/c-icap -f /etc/c-icap.conf -D -N -d 9 client ldap sasl wrapping = sign Linux 2.6.18-238.19.1.el5xen (32-bit) /usr/bin/nice -n 19 /usr/local/https/scripts/admin/dumpdashboard Front End Password: ITSInvisiblE (after b is small L) Backend Password: Security@1981 (S is Capital) -rw-r----- 1 web wheel 1488857 2012-05-19 15:24 /var/tmp/sslcrtd.log -rw-r----- 1 web wheel 14200 2012-05-19 09:30 /var/tmp/getdomaind.log 9.4.7.4.34.3.4 winbindd -d 9 -i Sec5re license 11 10 * * * /bin/rm /usr/local/https/ramdata/ssldomains.db leave@tra!l4me cat /etc/rc.local |grep -i tso /usr/sbin/ethtool -K eth0 tso off /usr/sbin/ethtool -K eth1 tso off /usr/sbin/ethtool -K eth3 tso off vi /etc/ctwsd/ctwsd.conf ServerAddress = webres1.t.ctmail.com openssl verify /etc/ipsec.d/squid/cert/gajsslcert.pem /usr/local/https/gajcloud/template/server.conf.template fbcdn-dragon-a.akamaihd.net = *.akamaihd.net killall -9 /usr/sbin/c-icap;killall -9 /usr/sbin/c- icap;/usr/local/https/scripts/admin/restarticap ;killall -9 squid;killall -9 squid;/usr/local/https/scripts/admin/restartproxy start ping yahoo.com -I eth2 -i 0.2 -s 1400 Microsoft 96.17.182.42 157.56.67.221 Rajesh :- surf_499 Ushacomm /sbin/iptables -t mangle -I FORWARD -s 172.16.0.0/16 -d 10.240.1.0/24 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.16.0.0/16 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 172.28.0.0/16 -d 10.240.1.0/24 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.28.0.0/16 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.123.0/24 -d 192.168.123.0/24 -j ACCEPT ( DC PPTP VPN ) ### Bandwidth Quota was not working and to work that below MARK policy added for
  • 16. http and https transparent proxy ### ##/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 80 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 443 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I OUTPUT -p tcp --dport 80 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I OUTPUT -p tcp --dport 443 -j CONNMARK --set-mark 2 /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j CONNMARK --set-mark 2 /sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 -j CONNMARK --set-mark 2 python Python 2.3.4 (#1, Sep 30 2004, 03:19:26) [GCC 3.3.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> f = open("interfacemarkdict") >>> a = KeyboardInterrupt >>> pickle KeyboardInterrupt >>> import pickle >>> a = pickle.load(f) >>> a {'LAN': 1, 'BSNL': 3, 'MPLS': 4, 'AirTel4M': 5, 'AIRTEL': 2} >>> /usr/sbin/imspector -c /usr/local/https/etc/imspector/imspector.conf -D 4 /etc/init.d/S90Apache start ( httpd ) 0-59/1 * * * * /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 /usr/sbin/clamsslsmtpd -d 4 -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p /var/run/clamsslsmtpdspamvirus.conf.pid /var/temp/clamsslsmtpd -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p /var/run/clamsslsmtpdspamvirus.conf.pid -d 4 bypass from httpsinspect /usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 182.73.181.124 -m state --state ESTABLISHED -j ACCEPT /usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 172.16.9.4 -m state --state ESTABLISHED -j ACCEPT cat conftacacs gsfw|fwip-LAN|49|12345|chap| confldap gsfw|ADSERVER|389|cn|r|j|superuser|wonderdream|g| ap.corp.ipgnetwork.com|bomgdc01|ADServer|kumaraadmin|AmbiEnce@001|ipgap whatsapp1|174.37.217.92|255.255.255.255 whatsapp2|50.22.231.49|255.255.255.255 whatsapp3|174.37.199.194|255.255.255.255 whatsapp4|208.43.115.207|255.255.255.255 whatsappnw1|50.22.231.32|255.255.255.224 whatsappnw10|173.192.219.96|255.255.255.224 whatsappnw11|174.37.199.194|255.255.255.224 whatsappnw12|184.173.179.41|255.255.255.224 whatsappnw13|184.173.136.64|255.255.255.224
  • 17. whatsappnw14|184.173.147.32|255.255.255.224 whatsappnw15|66.228.112.0|255.255.240.0 whatsappnw16|173.192.231.32|255.255.255.224 whatsappnw2|50.22.210.128|255.255.255.224 whatsappnw3|50.22.198.224|255.255.255.252 whatsappnw4|50.22.198.204|255.255.255.252 whatsappnw5|50.22.194.224|255.255.255.224 whatsappnw6|208.43.96.4|255.255.255.252 whatsappnw7|208.43.122.128|255.255.255.224 whatsappnw8|184.173.136.64|255.255.255.224 whatsappnw9|184.172.19.64|255.255.255.224 =================================== Facebook1|69.63.167.0|255.255.240.0 Facebook2|66.220.144.0|255.255.240.0 Facebook3|69.63.181.0|255.255.240.0 Facebook4|69.171.224.0|255.255.0.0 Facebook5|66.220.152.0|255.255.240.0 Facebook6|69.63.184.0|255.255.240.0 Facebook7|69.171.228.0|255.255.240.0 Facebook8|69.171.224.0|255.255.240.0 Facebook9|31.13.64.0|255.255.255.0 Facebook10|203.92.39.0|255.255.255.0 Facebook11|23.57.194.0|255.255.255.0 Facebook12|31.13.72.0|255.255.255.0 Facebook13|173.252.110.0|255.255.0.0 Facebook14|204.15.20.0|255.255.252.0 Facebook15|203.92.39.0|255.255.255.0 =================== tally1|124.153.107.130|255.255.255.255 tally2|124.153.107.132|255.255.255.255 tally3|124.153.107.139|255.255.255.255 tally4|124.153.107.150|255.255.255.255 tally5|124.153.107.151|255.255.255.255 tally6|124.153.107.134|255.255.255.255 tally7|124.153.107.145|255.255.255.255 tally8|124.153.107.146|255.255.255.255 tally9|124.153.107.147|255.255.255.255 tally10|124.153.107.131|255.255.255.255 tally11|124.153.107.133|255.255.255.255 tally12|124.153.107.140|255.255.255.255 tally13|124.153.107.148|255.255.255.255 tally14|124.153.107.149|255.255.255.255 tally15|124.153.107.135|255.255.255.255 tally16|124.153.107.136|255.255.255.255 tally17|124.153.107.137|255.255.255.255 tally18|124.153.107.138|255.255.255.255 tally19|124.153.107.66|255.255.255.255 tally20|124.153.107.96|255.255.255.255 .tallysolutions.com .tallyenterprise.com .tallybss.com ==================== email bindlalbahadur@gmail.com pass kishan123 202.46.197.164 DISHTV
  • 18. ================== Patanjali DishTV1|180.179.201.170|255.255.255.255 DishTV2|74.63.224.173|255.255.255.255 DishTV3|217.23.15.146|255.255.255.255 DishTV4|93.190.138.104|255.255.255.255 DishTV5|109.236.86.209|255.255.255.255 DishTV6|74.63.224.172|255.255.255.255 DishTV7|103.5.198.210|255.255.255.255 DishTV8|202.46.197.164|255.255.255.255 =============== /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 192.168.0.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.0.128.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.2.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.5.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.4.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.6.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.11.0/24 -j ROUTE --gw 10.53.0.1 Kaspersky1|94.75.236.122|255.255.255.255 Kaspersky2|93.159.230.19|255.255.255.255 Kaspersky3|85.12.58.17|255.255.255.255 Kaspersky4|80.239.174.44|255.255.255.255 Kaspersky5|80.239.174.40|255.255.255.255 Kaspersky6|80.239.169.135|255.255.255.255 Kaspersky7|66.235.148.65|255.255.255.255 Kaspersky8|63.245.216.134|255.255.255.255 Kaspersky9|4.28.136.42|255.255.255.255 Kaspersky10|4.28.136.39|255.255.255.255 Kaspersky11|4.28.136.36|255.255.255.255 Kaspersky12|38.124.168.125|255.255.255.255 Kaspersky13|38.124.168.119|255.255.255.255 Kaspersky14|38.124.168.116|255.255.255.255 Kaspersky15|38.117.98.253|255.255.255.255 Kaspersky16|38.117.98.230|255.255.255.255 Kaspersky17|38.117.98.212|255.255.255.255 Kaspersky18|38.117.98.202|255.255.255.255 Kaspersky19|38.117.98.199|255.255.255.255 Kaspersky20|38.117.98.196|255.255.255.255 Kaspersky21|23.67.100.236|255.255.255.255 Kaspersky22|212.73.221.199|255.255.255.255 Kaspersky23|212.47.219.89|255.255.255.255 Kaspersky24|212.47.219.86|255.255.255.255 Kaspersky25|195.27.252.18|255.255.255.255 Kaspersky26|195.122.169.18|255.255.255.255 Kaspersky27|193.45.6.7|255.255.255.255 Kaspersky28|193.45.6.13|255.255.255.255 Kaspersky29|193.45.6.10|255.255.255.255 600*8/1024 13 0-23/6 * * * python /root/Desktop/Pycfile/restartTrafficCollector.py 13 0-23/6 * * * python /var/gs/restartTrafficCollector.py
  • 19. chart ==> DASHBOARD = Download Total = LAN = Downlaod WAN = Upload Capping = LAN = Downlaod WAN = Upload ( not show ) url == Report->Browsing->Browsing Logs acl likephp url_regex http://www.facebook.com/plugins/like.php acl exceptionsites dstdomain "/etc/squid/exceptionsites" redirector_access deny likephp redirector_access deny exceptionsites http_access allow likephp http_access allow exceptionsites acl loginbutton url_regex http://www.facebook.com/plugins/login_button.php acl exceptionsites dstdomain "/etc/squid/exceptionsites" redirector_access deny loginbutton redirector_access deny exceptionsites http_access allow loginbutton http_access allow exceptionsites Sajjan Mum :- 115.112.40.170 :- gsfw@login :- dreamwonder@sajjan Sajjan Ank :- 117.239.82.33 / 210.212.133.129 :- gsfw@login :- dreamwonder@sajjan chmod 755 download killall -9 squid.localauth sleep 3 squid.localauth -f /etc/squid/squid.conf.localauth -D Cheers firewall. IP :- 59.160.81.37 Password :- EM2q-47*Ewkh@n yahoonet1|66.196.114.0 yahoonet2|66.196.112.0 yahoonet3|106.10.193.0 arjun|Generic|Http|allow|AllTime|n|y|"Http Post" ~= "google.com/notes";or;"Http Header" ~= "google.com/notes";or;|active ----------------------------------- wetransfer.net wetransfer.com amazonaws.com quantserve.com Wetransfer1|176.34.103.229|255.255.255.255 Wetransfer2|192.229.145.207|255.255.255.255 Wetransfer3|46.137.107.237|255.255.255.255 wetransfer4|173.241.248.180|255.255.255.255 Wetransfer5|46.137.106.221|255.255.255.255 Wetransfer6|203.190.124.25|255.255.255.255 Wetransfer7|54.254.111.85|255.255.255.255 Wetransfer8|176.34.177.108|255.255.255.255 Wetransfer9|178.236.7.33|255.255.255.255