curl -x 192.168.2.95:8080 --proxy-ntlm -U 'gajdomainadministrator'
http://www.yahoo.com
============================================================
#acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
#http_access deny blockfiles
# vi /etc/squid/blocks.files.acl
Append following text:
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
acl blocksites url_regex "/etc/squid/squid-block.acl"
http_access deny blocksites
=================
proxy error ===== the requested url could not be retrived
Without proxy ====== page cannot be display
===========================================
traceroute -n -i eth1 yhh -I
=============================
acl myip dstdomain 192.168.1.200
acl exceptionsites dstdomain "/etc/squid/exceptionsites"
http_access deny myip
http_access allow exceptionsites
================================
iptables -I INPUT -p tcp -s 59.181.98.140 --dport 443 -j ACCEPT ======443 access
58.68.55.140
============
curl -x 192.168.1.221:8080 http://images.orkut.com
time curl -x 172.16.72.25:3128 http://www.ndtv.com -U helpdesk
===================================================
$squidstat = `ps auxwww | grep squid`;
$file = "squid -D";
if (!($squidstat =~ m/$file/)) {
$new = system("/usr/local/https/scripts/admin/restartproxy restart
>/dev/null 2>&1 &");
================================================================================
===============
$namedstat = `ps auxwww | grep named`;
$file = "/usr/sbin/named";
if (!($namedstat =~ m/$file/)) {
$new = system("/usr/sbin/named");
================================================================================
===============
/usr/sbin/snmpd
ps -ef |grep -i snmp
$snmpstat = `ps auxwww | grep snmp`;
$file = "/usr/sbin/snmpd";
if (!($snmpstat =~ m/$file/)) {
$new = system("/etc/init.d/snmpd restart >/dev/null 2>&1 &");
=====================================================================
du -h --max-depth=30
du -h --max-depth=1
====================
nslookup
> set type=MX
> bata.co.in
============
dig MX deseinindure.com
less /var/log/squid/access.log |grep -i safechild |awk '{print $3}' | cut -f2
-d'' |wc -l
less /var/log/squid/access.log |awk '{print $3}'
echo arjun=`less /var/log/squid/access.log |grep -i arjun |awk '{print $3}' | wc
-l `
less 20091029 |awk '{print $2}' |cut -f3 -d"|"
less 20091029 |awk '{print $2}' |cut -f3 -d"|" |grep -iv postmaster
find all files with name  testfile  in /home directory recursively and
contains the word hello.
find /home -type f -name testfile | xargs grep -l -i hello
## This scrip to count no of mails comes to perticular person
## you have to enter currect email id
echo " TO CHECK MAIL FOR PERTICULAR PERSON "
echo -e " enter persons mail ID :- c"
read 'mailid'
#echo " $mailid"
veri=`grep -e "$mailid" 20091029 | cut -f3 -d"|" |wc -l`
echo -e "$mailid = "$veri" "
#echo "$veri"
##echo "$veri"
##awk '{print $2}' 20091027 | cut -f3 -d"|" |grep -iv postmaster |grep -i
amit@gajshield.com
================================================================================
=============
start-browse
cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules
installfwrules
############################################################################
stop-browse
cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules
installfwrules
stop-browse
start-browse
ank@web!1
/var/tmp/gaj
============
-------------------
1 secure to secure fwnet-secure http fwip-insecure
 
mailserver
2 secure to secure fwnet-secure http mailserver
 
fwip-secure
========================================
Edit /etc/snort/snort.template and add below policy at the end of the file to
block gmail and yahoo mail https access at IPS level itself. After adding below
policy restart IPS service from frontend.
#### Rule to Block Gmail access ####
drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS Gmail Access -55";
flow:from_server,established; content:"mail.google.com"; offset:320; depth:50;
sid:510000079; )
#### Rule to Block yahoo mail access ####
drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS yahoo mail Access -55";
flow:from_server,established; content:"login.yahoo.com"; offset:320; depth:50;
sid:510000080; )
### IPS Rule to block Gtalk ###
drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55";
content:"jabber"; sid:510000079; )
drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55";
content:"etherx.jabber.org/streams"; sid:510000080; )
### Add below rules in additionalrules file to bypass users from IPS to access
Gtalk ###
/sbin/iptables -t mangle -I FORWARD -s 192.168.100.35 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -d 192.168.100.35 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 443 -j
ACCEPT
/sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 443 -j
ACCEPT
/sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 5222 -j
ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 5222 -j
ACCEPT
================================================================================
======
/sbin/iptables -t mangle -I OUTPUT -p tcp -s 192.168.1.1 -d 192.168.1.100
--sport 8080 -j ACCEPT
/sbin/iptables -t mangle -I POSTROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100
--sport 8080 -j ACCEPT
/sbin/iptables -t mangle -I PREROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100
--sport 8080 -j ACCEPT
/sbin/iptables -t mangle -I INPUT -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport
8080 -j ACCEPT
================================================================
python /usr/local/https/suid/maillinkdown.pyc
=============================================
arping -s (source ipaddress) (Gateway ip) -f -I eth(X)
===========================================================
*All*|Generic|File Upload|block|AllTime|n|y||active
*All*|Web Mails|All of Above|allow|AllTime|n|y||active
*All*|Orkut|Orkut Scrap|allow|AllTime|n|y||active
*All*|Orkut|Orkut Message|allow|AllTime|n|y||active
*All*|Orkut|Orkut Forum Post|allow|AllTime|n|y||active
*All*|Orkut|Orkut Forum Event|allow|AllTime|n|y||active
*All*|Facebook|Facebook Wall|allow|AllTime|n|y||active
*All*|Facebook|Facebook Message|allow|AllTime|n|y||active
*All*|Facebook|Facebook Forum Post|allow|AllTime|n|y||active
*All*|Facebook|Facebook Comment|allow|AllTime|n|y||active
*All*|Facebook|Facebook Note|allow|AllTime|n|y||active
*All*|Facebook|Facebook Event|allow|AllTime|n|y||active
*All*|IM Chat|All Above IM Chat|allow|AllTime|n|y||active
*All*|Web Chat|All Above Web Chat|allow|AllTime|n|y||active
============================================================
$squidstat = `ps auxwww | grep squid`;
$file = "squid -D";
if (!($squidstat =~ m/$file/)) {
$new = system("/usr/local/https/scripts/admin/restartproxy restart
>/dev/null 2>&1 &");
================================================================================
===============
$squidhttpsstat = `ps auxwww | grep squid`;
$file = "squid.https";
if (!($squidhttpsstat =~ m/$file/)) {
$new = system("/usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D
>/dev/null 2>&1 &");
================================================================================
===============
cd /var/named/
ll
cp gajshield.com.hosts gajshield.com.hosts.20090522a
vi gajshield.com.hosts
/etc/init.d/named restart
cd /etc/mail
ll
cp mailertable mailertable.20090222a
vi mailertable
makemap hash mailertable1.db < mailertable
strings mailertable1.db
/etc/init.d/sendmail restart
ping gajshield.com
cp /etc/mail/access /etc/mail/access.20090523a
vi /etc/mail/access
/etc/init.d/sendmail restart
ping ndtv.com.blacklist.gajshield.com
============================================
jmitra.gajshield.fw
CRON RECREATE
tail -f /var/log/cron
fcrontab -l > /var/tmp/vimcron
cat /var/tmp/vimcron
cd /var/spool/cron/
ls
/etc/init.d/crond stop
mv root root.vimbak
cat /var/tmp/vimcron | fcrontab -l
cat /var/tmp/vimcron | fcrontab -
ls -larth
/etc/init.d/crond start
ls -larth
tail -f /var/log/cron
===========================================
Please find the command to create the user account. please take the backup of
two files.
Run the below command for backup :-
cp -i /etc/passwd /etc/passwd.orignal
cp -i /etc/group /etc/group.orignal
Administrative level privilege account use this command :-
useradd -mg root -ou 0 (username)
For read-only privilege use below command :-
useradd -m (username)
Now Finally assign password to all created users for that use below command :-
passwd (username)
Aircel Circuit ID - C2407
===================================
eth0|192.168.128.200|LAN|||e100|||1500|std|||255.255.255.0|||0
eth1|116.72.54.87|WAN|116.72.48.1||e100|||1500|std||defaultroute|
255.255.248.0|||0
=====================================
$winbin = `ps auxwww | grep winbindd`;
$file = "/usr/sbin/winbindd";
if (!($winbin =~ m/$file/)) {
$new = system("/usr/sbin/restartntlm >/dev/null 2>&1");
}
$wbinfo = `wbinfo -t |grep "RPC calls failed"`;
if ($wbinfo) {
$new = system("/usr/local/https/scripts/admin/restartntlm >/dev/null
2>&1 &");
}
0-59/1 * * * * python /var/temp/arjun/wbinfo.py
======================================
$icap = `ps auxwww | grep icap`;
$file = "/usr/sbin/c-icap";
if (!($icap =~ m/$file/)) {
$new = system("/usr/sbin/c-icap -f /etc/c-icap.conf >/dev/null 2>&1 &");
}
$icap = `ps auxwww | grep icap | grep -i defunct`;
$file = '<defunct>';
if ($icap =~ m/$file/) {
$new = system("killall -9 /usr/sbin/c-icap ; /usr/sbin/c-icap -f /etc/c-
icap.conf >/dev/null 2>&1 &");
}
$smtp = `ps auxwww | grep smtp`;
$file = "/usr/sbin/smtpdscantransparent -f /usr/local/etc/clamsmtpdspam.conf
-p /var/run/clamsmtpdspam.conf.pid";
if (!($smtp =~ m/$file/)) {
$new = system("/usr/local/https/scripts/admin/restartantispam restart
>/dev/null 2>&1");
================================================
ethtool -s eth0 autoneg off speed 100 duplex half
ethtool -s eth7 autoneg on speed 10 duplex half
=================================================
snort -devi eth0 host 10.148.192.229 and port 21
================================================
python /usr/local/https/suid/sendreport.pyc
===============================================
:/lib/modules/2.4.26-grsec/kernel/drivers/net/e100
cp /var/tmp/Parekh Marine/e100.o .
:/usr/local/https/scripts/admin # cat additionalrules
=================================================
/etc/init.d/proxy stop
cd /var/
ls -larth
mv cache cache.20200210
mkdir cache
chown web.root cache
killall -9 squid
killall -9 squid
squid -z
/usr/local/https/scripts/admin/restartproxy restart
squid -z
/etc/init.d/proxy start
============================================
%s/searchword/replace word/g
==========================
ram28patil@gmail.com
cat file-name | sed -e 's/first_pattern/next_pattern/g' > new-file
cat /proc/net/ip_conntrack |grep 1433
122.252.232.179 ----Patanjali gsfw@PyP
Awash@3779 / 118.67.228.162
ping -c 3 -I 57.56.224.12 57.56.130.1
172.16.1.55
/var/spool/imap/user/spam/db/
/etc/mail/spamassassin/custom.cf
/usr/local/https/data/antispamrule
/usr/sbin/sendmail -C/etc/mail/sendmail-nospam.cf -f
Gaurav.Shetye@enerconindia.net support@gajshield.com < 745724.
sendmail -f sales@siskom.co.in -C/etc/mail/sendmail.cf pooja@techinfra.in <
2324881.
sendmail -C/etc/mail/sendmail-local.nonspam.cf -f
rasool.acct.bom@riyagroup.travel Riya.Travels@enerconindia.net < 281669.
smbpasswd -j GAJNEW (domain name) -r gajnew (netbios name) -U Administrator
net ads join -U username%passwd -S netbios name
net ads lookup -U 'username%passwd' -S servername
cat ntlmdata
testgaj.com|win-sr2unpvbdco|AD-Srv2008|administrator|gaj@1234|testgaj
WAN Failover in new kernal
### Ping allowed from all interfaces ###
/sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.1.5 -j ACCEPT
/sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.10.2 -j ACCEPT
###
======================================================================
7.2.1
md5sum /usr/lib/c_icap/srv_clamav.so 259611bb3b9773a23b99ab356c6616e3 OLD
freshclam -V ClamAV 0.96/10763/Tue Apr 20 18:10:59 2010
md5sum srv_clamav.so 95da956aba84de9e0b5d7eccd733f141 NEW
======================================================================
/sbin/iptables -I INPUT -s 172.1.1.1 -p tcp --dport 222 -i ppp0 -j ACCEPT
route add -net 192.168.25.0/24 gw 172.1.1.1
route add -net 172.1.1.0/24 gw 192.168.2.3
route del -net 172.1.1.0 netmask 255.255.255.0 gw 192.168.2.3
/sbin/iptables -I INPUT -s 192.168.25.23 -p tcp --dport 443 -i ppp0 -j ACCEPT
0-59/5 * * * * rm -frv /var/log/proxy/__db*
$httpsinspect = `ps auxwww | grep httpsinspect`;
$file = "/usr/sbin/httpsinspect";
if (!($httpsinspect =~ m/$file/)) {
$new = system("/usr/sbin/httpsinspect >/dev/null 2>&1 &");
iptables -I OUTPUT -s 220.227.158.10 -d 220.226.206.22 -j ACCEPT
=============
$stunnel = `ps auxwww | grep stunnel`;
$file = "/usr/sbin/stunnel";
if (!($stunnel =~ m/$file/)) {
$new = system("/usr/sbin/stunnel >/dev/null 2>&1 &");
==================
stunnel -d 443 -v 1 -D 7 -L /usr/sbin/pppd -- pppd 172.1.1.1: noauth local
passive
squid -f /etc/squid/squid.conf -D
===================================================
while true;do ps aux|grep logzip |grep -v grep;done
while true;do ps aux|grep generate |grep -v grep;done
python /usr/local//icichttps/suid/firewalllogzip.pyc -createzip 20100504
20100504 downloaddlpuploadlog
================================================================================
=================
tune2fs -c 0 /dev/hda1 2 4
/usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D
/usr/ctasd/bin/http_client.pl
/var/spool/quarantine/20100614/spam.1276456323.27972
ipsec whack --status
chmod 666 /dev/null
http://www.gajshield.com/technical_document.htm
•••••••••
http://www.hideipvpn.com/2010/03/howto-windows-7-ipsecl2tp-vpn-setup-tutorial/
/sbin/iptables -I PREROUTING -t mangle -s 57.56.130.0/24 -d 145.228.181.96 -p
tcp --dport 80 -j ROUTE --gw 57.56.130.1
/sbin/iptables -I PREROUTING -t mangle -s 172.1.1.27 -d 192.168.2.7 -p tcp
--dport 80 -j ROUTE --gw 172.1.1.1
http://www.careerride.com/job-skills.aspx
http://studyhat.blogspot.com/
route add 192.168.2.7 gw 172.1.1.1
###destination d_fw
{ program("/usr/local/https/scripts/admin/manageidentitylog"
template("$MSGn")); };
###destination d_identity_log { file("/var/log/firewall/$YEAR$MONTH$DAY"
template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); };
###filter f_identity_log { facility(local3) and level(info);};
###destination d_identity_login { file("/var/log/identity/
$YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); };
###filter f_identity_login { level(notice) and program("python"); };
###log { source(s_sys); filter(f_identity_login); destination(d_identity_login);
};
###log { source(s_sys); filter(f_identity_log); destination(d_identity_log); };
*** Note the first line needs to be replaced with the following line.
destination d_fw { file("/var/log/firewall/$YEAR$MONTH$DAY"
template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); };
route add 192.168.2.7 gw 172.1.1.1
iptables -t filter -I OUTPUT -d 192.168.2.7 -p tcp --dport 80 -j ACCEPT
GajShield Infotech (I) Pvt. Ltd.
Unit 103, Building No. 5, Sector III,
Millennium Business Park, Mahape,
Navi Mumbai   400 701.
==========================
killall -9 squid.https
sleep 2
/usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D
squid -f /etc/squid/squid.conf -D
=======================
modprobe xt_statistic
/sbin/modprobe ipt_TTL
/sbin/modprobe ipt_ttl
tcpdump -eni eth0
iptables -I OUTPUT -s <SRC IP> -p tcp --dport 80 -j DROP
23 0-23/2 * * *
./redirect 1 0 1
www.onlinegames.net 192.168.0.49 - GET
http://127.0.0.1/cgi-bin/blocked.ggi?
blockedurl=www.onlinegames.net&reason=hitesh|192.168.0.49|Blocked|
Site+in+Advanced+Blocked+Category+Games,+for+group+Default
127.0.0.1 - GET
http://www.gajshield.com/technical_document.htm
/usr/local/bin/ctasd-3.01.0017-linux-x86-gcc323-
kernel24/samples/http_client.pl /var/ankur/ILFS-Spam-1
/usr/local/bin/ctasd-3.00.0028-linux-x86-gcc335/samples/http_client.pl
/tmp/414760.
chkconfig --level 3 ntpd off
cat services |sort -u > services.origin
proxylogs.SBI
squid.02-09-2010
squidconf.template.20090216
.virtualearth.net
.gta-travel.com
EHLO webmail.gajshield.com
MAIL From:<gajshield-list-bounce@gajshield.com> SIZE=297331
RCPT To:<info@vintage3.com>
DATA
<!--**URL-FILTERING**-->_ng 0 0 1
################################################################################
##
icap_service service_1 reqmod_precache 1 icap://127.0.0.1:1344/gajdlp_module
icap_service service_3 respmod_precache 1 icap://127.0.0.1:1344/gajdlp_module
---
icap_access class_3 allow simpletext
icap_access class_3 allow gmailchat
icap_access class_3 allow gmailchat1
icap_access class_3 allow sifychat
icap_access class_3 allow sifychat1
icap_access class_3 allow yahoochat
icap_access class_3 allow facebookchat
icap_access class_1 deny whitedomain
icap_access class_1 deny localmachine
icap_access class_1 allow FTP
icap_access class_1 allow HTTP
icap_access class_1 allow GET
icap_access class_1 allow POST
################################################################################
#####
replace srv_echo.so with srv_clamav.so
< ### Rules to bypass ICMP from IPS ###
<
< /sbin/iptables -t mangle -I INPUT -p icmp -j ACCEPT
< /sbin/iptables -t mangle -I FORWARD -p icmp -j ACCEPT
< /sbin/iptables -t mangle -I OUTPUT -p icmp -j ACCEPT
<
dlpoptions
**Sify Mail
*SMTP Mails
**SMTP Mails
dlpservicefunc
Sify Web Chat|
321b17265cab11d20c5d0b0238a8e5f433f50684c4e1285748edefc6780a929016140ff247c5da08
9f|
SMTP Mails|
4545bdaf247ae477c9feeb2805caafbd25967c4a6e8337c21acdf505d5d3c9e9e287776835|
SMTP|8c1b3561c2ae1e4c570b5b5ea9d3b05ab360443b958c4233d5e5babdc0082b007b06ca|
Sify Mail|
2dc78855525b7ad32e8c1178fdc0dea261e6beb1bf7a106c1cd78508b32cceead15ea96816|
http://productsearch.rediff.com/productlist.aspx?
category=television&brand=LG&price=Below%20Rs%205000
snort --daq-dir=/usr/lib/daq -i eth0 host 192.168.0.67 and port 443
snort --daq-dir=/usr/lib/daq -C -d -i lo port 1709
snort --daq-dir=/usr/lib/daq -C -d -i lo port 1344
snort -C -d -v -i lo port 1344
http://en.wikipedia.org/wiki/AAA_protocol
Hi,
Please export users from Radius server and save it in csv file. And upload that
file in Browsing->User Settings->Users->CSV File Upload.
http://www.gajshield.com/manual/SNMP_configuration_with_in_GajShield.pdf
10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata-
123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None-
None:None:None:None:None|||
20|Airtel to Any|fwip-Airtel||http,https||internet||default|accept|no|Airtel-
122.169.101.1,Tata-123.252.239.1|yes|active||None:None:None:None:None-
None:None:None:None:None|||
http://www.4shared.com/dir/34402089/7a2b8b50/Ajay_Atul_Music_fanss_collecti.html
Please give us a goto meeting access to check the issue.
https://www.gotomeeting.com/join/187194339
10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata-
123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None-
None:None:None:None:None|||
< ##<!--**AUTHENTICATION**-->
<
< auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
< auth_param ntlm children 30
/usr/local/https/scripts/admin/resetdefault
OR
/usr/local/https/scripts/admin/resetdefault clearlog
cat additionalrules.changes
cp /var/temp/arjun/restartntlm.pyc /usr/local/https/suid/restartntlm.pyc >
/dev/null 2>&1
chmod 755 /usr/local/https/suid/restartntlm.pyc > /dev/null 2>&1
/usr/sbin/c-icap -f /etc/c-icap.conf -D -d 9
squid -f /etc/squid/squid.conf -D -d 9
EXPRESS DIGITAL SYSTEMS,
SAMSUNG EXCLUSIVE SERVICE CENTER,
Navyog Niwas, Shop No. 6, Gr. Floor,
1767 Lamington Road, Opp Minerva Cinema,
Grant Road(East) Mumbai-400 008.
tel no. (91-22) 2301 3198.
======================
facebook blocking
channel.facebook.com
facebook.com/ajax/chat/
==============
root@gsfw:/etc/ipsec.d # find . |grep -i gaj
./squid/cert/gajsslcert.req
./squid/cert/gajsslcert.pem
./squid/key/gajsslcert.pemc
/etc/ipsec.d/cakeys
guest
b1pl@b
194 --- sendmail
55 --- newspam
root@gsfw:/var/log/DLP/imlogs/webchat/facebook/656111326/640816416
=============================================
tun0|172.16.6.1|CloudConnect|||e1000e|||1500|std|||255.255.255.0|||0
CloudNw|172.16.6.0|255.255.255.0
Cloud|1024:65535|1195|udp|0
1|Beam to Beam|internet||cloud||fwip-Beam||default|accept|no|none|yes|active||
None:None:None:None:None-None:None:None:None:None|||
2|TTSL to TTSL|internet||cloud||fwip-TTSL||default|accept|no|none|yes|active||
None:None:None:None:None-None:None:None:None:None|||
3|CloudConnect to LAN|cloudnetwork||DNS||fwip-LAN||default|accept|no|none|yes|
active||None:None:None:None:None-None:None:None:None:None|||
4|CloudConnect to LAN|cloudnetwork||Any||fwnet-LAN||default|accept|no|none|yes|
active||None:None:None:None:None-None:None:None:None:None|||
5|CloudConnect to Any|cloudnetwork||http-transparent-proxy,https,DNS||internet||
default|accept|no|Beam-183.83.192.1,TTSL-192.168.1.1|yes|active||
None:None:None:None:None-None:None:None:None:None|||
root@gsfw:/usr/local/https/data # cat cloud
clouddomain cloudexepass cloudusers
root@gsfw:/usr/local/https/data # cat clouddomain
ct|IP|fwip-Beam|Encryption:3des|Compression:on|cloudnetwork|cloud|fwip-LAN|fwip-
LAN|fwip-TTSL
===========================================
/proc/sys/net/ipv4/ip_forward
/usr/local/https/templates/newaccessdenied.html
30 22 * * * /sbin/shutdown -h now
30 22 * * * init 0
Awash@3779
chmod 1777 tmp
drwxrwxrwt 4 root root 4.0K 2014-05-14 12:11 tmp
ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9 "$2);}'
0,30 * * * * ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9
"$2);}'
$ctwsd = `ps auxwww | grep ctwsd`;
$file = "./ctwsd.bin -l /usr/lib/ctwsd -c /etc/ctwsd/ctwsd.conf --pid
/var/run/ctwsd/ctwsd.pid";
if (!($ctwsd =~ m/$file/)) {
if(-e "/usr/lib/ctwsd/ctwsd"){
$new = system("/etc/init.d/ctwsd start >/dev/null 2>&1 &");
iptables -t filter -I FORWARD -s 192.168.0.0/20 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.0/20 -j ACCEPT
undes gajshield 20110801.backup 20110801.backup.tgz
tar -zxvf 20110801.backup.tgz
##<!--**SSL_CRTD**-->
sslcrtd_program /usr/sbin/ssl_crtd -s /var/spool/ssl_db -M 4MB
sslcrtd_children 10
##<!--**SSL_GET_DOMAIND**-->
sslgetdomaind_program /usr/local/https/squid/ssl_getdomaind
sslgetdomaind_children 250
/usr/local/https/etc/ipsrules
backup /usr/sbin/proxylogs (replace 530 with access log time)
POP3 :- tagging
SMTP :- tagging and blocking
login4tpg@123
0-59/5 * * * * rm -frv /var/log/proxy/__db*
/usr/local/https/gajcloud/template/server.conf.template
/etc/openvpn/server.conf
==========================================================
webex network
96.6.38.212
210.4.200.96
114.29.194.39
62.109.202.160
64.191.223.37
62.109.202.153
62.109.202.151
173.222.154.212
62.109.202.162
72.247.50.212
114.29.195.80
Webex-net10|114.29.194.0|255.255.255.0
Webex-net1|114.29.200.0|255.255.255.0
Webex-net2|64.68.107.0|255.255.255.0
Webex-net3|210.4.201.0|255.255.255.0
Webex-net4|64.68.96.0|255.255.255.0
Webex-net5|64.68.105.0|255.255.255.0
Webex-net6|209.197.200.0|255.255.255.0
Webex-net7|209.197.222.0|255.255.255.0
Webex-net8|184.31.40.0|255.255.255.0
Webex-net9|64.68.104.0|255.255.255.0
Webex-net0|66.114.168.0|255.255.255.0
173.223.42.212
210.4.200.96
114.29.195.83
95.100.40.36
173.243.5.18
114.29.195.83
173.243.0.152
==========================================
$monitor = `ps ax | grep monitor`;
$file = "python /usr/local/https/suid/pyc_exec_suid
/usr/local/https/suid/monitor.pyc /usr/local/https/data/ /etc/ipsec.d/";
if (!($monitor =~ m/$file/)) {
if(-e "/etc/init.d/monitor"){
$new = system("/etc/init.d/monitor start >/dev/null 2>&1 &");
$checkvpn = `ps auxwww | grep checkvpn`;
$file = "/usr/sbin/checkvpn";
if (!($checkvpn =~ m/$file/)) {
$new = system("/usr/sbin/checkvpn >/dev/null 2>&1 &");
}
$checkISP = `ps auxwww | grep checkISP`;
$file = "/usr/sbin/checkISP";
if (!($checkISP =~ m/$file/)) {
$new = system("/usr/sbin/checkISP >/dev/null 2>&1 &");
}
mca1|14.140.191.120|255.255.255.255
mca2|202.54.179.120|255.255.255.255
mca3|115.114.108.120|255.255.255.255
mca4|216.163.188.49|255.255.255.255
mca5|14.114.191.120|255.255.255.255
mca6|202.137.239.30|255.255.255.255
/usr/sbin/c-icap -f /etc/c-icap.conf -N -D -d 9
fsck -c /dev/hda1 111.93.11.126
tar zcvf AkashPack.20111221.tgz /usr/local/https/ /etc/
/usr/sbin/sslcrtd -c -s /tmp/ssl_db/
chmod -R 777 /tmp/ssl_db/
squid.localauth -f /etc/squid/squid.conf.localauth -D -d 9
squid -f /tmp/squid.conf -D -d 9
cat /etc/init.d/newmknodfiles |grep -i sip
/sbin/modprobe ip_conntrack_sip
##/sbin/modprobe ip_nat_sip
root@gsfw:~ # cat /etc/init.d/newmknodfiles |grep -i 323
/sbin/modprobe ip_conntrack_h323
##/sbin/modprobe ip_nat_h323
iptables -L -n -t mangle |less
/sbin/iptables -t mangle -D FORWARD -o ! lo -j QUEUE
/sbin/iptables -t mangle -D INPUT -i ! lo -j QUEUE
/sbin/iptables -t mangle -D OUTPUT -o ! lo -j QUEUE
################## DC ################
0-59/1 * * * * /usr/local/https/data/restartNTLMScript.sh ( Restart NTLM )
/sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 ( Disable
IPS for failover in DC)
/sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1
/sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 --queue-
bypass
/sbin/iptables -t mangle -D OUTPUT -m state --state RELATED,ESTABLISHED -j
CONNMARK --restore-mark
##########################################
tar zxvf /var/tmp/VARForAkashPack.20111229.tgz
ps -ef |grep -i dhcp
root 13565 1717 0 17:52 pts/0 00:00:00 grep -i dhcp
root 25067 1 0 Jan18 ? 00:02:24 /usr/sbin/dhcpd -lf
/var/lib/dhcp/dhcpd.leases eth0 eth1
GT-S5263
====================
Dropbox IP
Dropbox1|108.160.160.0|255.255.240.0
Dropbox2|199.47.216.0|255.255.252.0
Dropbox3|199.47.217.0|255.255.255.0
Dropbox4|199.47.218.0|255.255.255.0
Dropbox5|199.47.219.0|255.255.255.0
Dropbox6|23.21.220.0|255.255.255.0
Dropbox7|107.22.245.0|255.255.255.0
Dropbox8|50.17.246.0|255.255.255.0
Dropbox9|174.129.195.0|255.255.255.0
Dropbox10|23.23.226.0|255.255.255.0
Dropbox11|54.221.249.0|255.255.255.0
Dropbox12|108.160.165.0|255.255.224.0
Dropbox13|108.160.162.0|255.255.255.0
Dropbox14|108.160.166.0|255.255.255.0
Dropbox15|54.221.234.0|255.255.255.0
Dropbox16|107.20.249.120|255.255.255.0
Dropbox17|50.19.214.0|255.255.255.0
Dropbox18|23.23.229.0|255.255.255.0
====================
neo@howallbkd
/usr/sbin/c-icap -f /etc/c-icap.conf -D -N -d 9
client ldap sasl wrapping = sign
Linux 2.6.18-238.19.1.el5xen (32-bit)
/usr/bin/nice -n 19 /usr/local/https/scripts/admin/dumpdashboard
Front End Password: ITSInvisiblE (after b is small L)
Backend Password: Security@1981 (S is Capital)
-rw-r----- 1 web wheel 1488857 2012-05-19 15:24 /var/tmp/sslcrtd.log
-rw-r----- 1 web wheel 14200 2012-05-19 09:30 /var/tmp/getdomaind.log
9.4.7.4.34.3.4
winbindd -d 9 -i
Sec5re license
11 10 * * * /bin/rm /usr/local/https/ramdata/ssldomains.db
leave@tra!l4me
cat /etc/rc.local |grep -i tso
/usr/sbin/ethtool -K eth0 tso off
/usr/sbin/ethtool -K eth1 tso off
/usr/sbin/ethtool -K eth3 tso off
vi /etc/ctwsd/ctwsd.conf
ServerAddress = webres1.t.ctmail.com
openssl verify /etc/ipsec.d/squid/cert/gajsslcert.pem
/usr/local/https/gajcloud/template/server.conf.template
fbcdn-dragon-a.akamaihd.net = *.akamaihd.net
killall -9 /usr/sbin/c-icap;killall -9 /usr/sbin/c-
icap;/usr/local/https/scripts/admin/restarticap ;killall -9 squid;killall -9
squid;/usr/local/https/scripts/admin/restartproxy start
ping yahoo.com -I eth2 -i 0.2 -s 1400
Microsoft
96.17.182.42
157.56.67.221
Rajesh :- surf_499
Ushacomm
/sbin/iptables -t mangle -I FORWARD -s 172.16.0.0/16 -d 10.240.1.0/24 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.16.0.0/16 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 172.28.0.0/16 -d 10.240.1.0/24 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.28.0.0/16 -j ACCEPT
/sbin/iptables -t mangle -I FORWARD -s 192.168.123.0/24 -d 192.168.123.0/24 -j
ACCEPT ( DC PPTP VPN )
### Bandwidth Quota was not working and to work that below MARK policy added for
http and https transparent proxy ###
##/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 80 -j CONNMARK --set-mark
2
#/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 443 -j CONNMARK --set-mark
2
#/sbin/iptables -t nat -I OUTPUT -p tcp --dport 80 -j CONNMARK --set-mark 2
#/sbin/iptables -t nat -I OUTPUT -p tcp --dport 443 -j CONNMARK --set-mark 2
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j CONNMARK --set-mark 2
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 -j CONNMARK --set-mark 2
python
Python 2.3.4 (#1, Sep 30 2004, 03:19:26)
[GCC 3.3.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> f = open("interfacemarkdict")
>>> a =
KeyboardInterrupt
>>> pickle
KeyboardInterrupt
>>> import pickle
>>> a = pickle.load(f)
>>> a
{'LAN': 1, 'BSNL': 3, 'MPLS': 4, 'AirTel4M': 5, 'AIRTEL': 2}
>>>
/usr/sbin/imspector -c /usr/local/https/etc/imspector/imspector.conf -D 4
/etc/init.d/S90Apache start ( httpd )
0-59/1 * * * * /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num
1
/usr/sbin/clamsslsmtpd -d 4 -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p
/var/run/clamsslsmtpdspamvirus.conf.pid
/var/temp/clamsslsmtpd -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p
/var/run/clamsslsmtpdspamvirus.conf.pid -d 4
bypass from httpsinspect
/usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 182.73.181.124 -m state
--state ESTABLISHED -j ACCEPT
/usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 172.16.9.4 -m state --state
ESTABLISHED -j ACCEPT
cat conftacacs
gsfw|fwip-LAN|49|12345|chap|
confldap
gsfw|ADSERVER|389|cn|r|j|superuser|wonderdream|g|
ap.corp.ipgnetwork.com|bomgdc01|ADServer|kumaraadmin|AmbiEnce@001|ipgap
whatsapp1|174.37.217.92|255.255.255.255
whatsapp2|50.22.231.49|255.255.255.255
whatsapp3|174.37.199.194|255.255.255.255
whatsapp4|208.43.115.207|255.255.255.255
whatsappnw1|50.22.231.32|255.255.255.224
whatsappnw10|173.192.219.96|255.255.255.224
whatsappnw11|174.37.199.194|255.255.255.224
whatsappnw12|184.173.179.41|255.255.255.224
whatsappnw13|184.173.136.64|255.255.255.224
whatsappnw14|184.173.147.32|255.255.255.224
whatsappnw15|66.228.112.0|255.255.240.0
whatsappnw16|173.192.231.32|255.255.255.224
whatsappnw2|50.22.210.128|255.255.255.224
whatsappnw3|50.22.198.224|255.255.255.252
whatsappnw4|50.22.198.204|255.255.255.252
whatsappnw5|50.22.194.224|255.255.255.224
whatsappnw6|208.43.96.4|255.255.255.252
whatsappnw7|208.43.122.128|255.255.255.224
whatsappnw8|184.173.136.64|255.255.255.224
whatsappnw9|184.172.19.64|255.255.255.224
===================================
Facebook1|69.63.167.0|255.255.240.0
Facebook2|66.220.144.0|255.255.240.0
Facebook3|69.63.181.0|255.255.240.0
Facebook4|69.171.224.0|255.255.0.0
Facebook5|66.220.152.0|255.255.240.0
Facebook6|69.63.184.0|255.255.240.0
Facebook7|69.171.228.0|255.255.240.0
Facebook8|69.171.224.0|255.255.240.0
Facebook9|31.13.64.0|255.255.255.0
Facebook10|203.92.39.0|255.255.255.0
Facebook11|23.57.194.0|255.255.255.0
Facebook12|31.13.72.0|255.255.255.0
Facebook13|173.252.110.0|255.255.0.0
Facebook14|204.15.20.0|255.255.252.0
Facebook15|203.92.39.0|255.255.255.0
===================
tally1|124.153.107.130|255.255.255.255
tally2|124.153.107.132|255.255.255.255
tally3|124.153.107.139|255.255.255.255
tally4|124.153.107.150|255.255.255.255
tally5|124.153.107.151|255.255.255.255
tally6|124.153.107.134|255.255.255.255
tally7|124.153.107.145|255.255.255.255
tally8|124.153.107.146|255.255.255.255
tally9|124.153.107.147|255.255.255.255
tally10|124.153.107.131|255.255.255.255
tally11|124.153.107.133|255.255.255.255
tally12|124.153.107.140|255.255.255.255
tally13|124.153.107.148|255.255.255.255
tally14|124.153.107.149|255.255.255.255
tally15|124.153.107.135|255.255.255.255
tally16|124.153.107.136|255.255.255.255
tally17|124.153.107.137|255.255.255.255
tally18|124.153.107.138|255.255.255.255
tally19|124.153.107.66|255.255.255.255
tally20|124.153.107.96|255.255.255.255
.tallysolutions.com
.tallyenterprise.com
.tallybss.com
====================
email bindlalbahadur@gmail.com
pass kishan123
202.46.197.164 DISHTV
==================
Patanjali
DishTV1|180.179.201.170|255.255.255.255
DishTV2|74.63.224.173|255.255.255.255
DishTV3|217.23.15.146|255.255.255.255
DishTV4|93.190.138.104|255.255.255.255
DishTV5|109.236.86.209|255.255.255.255
DishTV6|74.63.224.172|255.255.255.255
DishTV7|103.5.198.210|255.255.255.255
DishTV8|202.46.197.164|255.255.255.255
===============
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 192.168.0.0/24 -j
ROUTE --gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.0.128.0/24 -j ROUTE
--gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.2.0/24 -j ROUTE
--gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.5.0/24 -j ROUTE
--gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.4.0/24 -j ROUTE
--gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.6.0/24 -j ROUTE
--gw 10.53.0.1
/sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.11.0/24 -j ROUTE
--gw 10.53.0.1
Kaspersky1|94.75.236.122|255.255.255.255
Kaspersky2|93.159.230.19|255.255.255.255
Kaspersky3|85.12.58.17|255.255.255.255
Kaspersky4|80.239.174.44|255.255.255.255
Kaspersky5|80.239.174.40|255.255.255.255
Kaspersky6|80.239.169.135|255.255.255.255
Kaspersky7|66.235.148.65|255.255.255.255
Kaspersky8|63.245.216.134|255.255.255.255
Kaspersky9|4.28.136.42|255.255.255.255
Kaspersky10|4.28.136.39|255.255.255.255
Kaspersky11|4.28.136.36|255.255.255.255
Kaspersky12|38.124.168.125|255.255.255.255
Kaspersky13|38.124.168.119|255.255.255.255
Kaspersky14|38.124.168.116|255.255.255.255
Kaspersky15|38.117.98.253|255.255.255.255
Kaspersky16|38.117.98.230|255.255.255.255
Kaspersky17|38.117.98.212|255.255.255.255
Kaspersky18|38.117.98.202|255.255.255.255
Kaspersky19|38.117.98.199|255.255.255.255
Kaspersky20|38.117.98.196|255.255.255.255
Kaspersky21|23.67.100.236|255.255.255.255
Kaspersky22|212.73.221.199|255.255.255.255
Kaspersky23|212.47.219.89|255.255.255.255
Kaspersky24|212.47.219.86|255.255.255.255
Kaspersky25|195.27.252.18|255.255.255.255
Kaspersky26|195.122.169.18|255.255.255.255
Kaspersky27|193.45.6.7|255.255.255.255
Kaspersky28|193.45.6.13|255.255.255.255
Kaspersky29|193.45.6.10|255.255.255.255
600*8/1024
13 0-23/6 * * * python /root/Desktop/Pycfile/restartTrafficCollector.py
13 0-23/6 * * * python /var/gs/restartTrafficCollector.py
chart ==> DASHBOARD = Download
Total = LAN = Downlaod
WAN = Upload
Capping = LAN = Downlaod
WAN = Upload ( not show )
url == Report->Browsing->Browsing Logs
acl likephp url_regex http://www.facebook.com/plugins/like.php
acl exceptionsites dstdomain "/etc/squid/exceptionsites"
redirector_access deny likephp
redirector_access deny exceptionsites
http_access allow likephp
http_access allow exceptionsites
acl loginbutton url_regex http://www.facebook.com/plugins/login_button.php
acl exceptionsites dstdomain "/etc/squid/exceptionsites"
redirector_access deny loginbutton
redirector_access deny exceptionsites
http_access allow loginbutton
http_access allow exceptionsites
Sajjan Mum :- 115.112.40.170 :- gsfw@login :- dreamwonder@sajjan
Sajjan Ank :- 117.239.82.33 / 210.212.133.129 :- gsfw@login :-
dreamwonder@sajjan
chmod 755 download
killall -9 squid.localauth
sleep 3
squid.localauth -f /etc/squid/squid.conf.localauth -D
Cheers firewall.
IP :- 59.160.81.37
Password :- EM2q-47*Ewkh@n
yahoonet1|66.196.114.0
yahoonet2|66.196.112.0
yahoonet3|106.10.193.0
arjun|Generic|Http|allow|AllTime|n|y|"Http Post" ~= "google.com/notes";or;"Http
Header" ~= "google.com/notes";or;|active
-----------------------------------
wetransfer.net
wetransfer.com
amazonaws.com
quantserve.com
Wetransfer1|176.34.103.229|255.255.255.255
Wetransfer2|192.229.145.207|255.255.255.255
Wetransfer3|46.137.107.237|255.255.255.255
wetransfer4|173.241.248.180|255.255.255.255
Wetransfer5|46.137.106.221|255.255.255.255
Wetransfer6|203.190.124.25|255.255.255.255
Wetransfer7|54.254.111.85|255.255.255.255
Wetransfer8|176.34.177.108|255.255.255.255
Wetransfer9|178.236.7.33|255.255.255.255
Wetransfer10|203.190.124.12|255.255.255.255
Wetransfer11|203.90.124.25|255.255.255.255
Wetransfer12|54.239.34.25|255.255.255.255
Wetransfernet1|176.32.0.0|255.0.0.0
Wetransfernet2|178.236.0.0|255.0.0.0
-----------------------------------
cd /etc/named
edit orixindia.com.external.hosts
/etc/init.d/named stop
/etc/init.d/named start

Command

  • 1.
    curl -x 192.168.2.95:8080--proxy-ntlm -U 'gajdomainadministrator' http://www.yahoo.com ============================================================ #acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl" #http_access deny blockfiles # vi /etc/squid/blocks.files.acl Append following text: .[Ee][Xx][Ee]$ .[Aa][Vv][Ii]$ .[Mm][Pp][Gg]$ .[Mm][Pp][Ee][Gg]$ .[Mm][Pp]3$ acl blocksites url_regex "/etc/squid/squid-block.acl" http_access deny blocksites ================= proxy error ===== the requested url could not be retrived Without proxy ====== page cannot be display =========================================== traceroute -n -i eth1 yhh -I ============================= acl myip dstdomain 192.168.1.200 acl exceptionsites dstdomain "/etc/squid/exceptionsites" http_access deny myip http_access allow exceptionsites ================================ iptables -I INPUT -p tcp -s 59.181.98.140 --dport 443 -j ACCEPT ======443 access 58.68.55.140 ============ curl -x 192.168.1.221:8080 http://images.orkut.com time curl -x 172.16.72.25:3128 http://www.ndtv.com -U helpdesk =================================================== $squidstat = `ps auxwww | grep squid`; $file = "squid -D"; if (!($squidstat =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartproxy restart >/dev/null 2>&1 &"); ================================================================================ =============== $namedstat = `ps auxwww | grep named`; $file = "/usr/sbin/named"; if (!($namedstat =~ m/$file/)) { $new = system("/usr/sbin/named"); ================================================================================ =============== /usr/sbin/snmpd ps -ef |grep -i snmp $snmpstat = `ps auxwww | grep snmp`; $file = "/usr/sbin/snmpd"; if (!($snmpstat =~ m/$file/)) { $new = system("/etc/init.d/snmpd restart >/dev/null 2>&1 &"); ===================================================================== du -h --max-depth=30 du -h --max-depth=1 ==================== nslookup > set type=MX > bata.co.in ============ dig MX deseinindure.com
  • 2.
    less /var/log/squid/access.log |grep-i safechild |awk '{print $3}' | cut -f2 -d'' |wc -l less /var/log/squid/access.log |awk '{print $3}' echo arjun=`less /var/log/squid/access.log |grep -i arjun |awk '{print $3}' | wc -l ` less 20091029 |awk '{print $2}' |cut -f3 -d"|" less 20091029 |awk '{print $2}' |cut -f3 -d"|" |grep -iv postmaster find all files with name  testfile  in /home directory recursively and contains the word hello. find /home -type f -name testfile | xargs grep -l -i hello ## This scrip to count no of mails comes to perticular person ## you have to enter currect email id echo " TO CHECK MAIL FOR PERTICULAR PERSON " echo -e " enter persons mail ID :- c" read 'mailid' #echo " $mailid" veri=`grep -e "$mailid" 20091029 | cut -f3 -d"|" |wc -l` echo -e "$mailid = "$veri" " #echo "$veri" ##echo "$veri" ##awk '{print $2}' 20091027 | cut -f3 -d"|" |grep -iv postmaster |grep -i amit@gajshield.com ================================================================================ ============= start-browse cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules installfwrules ############################################################################ stop-browse cat /var/tmp/gaj/rules-working-browse > /usr/local/https/data/rules installfwrules stop-browse start-browse ank@web!1 /var/tmp/gaj ============ ------------------- 1 secure to secure fwnet-secure http fwip-insecure   mailserver 2 secure to secure fwnet-secure http mailserver   fwip-secure ======================================== Edit /etc/snort/snort.template and add below policy at the end of the file to block gmail and yahoo mail https access at IPS level itself. After adding below
  • 3.
    policy restart IPSservice from frontend. #### Rule to Block Gmail access #### drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS Gmail Access -55"; flow:from_server,established; content:"mail.google.com"; offset:320; depth:50; sid:510000079; ) #### Rule to Block yahoo mail access #### drop tcp [192.168.2.0/24] any <> any any (msg:"HTTPS yahoo mail Access -55"; flow:from_server,established; content:"login.yahoo.com"; offset:320; depth:50; sid:510000080; ) ### IPS Rule to block Gtalk ### drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55"; content:"jabber"; sid:510000079; ) drop tcp [192.168.2.0/24] any <> any any (msg:"Gtalk Access Block -55"; content:"etherx.jabber.org/streams"; sid:510000080; ) ### Add below rules in additionalrules file to bypass users from IPS to access Gtalk ### /sbin/iptables -t mangle -I FORWARD -s 192.168.100.35 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.100.35 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 443 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 443 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -d 192.168.16.40 -p tcp --dport 5222 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.16.40 -p tcp --dport 5222 -j ACCEPT ================================================================================ ====== /sbin/iptables -t mangle -I OUTPUT -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I POSTROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I PREROUTING -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT /sbin/iptables -t mangle -I INPUT -p tcp -s 192.168.1.1 -d 192.168.1.100 --sport 8080 -j ACCEPT ================================================================ python /usr/local/https/suid/maillinkdown.pyc ============================================= arping -s (source ipaddress) (Gateway ip) -f -I eth(X) =========================================================== *All*|Generic|File Upload|block|AllTime|n|y||active *All*|Web Mails|All of Above|allow|AllTime|n|y||active *All*|Orkut|Orkut Scrap|allow|AllTime|n|y||active *All*|Orkut|Orkut Message|allow|AllTime|n|y||active *All*|Orkut|Orkut Forum Post|allow|AllTime|n|y||active *All*|Orkut|Orkut Forum Event|allow|AllTime|n|y||active *All*|Facebook|Facebook Wall|allow|AllTime|n|y||active *All*|Facebook|Facebook Message|allow|AllTime|n|y||active *All*|Facebook|Facebook Forum Post|allow|AllTime|n|y||active *All*|Facebook|Facebook Comment|allow|AllTime|n|y||active
  • 4.
    *All*|Facebook|Facebook Note|allow|AllTime|n|y||active *All*|Facebook|Facebook Event|allow|AllTime|n|y||active *All*|IMChat|All Above IM Chat|allow|AllTime|n|y||active *All*|Web Chat|All Above Web Chat|allow|AllTime|n|y||active ============================================================ $squidstat = `ps auxwww | grep squid`; $file = "squid -D"; if (!($squidstat =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartproxy restart >/dev/null 2>&1 &"); ================================================================================ =============== $squidhttpsstat = `ps auxwww | grep squid`; $file = "squid.https"; if (!($squidhttpsstat =~ m/$file/)) { $new = system("/usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D >/dev/null 2>&1 &"); ================================================================================ =============== cd /var/named/ ll cp gajshield.com.hosts gajshield.com.hosts.20090522a vi gajshield.com.hosts /etc/init.d/named restart cd /etc/mail ll cp mailertable mailertable.20090222a vi mailertable makemap hash mailertable1.db < mailertable strings mailertable1.db /etc/init.d/sendmail restart ping gajshield.com cp /etc/mail/access /etc/mail/access.20090523a vi /etc/mail/access /etc/init.d/sendmail restart ping ndtv.com.blacklist.gajshield.com ============================================ jmitra.gajshield.fw CRON RECREATE tail -f /var/log/cron fcrontab -l > /var/tmp/vimcron cat /var/tmp/vimcron cd /var/spool/cron/ ls /etc/init.d/crond stop mv root root.vimbak cat /var/tmp/vimcron | fcrontab -l cat /var/tmp/vimcron | fcrontab - ls -larth /etc/init.d/crond start ls -larth tail -f /var/log/cron =========================================== Please find the command to create the user account. please take the backup of two files. Run the below command for backup :-
  • 5.
    cp -i /etc/passwd/etc/passwd.orignal cp -i /etc/group /etc/group.orignal Administrative level privilege account use this command :- useradd -mg root -ou 0 (username) For read-only privilege use below command :- useradd -m (username) Now Finally assign password to all created users for that use below command :- passwd (username) Aircel Circuit ID - C2407 =================================== eth0|192.168.128.200|LAN|||e100|||1500|std|||255.255.255.0|||0 eth1|116.72.54.87|WAN|116.72.48.1||e100|||1500|std||defaultroute| 255.255.248.0|||0 ===================================== $winbin = `ps auxwww | grep winbindd`; $file = "/usr/sbin/winbindd"; if (!($winbin =~ m/$file/)) { $new = system("/usr/sbin/restartntlm >/dev/null 2>&1"); } $wbinfo = `wbinfo -t |grep "RPC calls failed"`; if ($wbinfo) { $new = system("/usr/local/https/scripts/admin/restartntlm >/dev/null 2>&1 &"); } 0-59/1 * * * * python /var/temp/arjun/wbinfo.py ====================================== $icap = `ps auxwww | grep icap`; $file = "/usr/sbin/c-icap"; if (!($icap =~ m/$file/)) { $new = system("/usr/sbin/c-icap -f /etc/c-icap.conf >/dev/null 2>&1 &"); } $icap = `ps auxwww | grep icap | grep -i defunct`; $file = '<defunct>'; if ($icap =~ m/$file/) { $new = system("killall -9 /usr/sbin/c-icap ; /usr/sbin/c-icap -f /etc/c- icap.conf >/dev/null 2>&1 &"); } $smtp = `ps auxwww | grep smtp`; $file = "/usr/sbin/smtpdscantransparent -f /usr/local/etc/clamsmtpdspam.conf -p /var/run/clamsmtpdspam.conf.pid"; if (!($smtp =~ m/$file/)) { $new = system("/usr/local/https/scripts/admin/restartantispam restart >/dev/null 2>&1"); ================================================ ethtool -s eth0 autoneg off speed 100 duplex half ethtool -s eth7 autoneg on speed 10 duplex half ================================================= snort -devi eth0 host 10.148.192.229 and port 21
  • 6.
    ================================================ python /usr/local/https/suid/sendreport.pyc =============================================== :/lib/modules/2.4.26-grsec/kernel/drivers/net/e100 cp /var/tmp/ParekhMarine/e100.o . :/usr/local/https/scripts/admin # cat additionalrules ================================================= /etc/init.d/proxy stop cd /var/ ls -larth mv cache cache.20200210 mkdir cache chown web.root cache killall -9 squid killall -9 squid squid -z /usr/local/https/scripts/admin/restartproxy restart squid -z /etc/init.d/proxy start ============================================ %s/searchword/replace word/g ========================== ram28patil@gmail.com cat file-name | sed -e 's/first_pattern/next_pattern/g' > new-file cat /proc/net/ip_conntrack |grep 1433 122.252.232.179 ----Patanjali gsfw@PyP Awash@3779 / 118.67.228.162 ping -c 3 -I 57.56.224.12 57.56.130.1 172.16.1.55 /var/spool/imap/user/spam/db/ /etc/mail/spamassassin/custom.cf /usr/local/https/data/antispamrule /usr/sbin/sendmail -C/etc/mail/sendmail-nospam.cf -f Gaurav.Shetye@enerconindia.net support@gajshield.com < 745724. sendmail -f sales@siskom.co.in -C/etc/mail/sendmail.cf pooja@techinfra.in < 2324881. sendmail -C/etc/mail/sendmail-local.nonspam.cf -f rasool.acct.bom@riyagroup.travel Riya.Travels@enerconindia.net < 281669. smbpasswd -j GAJNEW (domain name) -r gajnew (netbios name) -U Administrator net ads join -U username%passwd -S netbios name net ads lookup -U 'username%passwd' -S servername cat ntlmdata testgaj.com|win-sr2unpvbdco|AD-Srv2008|administrator|gaj@1234|testgaj WAN Failover in new kernal ### Ping allowed from all interfaces ### /sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.1.5 -j ACCEPT /sbin/iptables -t nat -I POSTROUTING -p icmp -s 192.168.10.2 -j ACCEPT ###
  • 7.
    ====================================================================== 7.2.1 md5sum /usr/lib/c_icap/srv_clamav.so 259611bb3b9773a23b99ab356c6616e3OLD freshclam -V ClamAV 0.96/10763/Tue Apr 20 18:10:59 2010 md5sum srv_clamav.so 95da956aba84de9e0b5d7eccd733f141 NEW ====================================================================== /sbin/iptables -I INPUT -s 172.1.1.1 -p tcp --dport 222 -i ppp0 -j ACCEPT route add -net 192.168.25.0/24 gw 172.1.1.1 route add -net 172.1.1.0/24 gw 192.168.2.3 route del -net 172.1.1.0 netmask 255.255.255.0 gw 192.168.2.3 /sbin/iptables -I INPUT -s 192.168.25.23 -p tcp --dport 443 -i ppp0 -j ACCEPT 0-59/5 * * * * rm -frv /var/log/proxy/__db* $httpsinspect = `ps auxwww | grep httpsinspect`; $file = "/usr/sbin/httpsinspect"; if (!($httpsinspect =~ m/$file/)) { $new = system("/usr/sbin/httpsinspect >/dev/null 2>&1 &"); iptables -I OUTPUT -s 220.227.158.10 -d 220.226.206.22 -j ACCEPT ============= $stunnel = `ps auxwww | grep stunnel`; $file = "/usr/sbin/stunnel"; if (!($stunnel =~ m/$file/)) { $new = system("/usr/sbin/stunnel >/dev/null 2>&1 &"); ================== stunnel -d 443 -v 1 -D 7 -L /usr/sbin/pppd -- pppd 172.1.1.1: noauth local passive squid -f /etc/squid/squid.conf -D =================================================== while true;do ps aux|grep logzip |grep -v grep;done while true;do ps aux|grep generate |grep -v grep;done python /usr/local//icichttps/suid/firewalllogzip.pyc -createzip 20100504 20100504 downloaddlpuploadlog ================================================================================ ================= tune2fs -c 0 /dev/hda1 2 4 /usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D /usr/ctasd/bin/http_client.pl /var/spool/quarantine/20100614/spam.1276456323.27972 ipsec whack --status chmod 666 /dev/null http://www.gajshield.com/technical_document.htm ••••••••• http://www.hideipvpn.com/2010/03/howto-windows-7-ipsecl2tp-vpn-setup-tutorial/ /sbin/iptables -I PREROUTING -t mangle -s 57.56.130.0/24 -d 145.228.181.96 -p tcp --dport 80 -j ROUTE --gw 57.56.130.1
  • 8.
    /sbin/iptables -I PREROUTING-t mangle -s 172.1.1.27 -d 192.168.2.7 -p tcp --dport 80 -j ROUTE --gw 172.1.1.1 http://www.careerride.com/job-skills.aspx http://studyhat.blogspot.com/ route add 192.168.2.7 gw 172.1.1.1 ###destination d_fw { program("/usr/local/https/scripts/admin/manageidentitylog" template("$MSGn")); }; ###destination d_identity_log { file("/var/log/firewall/$YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; ###filter f_identity_log { facility(local3) and level(info);}; ###destination d_identity_login { file("/var/log/identity/ $YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; ###filter f_identity_login { level(notice) and program("python"); }; ###log { source(s_sys); filter(f_identity_login); destination(d_identity_login); }; ###log { source(s_sys); filter(f_identity_log); destination(d_identity_log); }; *** Note the first line needs to be replaced with the following line. destination d_fw { file("/var/log/firewall/$YEAR$MONTH$DAY" template("$YEAR:$MONTH:$DAY-$HOUR:$MIN:$SEC$MSGn")); }; route add 192.168.2.7 gw 172.1.1.1 iptables -t filter -I OUTPUT -d 192.168.2.7 -p tcp --dport 80 -j ACCEPT GajShield Infotech (I) Pvt. Ltd. Unit 103, Building No. 5, Sector III, Millennium Business Park, Mahape, Navi Mumbai   400 701. ========================== killall -9 squid.https sleep 2 /usr/sbin/squid.https -f /etc/squid/squidhttps.conf -D squid -f /etc/squid/squid.conf -D ======================= modprobe xt_statistic /sbin/modprobe ipt_TTL /sbin/modprobe ipt_ttl tcpdump -eni eth0 iptables -I OUTPUT -s <SRC IP> -p tcp --dport 80 -j DROP 23 0-23/2 * * * ./redirect 1 0 1 www.onlinegames.net 192.168.0.49 - GET http://127.0.0.1/cgi-bin/blocked.ggi? blockedurl=www.onlinegames.net&reason=hitesh|192.168.0.49|Blocked| Site+in+Advanced+Blocked+Category+Games,+for+group+Default 127.0.0.1 - GET
  • 9.
    http://www.gajshield.com/technical_document.htm /usr/local/bin/ctasd-3.01.0017-linux-x86-gcc323- kernel24/samples/http_client.pl /var/ankur/ILFS-Spam-1 /usr/local/bin/ctasd-3.00.0028-linux-x86-gcc335/samples/http_client.pl /tmp/414760. chkconfig --level3 ntpd off cat services |sort -u > services.origin proxylogs.SBI squid.02-09-2010 squidconf.template.20090216 .virtualearth.net .gta-travel.com EHLO webmail.gajshield.com MAIL From:<gajshield-list-bounce@gajshield.com> SIZE=297331 RCPT To:<info@vintage3.com> DATA <!--**URL-FILTERING**-->_ng 0 0 1 ################################################################################ ## icap_service service_1 reqmod_precache 1 icap://127.0.0.1:1344/gajdlp_module icap_service service_3 respmod_precache 1 icap://127.0.0.1:1344/gajdlp_module --- icap_access class_3 allow simpletext icap_access class_3 allow gmailchat icap_access class_3 allow gmailchat1 icap_access class_3 allow sifychat icap_access class_3 allow sifychat1 icap_access class_3 allow yahoochat icap_access class_3 allow facebookchat icap_access class_1 deny whitedomain icap_access class_1 deny localmachine icap_access class_1 allow FTP icap_access class_1 allow HTTP icap_access class_1 allow GET icap_access class_1 allow POST ################################################################################ ##### replace srv_echo.so with srv_clamav.so < ### Rules to bypass ICMP from IPS ### < < /sbin/iptables -t mangle -I INPUT -p icmp -j ACCEPT < /sbin/iptables -t mangle -I FORWARD -p icmp -j ACCEPT < /sbin/iptables -t mangle -I OUTPUT -p icmp -j ACCEPT < dlpoptions **Sify Mail *SMTP Mails **SMTP Mails dlpservicefunc Sify Web Chat| 321b17265cab11d20c5d0b0238a8e5f433f50684c4e1285748edefc6780a929016140ff247c5da08 9f|
  • 10.
    SMTP Mails| 4545bdaf247ae477c9feeb2805caafbd25967c4a6e8337c21acdf505d5d3c9e9e287776835| SMTP|8c1b3561c2ae1e4c570b5b5ea9d3b05ab360443b958c4233d5e5babdc0082b007b06ca| Sify Mail| 2dc78855525b7ad32e8c1178fdc0dea261e6beb1bf7a106c1cd78508b32cceead15ea96816| http://productsearch.rediff.com/productlist.aspx? category=television&brand=LG&price=Below%20Rs%205000 snort--daq-dir=/usr/lib/daq -i eth0 host 192.168.0.67 and port 443 snort --daq-dir=/usr/lib/daq -C -d -i lo port 1709 snort --daq-dir=/usr/lib/daq -C -d -i lo port 1344 snort -C -d -v -i lo port 1344 http://en.wikipedia.org/wiki/AAA_protocol Hi, Please export users from Radius server and save it in csv file. And upload that file in Browsing->User Settings->Users->CSV File Upload. http://www.gajshield.com/manual/SNMP_configuration_with_in_GajShield.pdf 10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata- 123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None- None:None:None:None:None||| 20|Airtel to Any|fwip-Airtel||http,https||internet||default|accept|no|Airtel- 122.169.101.1,Tata-123.252.239.1|yes|active||None:None:None:None:None- None:None:None:None:None||| http://www.4shared.com/dir/34402089/7a2b8b50/Ajay_Atul_Music_fanss_collecti.html Please give us a goto meeting access to check the issue. https://www.gotomeeting.com/join/187194339 10|Tata to Any|fwip-Tata||http,https||internet||default|accept|no|Tata- 123.252.239.1,Airtel-122.169.101.1|yes|active||None:None:None:None:None- None:None:None:None:None||| < ##<!--**AUTHENTICATION**--> < < auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp < auth_param ntlm children 30 /usr/local/https/scripts/admin/resetdefault OR /usr/local/https/scripts/admin/resetdefault clearlog cat additionalrules.changes cp /var/temp/arjun/restartntlm.pyc /usr/local/https/suid/restartntlm.pyc > /dev/null 2>&1 chmod 755 /usr/local/https/suid/restartntlm.pyc > /dev/null 2>&1 /usr/sbin/c-icap -f /etc/c-icap.conf -D -d 9 squid -f /etc/squid/squid.conf -D -d 9
  • 11.
    EXPRESS DIGITAL SYSTEMS, SAMSUNGEXCLUSIVE SERVICE CENTER, Navyog Niwas, Shop No. 6, Gr. Floor, 1767 Lamington Road, Opp Minerva Cinema, Grant Road(East) Mumbai-400 008. tel no. (91-22) 2301 3198. ====================== facebook blocking channel.facebook.com facebook.com/ajax/chat/ ============== root@gsfw:/etc/ipsec.d # find . |grep -i gaj ./squid/cert/gajsslcert.req ./squid/cert/gajsslcert.pem ./squid/key/gajsslcert.pemc /etc/ipsec.d/cakeys guest b1pl@b 194 --- sendmail 55 --- newspam root@gsfw:/var/log/DLP/imlogs/webchat/facebook/656111326/640816416 ============================================= tun0|172.16.6.1|CloudConnect|||e1000e|||1500|std|||255.255.255.0|||0 CloudNw|172.16.6.0|255.255.255.0 Cloud|1024:65535|1195|udp|0 1|Beam to Beam|internet||cloud||fwip-Beam||default|accept|no|none|yes|active|| None:None:None:None:None-None:None:None:None:None||| 2|TTSL to TTSL|internet||cloud||fwip-TTSL||default|accept|no|none|yes|active|| None:None:None:None:None-None:None:None:None:None||| 3|CloudConnect to LAN|cloudnetwork||DNS||fwip-LAN||default|accept|no|none|yes| active||None:None:None:None:None-None:None:None:None:None||| 4|CloudConnect to LAN|cloudnetwork||Any||fwnet-LAN||default|accept|no|none|yes| active||None:None:None:None:None-None:None:None:None:None||| 5|CloudConnect to Any|cloudnetwork||http-transparent-proxy,https,DNS||internet|| default|accept|no|Beam-183.83.192.1,TTSL-192.168.1.1|yes|active|| None:None:None:None:None-None:None:None:None:None||| root@gsfw:/usr/local/https/data # cat cloud clouddomain cloudexepass cloudusers root@gsfw:/usr/local/https/data # cat clouddomain ct|IP|fwip-Beam|Encryption:3des|Compression:on|cloudnetwork|cloud|fwip-LAN|fwip- LAN|fwip-TTSL =========================================== /proc/sys/net/ipv4/ip_forward /usr/local/https/templates/newaccessdenied.html 30 22 * * * /sbin/shutdown -h now 30 22 * * * init 0 Awash@3779
  • 12.
    chmod 1777 tmp drwxrwxrwt4 root root 4.0K 2014-05-14 12:11 tmp ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9 "$2);}' 0,30 * * * * ps auxwww |grep openssl |grep s_client |awk '{ system ("kill -9 "$2);}' $ctwsd = `ps auxwww | grep ctwsd`; $file = "./ctwsd.bin -l /usr/lib/ctwsd -c /etc/ctwsd/ctwsd.conf --pid /var/run/ctwsd/ctwsd.pid"; if (!($ctwsd =~ m/$file/)) { if(-e "/usr/lib/ctwsd/ctwsd"){ $new = system("/etc/init.d/ctwsd start >/dev/null 2>&1 &"); iptables -t filter -I FORWARD -s 192.168.0.0/20 -j ACCEPT iptables -t nat -I PREROUTING -s 192.168.0.0/20 -j ACCEPT undes gajshield 20110801.backup 20110801.backup.tgz tar -zxvf 20110801.backup.tgz ##<!--**SSL_CRTD**--> sslcrtd_program /usr/sbin/ssl_crtd -s /var/spool/ssl_db -M 4MB sslcrtd_children 10 ##<!--**SSL_GET_DOMAIND**--> sslgetdomaind_program /usr/local/https/squid/ssl_getdomaind sslgetdomaind_children 250 /usr/local/https/etc/ipsrules backup /usr/sbin/proxylogs (replace 530 with access log time) POP3 :- tagging SMTP :- tagging and blocking login4tpg@123 0-59/5 * * * * rm -frv /var/log/proxy/__db* /usr/local/https/gajcloud/template/server.conf.template /etc/openvpn/server.conf ========================================================== webex network 96.6.38.212 210.4.200.96 114.29.194.39 62.109.202.160 64.191.223.37 62.109.202.153 62.109.202.151 173.222.154.212 62.109.202.162 72.247.50.212 114.29.195.80
  • 13.
    Webex-net10|114.29.194.0|255.255.255.0 Webex-net1|114.29.200.0|255.255.255.0 Webex-net2|64.68.107.0|255.255.255.0 Webex-net3|210.4.201.0|255.255.255.0 Webex-net4|64.68.96.0|255.255.255.0 Webex-net5|64.68.105.0|255.255.255.0 Webex-net6|209.197.200.0|255.255.255.0 Webex-net7|209.197.222.0|255.255.255.0 Webex-net8|184.31.40.0|255.255.255.0 Webex-net9|64.68.104.0|255.255.255.0 Webex-net0|66.114.168.0|255.255.255.0 173.223.42.212 210.4.200.96 114.29.195.83 95.100.40.36 173.243.5.18 114.29.195.83 173.243.0.152 ========================================== $monitor = `psax | grep monitor`; $file = "python /usr/local/https/suid/pyc_exec_suid /usr/local/https/suid/monitor.pyc /usr/local/https/data/ /etc/ipsec.d/"; if (!($monitor =~ m/$file/)) { if(-e "/etc/init.d/monitor"){ $new = system("/etc/init.d/monitor start >/dev/null 2>&1 &"); $checkvpn = `ps auxwww | grep checkvpn`; $file = "/usr/sbin/checkvpn"; if (!($checkvpn =~ m/$file/)) { $new = system("/usr/sbin/checkvpn >/dev/null 2>&1 &"); } $checkISP = `ps auxwww | grep checkISP`; $file = "/usr/sbin/checkISP"; if (!($checkISP =~ m/$file/)) { $new = system("/usr/sbin/checkISP >/dev/null 2>&1 &"); } mca1|14.140.191.120|255.255.255.255 mca2|202.54.179.120|255.255.255.255 mca3|115.114.108.120|255.255.255.255 mca4|216.163.188.49|255.255.255.255 mca5|14.114.191.120|255.255.255.255 mca6|202.137.239.30|255.255.255.255 /usr/sbin/c-icap -f /etc/c-icap.conf -N -D -d 9 fsck -c /dev/hda1 111.93.11.126 tar zcvf AkashPack.20111221.tgz /usr/local/https/ /etc/ /usr/sbin/sslcrtd -c -s /tmp/ssl_db/ chmod -R 777 /tmp/ssl_db/ squid.localauth -f /etc/squid/squid.conf.localauth -D -d 9 squid -f /tmp/squid.conf -D -d 9
  • 14.
    cat /etc/init.d/newmknodfiles |grep-i sip /sbin/modprobe ip_conntrack_sip ##/sbin/modprobe ip_nat_sip root@gsfw:~ # cat /etc/init.d/newmknodfiles |grep -i 323 /sbin/modprobe ip_conntrack_h323 ##/sbin/modprobe ip_nat_h323 iptables -L -n -t mangle |less /sbin/iptables -t mangle -D FORWARD -o ! lo -j QUEUE /sbin/iptables -t mangle -D INPUT -i ! lo -j QUEUE /sbin/iptables -t mangle -D OUTPUT -o ! lo -j QUEUE ################## DC ################ 0-59/1 * * * * /usr/local/https/data/restartNTLMScript.sh ( Restart NTLM ) /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 ( Disable IPS for failover in DC) /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 --queue- bypass /sbin/iptables -t mangle -D OUTPUT -m state --state RELATED,ESTABLISHED -j CONNMARK --restore-mark ########################################## tar zxvf /var/tmp/VARForAkashPack.20111229.tgz ps -ef |grep -i dhcp root 13565 1717 0 17:52 pts/0 00:00:00 grep -i dhcp root 25067 1 0 Jan18 ? 00:02:24 /usr/sbin/dhcpd -lf /var/lib/dhcp/dhcpd.leases eth0 eth1 GT-S5263 ==================== Dropbox IP Dropbox1|108.160.160.0|255.255.240.0 Dropbox2|199.47.216.0|255.255.252.0 Dropbox3|199.47.217.0|255.255.255.0 Dropbox4|199.47.218.0|255.255.255.0 Dropbox5|199.47.219.0|255.255.255.0 Dropbox6|23.21.220.0|255.255.255.0 Dropbox7|107.22.245.0|255.255.255.0 Dropbox8|50.17.246.0|255.255.255.0 Dropbox9|174.129.195.0|255.255.255.0 Dropbox10|23.23.226.0|255.255.255.0 Dropbox11|54.221.249.0|255.255.255.0 Dropbox12|108.160.165.0|255.255.224.0 Dropbox13|108.160.162.0|255.255.255.0 Dropbox14|108.160.166.0|255.255.255.0 Dropbox15|54.221.234.0|255.255.255.0 Dropbox16|107.20.249.120|255.255.255.0 Dropbox17|50.19.214.0|255.255.255.0 Dropbox18|23.23.229.0|255.255.255.0 ==================== neo@howallbkd
  • 15.
    /usr/sbin/c-icap -f /etc/c-icap.conf-D -N -d 9 client ldap sasl wrapping = sign Linux 2.6.18-238.19.1.el5xen (32-bit) /usr/bin/nice -n 19 /usr/local/https/scripts/admin/dumpdashboard Front End Password: ITSInvisiblE (after b is small L) Backend Password: Security@1981 (S is Capital) -rw-r----- 1 web wheel 1488857 2012-05-19 15:24 /var/tmp/sslcrtd.log -rw-r----- 1 web wheel 14200 2012-05-19 09:30 /var/tmp/getdomaind.log 9.4.7.4.34.3.4 winbindd -d 9 -i Sec5re license 11 10 * * * /bin/rm /usr/local/https/ramdata/ssldomains.db leave@tra!l4me cat /etc/rc.local |grep -i tso /usr/sbin/ethtool -K eth0 tso off /usr/sbin/ethtool -K eth1 tso off /usr/sbin/ethtool -K eth3 tso off vi /etc/ctwsd/ctwsd.conf ServerAddress = webres1.t.ctmail.com openssl verify /etc/ipsec.d/squid/cert/gajsslcert.pem /usr/local/https/gajcloud/template/server.conf.template fbcdn-dragon-a.akamaihd.net = *.akamaihd.net killall -9 /usr/sbin/c-icap;killall -9 /usr/sbin/c- icap;/usr/local/https/scripts/admin/restarticap ;killall -9 squid;killall -9 squid;/usr/local/https/scripts/admin/restartproxy start ping yahoo.com -I eth2 -i 0.2 -s 1400 Microsoft 96.17.182.42 157.56.67.221 Rajesh :- surf_499 Ushacomm /sbin/iptables -t mangle -I FORWARD -s 172.16.0.0/16 -d 10.240.1.0/24 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.16.0.0/16 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 172.28.0.0/16 -d 10.240.1.0/24 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 10.240.1.0/24 -d 172.28.0.0/16 -j ACCEPT /sbin/iptables -t mangle -I FORWARD -s 192.168.123.0/24 -d 192.168.123.0/24 -j ACCEPT ( DC PPTP VPN ) ### Bandwidth Quota was not working and to work that below MARK policy added for
  • 16.
    http and httpstransparent proxy ### ##/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 80 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I POSTROUTING -p tcp --dport 443 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I OUTPUT -p tcp --dport 80 -j CONNMARK --set-mark 2 #/sbin/iptables -t nat -I OUTPUT -p tcp --dport 443 -j CONNMARK --set-mark 2 /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j CONNMARK --set-mark 2 /sbin/iptables -t nat -I PREROUTING -p tcp --dport 443 -j CONNMARK --set-mark 2 python Python 2.3.4 (#1, Sep 30 2004, 03:19:26) [GCC 3.3.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> f = open("interfacemarkdict") >>> a = KeyboardInterrupt >>> pickle KeyboardInterrupt >>> import pickle >>> a = pickle.load(f) >>> a {'LAN': 1, 'BSNL': 3, 'MPLS': 4, 'AirTel4M': 5, 'AIRTEL': 2} >>> /usr/sbin/imspector -c /usr/local/https/etc/imspector/imspector.conf -D 4 /etc/init.d/S90Apache start ( httpd ) 0-59/1 * * * * /sbin/iptables -t mangle -D OUTPUT ! -o lo -j NFQUEUE --queue-num 1 /usr/sbin/clamsslsmtpd -d 4 -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p /var/run/clamsslsmtpdspamvirus.conf.pid /var/temp/clamsslsmtpd -f /usr/local/etc/clamsslsmtpdspamvirus.conf -p /var/run/clamsslsmtpdspamvirus.conf.pid -d 4 bypass from httpsinspect /usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 182.73.181.124 -m state --state ESTABLISHED -j ACCEPT /usr/sbin/iptables -I FORWARD -p tcp --dport 443 -d 172.16.9.4 -m state --state ESTABLISHED -j ACCEPT cat conftacacs gsfw|fwip-LAN|49|12345|chap| confldap gsfw|ADSERVER|389|cn|r|j|superuser|wonderdream|g| ap.corp.ipgnetwork.com|bomgdc01|ADServer|kumaraadmin|AmbiEnce@001|ipgap whatsapp1|174.37.217.92|255.255.255.255 whatsapp2|50.22.231.49|255.255.255.255 whatsapp3|174.37.199.194|255.255.255.255 whatsapp4|208.43.115.207|255.255.255.255 whatsappnw1|50.22.231.32|255.255.255.224 whatsappnw10|173.192.219.96|255.255.255.224 whatsappnw11|174.37.199.194|255.255.255.224 whatsappnw12|184.173.179.41|255.255.255.224 whatsappnw13|184.173.136.64|255.255.255.224
  • 17.
    whatsappnw14|184.173.147.32|255.255.255.224 whatsappnw15|66.228.112.0|255.255.240.0 whatsappnw16|173.192.231.32|255.255.255.224 whatsappnw2|50.22.210.128|255.255.255.224 whatsappnw3|50.22.198.224|255.255.255.252 whatsappnw4|50.22.198.204|255.255.255.252 whatsappnw5|50.22.194.224|255.255.255.224 whatsappnw6|208.43.96.4|255.255.255.252 whatsappnw7|208.43.122.128|255.255.255.224 whatsappnw8|184.173.136.64|255.255.255.224 whatsappnw9|184.172.19.64|255.255.255.224 =================================== Facebook1|69.63.167.0|255.255.240.0 Facebook2|66.220.144.0|255.255.240.0 Facebook3|69.63.181.0|255.255.240.0 Facebook4|69.171.224.0|255.255.0.0 Facebook5|66.220.152.0|255.255.240.0 Facebook6|69.63.184.0|255.255.240.0 Facebook7|69.171.228.0|255.255.240.0 Facebook8|69.171.224.0|255.255.240.0 Facebook9|31.13.64.0|255.255.255.0 Facebook10|203.92.39.0|255.255.255.0 Facebook11|23.57.194.0|255.255.255.0 Facebook12|31.13.72.0|255.255.255.0 Facebook13|173.252.110.0|255.255.0.0 Facebook14|204.15.20.0|255.255.252.0 Facebook15|203.92.39.0|255.255.255.0 =================== tally1|124.153.107.130|255.255.255.255 tally2|124.153.107.132|255.255.255.255 tally3|124.153.107.139|255.255.255.255 tally4|124.153.107.150|255.255.255.255 tally5|124.153.107.151|255.255.255.255 tally6|124.153.107.134|255.255.255.255 tally7|124.153.107.145|255.255.255.255 tally8|124.153.107.146|255.255.255.255 tally9|124.153.107.147|255.255.255.255 tally10|124.153.107.131|255.255.255.255 tally11|124.153.107.133|255.255.255.255 tally12|124.153.107.140|255.255.255.255 tally13|124.153.107.148|255.255.255.255 tally14|124.153.107.149|255.255.255.255 tally15|124.153.107.135|255.255.255.255 tally16|124.153.107.136|255.255.255.255 tally17|124.153.107.137|255.255.255.255 tally18|124.153.107.138|255.255.255.255 tally19|124.153.107.66|255.255.255.255 tally20|124.153.107.96|255.255.255.255 .tallysolutions.com .tallyenterprise.com .tallybss.com ==================== email bindlalbahadur@gmail.com pass kishan123 202.46.197.164DISHTV
  • 18.
    ================== Patanjali DishTV1|180.179.201.170|255.255.255.255 DishTV2|74.63.224.173|255.255.255.255 DishTV3|217.23.15.146|255.255.255.255 DishTV4|93.190.138.104|255.255.255.255 DishTV5|109.236.86.209|255.255.255.255 DishTV6|74.63.224.172|255.255.255.255 DishTV7|103.5.198.210|255.255.255.255 DishTV8|202.46.197.164|255.255.255.255 =============== /sbin/iptables -I PREROUTING-t mangle -s 10.53.0.0/23 -d 192.168.0.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.0.128.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.2.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.5.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.4.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.6.0/24 -j ROUTE --gw 10.53.0.1 /sbin/iptables -I PREROUTING -t mangle -s 10.53.0.0/23 -d 10.53.11.0/24 -j ROUTE --gw 10.53.0.1 Kaspersky1|94.75.236.122|255.255.255.255 Kaspersky2|93.159.230.19|255.255.255.255 Kaspersky3|85.12.58.17|255.255.255.255 Kaspersky4|80.239.174.44|255.255.255.255 Kaspersky5|80.239.174.40|255.255.255.255 Kaspersky6|80.239.169.135|255.255.255.255 Kaspersky7|66.235.148.65|255.255.255.255 Kaspersky8|63.245.216.134|255.255.255.255 Kaspersky9|4.28.136.42|255.255.255.255 Kaspersky10|4.28.136.39|255.255.255.255 Kaspersky11|4.28.136.36|255.255.255.255 Kaspersky12|38.124.168.125|255.255.255.255 Kaspersky13|38.124.168.119|255.255.255.255 Kaspersky14|38.124.168.116|255.255.255.255 Kaspersky15|38.117.98.253|255.255.255.255 Kaspersky16|38.117.98.230|255.255.255.255 Kaspersky17|38.117.98.212|255.255.255.255 Kaspersky18|38.117.98.202|255.255.255.255 Kaspersky19|38.117.98.199|255.255.255.255 Kaspersky20|38.117.98.196|255.255.255.255 Kaspersky21|23.67.100.236|255.255.255.255 Kaspersky22|212.73.221.199|255.255.255.255 Kaspersky23|212.47.219.89|255.255.255.255 Kaspersky24|212.47.219.86|255.255.255.255 Kaspersky25|195.27.252.18|255.255.255.255 Kaspersky26|195.122.169.18|255.255.255.255 Kaspersky27|193.45.6.7|255.255.255.255 Kaspersky28|193.45.6.13|255.255.255.255 Kaspersky29|193.45.6.10|255.255.255.255 600*8/1024 13 0-23/6 * * * python /root/Desktop/Pycfile/restartTrafficCollector.py 13 0-23/6 * * * python /var/gs/restartTrafficCollector.py
  • 19.
    chart ==> DASHBOARD= Download Total = LAN = Downlaod WAN = Upload Capping = LAN = Downlaod WAN = Upload ( not show ) url == Report->Browsing->Browsing Logs acl likephp url_regex http://www.facebook.com/plugins/like.php acl exceptionsites dstdomain "/etc/squid/exceptionsites" redirector_access deny likephp redirector_access deny exceptionsites http_access allow likephp http_access allow exceptionsites acl loginbutton url_regex http://www.facebook.com/plugins/login_button.php acl exceptionsites dstdomain "/etc/squid/exceptionsites" redirector_access deny loginbutton redirector_access deny exceptionsites http_access allow loginbutton http_access allow exceptionsites Sajjan Mum :- 115.112.40.170 :- gsfw@login :- dreamwonder@sajjan Sajjan Ank :- 117.239.82.33 / 210.212.133.129 :- gsfw@login :- dreamwonder@sajjan chmod 755 download killall -9 squid.localauth sleep 3 squid.localauth -f /etc/squid/squid.conf.localauth -D Cheers firewall. IP :- 59.160.81.37 Password :- EM2q-47*Ewkh@n yahoonet1|66.196.114.0 yahoonet2|66.196.112.0 yahoonet3|106.10.193.0 arjun|Generic|Http|allow|AllTime|n|y|"Http Post" ~= "google.com/notes";or;"Http Header" ~= "google.com/notes";or;|active ----------------------------------- wetransfer.net wetransfer.com amazonaws.com quantserve.com Wetransfer1|176.34.103.229|255.255.255.255 Wetransfer2|192.229.145.207|255.255.255.255 Wetransfer3|46.137.107.237|255.255.255.255 wetransfer4|173.241.248.180|255.255.255.255 Wetransfer5|46.137.106.221|255.255.255.255 Wetransfer6|203.190.124.25|255.255.255.255 Wetransfer7|54.254.111.85|255.255.255.255 Wetransfer8|176.34.177.108|255.255.255.255 Wetransfer9|178.236.7.33|255.255.255.255
  • 20.