1373 lines
44 KiB
HTML
1373 lines
44 KiB
HTML
<!--startcut ==============================================-->
|
|
<!-- *** BEGIN HTML header *** -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<HTML><HEAD>
|
|
<title>The Weekend Mechanic LG #78</title>
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
|
|
ALINK="#FF0000">
|
|
<!-- *** END HTML header *** -->
|
|
|
|
<CENTER>
|
|
<A HREF="http://www.linuxgazette.com/">
|
|
<IMG ALT="LINUX GAZETTE" SRC="../gx/lglogo.png"
|
|
WIDTH="600" HEIGHT="124" border="0"></A>
|
|
<BR>
|
|
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="lg_bytes.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue78/adam.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../lg_faq.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="alcidi.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
<P>
|
|
</CENTER>
|
|
|
|
<!--endcut ============================================================-->
|
|
|
|
<H4 ALIGN="center">
|
|
"Linux Gazette...<I>making Linux just a little more <font COLOR="red">lovable!</font></i>"
|
|
<img ALT="" SRC="../gx/adam/heart.png" WIDTH="30" HEIGHT="25">
|
|
</H4>
|
|
|
|
<!-- END header -->
|
|
|
|
|
|
|
|
|
|
<p> <hr> <p> <!--===================================================================-->
|
|
|
|
<p ALIGN=CENTER><img ALT="[picture of mechanic]" SRC="../gx/adam/mechanic.png" ALT="Weekend Mechanic Logo" ALIGN=BOTTOM WIDTH=399 HEIGHT=135 BORDER=0></p>
|
|
|
|
<h1 ALIGN=CENTER><font COLOR="maroon">The Weekend Mechanic</font></h1>
|
|
|
|
<h4 ALIGN=CENTER>By <a HREF="mailto:thomas_adam16@yahoo.com">Thomas
|
|
Adam</a></h4>
|
|
|
|
<p> <hr> <p> <!--===================================================================-->
|
|
|
|
<!-- END header -->
|
|
<!-- =======================================================================-->
|
|
|
|
<!-- --------------- -->
|
|
<!-- BEGIN: contents -->
|
|
<!-- --------------- -->
|
|
|
|
<UL>
|
|
<LI><A HREF="#preamble">Welcome to the May edition</A></LI>
|
|
<LI><A HREF="#squid">A brief Introduction: Squid</A></LI>
|
|
<LI><A HREF="#squidg">A brief Introduction: SquidGuard</A></LI>
|
|
<LI><A HREF="#keyfiles">Keyfiles: A handy BASH backup script</A></LI>
|
|
<LI><A HREF="#prognedit">Program Review: Nedit</A></LI>
|
|
<LI><A HREF="#closet">Closing Time</A></LI>
|
|
</UL>
|
|
|
|
<!-- --------------- -->
|
|
<!-- END: contents -->
|
|
<!-- --------------- -->
|
|
|
|
<HR>
|
|
|
|
<! -- ======================================================================= -->
|
|
|
|
<! -- --------------- -->
|
|
<! -- BEGIN: preamble -->
|
|
<! -- --------------- -->
|
|
|
|
<H2><A NAME="preamble">Welcome to the May edition</A></H2>
|
|
|
|
<FONT COLOR="red"><P><I>
|
|
[ ** This edition is dedicated to a very dear friend of mine called <B>Natalie
|
|
Wakelin</B>, who I am indebted to for helping me recently. She has been an
|
|
absolute star and true friend to me, and although she may not understand a
|
|
word this "technical" document may have to offer -- I dedicate it to
|
|
her all the same. Thanks Natalie!! :-) ** ]
|
|
</FONT></I></P>
|
|
|
|
<HR Width=25%>
|
|
|
|
<I>
|
|
What song the Syrens sang<BR>
|
|
or what name Achilies assumed<BR>
|
|
when he hid himself among women, <BR>
|
|
although puzzling questions <BR>
|
|
are not beyond all conjecture <BR>
|
|
|
|
<BR>
|
|
--Sir Thomas Browne <BR>
|
|
Taken from:<I> "The Murders in the Rue Morgue" -- Edgar Allan Poe</I>
|
|
</I>
|
|
|
|
<HR WIDTH=25%>
|
|
|
|
<P>Yes, yes, I know. You can stop clapping and applauding. I'm back :-)
|
|
Seriously, I can only apologise for the "holiday" that the LWM has taken
|
|
over the past "couple" of months. I have taken rather a large
|
|
leap into the world of freedom and University life, and I found it more
|
|
difficult to adjust to than I had originally anticipated!!</P>
|
|
|
|
<P>But that is by the by.....</P>
|
|
|
|
<P>For the keen eyed among you, the quote at the top of this column rather
|
|
sums up the userability of Linux overall. Indeed, no matter how strange a
|
|
problem may appear to be within Linux, it is not beyong the realm of
|
|
possibility that it cannot be solved by using Linux. I have been finding
|
|
that out for myself quite a lot recently :-)</P>
|
|
|
|
<P>Aside from all the University work, I have been actively helping out
|
|
with problems at the <A HREF="http://www.hants.lug.org.uk" TARGET="_blank">
|
|
Hants LUG</A>, both in person and via their mailing list. Actually it has
|
|
been quite exciting. I have also learn a lot!!</P>
|
|
|
|
<P>Well that is enough preamble for one month. Enjoy this issue, won't
|
|
you?</P>
|
|
|
|
<!-- ============= -->
|
|
<!-- END: preamble -->
|
|
<!-- ============= -->
|
|
|
|
<HR>
|
|
|
|
<!-- ======================================================================== -->
|
|
|
|
<!-- ============= -->
|
|
<!-- BEGIN: squid -->
|
|
<!-- ============= -->
|
|
|
|
<H2><A NAME="squid">A Brief Introduction: Squid</A></H2>
|
|
|
|
<!-- --------------------- -->
|
|
<!-- BEGIN: squid contents -->
|
|
<!-- --------------------- -->
|
|
|
|
<UL>
|
|
<LI><A HREF="#wsquid">What is Squid?</A></LI>
|
|
<LI><A HREF="#sqinst">Installation</A></LI>
|
|
<LI><A HREF="#squidconf">Configuration</A></LI>
|
|
<LI><A HREF="#filtering">Filtering (Access Control)</A></LI>
|
|
<LI><A HREF="#initsquid">Initialising Squid</A></LI>
|
|
</UL>
|
|
|
|
<HR>
|
|
|
|
<!-- ==================== -->
|
|
<!-- END: squid: contents -->
|
|
<!-- ==================== -->
|
|
|
|
<!-- =================== -->
|
|
|
|
<!-- ==================== -->
|
|
<!-- BEGIN: squid: wsquid -->
|
|
<!-- ==================== -->
|
|
|
|
<H2><A NAME="wsquid">What is Squid?</A></H2>
|
|
<P>Those of you who read the <A HREF="http://www.linuxgazette.com/issue70/adam.html#apache"
|
|
TARGET="_blank"> September</A> edition will remember that I wrote an article
|
|
about the use of <I>Apache</I>. I had some nice feedback on that (thanks to
|
|
all who sent their comments). I thought it a nice idea to do a tutorial on
|
|
<I>squid</I>.</P>
|
|
|
|
<P>For those of you who don't know, <A HREF="http://www.squid-cache.org"
|
|
TARGET="_blank"><I>Squid</I></A> (other than being a sea
|
|
creature) is a Linux internet proxy program. Why is it called
|
|
<I>squid</I>? Apparently because (quote: "all the good names were taken")</P>
|
|
|
|
<P>Squid, works by channelling internet requests through a machine (called a proxy
|
|
server).
|
|
|
|
<P>Furthermore, squid offers the ability to <A HREF="#filtering">filter</A>
|
|
certain webpages, to either allow or disallow viewing. The ability to do this is
|
|
through ACLs (Access Control Lists). More on these later.</P>
|
|
|
|
<!-- ================== -->
|
|
<!-- END; squid: wsquid -->
|
|
<!-- ================== -->
|
|
|
|
<HR WIDTH=25%>
|
|
|
|
<!-- --------------------- -->
|
|
|
|
<!-- =================== -->
|
|
<!-- BEGIN: squid sqinst -->
|
|
<!-- =================== -->
|
|
<H2><A NAME="sqinst">Installation</A></H2>
|
|
|
|
<P>Installing squid <I>should</I> be straight forward enough. Squid is supplied
|
|
with all major distributions (RedHat, SuSE, Caldera, Debian, etc) so it should
|
|
be easily accessible from your distribition CD's.</P>
|
|
|
|
<P>For those of you that have a Linux distribution that supports the <B>RPM</B>
|
|
format, you can check to see if you already have it installed, by using the
|
|
following command:</P>
|
|
|
|
<PRE>rpm -qa | grep -i squid</PRE>
|
|
|
|
<P>If it is installed, then you should find that "squid2-2.2.STABLE5-190"
|
|
(or similar) is returned. If you get no responce then install squid from your
|
|
distibution CD.</P>
|
|
|
|
<P>If squid is not on your distribution CD, or you are using a version of Linux
|
|
(such as Debian and Slackware) that does not support the RPM format, then
|
|
download the source in .tgz (tar.gz) format from
|
|
|
|
<A HREF="http://www.squid-cache.org" TARGET="_blank">http://www.squid-cache.org/download</A>.
|
|
|
|
<P>To install Squid from its sources copy the tar ball to "/tmp" and then issue the
|
|
following commands:</P>
|
|
|
|
<PRE>
|
|
1. If you are not user "root", su, or log in as root
|
|
2. cd /tmp
|
|
3. tar xzvf ./name_of_squid.tar.gz -- [or possibly .tgz]
|
|
4. Now run:
|
|
|
|
./configure
|
|
|
|
5. After which, you should have no errors. Then you can simply type:
|
|
|
|
make && make install
|
|
|
|
to compile and install the files.
|
|
</PRE>
|
|
|
|
<P>Typically. from a standard RPM installation, these directories will be used:</P>
|
|
|
|
<PRE>
|
|
/usr/bin
|
|
/etc
|
|
/etc/squid (possibly -- used to be under RH 5.0)
|
|
/var/squid/log/
|
|
[/usr/local/etc] <-- perhaps symlinked to "/etc"
|
|
</PRE>
|
|
|
|
<P>If you're compiling it from source, then a lot of the files will end up in:</P>
|
|
|
|
<PRE>
|
|
/etc
|
|
/etc/squid (possibly -- used to be under RH 5.0)
|
|
/usr/local/bin
|
|
/var
|
|
[/usr/local/etc] <-- perhaps symlinked to "/etc"
|
|
</PRE>
|
|
|
|
<P>Suffice to say, it does not really matter, but unless you specifically have
|
|
requested otherwise, this is where the files will end up.</P>
|
|
|
|
<P>Now that you have squid installed, let us move onto the next section....
|
|
configuration</P>
|
|
|
|
<!-- ================== -->
|
|
<!-- END; squid: sqinst -->
|
|
<!-- ================== -->
|
|
|
|
<HR WIDTH=25%>
|
|
|
|
<!-- --------------------- -->
|
|
|
|
<!-- ======================= -->
|
|
<!-- BEGIN: squid: squidconf -->
|
|
<!-- ======================= -->
|
|
|
|
<H2><A NAME="squidconf">Configuration</A></H2>
|
|
|
|
<P>So, you've installed squid, and are wondering...."Is that it?" ha --
|
|
if only it were true, gentle reader. Nope....there are lots of things still to do
|
|
before we can have ourselves a good old proxy server.</P>
|
|
|
|
<P>Our efforts now shall be concentrated on one file <B>/etc/squid.conf</B>. It is
|
|
this file which holds all the settings for squid. Because we will be editing this
|
|
file, I always find it a good idea, to keep a copy of the original file. So, I think
|
|
it would be a good idea, if you all issued the command:</P>
|
|
|
|
<PRE>
|
|
cp /etc/squid.conf /etc/squid.conf.orig
|
|
</PRE>
|
|
|
|
<P>And then fire up your favourite editor, and lets begin editing squid.conf</P>
|
|
|
|
<P>Actually trying to use this file to run squid "out of the box" is
|
|
impossible. There are a number of things that you'll have to configure before you can
|
|
have an up-and-running proxy server. At first glance, this file is about a mile long, but
|
|
the developers have been helpful, since the majority of the file consists of comments about
|
|
each option that is available.</P>
|
|
|
|
<P>The first thing, is to tell squid the IP address of the machine it is operating on
|
|
and at which port it is to listen to. In squid.conf, you should find a commented line
|
|
which looks like:</P>
|
|
|
|
<PRE>#http_port 3128</PRE>
|
|
|
|
<P>Uncomment this line, by deleting the leading hash (#) symbol. Now by default, the port
|
|
number 3128 is chosen. However, should you wish to tell squid to listen on a different port,
|
|
then change it!! Thus on my proxy machine, I have specified:</P>
|
|
|
|
<PRE>http_port 10.1.100.1:8080</PRE>
|
|
|
|
<P>Which binds squid to listen on the above IP address with the port 8080. What you have to be
|
|
careful of, is making sure that no other running application is trying to use the same port
|
|
(such as apache), which is a very common mistake that a lot of people make.</P>
|
|
|
|
<P>Now, as we progress through this configuration file, the next major configuration option we
|
|
should now change is <B>cache_mem</B>. This option tells squid how much memory it should use for
|
|
things like caching.</P>
|
|
|
|
<P>I have just uncommented this line -- and left the default at 8 MB</P>
|
|
|
|
<P>Further on down from this option are some more options which tell squid about the high/low
|
|
cache "watermark". This is simply a percentage of disk-space, that says that when it
|
|
gets to within 90/95% then squid should start deleting some of its cached items.</P>
|
|
|
|
<PRE>
|
|
#cache_swap_low 90
|
|
#cache_swap_high 95
|
|
</PRE>
|
|
|
|
<P>I have simply uncommented these, but I have changed their values. The reason being, is because
|
|
I have a 60 GB hard drive, one percent is hundreds of mega bytes, so I have changed the values to:</P>
|
|
|
|
<PRE>
|
|
cache_swap_low 97
|
|
cache_swap_high 98
|
|
</PRE>
|
|
|
|
<P>Right....so far so good. We have told squid on which IP and port to listen to, told it how much
|
|
memory it should use, and told it the percentage of drive space it should reach before it starts
|
|
deleting its own cached items. Great!! If you haven't do so already, save the file.</P>
|
|
|
|
<P>The next and penultimate option that I changed was quite an important one, since this one
|
|
determines the location and size of the cache directories. There is a TAG, which looks like:</P>
|
|
|
|
<PRE>
|
|
cache_dir /var/squid/cache 100 16 256
|
|
</PRE>
|
|
|
|
<P>What this says is that for the path "/var/squid/cache"each top-level directory will
|
|
hold 100MB. There will be 16 top-level directories and below that there will be 256 sub-directories
|
|
</P>
|
|
|
|
<P>The last major item that I shall be tweaking in this file, before moving on to filtering, is the
|
|
use of access logs. Just below the option we have just configured for the cache_dir, are options to
|
|
allow logging. Typically you have the option of logging the following:</P>
|
|
|
|
<UL>
|
|
<LI>access log</LI>
|
|
<LI>cache log</LI>
|
|
<LI>store log</LI>
|
|
<LI>swap log</LI>
|
|
</UL>
|
|
|
|
<P>Each of the above logs have their own advantage / disadvantage in the running of your proxy server.
|
|
Typically, the only logs that I keep are the access logs and the cache log. The reason being simply
|
|
because the store and swap logs don't interest me :-). </P>
|
|
|
|
<P>It is the access log file which logs all the requests that users make (i.e. to which website a
|
|
particular user is going to). While I was at school, this file was invaluable in determining which
|
|
user was <I>trying</I> to get to banned sites. I recommend all sysadmins that have or are going to
|
|
set-up an internet proxy server to enable this feature -- it is very useful.</P>
|
|
|
|
<P>So, I did the following (uncommenting the TAGS):</P>
|
|
|
|
<PRE>
|
|
cache_access_log /var/squid/logs/access.log
|
|
cache_log /var/squid/logs/cache.log
|
|
</PRE>
|
|
|
|
<P>I recommend that you leave the log names as they are.</P>
|
|
|
|
<P>Obviously, I have only covered the most basic options within the squid.conf file. There are a whole
|
|
mass of options for particular situations. Each option is fairly well commented, so should you wish to
|
|
see what a particular option does, it should not be too hard.</P>
|
|
|
|
<!-- ==================== -->
|
|
<!-- END squid: squidconf -->
|
|
<!-- ==================== -->
|
|
|
|
<HR WIDTH=25%>
|
|
|
|
<!-- --------------------- -->
|
|
|
|
<!-- ======================= -->
|
|
<!-- BEGIN: squid: filtering -->
|
|
<!-- ======================= -->
|
|
|
|
<H2><A NAME="filtering">Filtering (Access Control)</A></H2>
|
|
|
|
<P>This section is still using "/etc/squid.conf" but I shall go into the configuration options
|
|
for access control in a little more detail.</P>
|
|
|
|
<P>Access control gives the sysadmin a way of controlling which clients can actually connect to the
|
|
proxy server, be it via an IP address, or port, etc. This can be useful for computers that are in
|
|
a large network configuration.</P>
|
|
|
|
<P>Typically ACL's (Access Control Lists) can have the following properties to them:</P>
|
|
|
|
<UL>
|
|
<LI>src - Source i.e. client's IP addresses</LI>
|
|
<LI>dst - Destination i.e. server's IP addresses</LI>
|
|
<LI>srcdomain - Source i.e. client's domain name</LI>
|
|
<LI>dstdomain - Destination i.e. server's domain name</LI>
|
|
<LI>time - Time of day and day of week</LI>
|
|
<LI>url_regex - URL regular expression pattern matching</LI>
|
|
<LI>urlpath_regex - URL-path regular expression pattern matching, leaves out the protocol and hostname</LI>
|
|
<LI>proxy_auth - User authentication through external processes </LI>
|
|
<LI>maxconn - Maximum number of connections limit from a single client IP address</LI>
|
|
</UL>
|
|
|
|
<P>All access controls have the following format to them:</P>
|
|
|
|
<PRE>
|
|
acl acl_config_name type_of_acl_config values_passed_to_acl
|
|
</PRE>
|
|
|
|
<P>Thus in the configuration file, locate the line:</P>
|
|
|
|
<PRE>
|
|
http_access deny all
|
|
</PRE>
|
|
|
|
<P>And above which, add the following lines</P>
|
|
|
|
<PRE>
|
|
acl weekendmechnetwork 10.1.100.1/255.255.255.0
|
|
http_access allow weekendmechnetwork
|
|
</PRE>
|
|
|
|
<P>You can change the acl name of "weekendmechnetwork" to a name of your choice.
|
|
What this does, is it says that for the acl with the name "weekendmechnetwork",
|
|
use the specified IP address 10.1.100.1 (the proxy server), with a netmask of 255.255.255.0
|
|
Thus, "weekendmechnetwork" is the name assigned to the clients on the network.</P>
|
|
|
|
<P>The line "http_access allow weekendmechnetwork" says that the rule is valid, and
|
|
so can be parsed by squid itself.</P>
|
|
|
|
<P>The next thing that we shall do, is look at allowing selected clients to access the internet.
|
|
This is useful for networks where not all of the machines should connect to the internet.</P>
|
|
|
|
<P>Below what we have already added, we can specify something like:</P>
|
|
|
|
<PRE>
|
|
acl valid_clients src 192.168.1.2 192.168.1.3 192.168.1.4
|
|
http_access allow valid_clients
|
|
http_access deny !valid_clients
|
|
</PRE>
|
|
|
|
<P>What this says is that for the ACL name "valid_clients" with the src IP addresses
|
|
listed, allow http access to "valid_clients" <B>(http_access allow valid_clients)</B>,
|
|
and disallow anyother IP's which are not listed <B>(http_access deny !valid_clients)</B>.</P>
|
|
|
|
<P>If you wanted to allow <I>every</I> machine Internet access, then you can specify:</P>
|
|
|
|
<PRE>
|
|
http_access allow all
|
|
</PRE>
|
|
|
|
<P>But, we can extend the ACL's further, by telling squid that certain ACL's are only active
|
|
at certain times, for example:</P>
|
|
|
|
<PRE>
|
|
1. acl clientA src 192.168.1.1
|
|
2. acl clientB src 192.168.1.2
|
|
3. acl clientC src 192.168.1.3
|
|
4. acl morning time 08:00-12:00
|
|
5. acl lunch time 12:30-13:30
|
|
6. acl evening time 15:00-21:00
|
|
7. http_access allow clientA morning
|
|
8. http_access allow clientB evening
|
|
9. http_access allow clientA lunch
|
|
10. http_access allow clientC evening
|
|
11. http_access deny all
|
|
</PRE>
|
|
|
|
<B><I>[ ** N.B. Omit the line numbers when entering the above, I've added them here to make
|
|
explaination easier -- Thomas Adam ** ]</I></B>
|
|
|
|
<P>
|
|
<B>Lines 1-3</B> set-up the ACL names which identify the machines.<BR>
|
|
|
|
<B>Lines 4-6</B> set-up ACL names for the specified time limits (24-hour format).<BR>
|
|
|
|
<B>Line 7</B> says to allow <I>clientA</I> (and only clientA) access during "morning"
|
|
hours.<BR>
|
|
|
|
<B>Line 8</B> says to allow <I>clientB</I> (and only clientB) access during "evening"
|
|
hours.<BR>
|
|
|
|
<B>Line 9</B> says to allow <I>clientA</I> (and only clientA) access during "lunch"
|
|
hours.<BR>
|
|
|
|
<B>Line 10</B> says to allow <I>clientC</I> (and only clientC) access during "evening"
|
|
hours.<BR>
|
|
|
|
<B>Line 11</B> then says that if any other client attempts to connect -- disallow it.<BR>
|
|
|
|
<P>But we can also take the uses of ACL's further, by telling Squid to match certain regexes
|
|
in the URL expression, and in effect throw the request in the bin (or more accurately --
|
|
"&>/dev/null" :-)</P>
|
|
|
|
<P>To do this, we can specify a new ACL name that will hold a particular pattern. For example</P>
|
|
|
|
<PRE>
|
|
1. acl naughty_sites url_regex -i sex
|
|
2. http_access deny naughty_sites
|
|
3. http_access allow valid_clients
|
|
4. http-access deny all
|
|
</PRE>
|
|
|
|
<B><I>[ ** Remember -- don't use the line numbers above!! ** ]</I></B>
|
|
|
|
<P>
|
|
<B>Line 1</B> says that the word "sex" is associated with the ACL name "
|
|
naughty_sites" the clause <B>url_regex</B> says that the ACL is of that type -- i.e.
|
|
it is to check the words contained within the URL. The <B>-i</B> says that it is to
|
|
ignore case-sensitivity.<BR>
|
|
<B>Line 2</B> says to deny all clients access to the website that contains anything from
|
|
the ACL "naughty_sites"<BR>
|
|
<B>Line 3</B> says to allow access from "valid_clients".<BR>
|
|
<B>Line 4</B> says to deny any other requests.
|
|
</P>
|
|
|
|
<P>So,I suppose you are now wondering...."how do I specify more than one regex?".
|
|
Well, the answer is simple....you can put them in a separate file. For example, suppose
|
|
you wanted to filter the following words, and dis-allow access to them, if they appeared
|
|
in the URL:</P>
|
|
|
|
<PRE>
|
|
sex
|
|
porn
|
|
teen
|
|
</PRE>
|
|
|
|
<P>You can add them to a file (one word at a time), say in:</P>
|
|
|
|
<PRE>
|
|
/etc/squid/bad_words.regex
|
|
</PRE>
|
|
|
|
<P>Then, in "/etc/squid.conf" you can specify:</P>
|
|
|
|
<PRE>
|
|
acl bad-sites url_regex -i "/etc/squid/bad_words.regex"
|
|
http_access deny bad_sites
|
|
http_access allow valid_clients
|
|
http-access deny all
|
|
</PRE>
|
|
|
|
<P>Which probably makes life easier!! :-). That means that you can add words to the list
|
|
whenever you need to.</P>
|
|
|
|
<P>There is also a much more easier way of filtering both regexes and domain names, by using
|
|
a program called <A HREF="#squidg">SquidGuard</A>. More about that later.....</P>
|
|
|
|
<!-- ==================== -->
|
|
<!-- END squid: filtering -->
|
|
<!-- ==================== -->
|
|
|
|
<HR WIDTH=25%>
|
|
|
|
<!-- --------------------- -->
|
|
|
|
<!-- ======================= -->
|
|
<!-- BEGIN: squid: initsquid -->
|
|
<!-- ======================= -->
|
|
|
|
<H2><A NAME="filtering">Initialising Squid</A></H2>
|
|
|
|
<P>Now we come to the most important part -- actully running squid. Unfortunately, if this is
|
|
the first ever time that you'll be initialising squid, then there are a few options that you must
|
|
pass to it.</P>
|
|
|
|
<P>Typically, the most common options that can be passed to squid, can be summed up in the following
|
|
table.</P>
|
|
|
|
<TABLE BORDER="1" ALIGN="center" WIDTH=100%>
|
|
<TH WIDTH=25% ALIGN="center">Flag</TH>
|
|
<TH WIDTH=75% ALIGN="center">Explanation</TH>
|
|
<TR>
|
|
<TD ALIGN="center">-z</TD>
|
|
<TD ALIGN="left">This creates the swap directories that squid needs. This should only ever
|
|
be used when running squid for the first time, or if your cache directories get deleted.</TD>
|
|
</TR>
|
|
|
|
<TR>
|
|
<TD ALIGN="center">-f</TD>
|
|
<TD ALIGN="left">This options allows you to specify an alternative file to use, rather
|
|
than the default "/etc/squid/conf". However, this option should be rarily used.</TD>
|
|
</TR>
|
|
|
|
<TR>
|
|
<TD ALIGN="center">-k reconfigure</TD>
|
|
<TD ALIGN="left">This option tells squid to re-load its configuration file, without stopping
|
|
the squid daemon itself.</TD>
|
|
</TR>
|
|
|
|
<TR>
|
|
<TD ALIGN="center">-k rotate</TD>
|
|
<TD ALIGN="left">This option tells squid to rotate its logs, and start new ones. This
|
|
option is useful in a cron job.</TD>
|
|
</TR>
|
|
|
|
<TR>
|
|
<TD ALIGN="center">-k shutdown</TD>
|
|
<TD ALIGN="left">Stops the execution of Squid.</TD>
|
|
</TR>
|
|
|
|
<TR>
|
|
<TD ALIGN="center">-k check</TD>
|
|
<TD ALIGN="left">Checks to ensure that the squid deamon is up and running.</TD>
|
|
</TR>
|
|
|
|
<TR>
|
|
<TD ALIGN="center">-k parse</TD>
|
|
<TD ALIGN="left">Same as "-k reconfigure".</TD>
|
|
</TR>
|
|
</TABLE>
|
|
|
|
<P>The full listing however for the available options are as follows:</P>
|
|
|
|
<PRE>
|
|
Usage: squid [-dhsvzCDFNRVYX] [-f config-file] [-[au] port] [-k signal]
|
|
-a port Specify HTTP port number (default: 3128).
|
|
-d level Write debugging to stderr also.
|
|
-f file Use given config-file instead of
|
|
/etc/squid/squid.conf
|
|
-h Print help message.
|
|
-k reconfigure|rotate|shutdown|interrupt|kill|debug|check|parse
|
|
Parse configuration file, then send signal to
|
|
running copy (except -k parse) and exit.
|
|
-s Enable logging to syslog.
|
|
-u port Specify ICP port number (default: 3130), disable with 0.
|
|
-v Print version.
|
|
-z Create swap directories
|
|
-C Do not catch fatal signals.
|
|
-D Disable initial DNS tests.
|
|
-F Foreground fast store rebuild.
|
|
-N No daemon mode.
|
|
-R Do not set REUSEADDR on port.
|
|
-V Virtual host httpd-accelerator.
|
|
-X Force full debugging.
|
|
-Y Only return UDP_HIT or UDP_MISS_NOFETCH during fast reload.
|
|
</PRE>
|
|
|
|
<P>If you are running squid for the first time, then log in as user "root" and
|
|
type in the following:</P>
|
|
|
|
<PRE>
|
|
squid -z
|
|
</PRE>
|
|
|
|
<P>This will create the cache.</P>
|
|
|
|
<P>Then you can issue the command:</P>
|
|
|
|
<PRE>
|
|
squid
|
|
</PRE>
|
|
|
|
<P>And that's it -- you have yourself a running proxy server. Well done!!</P>
|
|
|
|
<HR>
|
|
|
|
<!-- ======================================================================== -->
|
|
|
|
<!-- ============= -->
|
|
<!-- BEGIN: squidg -->
|
|
<!-- ============= -->
|
|
|
|
<H2><A NAME="squidg">A Brief Introduction: SquidGuard</A></H2>
|
|
|
|
<!-- --------------------- -->
|
|
<!-- BEGIN: squidg contents -->
|
|
<!-- --------------------- -->
|
|
|
|
<UL>
|
|
<LI><A HREF="#wsquidg">What is SquidGuard?</A></LI>
|
|
<LI><A HREF="#sginst">Installation</A></LI>
|
|
<LI><A HREF="#sgconf">Configuration</A></LI>
|
|
</UL>
|
|
|
|
<!-- ===================== -->
|
|
<!-- END: squidg: contents -->
|
|
<!-- ===================== -->
|
|
|
|
<HR>
|
|
|
|
<!-- ===================== -->
|
|
|
|
<!-- ====================== -->
|
|
<!-- BEGIN: squidg: wsquidg -->
|
|
<!-- ====================== -->
|
|
|
|
<H2><A NAME="wsquidg">What is SquidGuard?</A></H2>
|
|
|
|
<P>SquidGuard is an external "redirect program" whereby squid actually forwards the
|
|
requests sent to itself to the external SquidGuard daemon. SquidGuard's job is to allow a
|
|
greater control of filtering than Squid itself does.</P>
|
|
|
|
<P>Although, it should be pointed out that to carry out filtering, the use of SquidGuard is not
|
|
necessary for simple filters.</P>
|
|
|
|
<!-- ===================== -->
|
|
<!-- END: squidg: wsquidg -->
|
|
<!-- ===================== -->
|
|
|
|
<HR WIDTH=25%>
|
|
|
|
<!-- ======================== -->
|
|
|
|
<!-- ====================== -->
|
|
<!-- BEGIN: squidg: sginst -->
|
|
<!-- ====================== -->
|
|
|
|
<H2><A NAME="sginst">Installation</A></H2>
|
|
|
|
<P>SquidGuard is available from (funnily enough) <A HREF="http://www.squidguard.org/download"
|
|
TARGET="_blank"> http://www.squidguard.org/download</A>. This site is very informative and
|
|
has lots of useful information about how to configure SquidGuard.</P>
|
|
|
|
<P>As per Squid, SquidGuard is available in both rpm and .tgz format.
|
|
|
|
<P>If your distribution supports the RPM format then you can install it in the following way:</P>
|
|
|
|
<PRE>
|
|
su - -c "rpm -i ./SquidGuard-1.2.1.noarch.rpm"
|
|
</PRE>
|
|
|
|
<P>Should your distribution not support the RPM format, then you can download the sources and
|
|
compile it, in the following manner:</P>
|
|
|
|
<PRE>
|
|
tar xzvf ./SquidGuard-1.2.1.tgz
|
|
./configure
|
|
make && make install
|
|
</PRE>
|
|
|
|
<P>The files should be installed in "/usr/local/squidguard/"</P>
|
|
|
|
<!-- ==================== -->
|
|
<!-- END: squidg: sginst -->
|
|
<!-- ==================== -->
|
|
|
|
<HR WIDTH=25%>
|
|
|
|
<!-- ======================== -->
|
|
|
|
<!-- ====================== -->
|
|
<!-- BEGIN: squidg: sgconf -->
|
|
<!-- ====================== -->
|
|
|
|
<H2><A NAME="sgconf">Configuration</A></H2>
|
|
|
|
<P>Before we can actually start tweaking the main "/etc/squidguard.conf", we
|
|
must first make one small change to our old friend <B>"/etc/squid.conf"</B>.
|
|
In the file, locate the TAG:</P>
|
|
|
|
<PRE>
|
|
#redirect_program none
|
|
</PRE>
|
|
|
|
<P>Uncomment it, and replace the the word "none" for the path to the main
|
|
<B>SquidGuard</B> file. If you don't know where the main file is, then you can issue
|
|
the command:</P>
|
|
|
|
<PRE>
|
|
whereis squidGuard
|
|
</PRE>
|
|
|
|
<P>And then enter the appropriate path and filename. Thus, it should now look like:</P>
|
|
|
|
<PRE>
|
|
redirect_program /usr/local/bin/squidGuard
|
|
</PRE>
|
|
|
|
<P>Save the file, and then type in the following:</P>
|
|
|
|
<PRE>
|
|
squid -k reconfigure
|
|
</PRE>
|
|
|
|
<P>Which will re-load the configuration file.</P>
|
|
|
|
<P>Ok, now the fun begins. Having told squid that we will be using a redirect program to
|
|
filter requests sent to it, we must now define rules to match that.</P>
|
|
|
|
<P>SquidGuard's main configuration file is <B>"/etc/squidguard"</B>. Out of the
|
|
box, this file looks like the following:</P>
|
|
|
|
<P ALIGN="center">-------------------</P>
|
|
|
|
<P>(<A HREF="misc/adam/squidguard.conf.txt">text version</A>)</P>
|
|
|
|
<PRE>
|
|
logdir /var/squidGuard/logs
|
|
dbhome /var/squidGuard/db
|
|
|
|
src grownups {
|
|
ip 10.0.0.0/24 # range 10.0.0.0 - 10.0.0.255
|
|
# AND
|
|
user foo bar # ident foo or bar
|
|
}
|
|
|
|
src kids {
|
|
ip 10.0.0.0/22 # range 10.0.0.0 - 10.0.3.255
|
|
}
|
|
|
|
dest blacklist {
|
|
domainlist blacklist/domains
|
|
urllist blacklist/urls
|
|
}
|
|
|
|
acl {
|
|
grownups {
|
|
pass all
|
|
}
|
|
|
|
kids {
|
|
pass !blacklist all
|
|
}
|
|
|
|
default {
|
|
pass none
|
|
redirect http://localhost/cgi/blocked?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
|
|
}
|
|
}
|
|
</PRE>
|
|
<P ALIGN="center">-------------------</P>
|
|
|
|
<P>What I shall do, is take the config file in sections, and explain what each part of it does.</P>
|
|
|
|
<PRE>
|
|
logdir /var/squidGuard/logs
|
|
dbhome /var/squidGuard/db
|
|
</PRE>
|
|
|
|
<P>The first line sets up the directory where the logfile will appear, and creates it if it
|
|
does not exist.</P>
|
|
|
|
<P>The second line sets up the directory where the database(s) of banned sites, expressions,
|
|
etc, are stored.</P>
|
|
|
|
<PRE>
|
|
src grownups {
|
|
ip 10.0.0.0/24 # range 10.0.0.0 - 10.0.0.255
|
|
# AND
|
|
user foo bar # ident foo or bar
|
|
}
|
|
</PRE>
|
|
|
|
<P>The above block of code, sets up a number of things. Firstly, the src "grownups"
|
|
is defined by specifying an IP address range, and saying which users are a member of this block.
|
|
For convenience sake, the generic terms "foo" and "bar" are used here as an
|
|
example.</P>
|
|
|
|
<P>It should also be pointed out that the <B>user</B> TAG can only be used if an ident server
|
|
is running on the server that forwards the request onto the squid proxy server, otherwise it will
|
|
be void.</P>
|
|
|
|
<PRE>
|
|
src kids {
|
|
ip 10.0.0.0/22 # range 10.0.0.0 - 10.0.3.255
|
|
}
|
|
</PRE>
|
|
|
|
<P>This section of statements sets up another block, this time called "kids" which is
|
|
determined by a range of IP addresses, but no users.</P>
|
|
|
|
<P>You can think of <B>grownups</B> and <B>kids</B> as being ACL names similar to those found in
|
|
"/etc/squid.conf".</P>
|
|
|
|
<PRE>
|
|
dest blacklist {
|
|
domainlist blacklist/domains
|
|
urllist blacklist/urls
|
|
expression blacklist/expressions
|
|
}
|
|
</PRE>
|
|
|
|
<P>This section of code is significant since it defines a <B>dest</B> list to specific filtering
|
|
processes. By processes, there are three main ways that SquidGuard applies its filtering
|
|
process:</P>
|
|
|
|
<P>1. domainlist -- lists domains, and only those, one line at a time, for example:</P>
|
|
|
|
<PRE>
|
|
nasa.gov.org
|
|
squid-cache.org
|
|
cam.ac.uk
|
|
</PRE>
|
|
|
|
<P>2. urllist -- actually specifying specific webpages (and omitting the "www.",
|
|
e.g.</P>
|
|
|
|
<PRE>
|
|
linuxgazette.com/current
|
|
cam.ac.uk/~users
|
|
</PRE>
|
|
|
|
<P>3. expression -- regex words that should be banned within the URL, thus:</P>
|
|
|
|
<PRE>
|
|
sex
|
|
busty
|
|
porn
|
|
</PRE>
|
|
|
|
<P>The last block of code:-</P>
|
|
|
|
<PRE>
|
|
acl {
|
|
grownups {
|
|
pass all
|
|
}
|
|
|
|
kids {
|
|
pass !blacklist all
|
|
}
|
|
|
|
default {
|
|
pass none
|
|
redirect http://localhost/cgi/blocked?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
|
|
}
|
|
}
|
|
</PRE>
|
|
|
|
<P>Says that for the <B>acl</B> block, and for the "grownups" section, pass all the
|
|
requests to it -- i.e. allow those URL's / expressions, etc, that are contained witin the <B>dest
|
|
</B> blacklists.</P>
|
|
|
|
<P>Then, it says that for the "kids" section, pass all requests, <B>except</B> those
|
|
contained within the <B>dest blacklists</B>. At which point, if a URL is matched from the dest
|
|
blacklists, it is then forwarded, to the <B>default</B> section.</P>
|
|
|
|
<P>The <B>default</B> section says that if requests are found not to come from either "
|
|
grownups" or "kids" then it won't allow access to the website, and will
|
|
redirect you to another webpage, which is most likely an error page.</P>
|
|
|
|
<P>The variables passed with this redirect statement, specify the type of request, etc,
|
|
which can then be processed by a cgi-script to produce a custom error message, for example.</P>
|
|
|
|
<P>It should be pointed out that in order for filtering to take place, then the following
|
|
piece of code should be present:</P>
|
|
|
|
<PRE>
|
|
default {
|
|
pass none
|
|
}
|
|
</PRE>
|
|
|
|
<P>Either with or without the <B>redirect</B> clause.</P>
|
|
|
|
<P>There are more advanced configuration options that can be used within this file. Examples
|
|
can be found out at <A HREF="http://www.squidguard.org/configuration" TARGET="_blank">
|
|
http://www.squidguard.org/configuration</A>.</P>
|
|
|
|
<P>Thus completes the tutorial for both <B>Squid</B> and <B>SquidGuard</B>. Further
|
|
information can be found at the all of the URL's embedded in this document, and at my
|
|
website, which is at the following address:</P>
|
|
|
|
<A HREF="http://www.squidproxyapps.org.uk" TARGET="_blank">www.squidproxyapps.org.uk</A>
|
|
|
|
<!-- ==================== -->
|
|
<!-- END: squidg: sgconf -->
|
|
<!-- ==================== -->
|
|
|
|
<HR>
|
|
|
|
<!-- ======================== -->
|
|
|
|
<!-- ====================== -->
|
|
<!-- BEGIN: keyfiles -->
|
|
<!-- ====================== -->
|
|
|
|
<H2><A NAME="keyfiles">Keyfiles: A Handy BASH backup script</A></H2>
|
|
|
|
<P>OK, ok, I know you're all thinking: "Not <I>another</I> backup script".
|
|
Well, there has been some talk of this on TAG (The Answer Gang) mailing list recently
|
|
so, I thought, I'd jump on the band-wagon.....</P>
|
|
|
|
<P>This script is really quite simple -- it uses a configuration file (plain text)
|
|
which lists all of the files (and directories) that you want backed up, and then
|
|
puts them in a gzipped tarball, in a specified location.</P>
|
|
|
|
<P>Those of you who are familiar with BASH shell scripting, might find this a little
|
|
rumedial, however, I hope that my in-line comments will aid those who are still trying
|
|
to learn the shell</P>
|
|
|
|
<P ALIGN="center">-------------------</P>
|
|
<P>(<A HREF="misc/adam/keyfiles.sh.txt">Text Version</A>)</P>
|
|
|
|
<PRE>
|
|
#!/bin/bash
|
|
#################################################
|
|
#Keyfiles - tar/gzip configuration files #
|
|
#Version: Version 1.0 (first draft) #
|
|
#Ackn: based on an idea from Dave Turnbull #
|
|
#Authour: Thomas Adam #
|
|
#Date: Monday 28 May 2001, 16:05pm BST #
|
|
#Website: www.squidproxyapps.org.uk #
|
|
#Contact: thomas@squidproxyapps.org.uk #
|
|
#################################################
|
|
|
|
#Comments herein are for the benefit of Dave Turnbull :-).
|
|
|
|
#Declare Variables
|
|
configfile="/etc/keyfiles.conf"
|
|
tmpdir="/tmp"
|
|
wrkdir="/var/log/keyfiles"
|
|
tarfile=keyfiles-$(date +%d%m%Y).tgz
|
|
method=$1 #options passed to "keyfiles"
|
|
submethod=$2 #options supplied along with "$1"
|
|
quiet=0 #Turns on verbosity (default)
|
|
|
|
cmd=`basename $0` #strip path from filename.
|
|
optfiles="Usage: $cmd [--default (--quiet)] [--listconffiles] [--restore (--quiet)] [--editconf] [--delold] [--version]"
|
|
version="keyfiles: Created by Thomas Adam, Version 1.0 (Tuesday 5 June 2001, 23:42)"
|
|
|
|
#handle error checking...
|
|
if [ ! -e $configfile ]; then
|
|
for beepthatbell in 1 2 3 4 5; do
|
|
echo -en "\x07"
|
|
mail -s "[Keyfiles]: $configfile not found" $USER
|
|
done
|
|
fi
|
|
|
|
#Make sure we have a working directory
|
|
[ ! -d $wrkdir ] && mkdir $wrkdir
|
|
|
|
#Parse options sent via command-line
|
|
if [ -z $method ]; then
|
|
echo $optfiles
|
|
exit 0
|
|
fi
|
|
|
|
#Check command line syntax
|
|
check_syntax ()
|
|
{
|
|
case $method in
|
|
--default)
|
|
cmd_default
|
|
;;
|
|
--listconffiles)
|
|
cmd_listconffiles
|
|
;;
|
|
--restore)
|
|
shift 1
|
|
cmd_restore
|
|
;;
|
|
--editconf)
|
|
exec $EDITOR $configfile
|
|
exit 0
|
|
;;
|
|
--delold)
|
|
cd $wrkdir && rm -f ./*.old > /dev/null
|
|
exit 0
|
|
;;
|
|
--version)
|
|
echo $version
|
|
exit 0
|
|
;;
|
|
--*|-*|*)
|
|
echo $optfiles
|
|
exit 0
|
|
;;
|
|
esac
|
|
}
|
|
|
|
#Now the work begins.....
|
|
#declare function to use "--default" settings
|
|
cmd_default ()
|
|
{
|
|
|
|
#tar/gz all files contained within $configfile
|
|
|
|
if [ $submethod ]; then
|
|
tar -cZPpsf $tmp/$tarfile $(cat $configfile) &>/dev/null 2>&1
|
|
else
|
|
tar -vcZPpsf $tmp/$tarfile $(cat $configfile)
|
|
fi
|
|
|
|
#If the contents of the directory is empty......
|
|
if test $(ls -1 $wrkdir | grep -c -) = "0"; then
|
|
mv $tmp/$tarfile $wrkdir
|
|
exit 0
|
|
fi
|
|
|
|
for i in $(ls $wrkdir/*.tgz); do
|
|
mv $i $i.old
|
|
done
|
|
|
|
mv $tmp/$tarfile $wrkdir
|
|
}
|
|
|
|
#List files contained within $configfile
|
|
cmd_listconffiles ()
|
|
{
|
|
sort -o $configfile $configfile
|
|
cat $configfile
|
|
exit 0
|
|
}
|
|
|
|
#Restore files......
|
|
cmd_restore ()
|
|
{
|
|
cp $wrkdir/keyfiles*.tgz /
|
|
cd /
|
|
|
|
#Check for quiet flag :-)
|
|
if [ $submethod ]; then
|
|
tar vzxfmp keyfiles*.tgz &>/dev/null 2>&1
|
|
rm -f /keyfiles*.tgz
|
|
exit 0
|
|
else
|
|
tar vzxfmp keyfiles*.tgz
|
|
rm -f /keyfiles*.tgz
|
|
exit 0
|
|
fi
|
|
}
|
|
|
|
#call the main function
|
|
check_syntax
|
|
</PRE>
|
|
|
|
<P ALIGN="center">-------------------</P>
|
|
|
|
<P>Suffice to say, the main changes that you might have to make, are to the following
|
|
variables:</P>
|
|
|
|
<PRE>
|
|
configfile="/etc/keyfiles.conf"
|
|
tmpdir="/tmp"
|
|
wrkdir="/var/log/keyfiles"
|
|
</PRE>
|
|
|
|
<P>However, my script is sufficiently intelligent, to check for the presence of $wrkdir,
|
|
and if it doesn't exist -- create it.</P>
|
|
|
|
<P>You will also have to make sure that you set the appropriate permissions, thus:</P>
|
|
|
|
<PRE>
|
|
chmod 700 /usr/local/bin/keyfiles
|
|
</PRE>
|
|
|
|
<P>The most important file, is the script's configuration file, which, for me, looks like
|
|
the following:</P>
|
|
|
|
<P ALIGN="center">-------------------</P>
|
|
<P>(<A HREF="misc/adam/keyfiles.conf.txt">Text Version</A>)</P>
|
|
|
|
<PRE>
|
|
/etc/keyfiles.conf
|
|
/etc/rc.config
|
|
/home/*/.AnotherLevel/*
|
|
/home/*/.fvwm2rc.m4
|
|
/home/solent/ada/*
|
|
/root/.AnotherLevel/*
|
|
/root/.fvwm2rc.m4
|
|
/usr/bin/header.sed
|
|
/usr/bin/loop4mail
|
|
/var/spool/mail/*
|
|
</PRE>
|
|
|
|
<P ALIGN="center">-------------------</P>
|
|
|
|
<P>Since this file, is passed to the main <B>tar</B> program, then the use of wildcards is
|
|
valid, as in the above file.</P>
|
|
|
|
<P>It should be pointed out that each time the script runs, the last backup file created, i.e "keyfiles-DATE.tgz" is renamed to "keyfiles-DATE.tgz.old" before the new file
|
|
takes its place.</P>
|
|
|
|
<P>This is so that if you need to restore the backup file at anytime, my script knows which file
|
|
to use by checking for a ".tgz" extension.</P>
|
|
|
|
<P>Because of this feature, I have also included a "--delold" option which deletes all the
|
|
old backup files from the directory.</P>
|
|
|
|
<P>To use the program, type:</P>
|
|
|
|
<PRE>
|
|
keyfiles --default
|
|
</PRE>
|
|
|
|
<P>Which will start the backup process. If you want to surpress the verbosity, you can add the flag:
|
|
</P>
|
|
|
|
<PRE>
|
|
keyfiles --default --quiet
|
|
</PRE>
|
|
|
|
<P>The other options that this program takes, are pretty much self-explanatory.</P>
|
|
|
|
<P>This backup script is by no means perfect, and there are better ones available. Any
|
|
comments that you have, would be appreciated!!</P>
|
|
|
|
<!-- ==================== -->
|
|
<!-- END: keyfiles -->
|
|
<!-- ==================== -->
|
|
|
|
<HR>
|
|
|
|
<!-- ======================== -->
|
|
|
|
<!-- ====================== -->
|
|
<!-- BEGIN: keyfiles -->
|
|
<!-- ====================== -->
|
|
|
|
<H2><A NAME="prognedit">Program Review: Nedit</A></H2>
|
|
|
|
<P>Way, way, back in the days when the illustrious founder of this special magazine, <B>
|
|
John Fisk</B> was writing this column, another authour, <B>Larry Ayers</B> used to do a
|
|
series of program reviews. He mentioned briefly a new program called <I>Nedit</I>, but
|
|
never reviewed it.</P>
|
|
|
|
<P>So, I will :-)</P>
|
|
|
|
<P>I have been using Nedit for about three years now. I do all of my work in it -- when I
|
|
am in X11 that is. A typical window of Nedit, looks like <A HREF="misc/adam/nedit1.png">
|
|
this screenshot</A>.</P>
|
|
|
|
<P>This program offers a huge selection of features. Probably the most popular is the
|
|
syntax highlighting feature, for over a host of languages, many of which are:</P>
|
|
|
|
<UL>
|
|
<LI>C</LI>
|
|
<LI>C++</LI>
|
|
<LI>Java</LI>
|
|
<LI>JavaScript</LI>
|
|
<LI>Ada</LI>
|
|
<LI>Fortran</LI>
|
|
<LI>Pascal</LI>
|
|
<LI>Lex</LI>
|
|
<LI>Yacc</LI>
|
|
<LI>Perl</LI>
|
|
<LI>Python</LI>
|
|
<LI>Tcl</LI>
|
|
<LI>Awk</LI>
|
|
<LI>Sh Ksh Bash</LI>
|
|
<LI>Csh</LI>
|
|
<LI>Makefile</LI>
|
|
<LI>SGML HTMK</LI>
|
|
<LI>LaTeX</LI>
|
|
<LI>Postscript</LI>
|
|
<LI>SQL</LI>
|
|
<LI>Matlab</LI>
|
|
<LI>VHDL</LI>
|
|
<LI>Verilog</LI>
|
|
<LI>Xresources</LI>
|
|
<LI>Nedit Macro</LI>
|
|
<LI>CSS</LI>
|
|
<LI>Regex</LI>
|
|
<LI>XML</LI>
|
|
</UL>
|
|
|
|
<P>If, for some bizare reason, you program in an obscure langauge that is not listed in the
|
|
above then you can specify your own regex patterns.</P>
|
|
|
|
<P>Nedit also allows you to do complex search and replace methods by using case-sensitive
|
|
regex pattern matches.</P>
|
|
|
|
<P>A typical search / replace dialog box, looks like the following:</P>
|
|
|
|
<IMG SRC=".isc/adam/nedit2.png">
|
|
|
|
<P>Allowing you to form complex searches.</P>
|
|
|
|
<P>Each of the menus, can be torn-off and remain sticky windows. This can be particularly
|
|
useful, if you a particular menu over and over, and don't want to keep clicking on it
|
|
each time.</P>
|
|
|
|
<P>This program is over-loaded with options, many of which I am sure are useful, but I
|
|
have not been able to find a use for all of them yet. And as if that was not enough,
|
|
Nedit allows you to write custom macros so that you can define even more weirder
|
|
functions.</P>
|
|
|
|
<P>I recommend this program to <I>everyone</I>, and while I don't want to re-invent the
|
|
<B>Emacs / Vim</B> argument, I really would consider it a viable alternative to the
|
|
over-bloated "X11-Emacs" package that eats up far too much memory!! :-) </P>
|
|
|
|
<P>You can get Nedit from the following:</P>
|
|
|
|
<A HREF="http://www.nedit.org" TARGET="_blank">www.nedit.org</A>
|
|
|
|
<P>Enjoy it :-)</P>
|
|
|
|
<!-- ==================== -->
|
|
<!-- END: nedit -->
|
|
<!-- ==================== -->
|
|
|
|
<HR>
|
|
|
|
<!-- ======================== -->
|
|
|
|
<!-- ====================== -->
|
|
<!-- BEGIN: closing time -->
|
|
<!-- ====================== -->
|
|
|
|
<H2><A NAME="closet">Closing Time</A></H2>
|
|
|
|
<P>Well, that concludes it for this month -- I had not expected it to be quite this long!!.
|
|
My academic year is more or less at a close, and I have exams coming up at the end of May.
|
|
Then I shall be free over the summer to pursue all my Linux ideas that have been
|
|
formulating in my brain ( <B>-- that is whats left of it after Ben Okopnik brain washed me)
|
|
</B>:-)</P>
|
|
|
|
<P>Oh well, until next month -- take care.</P>
|
|
|
|
<!-- ==================== -->
|
|
<!-- END: closet -->
|
|
<!-- ==================== -->
|
|
|
|
<HR>
|
|
|
|
<!-- ** Begin table comments, etc. Oh wakey wakey you idiot Thomas ** -->
|
|
<TABLE width="60%" align=center border=0>
|
|
<TBODY>
|
|
<TR>
|
|
<TH></TH>
|
|
<TH></TH>
|
|
<TH></TH>
|
|
<TR>
|
|
<TD width="10%"><IMG height=64 alt="" src="../gx/adam/mail.png"
|
|
width=64 align=left></TD>
|
|
<TD align=middle width="80%"><FONT color=red size=5>Send Your
|
|
Comments</FONT></TD>
|
|
<TD width="10%"><IMG height=64 alt="" src="../gx/adam/mail.png"
|
|
width=64 align=left></TD></TR></TBODY></TABLE>
|
|
<P align=center><FONT size=3>Any comments, suggestions, ideas, etc can be mailed
|
|
to me by clicking the e-mail address link below:</FONT></P>
|
|
<P align=center><FONT size=3><A
|
|
href="mailto:thomas_adam16@yahoo.com">mailto:thomas_adam16@yahoo.com</A></FONT></P>
|
|
|
|
<HR>
|
|
|
|
|
|
|
|
|
|
<!-- *** BEGIN bio *** -->
|
|
<SPACER TYPE="vertical" SIZE="30">
|
|
<P>
|
|
<H4><IMG ALIGN=BOTTOM ALT="" SRC="../gx/note.gif">Thomas Adam</H4>
|
|
My name is Thomas Adam. I am 18, and am currently studying for A-Levels
|
|
(=university entrance exam). I live
|
|
on a small farm, in the county of Dorset in England. I am a massive Linux
|
|
enthusiast, and help with linux proxy issues while I am at school. I have been
|
|
using Linux now for about six years. When not using Linux, I play the piano,
|
|
and enjoy walking and cycling.
|
|
|
|
|
|
<!-- *** END bio *** -->
|
|
|
|
<!-- *** BEGIN copyright *** -->
|
|
<P> <hr> <!-- P -->
|
|
<H5 ALIGN=center>
|
|
|
|
Copyright © 2002, Thomas Adam.<BR>
|
|
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
|
|
Published in Issue 78 of <i>Linux Gazette</i>, May 2002</H5>
|
|
<!-- *** END copyright *** -->
|
|
|
|
<!--startcut ==========================================================-->
|
|
<HR><P>
|
|
<CENTER>
|
|
<!-- *** BEGIN navbar *** -->
|
|
<IMG ALT="" SRC="../gx/navbar/left.jpg" WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="bottom"><A HREF="lg_bytes.html"><IMG ALT="[ Prev ]" SRC="../gx/navbar/prev.jpg" WIDTH="16" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="index.html"><IMG ALT="[ Table of Contents ]" SRC="../gx/navbar/toc.jpg" WIDTH="220" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../index.html"><IMG ALT="[ Front Page ]" SRC="../gx/navbar/frontpage.jpg" WIDTH="137" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="http://www.linuxgazette.com/cgi-bin/talkback/all.py?site=LG&article=http://www.linuxgazette.com/issue78/adam.html"><IMG ALT="[ Talkback ]" SRC="../gx/navbar/talkback.jpg" WIDTH="121" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><A HREF="../lg_faq.html"><IMG ALT="[ FAQ ]" SRC="./../gx/navbar/faq.jpg"WIDTH="62" HEIGHT="45" BORDER="0" ALIGN="bottom"></A><A HREF="alcidi.html"><IMG ALT="[ Next ]" SRC="../gx/navbar/next.jpg" WIDTH="15" HEIGHT="45" BORDER="0" ALIGN="bottom" ></A><IMG ALT="" SRC="../gx/navbar/right.jpg" WIDTH="15" HEIGHT="45" ALIGN="bottom">
|
|
<!-- *** END navbar *** -->
|
|
</CENTER>
|
|
</BODY></HTML>
|
|
<!--endcut ============================================================-->
|