Protecting the innocent from the Internet part 1

Being a father of four with my oldest already at the age where he needs to use the computer I started asking myself do I have the ideal setup? And the answer was not really. Don’t get me wrong I have a PF sense firewall and a few other protections in place however I wanted to build a solution from the ground up instead of just installing a bunch of  packages on my firewall and not really understanding whats going on in the back end.

My proposed solution is to have a system that caches and scans web traffic for viruses as well as preform some sort of content filtering  based on various detection methods (phrase matching, PICS filtering and URL filtering etc) and most importantly the solution must be **FREE** to implement. I am sure the are other solutions in place that does a better job than the one I have outlined and by all means feel free to comment or email me.

Tools I plan on using:

  • FreeBSD 8.1
  • ClamAV
  • Squid
  • Dansguardian
  • Privoxy
  • HAVP

FreeBSD: If you are going to choose an OS I would suggest BSD, because in my opinion its one of the most secure and well build system out there.

ClamAV: Is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.

Squid: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages.

Dansguardian: Is an award winning Open Source web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters.

Privoxy: Is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes.

HAVP (HTTP AntiVirus proxy): is a proxy with an anti-virus filter. It does not cache or filter content.

Setup Phase

The first thing you need to do before you start installing your apps is to make sure you set a static address up on your BSD box, in my case I have freeBSD 8.1:

vi /etc/rc.conf and add the following lines, my gateway was 192.168.1.1 and IP 192.168.1.5

defaultroute=”192.168.1.1″
hostname=”bsdsrvr.infolookup.com”
ifconfig_le0=”192.168.1.5 netmask 255.255.255.0″
inetd_enable=”YES”

I would also run freebsd-update fetch and  freebsd-update install since it never hurts to have an updated repo. Now this is as far as I will go with this post, in my next post I will go through the install, config and testing. Comments and suggestions are always welcome.

–Sherwyn AKA Infolookup

References

http://www.br.freebsd.org/where.html

http://www.clamav.net/lang/en/

http://www.server-side.de/

http://www.privoxy.org/

http://wiki.linuxmce.org/index.php/Installing_Dansguardian

http://www.mustnofee.com/tutorials/37-tutorials/67-setting-up-squid-on-freebsd

http://bsdmag.org/

http://www.squid-cache.org/

Extending partitions with ease in VSphere 4.0

I know at some point in your IT career you have came across a server with  low disk space and wished you could extend the space without the added issues. In the pass it was easy to extend a storage drive by using the diskpart command however this would not work if you are trying to expand the system drive. Today I will show you how to correct your space allocation issues using VMware V to V technology.

First insure that you have the “VMware converter” plugin installed. If not do the following:

Click on the “Plug-ins” tab then “download & install” the converter plugin.

Click next and complete the install process

Once you have the plug-in successfully installed, shutdown the server you want to expand the hard drive on and do the following:

Right click one of your ESX host and select “Import Machine”

You will be presented with the import wizard, click next

Select vSphere Virtual Machine

Enter your ESX or vCenter IP/hostname along with the  username and password–>click next

Select a Virtual Machine to import

This is the important part:

  • Choose option 2 “select volumes and re-size to save or add space”
  • Click the drop down arrow under “new disk space” and select “Type Size in GB”–> type in your desired disk size.

Click next and choose a destination and name  for the new virtual machine

  • Choose a datastore for the new virtual machine
  • Map the VM NICs to a ESX network
  • Customize your VM (install tools, remove restore points
  • Select to run task immediately
  • Verify your config summary, you can also choose to power n the new VM after it has been created.

    Once you are satisfied click finish, grab a cup of coffee and enjoy your new and improve space!