Free Linux application in building a green campus network

The implementation of the "School-to-school communication" project has greatly promoted the reform of school education, teaching, and management. However, while building a network, many schools have neglected the security construction of campus networks, this includes how to protect campus network servers and prevent hacker intrusion; how to filter websites to prevent the impact of unhealthy websites on students. Based on the principle of zero cost and high efficiency, this article will talk about some applications of free Linux in building a green campus network.

Web Server Protection

1, configure Apache first to install a good Linux gateway, I use is easy to install and use the Redhat, you can download Redhat7.2 TO THE http://www.redhat.com. When installing Redhat7.2, Apache, Squid, and so on have been installed at the same time. We only need to configure it briefly.

After Redhat7.2 is installed, Apache is not running by default. Therefore, httpd is enabled to run Apache first. Modify the configuration file/etc/httpd/conf/httpd. conf.

LoadModule proxy_module modules/libproxy. so

AddModule mod_proxy.c

NameVirtualHost 210.77.126.xx # real IP address of the Gateway

# The real IP corresponding to the domain name

ServerName www.sdbjzx.com # Web

Server Domain Name

ProxyPass/192.168.1.1/# Web

Server IP Address

ProxyPassReverse/192.168.1.1 </p>

/# IP address of the Web server

2. The working principle is to explain the internal Web host to the external Nic of the Linux gateway. When a request from www.sdbjzx.com is received, the gateway can automatically forward the request to 192.168.1.1, after receiving the response from 192.168.1.1, rewrite the source address as the real IP address of the gateway and return it to the Internet user. This prevents external hackers from seeing the real Web server, thus effectively protecting the Web server.

Website Filtering

1. Configure the proxy server Squid

As above, start Squid to ensure that the Squid Proxy Server works properly. Modify the/etc/squid. conf configuration file.

Http_port 3128 # define the port for Squid to listen to HTTP client requests

Cache_mem 10 MB # The ideal memory value for Squid, Which is 1/3 of the physical memory.

Cache_swap_low 95

Cache_swap_low 90

Maximum_object_size 4096 KB # objects greater than this value are not stored

Cache_dir ufs/var/spool/squid/cache 200 16 256 # specify the size of the swap space and its directory structure of the Squid to store the object

Acl all src 192.168.1.1/24 # define all as 192.168.1.1 network segment

Http_acceaa allow all #192.168.1.1 customers can use the Squid proxy to access the Internet.

Cache_inclutive_user squid # used users and user groups

Cache_paitive_group squid

(Use the default value for other parameters !)

[Root @ squid bin] # chmod 777/var/spool/squid/cache (enable/var/spool/squid/

The cache directory is noboay. The user has the write permission)

[Root @ squid bin] # squid-z (create Squid

/Var/spool/squid/cache)

[Root @ squid bin] #/etc/rc. d/init. d/squid start (start Squid, stop squid with/etc/rc. d/init. d/squid stop)

Test on the client. Take Windows as an example. Run IE, click "Tools", click "Internet Options", click the "connection" tab, and click "LAN Settings". In the "LAN Settings" window, fill in the IP address of the Squid server 192.168.1.16 in the address area, fill in "3128" in the port area, and then exit. In this case, the client should be able to browse the Internet, indicating that Squid is running properly.

The following is the configuration of the website filtering function.

2. Install Berkeley DB 2.x

Download db from http://www.sleepycat.com-

2.7.7.tar.gz with/usr/local/squidGuard/

Src/directory

# Cd/usr/local/squidGuard/src/

# Tar xvzf db-2.7.7.tar.gz

# Cd db-2.7.7

# Cd build_unix

# ../Dist/configure

# Make

# Make install

(Installed in the/usr/local/BerkeleyDB directory by default)

Note: squidGuard does not support Berkeley DB 3.x.

3. install and configure SquidGuard

# Rpm-ivh squidGuard-1.2.0-3.i386.rpm (after installation data directory dbhome:/var/squidGuard/blacklists log directory logdir:/var/log/squidGuard)

Follow the prompts to modify the configuration lines in the/etc/squid. conf file:

Redirect_program/usr/sbin/squidGuard-c/etc/squid/squidGuard. confredirect_child 5

Restart Squid, view/var/log/squidGuard. log, and check the last line: 16:13:18 [2237] SquidGuard Ready for Requests, which indicates that SquidGuard is running properly. If a blocked website can be redirected to a specified webpage, it indicates that the filtering function has taken effect. (Note: SquidGuard-1.2.0-3.i386.rpmftp: // k12Linux. mesd. k12.or. us/pub/SquidGuard /)

Advantages

Easy configuration and low hardware requirements. Generally, the retired 486 and 586 models are fully qualified. All software is free of charge and the blocked list is updated quickly, just go to the http://www.squidGuard.org to download the latest version of the blocked list database to replace the old, you can also manually increase or decrease the blocked list, Squid can also set the Internet time period, use flexible and convenient. (Source: CCID-China Computer Education News)