The application of free Linux in the construction of Green Campus network _unix Linux

The implementation of the "school-school Pass" project, has greatly promoted the school education, the teaching, the management reform, but in the construction network, many schools have neglected the campus network security construction, including how protects the campus network server, prevents the hacker to invade, how carries on the website filtering, prevents the unhealthy website to the student influence. Based on the principle of 0 cost and high efficiency, this article discusses some applications of free Linux in building Green Campus network.

Web server Protection


1, configure Apache first to install a good Linux gateway, I use is easy to install the Redhat, can download Redhat7.2 to http://www.redhat.com. Install Redhat7.2, Apache, squid, etc. have been installed at the same time, we need to simply configure the can be used.

Redhat7.2 installed by default is not running Apache, so first enable httpd, that is, let Apache run up. Modify the/etc/httpd/conf/httpd.conf configuration file.

LoadModule Proxy_module modules/libproxy.so

Addmodule mod_proxy.c

Namevirtualhost 210.77.126.xx #网关的真实IP

#域名所对应的真实IP

ServerName www.sdbjzx.com #Web

Domain name of the server

PROXYPASS/192.168.1.1/#Web

IP of the server

Proxypassreverse/192.168.1.1</p>

/#Web服务器的IP

2, working principle of the internal web host to explain to the Linux gateway external network card, When a www.sdbjzx.com request is received, the gateway is automatically forwarded to 192.168.1.1, receiving a response of 192.168.1.1 and then overwriting the real IP address of the source address for the gateway back to the Internet user. So that outside hackers can not see the real Web server, thus effectively protect the Web server.

Website Filter

1, Proxy Server squid configuration

Like the above, first enable squid to ensure that the Squid Proxy server can work properly. Modify the/etc/squid/squid.conf configuration file.

Http_port 3128 #定义Squid监听HTTP客户端请求的端口

Cache_mem MB #Squid可使用的内存理想值, 1/3 of the permanent physical memory.

Cache_swap_low 95

Cache_swap_low 90

Maximum_object_size 4096 KB #大于该值对象将不被存储

Cache_dir Ufs/var/spool/squid/cache 256 #指定Squid用来存储对象的交换空间大小及其目录结构

ACL all src 192.168.1.1/24 #定义all为192.168.1.1 Network Segment

HTTP_ACCEAA allow all #192.168.1.1 Network Segment customers can use the Squid agent online.

Cache_effective_user Squid #使用的用户和用户组

Cache_effective_group Squid

(The rest of the parameters with the default value can!) )

[Root@squid bin]# chmod 777/var/spool/squid/cache (Make/var/spool/squid/

Cache directory has write permissions for Noboay users)

[Root@squid bin]# Squid-z (established squid

Cache directory/var/spool/squid/cache)

[Root@squid bin]#/etc/rc.d/init.d/squid Start (starting squid, stop squid with/etc/rc.d/init.d/squid stop)

Test on the client, taking windows as an example. Run IE, click Tools, click Internet Options, click the Connections tab, click LAN Settings, and in the LAN Settings window, insert the 192.168.1.16 IP address of the squid server in the "Address" box, and insert "3128" in the "Port" section. , and then exit after OK. At this point, the client should be able to browse the Internet to indicate that squid is working properly.

Below is the site filtering function configuration.

2. Install Berkeley DB 2.x

Download db-from http://www.sleepycat.com

2.7.7.tar.gz coexist in/usr/local/squidguard/

The src/directory

#cd/usr/local/squidguard/src/

#tar Xvzf db-2.7.7.tar.gz

#cd db-2.7.7

#cd Build_unix

#.. /dist/configure

#make

#make Install

(Installed by default to the/usr/local/berkeleydb directory)

Note: Squidguard does not support Berkeley DB 3.x version.

3, installation and configuration of Squidguard

#rpm-IVH squidguard-1.2.0-3.i386.rpm (post-installation data directory dbhome:/var/squidguard/blacklists log directory Logdir:/var/log/squidguard)

Modify the related configuration lines in the/etc/squid/squid.conf file as prompted:

Redirect_program/usr/sbin/squidguard-c/etc/squid/squidguard.confredirect_child 5

Restart squid, view/var/log/squidguard/squidguard.log, and look at the last line: 2002-05-23 16:13:18[2237] Squidguard Ready for Requests, Indicates that the Squidguard is running properly. Blocked Web sites can be redirected to a specific Web page, which means the filtering function is working. (Note: squidguard-1.2.0-3.i386.rpm download address ftp://k12Linux.mesd.k12.or.us/pub/SquidGuard/)

Method advantages

Convenient configuration, low hardware requirements, generally retired from the 486-type, 586-type completely competent, and all software is free, blocked list update quickly, just to http:// www.squidGuard.org Download the latest version of the blocked list of the database to replace the old can, but also can manually add or subtract blocked list, squid can also set the Internet time period, the use of flexible and convenient. (Source: Sadie Net-China computer education newspaper)