Posts Tagged ‘clearing’

How to clear Squid Proxy Cache on Debian and Ubuntu

Saturday, July 16th, 2011

Squid proxy cache clear logo

It was necessery to clean up some squid cache for some proxy users on a Debian host. Until now I’ve used to run only custom build Squid server on Slackware Linux.

Thus I was curious if Debian guys were smart enough to implement a proxy cache cleaning option as an option to be passed on to squid’s init script.

Honestly I was quite suprised squid clear cache option is not there;

squid-cache:~# /etc/init.d/squid3
Usage: /etc/init.d/squid3 {start|stop|reload|force-reload|restart}
squid-cache:/#

As it was not embedded into init script I still hoped, there might be some Debian way to do the proxy cache clearing, so I spend some 10 minutes checking online as well as checked in squid3‘s manual just to find there is no specific command or Debian accepted way to clean squid’s cache.

Since I couldn’t find any Debian specific, way I did it the old fashioned way 😉 (deleted directory/file structures in /var/spool/squid3/* and used squid’s -z option, to recreate the swap directories.

Here is how:

squid-cache:~# /etc/init.d/squid3 stop;
squid-cache:~# rm -Rf /var/spool/squid3/*;
squid-cache:~# squid3 -z; /etc/init.d/squid3 start

Finally I was quite amazed to realize, there was not even a crontab script to periodically clear and re-create proxy cache.

My previous experience with maintaning an office Squid proxy cache has prooved, that periodic cache clean ups are very helpful, especially to resolve issues with cached unreslovable DNS entries in the server.
Clearing up squid cache every week or something, guarantees that failure to resolve certain hosts at certain times would not stay unresolvable like forever 😉

In that manner of thougths, I decided to put the following crontab which will twice a month clear up proxy’s cache, to possibly solve some failed squid DNS issues.

squid-cache:~# crontab -u root -l > file;
echo '00 04 12,26 * * /etc/init.d/squid3 stop; rm -Rf /var/spool/squid3/*; squid3 -z; /etc/init.d/squid3 start >/dev/null 2>&1'
>> file; crontab file

By the way, implementing the squid clear cache in Debian and Ubuntu ‘s init scripts and putting a periodic proxy clear up cron, seems like a feature worthy to be proposed to the distro developers and hopefully be embbed in some of the upcoming distro releases 😉

How to disable or remove completely Adobe (Macromedia) Flash Cookies on Linux

Monday, April 11th, 2011

As I’ve mentioned in my previous post, one of the greatest “evils” which prevents a good internet anonymization whether you surf online is Adobe Flash Player

There are two approaches you might partake to disable the privacy issues which might be related to Adobe Flash cookies saving data about flash banners or websites which stores their cookies to your computer.

To find out if flash websites has already saved their nasty flash cookies on your Linux, issue the commands:

hipo@debian:~$ cd .macromedia
hipo@debian:/home/hipo/.macromedia$ find -iname '*.sol'
./Flash_Player/macromedia.com/support/flashplayer/sys/#s.ytimg.com/settings.sol
./Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol
./Flash_Player/macromedia.com/support/flashplayer/sys/#ip-check.info/settings.sol

The returned output of the above find command clearly reveals the shitty flash has stored already 3 flash cookies on my Linux, 3 cookies which later can be easily requested by other flash banners.
The 3 flash cookies are:
1. Saved by Adobe’s Flash Configuration Manager
2. Saved by the website ip-check.info
3. Saved by s.ytimg.com’s website

Now to deal with the situation and get rid of flash cookies, there are possibly two ways of approach that one can take:

1. One is to use some kind of script like the one clear_flash_cookies.tsch the other one is to completely disable flash cookies.
Using the clear_flash_cookies.tcsh does get rid of flash cookie problems just temporary as it might be set to be executed either once the browser is starting up, or directly via some kind of cron job entry like:

01 11,19 * * * /home/hipo/scripts/clear_flash_cookies.tcsh

eHowever clearing up (removing) the flash cookies, still doesn’t completely proihibit saving up of flash cookies and in the time intervals between the clear ups of the flash cookies, still some websites might save information related to their use on your Linux host and expose this information for other external flash websites to read and retrieve information about your previous websites visits.

Therefore it might be a better solution in terms of browser security to;

2. completely disable the use of adobe flash cookies on your Linux powered desktop.

Disabling adobe flash cookies is possible by either using the online flash Global Storage Settings (Flash Settings Manager) by navigating to the URL:

http://www.macromedia.com/support/documentation/
en/flashplayer/help/settings_manager03.html

Adobe Flash Player online settings manager unticked option

And by removing the tick which is present to the option:

Allow third party Flash content to store data on your computer

Or by linking the local directory ~/.macromedia -> /dev/null

hipo@debian:~$ mv .macromedia .macromedia-bak
hipo@debian:~$ ln -s /dev/null .macromedia
hipo@debian:~$ ls -ald .macromedia
lrwxrwxrwx 1 hipo hipo 9 2009-03-30 09:56 .macromedia -> /dev/null

That’s all, Farewell nasty Flash cookies!

Add DCC (Distributed Checksum Clearing Houses), Pyzor and Razon checks in Spamassassin on Debian Lenny / Howto improve spamassassin anti spam protection on Debian GNU / Linux

Sunday, March 14th, 2010

In accordence to a recent qmail install, here is few things to install in order to improve the native spamassassin anti-spam mail server protection capabilities.
1. Install Pyzor and Razor

debian-server# apt-get install pyzor razor

2. Edit /etc/mail/spamassassin/local.cf and put the following lines in it:

use_razor2 1
razor_config /etc/razor/razor-agent.conf
razor_timeout 8
use_pyzor 1
pyzor_path /usr/bin/pyzor
add_header all Pyzor _PYZOR_
clear_report_template

3. Edit /etc/mail/spamassassin/v310.pre and make sure the following lines are included and uncommented:
loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::Razor2
loadplugin Mail::SpamAssassin::Plugin::SpamCop

4. Now we modify /etc/mail/spamassassin/local.cf once more to enable Bayesian Filtering, so include in the conf the following:
use_bayes 1
bayes_file_mode 0700
bayes_path /var/spamd/.spamassassin/bayes
bayes_auto_learn 1
bayes_auto_learn_threshold_nonspam 0.1
bayes_auto_learn_threshold_spam 8.0
use_auto_whitelist 1

In my case I use /var/spamd/.spamassassin directory for bayesian filter files, anyways you might desire to have it in a different lacation, however if you desire to use the same directory as me, make the appropriate directories and files as shown below:

debian-server# mkdir -p /var/spamd/.spamassassin/
debian-server# touch /var/spamd/.spamassassin/bayes_{seen,toks} /var/spamd/.spamassassin/bayes
debian-server# chown -R vpopmail:vchkpw /var/spamd/

Note that in the above example whenever I’m using user vpopmail:vchkpw I did that because my spamassassin is running under the vpopmail:vchkpw user and group, in case if you’re using a different uid and gid please change the commands in accordance with ‘em.

5. Next we need to download and install the required DCC (Distributed Checksum Clearing Houses) binaries, Regrettably no debian package is available so we will compile it and install it from source:

debian-server# wget http://www.rhyolite.com/dcc/source/dcc.tar.Z
debian-server# tar -zxvf dcc.tar.Z
debian-server# cd dcc-1.3.120/
debian-server# ./configure && make && make install
debian-server# cdcc info > /var/dcc/map.txt
debian-server# chmod 0600 /var/dcc/map.txt
debian-server# rm /var/dcc/map
debian-server# cdcc "new map; load /var/dcc/map.txt"
debian-server# cdcc "delete 127.0.0.1"

6. Again we have to edit /etc/mail/spamassassin/local.cf and include in it:

use_dcc 1
dcc_timeout 8
dcc_home /var/spamd/
dcc_path /usr/local/bin/dccproc
add_header all DCC _DCCB_: _DCCR_

7. Last I include few configuration options I find handy, this is not required to have pyzor, razond and DCC properly configured, so it’s completely up to you to decide if you want that or not:
rewrite_subject 1
subject_tag [SPAM found in message]
dns_available yes
ok_locales all
add_header spam Flag _YESNOCAPS_
report_safe 1

Herein I also include a link to my whole local.cf spamassassin configuration file in a hope that it’s easier to check the above directives directly in the conf.