Install Dansguardian + Transparent proxy
In order to satisfy the 'sendmail-command' dependency, one of the following packages is needed:
1- postfix-2.5.1-2mdv2008.1.i586: Postfix Mail Transport Agent (to install)
2- sendmail-8.14.2-3mdv2008.1.i586: A widely used Mail Transport Agent (MTA) (to install)
3- masqmail-0.2.18-8mdv2008.1.i586: Offline Mail Transfert Agent (to install)
4- exim-4.63-14mdv2008.1.i586: The exim mail transfer agent (to install)
5- ssmtp-2.61-1mdv2008.1.i586: A minimal mail-transfer agent which forwards mail to an SMTP server (to install)
6- msmtp-1.4.13-1mdv2008.0.i586: An SMTP client (to install)
7- mini_sendmail-1.3.5-5mdv2008.1.i586: Accept email on behalf of real sendmail (to install)
8- nbsmtp-1.00-2mdv2008.1.i586: nbSMTP: no-brainer SMTP (to install)
What is your choice? (1-8)
To satisfy dependencies, the following packages are going to be installed:
Package Version Release Arch
(medium "Mandriva Linux - 2008.1 (Free) - i586 CD1")
ed 0.9 1mdv2008.1 i586
libclamav3 0.92.1 2mdv2008.1 i586
libpostfix1 2.5.1 2mdv2008.1 i586
(medium "Main")
dansguardian 2.9.9.2 4mdv2008.1 i586
libgmp3 4.2.2 1mdv2008.1 i586
postfix 2.5.1 2mdv2008.1 i586
8.2MB of additional disk space will be used.
2.9MB of packages will be retrieved.
Proceed with the installation of the 6 packages? (Y/n)
http://ftp.kddlabs.co.jp/Linux/distributions/Mandrake/official/2008.1/i586/media/main/release/dansguardian-2.9.9.2-4mdv2008.1.i586.rpm
3% of 515k completed, ETA = 0:01:51, speed = 9065
Proceed with the installation of the 6 packages? (Y/n)
http://ftp.kddlabs.co.jp/Linux/distributions/Mandrake/official/2008.1/i586/media/main/release/dansguardian-2.9.9.2-4mdv2008.1.i586.rpm
installing //var/ftp/pub/Mandrivalinux/media/main/libpostfix1-2.5.1-2mdv2008.1.i586.rpm
//var/ftp/pub/Mandrivalinux/media/main/libclamav3-0.92.1-2mdv2008.1.i586.rpm
//var/ftp/pub/Mandrivalinux/media/main/ed-0.9-1mdv2008.1.i586.rpm
//var/ftp/pub/Mandrivalinux/media/main/postfix-2.5.1-2mdv2008.1.i586.rpm
//var/ftp/pub/Mandrivalinux/media/main/libgmp3-4.2.2-1mdv2008.1.i586.rpm
/var/cache/urpmi/rpms/dansguardian-2.9.9.2-4mdv2008.1.i586.rpm
Preparing... ###########################################################################################
1/6: libgmp3 ###########################################################################################
2/6: libclamav3 ###########################################################################################
3/6: ed ###########################################################################################
4/6: libpostfix1 ###########################################################################################
5/6: postfix ###########################################################################################
Shutting down kernel logger: [ OK ]
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
Starting kernel logger: [ OK ]
6/6: dansguardian ###########################################################################################
----------------------------------------------------------------------
More information on package dansguardian-2.9.9.2-4mdv2008.1.i586
Make sure to change your /etc/dansguardian/dansguardian.conf to reflect your own settings.
Special attention must be given to the port that the proxy server is listening to,
the port that dansguardian will listen to and to the web url to the dansguardian.pl cgi-script.
Author: Daniel Barron
daniel@jadeb.com
----------------------------------------------------------------------
[root@javanet loadbalancing]#
then run dansguardian
[root@javanet loadbalancing]# service dansguardian start
Starting dansguardian: [ OK ]
[root@javanet loadbalancing]#
On Mandriva
hping
While hping was mainly used as a security tool in the past, it can be used in many ways by people that don't care about security to test networks and hosts. A subset of the stuff you can do using hping:
- Firewall testing
- Advanced port scanning
- Network testing, using different protocols, TOS, fragmentation
- Manual path MTU discovery
- Advanced traceroute, under all the supported protocols
- Remote OS fingerprinting
- Remote uptime guessing
- TCP/IP stacks auditing
- hping can also be useful to students that are learning TCP/IP.
Hping works on the following unix-like systems: Linux, FreeBSD, NetBSD, OpenBSD, Solaris, MacOs X, Windows.
[root@kopegtel box]# hping --help
usage: hping host [options]
-h --help show this help
-v --version show version
-c --count packet count
-i --interval wait (uX for X microseconds, for example -i u1000)
--fast alias for -i u10000 (10 packets for second)
-n --numeric numeric output
-q --quiet quiet
-I --interface interface name (otherwise default routing interface)
-V --verbose verbose mode
-D --debug debugging info
-z --bind bind ctrl+z to ttl (default to dst port)
-Z --unbind unbind ctrl+z
Mode
default mode TCP
-0 --rawip RAW IP mode
-1 --icmp ICMP mode
-2 --udp UDP mode
-8 --scan SCAN mode.
Example: hping --scan 1-30,70-90 -S www.target.host
-9 --listen listen mode
IP
-a --spoof spoof source address
--rand-dest random destionation address mode. see the man.
--rand-source random source address mode. see the man.
-t --ttl ttl (default 64)
-N --id id (default random)
-W --winid use win* id byte ordering
-r --rel relativize id field (to estimate host traffic)
-f --frag split packets in more frag. (may pass weak acl)
-x --morefrag set more fragments flag
-y --dontfrag set dont fragment flag
-g --fragoff set the fragment offset
-m --mtu set virtual mtu, implies --frag if packet size > mtu
-o --tos type of service (default 0x00), try --tos help
-G --rroute includes RECORD_ROUTE option and display the route buffer
--lsrr loose source routing and record route
--ssrr strict source routing and record route
-H --ipproto set the IP protocol field, only in RAW IP mode
ICMP
-C --icmptype icmp type (default echo request)
-K --icmpcode icmp code (default 0)
--force-icmp send all icmp types (default send only supported types)
--icmp-gw set gateway address for ICMP redirect (default 0.0.0.0)
--icmp-ts Alias for --icmp --icmptype 13 (ICMP timestamp)
--icmp-addr Alias for --icmp --icmptype 17 (ICMP address subnet mask)
--icmp-help display help for others icmp options
UDP/TCP
-s --baseport base source port (default random)
-p --destport [+][+]
-k --keep keep still source port
-w --win winsize (default 64)
-O --tcpoff set fake tcp data offset (instead of tcphdrlen / 4)
-Q --seqnum shows only tcp sequence number
-b --badcksum (try to) send packets with a bad IP checksum
many systems will fix the IP checksum sending the packet
so you'll get bad UDP/TCP checksum instead.
-M --setseq set TCP sequence number
-L --setack set TCP ack
-F --fin set FIN flag
-S --syn set SYN flag
-R --rst set RST flag
-P --push set PUSH flag
-A --ack set ACK flag
-U --urg set URG flag
-X --xmas set X unused flag (0x40)
-Y --ymas set Y unused flag (0x80)
--tcpexitcode use last tcp->th_flags as exit code
--tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime
Common
-d --data data size (default is 0)
-E --file data from file
-e --sign add 'signature'
-j --dump dump packets in hex
-J --print dump printable characters
-B --safe enable 'safe' protocol
-u --end tell you when --file reached EOF and prevent rewind
-T --traceroute traceroute mode (implies --bind and --ttl 1)
--tr-stop Exit when receive the first not ICMP in traceroute mode
--tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop
--tr-no-rtt Don't calculate/show RTT information in traceroute mode
ARS packet description (new, unstable)
--apd-send Send the packet described with APD (see docs/APD.txt)
[root@kopegtel box]#