Pejman Moghadam / Slackware

Slackware 12.2 - Squid filedescriptors control - Squid 2.7

Public domain

---

Prepare kernel source (2.6.27.7)

cd /usr/src
wget "http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.27.7.tar.bz2"
tar xf linux-2.6.27.7.tar.bz2
ln -sfn linux-2.6.27.7 linux
cd linux
make mrproper
cp /boot/config .config
make oldconfig
make all
make modules_install

---

ipset installation

cd /usr/src
wget -c http://ipset.netfilter.org/ipset-4.5.tar.bz2 
tar xf ipset-4.5.tar.bz2
cd ipset-4.5
make KERNEL_DIR=/usr/src/linux
make KERNEL_DIR=/usr/src/linux install
make KERNEL_DIR=/usr/src/linux clean

---

iptables upgrade (1.4.2 to 1.4.7)

cd /usr/src
mkdir iptables-pkg
cd iptables-pkg
wget "ftp://ftp.netfilter.org/pub/iptables/iptables-1.4.7.tar.bz2"
wget "http://slackware.at/data/slackware-12.2/source/n/iptables/iptables.SlackBuild"
wget "http://slackware.at/data/slackware-12.2/source/n/iptables/slack-desc"
sed -i -e 's,VERSION=1.4.2,VERSION=1.4.7,' iptables.SlackBuild
chmod +x iptables.SlackBuild
./iptables.SlackBuild
mv /tmp/iptables-1.4.7-i486-1.tgz .
upgradepkg iptables-1.4.7-i486-1.tgz

---

/root/scripts/filedescriptors.sh

#!/bin/bash
MAX="2000"
WEBREDIR="172.16.20.1:8000"
PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin"

# Delete previous mangle rules
while :; do
  NUM=$(iptables -t mangle -L PREROUTING -n --line-numbers | grep virus-redirect | awk '{print$1}' | head -1)
  if [ "${NUM}" == "" ]; then break; fi
  iptables -t mangle -D PREROUTING ${NUM}
done

# Delete previous nat rules
while :; do
  NUM=$(iptables -t nat    -L PREROUTING -n --line-numbers | grep virus-redirect | awk '{print$1}' | head -1)
  if [ "${NUM}" == "" ]; then break; fi
  iptables -t nat -D PREROUTING ${NUM}
done

# Delete previous ipset rules
ipset -F
ipset -X

# Add new rules
ipset -N virus-redirect iptree --timeout 60
iptables -t mangle -I PREROUTING -m set --match-set virus-redirect src -j ACCEPT
iptables -t nat -I PREROUTING -m set --match-set virus-redirect src -p tcp --dport 80 --j DNAT --to ${WEBREDIR} 


# Searching for bad users forever
sleep 5
while :; do
  /usr/local/squid/bin/squidclient mgr:filedescriptors > /tmp/filedescriptors.squid
  tail -n +14 /tmp/filedescriptors.squid |\
    awk '{print$6}' |\
    sed -e 's,:.*,,' |\
    sort | uniq -c | sort | tail -100 > /tmp/filedescriptors.tmp
  COUNT=$(cat /tmp/filedescriptors.tmp | wc -l)
  for I in $(seq  1 $COUNT); do
    LINE=$(tail -$I /tmp/filedescriptors.tmp | head -1)
    NUM=$(echo $LINE | awk '{print$1}')
    IP=$(echo $LINE | awk '{print$2}')
    if [ "$NUM" -ge "$MAX" ]; then
      ipset -q -A virus-redirect $IP
      if [ "$?" == "0" ]; then
        NOW=$(date +"%F %T")
        printf "%s : %5d %s\n" "$NOW" "$NUM" "$IP"
      fi
    fi
  done
  rm -f /tmp/filedescriptors.squid /tmp/filedescriptors.tmp
  sleep 1
done

---

/etc/rc.d/rc.local

/usr/bin/env SCREENDIR="/root/.screen" \
  /usr/bin/screen -dmS descriptors /root/scripts/filedescriptors.sh

---

/var/www/htdocs/index.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
    <META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=iso-8859-1">
    <TITLE></TITLE>
    <META NAME="GENERATOR" CONTENT="OpenOffice.org 3.1  (Linux)">
    <META NAME="AUTHOR" CONTENT="Pejman Moghadam">
    <META NAME="CREATED" CONTENT="20110102;462800">
    <META NAME="CHANGEDBY" CONTENT="Pejman Moghadam">
    <META NAME="CHANGED" CONTENT="20110102;474800">
    <STYLE TYPE="text/css">
    <!--
            @page { margin: 0.79in }
            P { margin-bottom: 0.08in }
    -->
    </STYLE>
</HEAD>
<BODY LANG="en-US" DIR="LTR">
<P ALIGN=CENTER STYLE="margin-bottom: 0in"><BR>
</P>
<P ALIGN=CENTER STYLE="margin-bottom: 0in"><BR>
</P>
<P ALIGN=CENTER STYLE="margin-bottom: 0in"><FONT FACE="Jamrul"><FONT SIZE=4 STYLE="font-size: 15pt"><SPAN LANG="zxx">&#1705;&#1575;&#1585;&#1576;&#1585;
&#1593;&#1586;&#1740;&#1586;</SPAN></FONT></FONT></P>
<P ALIGN=CENTER STYLE="margin-bottom: 0in"><FONT FACE="Jamrul"><FONT SIZE=4 STYLE="font-size: 15pt"><SPAN LANG="zxx">&#1705;&#1575;&#1605;&#1662;&#1740;&#1608;&#1578;&#1585;
&#1588;&#1605;&#1575; &#1576;&#1607; &#1608;&#1740;&#1585;&#1608;&#1587;&#1607;&#1575;&#1740;
&#1588;&#1576;&#1705;&#1607; &#1575;&#1740; &#1570;&#1604;&#1608;&#1583;&#1607;
&#1605;&#1740; &#1576;&#1575;&#1588;&#1583;</SPAN></FONT></FONT></P>
<P ALIGN=CENTER STYLE="margin-bottom: 0in"><FONT FACE="Jamrul"><FONT SIZE=4 STYLE="font-size: 15pt"><SPAN LANG="zxx">&#1604;&#1591;&#1601;&#1575;
&#1576;&#1575; &#1575;&#1587;&#1578;&#1601;&#1575;&#1583;&#1607; &#1575;&#1586;
&#1570;&#1606;&#1578;&#1740; &#1608;&#1740;&#1585;&#1608;&#1587;&#1548;
&#1705;&#1575;&#1605;&#1662;&#1740;&#1608;&#1578;&#1585; &#1582;&#1608;&#1583;
&#1585;&#1575; &#1662;&#1575;&#1705;&#1587;&#1575;&#1586;&#1740;
&#1601;&#1585;&#1605;&#1575;&#1740;&#1740;&#1583;</SPAN></FONT></FONT></P>
<P DIR="RTL" ALIGN=CENTER STYLE="margin-bottom: 0in"><FONT FACE="Jamrul"><FONT SIZE=4 STYLE="font-size: 15pt"><SPAN LANG="zxx">&#1576;&#1575;
&#1578;&#1588;&#1705;&#1585;</SPAN></FONT></FONT></P>
<P STYLE="margin-bottom: 0in"><BR>
</P>
</BODY>
</HTML>

---

BY: Pejman Moghadam
TAG: squid, filedescriptor, ipset, kernel, iptables, screen
DATE: 2011-08-29 23:33:33

---

Pejman Moghadam / Slackware [ TXT ]