Wi-Fi Mini Honeypot
OpenWrt and Tinyproxy
If your machine has enough resources, you can go one step further and use a proxy on your router. With this, you will be able to monitor, filter and modify HTTP traffic. Squid is an example of full-blown proxy solution. If you have a router that is capable of running it, go ahead. If you (like me) don't, you'll have to stick with a solution with fewer requirements. An example of such a solution is tinyproxy. To install tinyproxy in your OpenWrt, run:
opkg update opkg install tinyproxy luci-app-tinyproxy
Then, configure and run it with:
uci set tinyproxy.@tinyproxy.enable=1 uci commit /etc/init.d/tinyproxy enable /etc/init.d/tinyproxy restart
From now on, your tinyproxy should listen by default on port 8888 on
your localhost. You can check this with the
netstat command. Since you want
to accept connections not only from localhost, but also from LAN, you'll
have to change the configuration a little bit. Also, in our case, it's
better to run it in so-called stealth mode—that means no added headers
in HTTP. You can find the tinyproxy configuration in the /etc/config/tinyproxy
file. Listing 2 shows an example of such a configuration. Notice that
logfile is specified to be in the /storage directory, which is our
pendrive. Another important option is
list 'Allow'. These are the
IPs that are allowed to connect to the tinyproxy. You should specify
your LAN network or a part of it.
Listing 2. Tinyproxy Configuration with Domain Filtering, Stealth Mode and Custom Log Localization
config 'tinyproxy' option 'User' 'nobody' option 'Group' 'nogroup' option 'Port' '8888' option 'Listen' '192.168.1.1' option 'Timeout' '600' option 'DefaultErrorFile' '/usr/share/tinyproxy/default.html' option 'StatFile' '/usr/share/tinyproxy/stats.html' option 'Logfile' '/storage/tinyproxy.log' option 'LogLevel' 'Connect' option 'MaxClients' '100' option 'MinSpareServers' '5' option 'MaxSpareServers' '20' option 'StartServers' '10' option 'MaxRequestsPerChild' '0' list 'Allow' '192.168.1.0/24' list 'Allow' '127.0.0.1' option 'ViaProxyName' 'tinyproxy' option 'DisableViaHeader' '1' option 'FilterDefaultDeny' '1' option 'Filter' '/storage/filter' list 'ConnectPort' '443' list 'ConnectPort' '563' option 'enable' '1'
Tinyproxy also lets you filter requests by domain. You can specify a
blacklist or a whitelist of domains in the Filter file. In our configuration,
'/storage/filter' Also, here we notify tinyproxy to treat this
file as a whitelist (
FilterDefaultDeny 1), meaning that
for specified domains will be allowed. That way, you can forbid
attackers from accessing the Internet with their browsers or let them access
only specified domains. An example of a /storage/filter file could be:
That would let them visit only the Linux Journal Web site.
Marcin Teodorczyk is a GNU/Linux user with more than 12 years of experience. For the past four years, he's been using Arch Linux exclusively on his personal computers.
Practical Task Scheduling Deployment
July 20, 2016 12:00 pm CDT
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.Register Now!
- SUSE LLC's SUSE Manager
- My +1 Sword of Productivity
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- Non-Linux FOSS: Caffeine!
- Managing Linux Using Puppet
- Doing for User Space What We Did for Kernel Space
- Tech Tip: Really Simple HTTP Server with Python
- Parsing an RSS News Feed with a Bash Script
- Rogue Wave Software's Zend Server
- SuperTuxKart 0.9.2 Released