Mailinglist Archive: opensuse-edu (150 mails)

< Previous Next >
Re: [suse-linux-uk-schools] Squid + VNC - Lots of Questions
  • From: Tim Fletcher <tim@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 9 Apr 2003 17:10:16 +0000 (UTC)
  • Message-id: <Pine.LNX.4.44.0304091759110.12929-100000@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> > SSH is a very good way of remotely administering the box - have you tried
> > this?
> No

Well worth looking at, secure and simple

> > I'm missing something here though - use MAC addresses for what?
> By using mac addresses we can allow access via known machines only. This
> prevents users spoofing their laptops with known friendly IPs.

It's really easy to spoof a mac address unless you lock the switch ports
down, depends how knowledgable your users are but assuming I knew about it
or could spot it then it's about a 5 second trick to spoof

> > I would mention redhat but that might be consider impolite, another option
> > is to do a suse upgrade from the latest cd or network install
> Yes lots of references to Red Hat & Squid - What are your reasons?

I use redhat on about 400 machines, including a large number of servers
and this is what I know in depth and as this is a suse run list and I
haven't been on the list long I am trying to avoid treading on too many
toes in the first few hours on the list :).

> > Or the squid web based proxy admin stuff, having said that you realise
> > that your MAC based security system will break as soon as you have to go
> > via a router to get to the proxy due to the nature of ethernet and ip
> > networking
> The proxy, LAN and admin will all be this side of the router - would this
> still be a problem?

That works fine, basically the clients and the proxy need be on the same
broadcast domain

> > I suspect that the suse init scripts (/etc/rc.d/init.d/squid I belive)
> > will be running the old verion of squid that is in /usr/sbin/squid, there
> > are various options but the cleanest of them is a full upgrade to the
> > latest version of suse and then rebuild the squid rpm with your custom
> > configure flags (that I can talk you though)
> Ha, I think that this answers my question above - yes please

Right I'm not sure how much you know about rpm's and compiling and stuff
ask me about anything I skip over and ignore anything that is clealry
obvious:

1. Get the source rpm (squid-somthing.src.rpm)
2. Install it (rpm -ivh squid-somthing.src.rpm)
3. Find the spec file (I think it will be in /usr/src/suse/SPECS but if a
suse person can confirm)
4. Edit the .spec file with a text editor and edit the %configure
directive to include the flags you need to pass to ./configure
5. Edit the version number at the top so you know what the rpm is
6. Rebuild the rpm with the command: rpmbuild -ba <specfilename.spec>
7. Wait for the rebuild, you will need to make sure that you have the
relivent compilers and libaries installed, I'm not sure exactly what squid
needs to build
8. Upgrade the rpm in the normal way (rpm -Uvh <rpm name>)

--
Tim Fletcher - Technical Adviser Manchester LEA

.~.
tim@xxxxxxxxxxxxxxxxxx /V\ L I N U X
tim@xxxxxxxxxxxxxxxxxxxxxxxxxxx // \\ >Don't fear the penguin<
irc: Night-Shade on Quakenet /( )\
^^-^^

"I love the way Microsoft follows standards. In much the
same manner that fish follow migrating caribou."
Paul Tomblin


< Previous Next >
Follow Ups
References