Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 28. Software -Server/Proxy NetworkNext

28.9. Configure the /etc/logrotate.d/squid file

Configure your /etc/logrotate.d/squid file to rotate your log files automatically each week. Create the squid file, touch /etc/logrotate.d/squid and add: 

               /var/log/squid/access.log {
               weekly
               rotate 5
               copytruncate
               compress
               notifempty
               missingok
               }
               /var/log/squid/cache.log {
               weekly
               rotate 5
               copytruncate
               compress
               notifempty
               missingok
               }
               /var/log/squid/store.log {
               weekly
               rotate 5
               copytruncate
               compress
               notifempty
               missingok
               # This script asks squid to rotate its logs on its own.
               # Restarting squid is a long process and it is not worth
               # doing it just to rotate logs
               postrotate
               /usr/sbin/squid -k rotate
               endscript
               }

28.9.1. Securing and Immunize Squid

By having more control on mounting the cache directory of Squid, if you have created the cache directory of Squid in a separate partition of your Linux system i.e. /cache, like we have done during the install setup, then you can use the noexec, nodev, and nosuid features to improve and consolidate the cache security. These features can be set up in the /etc/fstab file to tell the system to not allow execution of any binaries; noexec to not interpret character or block special devices; nodev and to not allow set-user-identifier or set-group-identifier bits to take effect, nosuid on the mounted file system /cache in our example. Applying this procedure on the partition where the Squid Cache resides will help to eliminate the possibility of DEV, SUID/SGID, and execution of any binaries.

As an example, assuming /dev/sda8 is the partition in the system where the /cache directory of Squid lives, you must edit the fstab file, vi /etc/fstab and change the line related to /dev/sda8: 
                   /dev/sda8			/cache		ext2		defaults        1 2
To read: 
                   /dev/sda8			/cache 		ext2		noexec,nodev,nosuid 1 2
Dont you forget to reboot your system for the changes to take effect.

You should immunize important configuration file like squid.conf. As we already know, the immutable bit can be used to prevent deletion, overwriting, or creation of a symbolic link to a file. Once your squid.conf file has been configured, it's a good idea to immunize it with the following command: 
                 [root@deep /]# chattr +i /etc/squid/squid.conf

PrevHomeNext
Configure the /etc/rc.d/init.d/squid script file -/all configurationsUpOptimizing Squid
  
 
  Published under the terms of the Open Publication License Design by Interspire