Pages

Tuesday, July 22, 2014

Khmer unicode for adobe photoshop cs6 and adobe Illustrator


How to write Khmer Unicode Font For Adobe Photoshop CS6

Khmer Unicode Font For Adobe Photoshop CS6
Edit -> Preference -> Type រួច​ជ្រើស​យក Middle Eastern ជំនួស​ឱ្យ East Asian វិញជា​ការ​ស្រេច​។

សូមមើល VIDEO ខាងក្រោមនេះ



Monday, June 13, 2011

Configuring NAT

You can use the Routing and Remote Access management console to configure a number of settings for the NAT.

To access the various configuration options for NAT,


  1. Click Start, Administrative Tools, and then click Routing and Remote Access to open the Routing and Remote Access management console.

  1. In the left console tree, expand Routing And Remote Access, the Server, and then expand IP Routing.

  1. Select NAT/Basic Firewall.

  1. Click the Action menu, and then select Properties OR, right-click NAT/Basic Firewall and select Properties from the shortcut menu

  1. The Properties dialog box contains four tabs which can be used to configure settings for the NAT service.


The various settings available on the different tabs within the Properties dialog box are:


  • NAT /Basic Firewall tab: The configurations which you can perform on the NAT /Basic Firewall tab are:

    • Enable NAT/disable NAT.

    • Enable a basic firewall to prevent unauthorized users from accessing resources on the private network.

    • Configure inbound filters by clicking the Inbound Filters button.

li> Configure outbound filters by clicking the Outbound Filters button.

  • Address Pool tab: The configurations which you can perform on the Address Pool tab are:

    • Specify the Internet addresses which the NAT server will use. A minimum of one Internet address has to be specified.

    • You can configure external address to internal address mappings by clicking the Reservations button.


  • Services and Ports tab: The configurations which you can perform on the Services and Ports are:

    • Specify services which Internet users are allowed to access.

    • Configure the internal client computers which external packets are forwarded to.


  • Glossary LinkICMP tab: On this tab, you can enable a number of diagnostic packets types which are necessary for the NAT server to recognize and respond to PING or Traceroute.

How to install the NAT service using the Routing And Remote Access Server Setup Wizard

  1. Click Start, Administrative Tools, and then click Routing and Remote Access to open the Routing and Remote Access management console.

  1. In the left console pane, select the RRAS server that you want to work with.

  1. From the Action menu, click Configure and Enable Routing and Remote Access.

  1. The Routing and Remote Access Server Setup Wizard initiates.

  1. Click Next on the Routing and Remote Access Server Setup Wizard welcome page.

  1. On the Configuration page, select the Network Address Translation (NAT) option, and then click Next.

  1. On the NAT Internet Connection page, you have to select the connection method which NAT will use to connect to the Internet:

    • Use this public interface to connect to the Internet option.

    • Create a new demand-dial interface to the Internet option.


  1. If you want to enable NAT security, leave the Enable security on the selected interface by setting up Basic Glossary LinkFirewall option selected. The option is enabled by default. Click Next.

  1. On the Ready to Apply Selections page, click Next.

  1. Click Finish.

1
  1. Click Yes to start the Routing and Remote Access service.


Maintenance Linux System




ubuntu Security News

1. update & upgrade the System

  1. sudo apt-get update
  2. sudo apt-get dis-upgrade
When we run dist-upgrade have the Message
The following NEW packages will be automatically installed:
  linux-image-2.6.15-29-server
The following NEW packages will be installed:
  linux-image-2.6.15-29-server
The following packages will be upgraded:
  linux-image-server
1 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.

We need Restart the Server when users finish work.
            3. sudo shutdown –r now

2. Check Disk Pace

            -Check disk on the Linux Computer [df –h]
            -Check disk every  week
            -Check for user use
            -sudo quotas /home

3. Check the Log File

            -cd /var/log ls
            -sudo less messages
            -When the message alert all the time this is the problem
            -sudo less syslog



How to Install samba In Ubuntu Server


        1 sudo apt-get install samba

Change samba configuration file
/etc/samba$ sudo vim smb.conf
[global]
       ; use the name of your Samba server instead of [server name] (sv001)
       ; and your own workgroup instead of [Domain name] VTC
        netbios name = sv001
        workgroup = VTC
        encrypt passwords = yes
        server string =
       
       domain master = yes
        local master = yes
        preferred master = yes
        os level = 65

        security = user
        domain logons = yes

        ; logon path tells Samba where to put Windows NT/2000/XP roaming profiles
        logon path = \\%L\profiles\%u
        logon script = %g\logon.bat

        logon drive = H:
        ; logon home is used to specify home directory and
        ; Windows 95/98/Me roaming profiles location
        ; logon home = \\%L\%u\.win_profile\%m
       
        time server = yes

        ; the below works on Red Hat Linux – other OSs might need a different command
        add user script = /usr/sbin/useradd –d /dev/null –g users –s /bin/false –m %u
       
[netlogon]
        path = /usr/local/samba/lib/netlogon
        writable = no
        browsable = no
       
[profiles]
        ; you might wish to use a different directory for your
        ; Windows NT/2000/XP roaming profiles
        path = /home/samba-ntprof
        browsable = no
        writable = yes
        create mask = 0600
        directory mask = 0700

[homes]
        read only = no
        browsable = no
        guest ok = no
        map archive = yes
[transfer]
       path = /home/transfer
       browsable = yes
       guest ok = no
       writable = yes
       create mask = 0644
       directory mask = 0755
[office-docs]
      path = /home/office-docs
      browsable = yes
      guest ok = no
      writable = yes
      create mask = 0660
      directory mask = 0770
        force group = office
Command Checker Samba Configuration:  
testparm
Create 3 Groups (students, teachers, office)
        sudo groupadd students
        sudo groupadd teachers
        sudo groupadd office

Creating Directory on the Samba Server
The [netlogon] and [profiles] shares defined in our new smb.conf file reference directories on the Samba Server, and it is necessary to create those directories with the proper permissions:

        # mkdir – p /usr/local/samba/lib/netlogon (-p create sub folders Like mkdir /usr/local/treat/tyer/)
        # chmod 775 /usr/local/samba/lib/netlogon
        # mkdir /home/samba-ntprof
        # chmod 777 /home/samba-ntprof
        # mkdir /home/transfer
        # chmod 755 /home/transfer
        # mkdir /home/office-docs
Change the group owner (office-docs)

       # chgrp office /home/office-docs
       # chmod 770 /home/office-docs

Restart the Samba Daemon
        # /etc/init.d/samba restart

Create folders 3 in /usr/local/samba/lib/netlogon: (teachers, students, office)
Create logon file in the each folder above:

       # /usr/local/samba/lib/netlogon$ (teachers, students, office)
       sudo vim logon.bat

In folder teachers
        net time \\sv001 /set /yes
        net use /delete T:
        net use T: \\sv001\transfer
        net use /delete O:
        net use O: \\sv001\office-docs
Before Save or Close type command :se ff=dos
In folder office
        net time \\sv001 /set /yes
        net use /delete T:
        net use T: \\sv001\transfer
        net use /delete O:
        net use O: \\sv001\office-docs
Before Save or Close type command :se ff=dos

In folder students
        net time \\sv001 /set /yes
        net use /delete T:
        net use T: \\sv001\transfer
Before Save or Close type command :se ff=dos
Change Samba root password
        sudo smbpasswd -a root
Synchronize time
        sudo ntpdate swisstime.ethz.ch
Create script file backuppasswdfiles.sh (/home/vtc)
#!/bin/sh
rm –f passwd
cp /etc/passwd .
rm –f shadow
cp /etc/shadow .
rm –f group
cp /etc/group .
rm –f smbpasswd
cp /etc/samba/smbpasswd .

Create script file createsmbuser.sh in vtc user (/home/vtc)
#!/bin/sh
# (-s /bin/false we don't allow user to logon to server)
useradd –s /bin/false –g $2 –G $3 –m $1
# (R: recursive)
chmod -R 700 /home/$1
# (force: don't show warnings)
# (.??* we remove any file with 3 or more letters)
rm –Rf /home/$1/.??*
# (-a: add smbuser)
smbpasswd –a $1
# (-p: protoname or template)
edquota –p test.user $1
# backup password files automatically
./backuppasswdfiles.sh

Assign execution rights to script

        chmod 700 backuppasswdfiles.sh
   chmod 700 createsmbuser.sh

Copy Default User
        sudo cp –R Default\ User/ /usr/local/samba/lib/netlogon
Create the new users and then

        sudo ./createsmbuser.sh <username> <maingroup> <additional groups>
        eg. # sudo ./createsmbuser.sh test.user office users,internet

Samba Users
 Assign the Computer for Client to login to the Domain Server
        sudo useradd –s /bin/false –d /dev/null –g users [computer name$]

Install Quota
        use quota documentation (Install Quota Share Limit Space.doc)
Join Windows Computer to Domain
Create addgroup.sh and delgroup.sh script
1.    cd
2.    vim addgroup.sh
#!/bin/sh
groupnr=`awk -F: '{if ($1 == groupstr) print $3}' groupstr=$2 < /etc/group`
userlist=`awk -F: '{if ($4 == groupnr) print $1}' groupnr=$groupnr < /etc/passwd`
for user in $userlist
do
              adduser $user $1
done
./backuppasswdfiles.sh

3.    vim delgroup.sh
#!/bin/sh
groupnr=`awk -F: '{if ($1 == groupstr) print $3}' groupstr=$2 < /etc/group`
userlist=`awk -F: '{if ($4 == groupnr) print $1}' groupnr=$groupnr < /etc/passwd`
for user in $userlist
do
              deluser $user $1
done
./backuppasswdfiles.sh

4.    chmod +x addgroup.sh delgroup.sh
5.    sudo ./addgroup.sh <add this group> <to members in this maingroup>
sudo ./addgroup.sh internet teachers
6.    sudo ./delgroup.sh <remove this group> <from members in this maingroup>
sudo ./delgroup.sh internet teachers

NOTE:
        id <username> (Show group and membership)
        smbstatus (Samba Status)

Delete user and password
        sudo userdel –r <username>
        sudo vim /etc/samba/smbpasswd to delete user & password
        sudo rm –r /home/samba-ntprof/user profile
Install a printer share through logon.bat

RUNDLL32 PRINTUI.DLL,PrintUIEntry /in /q /n\\computername\printername

What to do after hard disk crash and reinstallation of Linux
sudo cp /mnt/backup/files/%date%/tree/vtc/group /etc/group
sudo cp /mnt/backup/files/%date%/tree/vtc/passwd /etc/passwd
sudo cp /mnt/backup/files/%date%/tree/vtc/shadow /etc/shadow
sudo cp /mnt/backup/files/%date%/tree/vtc/smbpasswd /etc/samba/smbpasswd
sudo shutdown –r now
sudo cp –R /mnt/backup/files/%date%/tree /home

How to Install squid in Ubuntu Servier


            1 sudo apt-get install squid
Change configuration
            2 sudo vim /etc/squid/squid.conf
# Squid normally listens to port 3128 (assign IP address)
http_port 192.168.1.5:3128
#Default: (assign 20% from your RAM) (calculation: xRAM*20/100)
cache_mem 38 MB
#Default: (maximal download package size on your hard disk)
maximum_object_size 16384 KB
#Default: (maximal download package size on your RAM)
maximum_object_size_in_memory 32 KB
#Default: (get free hard disk space policy)
cache_replacement_policy heap LFUDA
#Default: (get free memory space policy)
memory_replacement_policy heap LFUDA
#Default: (assign 80% of your /var partition in MBs) (calculation: xGB*1024*80/100)
cache_dir ufs /var/spool/squid 6062 16 256
#Default: (hide internal IP address)
forwarded_for off
#Default: (turn off squid information in http packages)
via off
#Default:
# none: (use visible_hostname instead of none)
visible_hostname proxy
Restart Squid
            2 sudo /etc/init.d/squid restart
Change configuration
Allow IP address:
3 sudo vim /etc/squid/squid.conf
# Example rule allowing access from your local network.
acl office src 192.168.1.41-192.168.1.44
acl class src 192.168.1.11-192.168.1.31
acl laptop src 192.168.1.59
http_access allow laptop
http_access allow office
http_access allow class

Allow Samba users:
            3 sudo apt-get install smbclient
            4 sudo vim /etc/squid/squid.conf
find following lines and uncomment them:
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

Add following line and change DOMAINNAME to your domain:
auth_param basic program /usr/lib/squid/smb_auth -W DOMAINNAME

# Example rule allowing access from your local network.
acl domainusers proxy_auth REQUIRED
http_access allow localhost
http_access allow domainusers
            4 sudo /etc/init.d/squid restart

On samba server
            create a file /usr/local/samba/lib/netlogon/proxyauth and add following line to file
                        allow
            change proxyauth to group internet: sudo chgrp internet proxyauth
            change permission of proxyauth: sudo chmod 640 proxyauth
            If you want to allow all users to connect to internet you just write
                        chgrp users proxyauth
            If you only want to allow members of the group internet to connect to the Internet you just write
                        chgrp internet proxyauth

Test proxy
5 use Firefox on a other machine and try to connect to http://checker.samair.ru/
Install squidguard
6 sudo apt-get install squidguard apache2
Enable squidguard
7 sudo vim /etc/squid/squid.conf
jump to the end of the file and add following lines:
# Tag redirect program
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf



SquidGuard configuration
8 sudo vim /etc/squid/squidGuard.conf
#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/lib/squidguard/db
logdir /var/log/squid

# DESTINATION CLASSES:
#

dest adv {
     domainlist adv/domains
     urllist adv/urls
}

dest aggressive {
     domainlist aggressive/domains
     urllist aggressive/urls
}

dest drugs {
     domainlist drugs/domains
     urllist drugs/urls
}

dest gamble {
     domainlist gamble/domains
     urllist gamble/urls
}

dest porn {
     domainlist porn/domains
     urllist porn/urls
}

dest spyware {
     domainlist spyware/domains
     urllist spyware/urls
}

dest violence {
     domainlist violence/domains
     urllist violence/urls
}

acl {
     default {
           pass !adv !aggressive !drugs !gamble !porn !spyware !violence
     }
}

Setup blacklist script updater
9 wget -c http://squidguard.shalla.de/Downloads/shalla_update.sh
10 vim shalla_update.sh
squidGuardpath=”/usr/bin/squidGuard”
squidpath=”/usr/sbin/squid”
httpget=”/usr/bin/wget”
tarpath=”/bin/tar”
chownpath=”/bin/chown”

dbhome=”/var/lib/squidguard/db”
squidGuardowner=”proxy.proxy”

Instead of $squidpath –k reconfigure:
/etc/init.d/squid restart

11 chmod +x shalla_update.sh
12 sudo mv shalla_update.sh /etc/cron.weekly/
13 sudo /etc/cron.weekly/shalla_update.sh
Create Permission Denied Website
14 sudo mkdir /usr/lib/cgi-bin
15 sudo cp /usr/share/doc/squidguard/examples/squidGuard.cgi.gz /usr/lib/cgi-bin/
16 sudo gunzip /usr/lib/cgi-bin/squidGuard.cgi.gz
17 sudo chmod +x /usr/lib/cgi-bin/squidGuard.cgi
18 sudo mkdir /var/www/images

19 Create following pictures with Photo Shop
                        1 logo.jpg
                        2 white.jpg
sudo cp logo.jpg /var/www/images
sudo cp white.jpg /var/www/images
20 sudo vim /usr/lib/cgi-bin/squidGuard.cgi
            change: $image = "/images/blocked.gif";
            to: $image = "/images/white.jpg";

change: $redirect =”http://admin.your-domain/images/blocked.gif”;
to: $redirect =”http://192.168.1.5/images/white.jpg”;

            change: $proxymaster =”operator\@your-domain”;
            to: $proxymaster =”wec_vtc\@online.com.kh”;

            change: “http://info.your-domain/images/eto.small.gif”;
to: “http://192.168.1.5/images/logo.jpg”;
    
     change: “http://www.your-domain/”;
     to: “http://www.wec-ap.org/”;
Restart Squid
            21 sudo /etc/init.d/squid restart
Test proxy
22 use Firefox on a other machine and try to connect to http://www.drugs.com

Note:
 if you have problems with squidGuard: try to change permission from dbhome and start optimizing db again: (sudo –u proxy = run command with proxy rights)
            sudo chown proxy.proxy –R /var/lib/squidguard/db
            sudo –u proxy squidGuard –C all