Sunday, 25 November 2012

5 Resume Mistakes

1. Cramming too much information onto a single page
“Many people believe the old theory that a resume has to be only one page in length,” said HR Manager, “so they try to squeeze in as much information as possible, using a font that is too small and arranging information into lengthy paragraphs that are onerous to read.” Instead, HR Manager recommends formatting text into bullet points and using an 11- or 12-point font. This will greatly improve the document’s readability and make it easier to scan. Also, boldface type should be used judiciously, such as to highlight job titles.

2. Failing to use key words that match the job description
Organizations today are increasingly using automated applicant tracking systems to filter resumes for words or phrases that match the job’s requirements. Therefore, it is critical to match your most relevant experience to the job description. For example, if a job advertisement states that full-charge book-keeping experience is required, your resume should include the words “full-charge book-keeping” as well as terms pertinent to that function, such as “invoicing,” “accounts payable,” and “month end statements.” Otherwise, the tracking system may simply skip past your resume.

3. Failing to show results
Another common mistake that job seekers make is listing duties performed in prior positions as if they were making out a shopping list. Employers are not only interested in what you did in previous jobs, they also want to know how you did it. To be more relevant to a hiring manager, put your past experience into context by demonstrating how previous employers benefited by having you on board. For example, instead of saying, “responsible for accounts receivable and collections,” show how you added value by describing tangible results: “successfully reduced accounts receivable by 75% in the first year from $150,000 to $37,500 by creating a detailed system for 30-60-90-120 day aging reports.”

4. Absence of key strengths and expertise section
When looking at a resume, the eye naturally gravitates to the top of the page. Use that to your advantage. HR Manager recommends inserting at the top of the resume a “Key Strengths and Expertise” section formatted as two columns of four bullet points each. This will enable employers to see at a glance what skill sets they will gain by hiring you. Again, make sure the key words in this section match the position’s requirements. Examples of the types of information to include in this section are listed below:
Sales growth & relationship building
Training & team building to bring positive change
Communications & high impact presentations
Sales negotiation & generating revenue
Staff scheduling, P&L statements & payroll

5. Too much clutter
When creating a resume, make white space your friend. Simpler resumes are more inviting to read. According to HR Manager: “The average amount of time a hiring manager spends scanning a resume is five to ten seconds; therefore, it must be easy to read.” Manager noted that because resumes must convey information using a limited amount of words and space, applicants must carefully choose what to put on this document. There should be nothing extraneous; everything on the resume must be concise and serve a purpose.
She further indicated it is unnecessary and usually not worth the effort to include graphics or photographs on a resume. Most automated tracking systems cannot “read” graphics or images, resulting in resumes getting lost in the database. For best results, stick to easy-to-read file types like Microsoft Word or PDF. An exception to this rule would be if you are applying for a job in a specialized field, such as graphic design, where it is important to show your skills in this area. Oftentimes, these types of jobs will require you to submit a portfolio of work separate from your resume.

Thursday, 22 November 2012

VSFTPD with SSL/TLS

## VSFTPD with SSL
Encryption of FTP:
1. Control channel
2. Data channel

Implicit SSL >> TCP:990
Explicit SSL >> TCP:21

##use LFTP client to force SSL connection
lftp -u user localhost | 192.168.10.1
lftp :~> set -a | grep ssl

'nano ~/.lftprc'
## add below lines
'debug'
'set ftp:ssl-force yes'
'set ftp:ssl-protect-data yes'

## setup VSFTPD ssl support
'ssl_enable=yes'
'ssl_tlsv1=yes'   Default
'rsa_cert_file=/etc/pki/tls/certs/myftpssl.crt'
 

##if private is in separate file then use below
'rsa_private_key_file=/etc/pki/tls/certs/private/myftpssl.key'


Optional for without ssl:
force_local_login_ssl=no
force_local_data_ssl=no
 

'genkey myftpssl'

NOTE: certificate name must be as the hostname

service vsftpd stop

service vsftpd start

'openssl ciphers -v'    - to view all the ciphers types

'openssl ciphers -v | grep 'DES-CBC3-SHA'

Default VSFTPD Cipher: DES-CBC3-SHA

SELinux - Security Enhanced Linux

Linux use DACs discretionary access controls

ls -l
permissions links DACs      size timpstamp     filename
-rwxr-xr-x.   1      root root 53   Nov 21 23:30 index.html

Selinux use MACs mandatory access controls to monitor/controls users/process interation using AVC Advance Vector Cache in kernel
 

ls -lZ
permissions DAC        MAC                                           filename
-rwxr-xr-x.   root root unconfined_u:object_r:httpd_sys_content_t:s0  index.html
 

'/etc/sysconfig/selinux'    - config file

'/etc/selinux/config'    - config file

'/selinux'    - proc type file system of selinux
 

'sestatus -v' - to check the status of selinux

'setenfoce 0|1'  - (0 for permissive|1 for enforcing)

'setsebool'    - set selinux Boolean value for selinux

-Z    - to list details of selinx for that object like ls -Z

## To avail files in selinux
1. copy a file will change selinux context automatically
2. move a file will not change selinux context. so to change context follow below steps

1. 'restorecon -R /var/www/html'    - to restore contexts of files after moving
or
2. 'setenforce 0'    - set selinux to permissive mode

##if http cannot connect to db then follow below
getsebool -a | grep http

setsebool httpd_can_network_connect_db off|on

##to relable the full filesystem

touch /.autorelable && reboot



## To allow custom port for a vhost (Httpd start error of SELinux)
'service httpd start'
Permission denied: make_sock: could not bind to address [:::]:4443

semanage port -l | grep http
http_port_t    tcp    80,443,488,8008,8443

NOTE: there is no port 4443 for that reason http can not bind it

## to add port 4443 

service httpd stop
semanage port -a -t http_port_t -p tcp 4443

-a (to add)
-t (object type)
-p (protocol)


NOTE: to delete 4443 port
semanage port -d -t http_port_t -p tcp 4443
-d (to delete)



semanage port -l | grep http
http_port_t    tcp    4443,80,443,488,8008,8443

service httpd start
[OK]


NOTE: if have any issue then common sense is the easy solution...

Tuesday, 20 November 2012

LINUX RAID Step by Step

## make equal partitions on two different hard disks with parted
NOTE: don't put a filesystem on these drives

## create raid 0 - just as lvm it will combine drives

mdadm --create /dev/md0 --level=0 --raid-devices=2 /dev/sdb5 /dev/sdc5

mke2fs -t ext4 -j /dev/md0

mkdir /raid0 && mount /dev/md0 /raid0

## create raid 1 (data mirroring) half of storage
mdadm --create /dev/md1 --level=1 --raid-devices=2 /dev/sdb6 /dev/sdc6

mke2fs -t ext4 -j /dev/md1

mkdir /raid1 && mount /dev/md1 /raid1 && echo $?

## create raid 5 (data striping with parity) sacrifice of 1 disk or partition space
mdadm --create /dev/md2 --level=5 --raid-devices=4 /dev/sdb7 /dev/sdb8 /dev/sdc7 /dev/sdc8

mke2fs -t ext4 -j /dev/md2

mkdir /raid5 && mount /dev/md2 /raid5 && echo $?

##raid entries in /etc/fstab
/dev/md0        /raid0        ext4    defaults,usrquota,grpquota    1 2
/dev/md1        /raid1        ext4    defaults,usrquota,grpquota    1 2
/dev/md2        /raid5        ext4    defaults,usrquota,grpquota    1 2

## Raid Management
/etc/mdadm.conf

cat /proc/mdstat

mdadm --query /dev/md0 | /dev/md[0-2]

## to make raid read only
umount /dev/md0

mdadm -v -w /dev/md0 - write
mdadm -v -o /dev/md0 - read only

mount /dev/md0 /raid0

mount

## to stop raid for management
umount /dev/raid0

mdadm --manage --stop /dev/md0

## multiple ways to reassemble it again
1. command level reassembling
mdadm -A /dev/md0 /dev/sdb5 /dev/sdc5

mount /dev/md0 /raid0

2. /etc/mdadm.conf level reassembling
nano /etc/mdadm.conf
##add below lines
DEVICE /dev/sdb[5-8] /dev/sdc[5678]
ARRAY /dev/md0 devices=/dev/sdb5,/dev/sdc5

##run command below
mdadm -A /dev/md0

## to check details about raid
mdadm -D /dev/md0

mdadm -E /dev/sd[bc][78]

LINUX LVM Step by Step

## Make partitions with parted tool
root@localhot# parted /dev/sdb

mkpart primary 1 4GB

mkpart primary 4GB 8GB

mkpart primary 8GB 12GB


## Optional 3 steps if you want to create extended and logical partitions
mkpart extended 4GB 12GB

mkpart logical 4GB 8GB

mkpart logical 8GB 12GB
##

set 1 lvm on

set 2 lvm on

set 3 lvm on

parted)quit

## Format drives with ext4 file system
mke2fs -t ext4 -j /dev/sdb1

mke2fs -t ext4 -j /dev/sdb2

mke2fs -t ext4 -j /dev/sdb3

## Step by setp LVM
1. pvcreate /dev/sdb1 /dev/sdb2 /dev/sdb3

2. vgcreate volgroupvar /dev/sdb1 /dev/sdb2 /dev/sdb3


## optional to extend volume group adding new drive
follow parted for partition and then pv create and below
vgextend volgroupvar /dev/sdc1



3. lvcreate -L 5GB volgroupvar


## To resize the logical volume

lvextend -L +2GB /dev/volgroupvar/lvol0

lvreduce -L -2GB /dev/volgroupvar/lvol0


lvresize -L 4GB /dev/volgroupvar/lvol0

resize2fs /dev/volgroupvar/lvol0 4G


## to rename the volume group and Logical volume
vgrename volgroupvar volgroupopt

lvrename /dev/volgroupvar/lvol0 lvolopt 

Voice over LTE (VoLTE)

Voice over LTE (VoLTE)

According to the latest ‘Evolution to LTE’ report released by Global mobile Suppliers Associations (GSA), 113 commercial LTE networks are in operation in 51 countries around the world. By the end of next year, 209 LTE networks are expected to be deployed in 75 countries. LTE has been designed as a data-only IP technology. There is no inherent support for circuit switched voice. Since eventually, most operators will transform to LTE networks, the technology must incorporate voice. There are three popular options for providing voice services over LTE networks

1. Circuit-Switched Fallback (CSFB) – Presently, CSFB is the most widely used solution for carrying voice over LTE networks but it is not a true voice over LTE implementation. It involves switching to a 2G or 3G connection before initiating and receiving a circuit switched voice call. Although the technology requires certain hardware infrastructure modifications and utilizes multiple network elements to accomplish the transition from data to voice and vice-versa, it remains a relatively cost-effective solution to provide voice in LTE. It also has the ability to carry text messages. CSFB will be prevalent in the industry for at least next few years but it cannot be a long-term strategy. It has certain disadvantages. Sudden data session suspension and call setup delays can lead to poor user experience. Femtocells are not supported. CSFB can be extended to the reasoning behind lack of support of simultaneous data and voice sessions on Verizon, Sprint and other CDMA networks. Verizon has widespread LTE coverage in USA. But when it comes to voice, the phones on their network switch to the legacy 2G or 3G CDMA connection which is not designed to handle simultaneous voice and data. An extra radio in the phone solves this problem and most Verizon LTE phones incorporate the required hardware to carry two connections. But some smartphone manufacturers like Apple are reluctant to incorporate that extra radio to sustain battery life and lower costs. AT&T’s legacy GSM and UMTS networks have no such issues. Voice and data sessions can co-exist on phones subscribed to their network. This is also one of the factors contributing to better iPhone sales on AT&T as compared to Verizon despite Verizon having a better overall network than AT&T.

2. Voice over LTE Generic Access (VoLGA) - VoLGA provides voice over LTE by taking advantage of the network operator’s incumbent 2G or 3G infrastructure. A Generic Access Network (GAN) adds WiFi as an access network to a 3G UMTS system. Through GAN, a dual mode device can access network services by using WiFi. VoLGA uses this idea of GAN and replaces WiFi with LTE. There are no modifications required to the 3G and LTE radio network or core. VoLGA Access Network Controller (VANC) acts as a gateway between the LTE and 3G circuit switched domain. Signalling and data packets are transported between the device and circuit-switched network by VANC in a transparent flow. VoLGA offers better call setup times as compared to CSFB and supports femtocells. VoLGA gained traction when Deutsche Telekom (DT) announced its support for the technology in 2010. But DT later dropped VoLGA in favor of CSFB and it will eventually migrate to voice over IMS in LTE networks. VoLGA is now considered dead despite being a less expensive means for providing voice services on LTE networks.

3. Voice over IMS – The IP Multimedia Subsystem (IMS) is the chosen long-term strategy for deploying VoLTE. CSFB and VoLGA are not actual VoLTE technologies, but they are considered as two technologies used to implement voice on LTE networks in the short-term. However, an IMS based LTE network is the real VoLTE. In 2010, the global association of mobile operators, GSMA, announced the ‘One Voice’ initiative which defined a minimum mandatory set of standards to achieve interoperable high quality IMS-based voice and SMS service over LTE networks. The goal of this initiative was to harmonize the implementation of voice and SMS services on LTE for leading operators and handset manufacturers. IMS is an IP-based network which is deployed by operators to provide a range of applications such as text, media and video on a single IP platform. IMS is based on the Session Initiation Protocol (SIP). The SIP server in IMS is also known as the Call Session Control Function (CSCF) server. It is used for voice call control and service delivery. In simple terms, the outcome of this VoLTE architecture is that the voice is transported as data flows inside the LTE data.  Thus IMS enables LTE to administer VoIP and high speed data service simultaneously. One important feature of VoLTE is implementation of Single Radio Voice Call Continuity (SRVCC). The concept of SRVCC requires that when a user moves outside the LTE coverage area, it should experience a smooth handover to another technology such as 3G/UMTS or 2G/GSM. IMS achieves this by switching the session to circuit-switched domain. Another vital aspect of VoLTE will be seamless roaming and interconnection with another providers’ network. Note that IMS is not a new technology. It was first developed around 2006 but lost momentum once the focus started shifting to LTE. Now LTE itself needs IMS’ support. Over the period of last year, IMS based VoLTE technology has emerged as the industry wide standard for providing voice services through LTE. Ericsson is the leader in VoLTE solutions closely followed by Alcatel-Lucent and Nokia Siemens Networks. But IMS based VoLTE is a complex system and large scale deployments are not expected anytime soon. However, early deployments have already commenced in some parts of the world. SK Telecom and LG U+ in South Korea launched VoLTE services earlier this year. MetroPCS, which was recently acquired by T-Mobile, is the first player in US to offer VoLTE services. Verizon and AT&T are expected to join the VoLTE bandwagon in the later half of 2013.

Financial instability and wide scale utilization of HSPA+ in different parts of the world has resulted in slow LTE deployment and adoption. VoLTE comes beyond that and for now CSFB seems sufficient. Over the top (OTT) services like Skype and Facetime (for Apple devices) have somewhat obviated the need to launch VoLTE urgently. If I can talk and see my family and friends in US and overseas by using the data plan or WiFi on my device, I would not care much about plain voice service. Having said that, we also understand that voice is still a major chunk of operators’ revenue. So with time, as most operators migrate to LTE, they will have to use IMS for voice unless some better alternative comes along. The IMS based architecture is broadly recognized as the permanent solution for carry voice over LTE networks.

Thursday, 15 November 2012

SED - Stream Editor

sed - stream editor for filtering and transforming text in Unix and Linux

p - to print specific lines

d - to delete specific lines

sed -n '1p' grep.test.txt - to print 1st line of a file

sed -n '2p' grep.test.txt - to print 2nd line of a file

sed -n '$p' grep.test.txt - to print last line of a file

sed -n 4,13p grep.test.txt - to print line 4 to 13 of a file

sed -n '1!p' grep.test.txt - to print all file but ignore 1st line

sed -n '1,3!p' grep.test.txt - to print all file but ignore line 1 to 3

sed -n -e '/2011/p' grep.test.txt - to print all lines having 2011


sed -n -e '/2011$/p' grep.test.txt - to print all lines ending at 2011

sed -n -e '/^2011/p' grep.test.txt - to print all lines starting at 2011

sed -n -e '/[0-9]/p' grep.test.txt - to print all lines having numbers


NOTE: for further details use below url
http://sed.sourceforge.net/sed1line.txt

Happy New Islamic Year....!

 May Allah Bless Us Best of this Year....!

Saturday, 3 November 2012

Windows Tips and Tricks

 -----------------------------------------------
Windows Tips
-----------------------------------------------
dxdiag          >>> directx diagnose
regedit         >>>  registry editor
msconfig       >>> windows startup configurator
gpedit.msc    >>> group policy editor
ncpa.cpl        >>> network connections settings
conf.exe        >>> to configure netmeeting
appwiz.cpl     >>> to run add remove software

services.msc  >>> to check services
appwiz.cpl     >>> to add/remove a program

netstat          >>> to view network interface statistics
nbtstat          >>> to view netbios statistic
ipconfig         >>> to configure network interfaces


shutdown -s    >>> to shut down system
shutdown -r    >>> to restart system
shutdown -a    >>> to abort the shut down
shutdown -l     >>> to log off the system


net start|stop service  >>> to start or stop a service
net stop server          >>> to stop the "server" service
net start server          >>> to start the "server" service
net pause server        >>> to pause the "server" service
net resume server      >>> to resume the "server" service


net user administrator /active:yes   >>> to activate default system administrator account

mstsc /console /v:10.3.3.11            >>> to login remotely

windows+d             >>> to minimize a window
alt+shift+numlock    >>> to enable mouse operation from numeric keypad
 

convert c:/fs:ntfs       >>> to convert fat32 filesystem to ntfs

-----------------------------------------------
GROUP POLICY (DOMAIN - LOCAL)
-----------------------------------------------
gpedit.msc          >>> to edit the local group policy

gpupdate /force   >>> to update changes made by gpedit.msc (/force to apply changes immediately)
                                  default: 5 minutes to apply changes on server and 120 minutes to apply changes on   

                                  workstation
 

secpol.msc          >>> to edit local security policy

to block games or any app in group policy
user configuration --> administrative templates --> system --> don't run specified windows application

to set desktop theme and wallpaper settings
user configuration --> administrative templates --> control panel --> desktop --> all setting here for wallpaper or other desktop

to hide specified drives
user configuration --> administrative templates --> windows components --> windows explorer --> hide these specified drives in My computer


---------------------------------
commands about DNS and DHCP
---------------------------------
ipconfig /all        -    to display all info about network

getmac            -    to get mac address of local machine

ipconfig /release    -    to release ip address of DHCP

ipconfig /renew        -    to renew ip address with DHCP

nslookup        -    to query dns name

dnsdisplay        -    to display dns info

flushdns        -    to flush the dns cache


---------------------------------
commands about WINS (NETBIOS)
---------------------------------
nbtstat            -    netbios stats

nbtstat -c -n -r    -    c for "cache", n for "names", r for "resolved"


---------------------------------
commands about FAT to NTFS conversion
---------------------------------
CONVERT volume /FS:NTFS [/V] [/CvtArea:filename] [/NoSecurity] [/X]

  volume      Specifies the drive letter (followed by a colon),
              mount point, or volume name.
  /FS:NTFS    Specifies that the volume is to be converted to NTFS.
  /V          Specifies that Convert should be run in verbose mode.
  /CvtArea:filename
              Specifies a contiguous file in the root directory to be
              the place holder for NTFS system files.
  /NoSecurity Specifies the converted files and directories security
              settings to be accessible by everyone.
  /X          Forces the volume to dismount first if necessary.
              All opened handles to the volume would then be invalid.

convert c:/fs:ntfs


---------------------------------
how to setup Network Printer
---------------------------------
To set a Windows XP/Vista computer to print directly to a printer, follow the steps below:

Click Start, then Printers and Faxes (Windows XP) or Windows icon, Control Panel, Hardware and Sound, then Printer (Windows Vista).

Double-click Add a Printer to start the "Add Printer Wizard," then click Next.

You will be given an option between Local Printer and Network Printer. Select Local Printer.

Make sure the Automatically detect and install my plug and play printer is not selected (Windows XP),

then click Next. Select Create a new port in the Type field, then select Standard TCP/IP Port. Click Next (twice in Windows XP).

In the Printer Name or IP Address field, enter the Domain (host) name of the printer (e.g., printToMe.dartmouth.edu)

which you received from the Hostmaster in response to your request for a fixed IP address. Click Next, then Finish.

If you are placed back in the Select the Printer Port window, make sure that Use the following port is selected.

From the list, select the Standard TCP/IP Port you just created. It should appear at the bottom of the list. Click Next.

Select the manufacturer and printer model, or select Have Disk if you are going to install the drivers from a CD or have installed them from the Web. Click Next.

In the Name field, enter the name that will identify your printer on your computer. Specify whether you want this printer to be the default printer. Click Next.

Select Do not share printer, then click Next twice. Click Finish.

LATEST OS VERSIONS

Latest Operating System Versions

Debian 6.0.6
http://www.debian.org/

Centos 6.3
https://www.centos.org/

Ubuntu 12.10
12.04 is LTS version
http://www.ubuntu.com/

Fedora 17 (18 beta also available)
http://fedoraproject.org/en/

OpenSuse 12.2
http://www.opensuse.org/en/

Apple OS X Mountain Lion
http://www.apple.com/osx/what-is/

Windows 8
http://windows.microsoft.com/en-US/windows-8/meet

STORAGE DEFINATIONS



DEFINITION OF DAS, SAN AND NAS STORAGE
  • DAS is a block device from a disk which is physically [directly] attached to the host machine.
    • You must place a filesystem upon it before it can be used.
    • Technologies to do this include IDE, SCSI, SATA, etc.
  • SAN is a block device which is delivered over the network.
    • Like DAS you must still place a filesystem upon it before it can used.
    • Technologies to do this include FibreChannel, iSCSI, FoE, etc.
  • NAS is a filesystem delivered over the network.
    • It is ready to mount and use.
    • Technologies to do this include NFS, CIFS, AFS, etc.
SAN and NAS Distinctions
NAS
SAN
Almost any machine that connects to a LAN (or is
interconnected to a LAN via a WAN) may utilize NFS,
CIFS or HTTP protocol to connect to a NAS
Server class devices that are equipped with SCSI Fibre Channel
adapters connect to a SAN. A Fibre Channel based solution has a
distance limit of approximately 6 miles

A NAS identifies the data by file name and byte offset,
transfers file data or metadata, and handles security, user
authentication, file locking

A SAN addresses the da ta by logical block numbers, and transfers
the data in (raw) disk blocks.

A NAS allows greater sharing of information, especially
among different operating systems
File Sharing is operating system dependent, and may not exist for
all operating systems that are being used

File system is manage d by the NAS head unit
The SAN servers manage the file system

Backups and mirrors are generated on files, not blocks
(this may save bandwidth and time)

Backups and mirrors require a block by block copy operation. A
mirrored system has to be either identical, or greater in capacity  (compared to the source)

Friday, 2 November 2012

Difference between CV and Resume


So how exactly is a resume different from a CV? While both serve the function of introducing a person, there are many differences.

Purpose
While a resume is used when applying for a job in any sector, a CV (Curriculum Vitae) is mostly needed when applying for any position in a research and academic field, including a research position or a teaching position.

Content
The difference between CV and resume is obviously related to content. While both will have the basic personal details of an individual like name, age, sex, address and educational qualifications, the rest of the things specified may vary. A resume will contain educational qualifications and job experience details along with personal goals and information about your skill set.

A CV on the other hand, being written for an academic position will include information about research work, research papers if any, details of workshops and conferences attended or conducted, awards and medals if any, along with a synopsis of doctoral thesis even. All this could be a part of a CV.

Length
Considering that the number of details included in a CV or a resume vary, the length in both cases is different. 
While a resume may be restricted to one or two pages at the most, 

a CV can be more than 2 pages and can extend up to ten pages and beyond. Making a resume is easier, compared to a CV, which is a review of your work, presented in excruciating details.

Thursday, 1 November 2012

Squid 3 Compilation on Ubuntu 12 with SSL



Squid 3 - Proxy Server

Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol. (WCCP)

The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid proxy, or caching servers, ensure your system is configured with a large amount of physical memory, as Squid maintains an in-memory cache for increased performance.

_____________________________________________________________________________
Binary installation of squid on Ubuntu 12
sudo su

apt-get install squid

cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original

chmod a-w /etc/squid3/squid.conf.original

vi /etc/squid3/squid.conf
_____________________________________________________________________________

Compilation of Squid 3.2.1 and 3.1.21 on Ubuntu 12

sudo su
 
apt-get update

apt-get upgrade
 
Latest release of 3.2
wget http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.1.tar.gz

Last release of 3.1
wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.21.tar.gz

tar -xzvf squid-3.2.1.tar.gz

apt-get install g++ gawk m4 gcc-multilib

NOTE: if found any error regarding gcc then install it
------------------------------------------------------------------------
sudo add-apt-repository ppa:ubuntu-toolchain-r/test
sudo apt-get update
sudo apt-get install gcc-4.7
------------------------------------------------------------------------

apt-get install smbclient

apt-get install openssl*

apt-get install libcap-*

./configure --prefix=/usr --includedir=/usr/include --datadir=/usr/share --bindir=/usr/sbin --libexecdir=/usr/lib/squid --localstatedir=/var --sysconfdir=/etc/squid --enable-delay-pools --enable-ssl --enable-ssl-crtd --enable-linux-netfilter --enable-arp-acl --enable-snmp --enable-gnuregex && echo "Configured Successfully"

NOTE: for squid 3.2.1
--enable-arp-acl replaced with --enable-eui

make all && echo "Compiled Successfully"

make install && echo "Installed Successfully"


cd /usr/share/ssl-cert

openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout myCA.pem  -out myCA.pem

openssl x509 -in myCA.pem -outform DER -out myCA.der

The result file should be imported into the 'Authorities' section of users' browsers.
For example, in FireFox:
1.    Open 'Preferences'
2.    Go to the 'Advanced' section, 'Encryption' tab
3.    Press the 'View Certificates' button and go to the 'Authorities' tab
4.    Press the 'Import' button, select the .der file that was created previously and pres 'OK'


vi /etc/squid/squid.conf

http_port 192.168.5.239:3128 transparent ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/share/ssl-cert/myCA.pem

##Also add the following lines to enable SSL bumping:
always_direct allow all
ssl_bump allow all
# the following two options are unsafe and not always necessary:
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

touch /var/logs/cache.log
chown nobody:adm /var/logs/cache.log

touch /var/logs/access.log
chown nobody:adm /var/logs/access.log

chown nobody:adm /var/cache/squid

## To Initialize cache
/usr/sbin/squid -z

## To Run squid
/usr/sbin/squid &

iptables -t nat -A PREROUTING -i eth0 -p tcp --syn --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

echo "1">/proc/sys/net/ipv4/ip_forward