EZProxy Regular Maintenance
log into EZProxy Administration
httphttps://ezproxy.lib.ou.edu/admin
_____________________________________________________
Terminate old sessions:
select View server status under Current Activity
terminate any sessions that weren't started today
click on old Session and then select Terminate session
______________________________________________________
Host Maintenance:
from the View server status screen, select Host Maintenance link at top
near the bottom of the page select "Remove ## hosts that have not been used in over 30 days (requires EZproxy restart)"
select process
select "restart EZproxy"
________________________________________________________
DB Definition Conflicts:
from the Administration screen, select "Check for database definition conflicts" under Miscellaneous.
go line by line and research the issue
| Anchor | ||||
|---|---|---|---|---|
|
________________________________________________________to access EZProxy on my MacBook
EZProxy Server Access:
ssh libezproxy-3.ezproxyalpha.prod.nor.internalspecial pass (weight
)
ls config.txt:
sudo -u ezproxy vim /srv/ezproxy
to open the file and see it.
sudo /config.txt
user.txt:
sudo -u ezproxy vim /srv/ezproxy/config.txt
i to insert
:wq to write and close
:q! to just close without writing
esc to get out of insert mode
to user.txt
to restart ezproxy:
sudo systemctl status restart ezproxy (regular password)
__________________________________________
To update the files that the public sees:
sudo vi ./docs/
sudo vi ./docs/suspend.htm
__________________________
our proxy prefix was: http://ezproxy.lib.ou.edu/login?url=
now it's: https://login.ezproxy.lib.ou.edu/login?url=
___________________________________
cd srv/ezproxy
run this to generate a log
sudo ./simplerotate.sh
____________________________________
Log spelunking:
vim newscript.sh
to edit it:
sudo cat /srv/ezproxy/ezproxy.log {color}
/mnt/autofs/lib-7logs/ezproxy`date +"%Y%m%d"`.log {color}
/mnt/autofs/lib-7logs/ezproxy`date +"%Y%m%d" -d "1 day ago"`.log {color}
/mnt/autofs/lib-7logs/ezproxy`date +"%Y%m%d" -d "2 day ago"`.log > ./loc_ezproxy.log
sudo chown croberts ./loc_ezproxy.log
cut -d ' ' -f 1 "loc_ezproxy.log" | sort | uniq -c > ipaddys.txt
cat ipaddys.txt | sed -e 's/^[[:space:]]*//' > ipadr2.txt
sort -nr ipadr2.txt > ipaddys.txt
rm ipadr2.txt
./newscript.sh to run it
head ipaddys.txtto get ip addys
/opt/ltp/ezproxy_log_search.sh [ipaddy here]
to get the heavy hitters for the past week:
run this on lib-3:
./logcheck.sh
_________________________________________________________
tracable logins for past three days:
if you log in to lib-3 and run this command:
sudo cat /srv/ezproxy/ezproxy.log \
/mnt/autofs/lib-7-logs/ezproxy-`date +"%Y%m%d"`.log \ /mnt/autofs/lib-7-logs/ezproxy-`date +"%Y%m%d" d "1 day ago"`.log \ /mnt/autofs/lib-7-logs/ezproxy`date +"%Y%m%d" -d "2 day ago"`.log | grep 'https?://(.+)?ezproxy.lib.ou.edu:(80|443)?/login?user='
You'll get the last 3 days of tracable logins in the ezproxy logs.
__________________________________________________________________
There is now a script you can run on lib-3 to do lateral correlations on IP addresses, sessions, and user accounts.
All you have to do is feed it an IP address as an argument, and it will return related users and ip addresses. Eg.
/opt/ltp/ezproxy_log_search.sh 115.28.104.63
returns
115.28.104.63 - - [15/Dec/2015:02:12:14 -0600] "GET https://ezproxy.lib .ou.edu:443/login?user=wand2999&ticket=e56bf200b7d9b5f7b39212d07d73fc8d
%24u1450167129&url= HTTP/1.1" 302 0
____________________________________________________________________
longer version:
the sneakier thieves were starting sessions in one ip space, then shifting the sessions to bots in a completely different ip space. The script does the following:
...
search for logins associated with dirty ips
sudo cat /srv/ezproxy/ezproxy.log \ /mnt/autofs/lib-7-logs/ezproxy-`date +"%Y%m%d"`.log \ /mnt/autofs/lib-7-logs/ezproxy-`date +"%Y%m%d" d "1 day ago"`.log \ /mnt/autofs/lib-7-logs/ezproxy`date +"%Y%m%d" -d "2 day ago"`.log | grep 'https?://(.+)?ezproxy.lib.ou.edu:(80|443)?/login?user='
...
navigate to srv/ezproxy/docs/
Manually blocking users:
navigate to user.txt file:
navigate to #manually blocked users section
add this line, inserting the blocked user's 4x4 at the bottom of the list
IfUser 4x4; Deny
Redirecting Concurrently Enrolled students to K-12 Databases page:
navigate to user.txt file
navigate to #concurrently enrolled users section
add this line, inserting the student's 4x4
IfUser 4x4; Banner k12.htm