EZProxy Regular Maintenance
log into EZProxy Administration
httphttps://ezproxy.lib.ou.edu/admin
_____________________________________________________
Terminate old sessions:
select View server status under Current Activity
terminate any sessions that weren't started today
click on old Session and then select Terminate session
______________________________________________________
Host Maintenance:
from the View server status screen, select Host Maintenance link at top
near the bottom of the page select "Remove ## hosts that have not been used in over 30 days (requires EZproxy restart)"
select process
select "restart EZproxy"________________________________________________________
Occasionally, there will be a need to remove orphaned hosts. There will be an additional option “Remove ## orphaned host that has !!! database index (requires EZproxy restart)”
select process
select “restart EZProxy”
Checking for Errors:
config errors, connection errors, etc:
Select “View messages.txt”
Scan for anything new or unusual.
tripped security rules (Blocks due to OCLCByteLimit will appear here):
Select “View security rules”
Select “Tripped Security Rules”
Clear blocked user if necessary.
usage limits and suspensions (Suspensions due to limits set in config):
Select “View usage and clear suspensions”
Select user that needs to be cleared and click “Clear Suspension”
unreported missing host errors:
In the “View ezproxy.log lines containing” search, enter “ 599 “
Search for hosts in Discover and LibGuides to see if links are missing proxy prefix
Bad Requests or Unauthorized Access errors:
In the “View ezproxy.log lines containing” search, enter “ 400 “
In the “View ezproxy.log lines containing” search, enter “ 401 “
DB Definition Conflicts:
from the Administration screen, select "Check for database definition conflicts" under Miscellaneous.
go line by line and research the issue
| Anchor | ||||
|---|---|---|---|---|
|
________________________________________________________to access EZProxy on my MacBook
EZProxy Server Access:
ssh libezproxy-3.ezproxyalpha.prod.nor.internalspecial pass (weight
)
ls config.txt:
sudo -u ezproxy vim /srv/ezproxy
to open the file and see it.
sudo /config.txt
user.txt:
sudo -u ezproxy vim /srv/ezproxy/config.txt
i to insert
:wq to write and close
:q! to just close without writing
esc to get out of insert mode user.txt
to restart ezproxy:
sudo systemctl status ezproxy (regular password)
__________________________________________ restart ezproxy
To update the files that the public sees:
sudo vi ./docs/
sudo vi .navigate to srv/ezproxy/docs/suspend.htm
__________________________
our proxy prefix was: http://ezproxy.lib.ou.edu/login?url=
now it's: https://login.ezproxy.lib.ou.edu/login?url=
___________________________________
cd srv/ezproxy
run this to generate a log
sudo ./simplerotate.sh
____________________________________
Log spelunking:
vim newscript.sh
to edit it:
sudo cat /srv/ezproxy/ezproxy.log {color}
/mnt/autofs/lib-7logs/ezproxy`date +"%Y%m%d"`.log {color}
/mnt/autofs/lib-7logs/ezproxy`date +"%Y%m%d" -d "1 day ago"`.log {color}
/mnt/autofs/lib-7logs/ezproxy`date +"%Y%m%d" -d "2 day ago"`.log > ./loc_ezproxy.log
sudo chown croberts ./loc_ezproxy.log
cut -d ' ' -f 1 "loc_ezproxy.log" | sort | uniq -c > ipaddys.txt
cat ipaddys.txt | sed -e 's/^[[:space:]]*//' > ipadr2.txt
sort -nr ipadr2.txt > ipaddys.txt
rm ipadr2.txt
./newscript.sh to run it
head ipaddys.txtto get ip addys
/opt/ltp/ezproxy_log_search.sh [ipaddy here]
to get the heavy hitters for the past week:
run this on lib-3:
./logcheck.sh
_________________________________________________________
tracable logins for past three days:
if you log in to lib-3 and run this command:
sudo cat /srv/ezproxy/ezproxy.log \
/mnt/autofs/lib-7-logs/ezproxy-`date +"%Y%m%d"`.log \ /mnt/autofs/lib-7-logs/ezproxy-`date +"%Y%m%d" d "1 day ago"`.log \ /mnt/autofs/lib-7-logs/ezproxy`date +"%Y%m%d" -d "2 day ago"`.log | grep 'https?://(.+)?ezproxy.lib.ou.edu:(80|443)?/login?user='
You'll get the last 3 days of tracable logins in the ezproxy logs.
__________________________________________________________________
There is now a script you can run on lib-3 to do lateral correlations on IP addresses, sessions, and user accounts.
All you have to do is feed it an IP address as an argument, and it will return related users and ip addresses. Eg.
/opt/ltp/ezproxy_log_search.sh 115.28.104.63
returns
115.28.104.63 - - [15/Dec/2015:02:12:14 -0600] "GET https://ezproxy.lib .ou.edu:443/login?user=wand2999&ticket=e56bf200b7d9b5f7b39212d07d73fc8d
%24u1450167129&url= HTTP/1.1" 302 0
____________________________________________________________________
longer version:
the sneakier thieves were starting sessions in one ip space, then shifting the sessions to bots in a completely different ip space. The script does the following:
...
search for logins associated with dirty ips
sudo cat /srv/ezproxy/ezproxy.log \ /mnt/autofs/lib-7-logs/ezproxy-`date +"%Y%m%d"`.log \ /mnt/autofs/lib-7-logs/ezproxy-`date +"%Y%m%d" d "1 day ago"`.log \ /mnt/autofs/lib-7-logs/ezproxy`date +"%Y%m%d" -d "2 day ago"`.log | grep 'https?://(.+)?ezproxy.lib.ou.edu:(80|443)?/login?user='
...
Manually blocking users:
navigate to user.txt file:
navigate to #manually blocked users section
add this line, inserting the blocked user's 4x4 at the bottom of the list
IfUser 4x4; Deny
Redirecting Concurrently Enrolled students to K-12 Databases page:
navigate to user.txt file
navigate to #concurrently enrolled users section
add this line, inserting the student's 4x4
IfUser 4x4; Banner k12.htm