SquidGuard

SquidGuard vam omogućava da se kontroliše prostup korisnika raznim sajtovima (zabrani prostup takvim sajtovima koji su za kockanje, porno, reklame, malware…).
SquidGuard HomePage.

Instalacija
Ona je jednostavna, KADA se prvo nabavi sve što je potrebno od drugog softvera :
*Bison
Bison is a general-purpose parser generator that converts an annotated context-free grammar into a deterministic LR or generalized LR (GLR) parser employing LALR(1) parser tables.
Homepage
# rpm -qa|grep bison
bison-2.4.3-1.fc14.i686
Ako ga nema, spustiti ga sa yum komandom…

*Flex
Flex is a tool for generating scanners: programs which recognize lexical patterns in text.
HomePage
Instalacija za Flex :
# rpm -qa|grep flex
flex-static-2.5.35-11.fc14.i686
flex-2.5.35-11.fc14.i686

*Berkeley DB V.2.7.7, V3.2.x or 4.x (original site: www.oracle.com/database/berkeley-db/index.html).
Annotation: Berkeley DB version 4.7 gives error messages during compilation. Up to version 4.6 the compilation runs fine.
Instalacija za Berkley DB za RHEL ili Fedoru :
# yum install db4*

*A C compiler like GCC
Provera da li ga imamo na serveru :
# rpm -qa|grep gcc
gcc-4.5.1-4.fc14.i686
gcc-c++-4.5.1-4.fc14.i686
libgcc-4.5.1-4.fc14.i686
gcc-gfortran-4.5.1-4.fc14.i686

E sada kada imamo sve što je zahtevano radimo samu instalaciju za SquidGuard :
# tar xvfz squidGuard-1.4.tar.gz
# cd squidGuard-xxx
# ./configure
# make
# make install
…..
The initial configuration is complete.
Congratulation. SquidGuard is sucessfully installed.

Konfiguracija SquidGuard-a
Gde se nalaze koji fajlovi :
Definicije blacklists : /usr/local/squidGuard/db/blacklists
DataBase : /usr/local/squidGuard/db
Logovi : /usr/local/squidGuard/log
Glavni konfiguracioni fajl : /usr/local/squidGuard/squidGuard.conf

Prvo se podesi glavni konfiguracioni fajl :
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
time workhours { ovo je definisano po default-u
weekly mtwhf 08:00 – 16:30
date *-*-01 08:00 – 16:30
}
src admin {
ip 10.11.12.10 IP adresa administratora
user root
within workhours
}
dest porn { ovime se brani prostup sajtovima definisanim pod listom “porn”
domainlist blacklists/porn/domains
urllist blacklists/porn/urls
redirect http://IP-adresa-servera-block.html preusmeravanje na neki drugi sajt
log porn.log loguje se pokušaj odlaska na “porn” sajtove
}
acl {
admin {
pass any
}
default {
pass !porn all
redirect http://IP-adresa-servera-block.html ovde definišemo stranu za redirekciju
}
}

Posle ovoga treba skinuti najnovije crne liste sa lokacije ili ovde i ugraditi ih u squidGuard
# tar xvfz blacklists.tgz
Nastale foldere kopirati u /usr/local/squidGuard/db/blacklists
Posle kopiranja se postojeće liste zabrana (koje mi možemo menjati/dopunjavati) pretvaraju u DB formu, da bi ih program koristio :
# cd /usr/local/squidGuard/db
# squidGuard -u -C all ovo ume prilično da potraje
Do se ovo radi, pratiti squidGuard log da li sve ide kako treba :
# tail -f /usr/local/squidGuard/log/squidGuard.log
…..
2013-05-09 12:07:52 [442] db update done
…..

Povezivanje SquidGuard-a sa Squid-om
Radi se kroz konfiguracioni fajl Squid-a /etc/squid/squid.conf, u koji se dodaju linije :
# Path to the redirector program
redirect_program /usr/local/bin/squidGuard
# Number of redirector processes to spawn
redirect_children 5
# To prevent loops, don’t send to the redirector requests from localhost
redirector_access deny localhost
redirector_access deny SSL_ports
redirector_bypass on

Promeniti vlasništva nad fajlovima i folderima squidGuard-a tako da Squid može da ih koristi :
# chmod -R 770 /usr/local/squidGuard/db/*
# chmod -R 770 /usr/local/squidGuard/log/*
# chmod 770 /usr/local/squidGuard/squidGuard.conf
# chown -R squid.squid /usr/local/squidGuard/squidGuard.conf
# chown -R squid.squid /usr/local/squidGuard/db/blacklists
# chown -R squid.squid /usr/local/squidGuard/log/

TEK SAD se restartuje Squid!!!!

Naravno posle svega, proveriti da li sve stvarno i radi 😉

Testiranje po pojedinačnoj lokalnoj IP adresi :
# echo “http://www.youtube.com 10.10.10.50/ – – GET”|squidGuard -c /usr/local/squidGuard/squidGuard.conf -d
2014-03-07 12:10:50 [25303] New setting: dbhome: /usr/local/squidGuard/db
2014-03-07 12:10:50 [25303] New setting: logdir: /usr/local/squidGuard/log
2014-03-07 12:10:50 [25303] Added User: root
2014-03-07 12:10:50 [25303] init domainlist /usr/local/squidGuard/db/whitelists/custom/domains
2014-03-07 12:10:50 [25303] loading dbfile /usr/local/squidGuard/db/whitelists/custom/domains.db
2014-03-07 12:10:50 [25303] init urllist /usr/local/squidGuard/db/whitelists/custom/urls
2014-03-07 12:10:50 [25303] loading dbfile /usr/local/squidGuard/db/whitelists/custom/urls.db
2014-03-07 12:10:50 [25303] init domainlist /usr/local/squidGuard/db/blacklists/adult/domains
2014-03-07 12:10:50 [25303] loading dbfile /usr/local/squidGuard/db/blacklists/adult/domains.db
2014-03-07 12:10:50 [25303] init urllist /usr/local/squidGuard/db/blacklists/adult/urls
2014-03-07 12:10:50 [25303] loading dbfile /usr/local/squidGuard/db/blacklists/adult/urls.db
2014-03-07 12:10:50 [25303] init domainlist /usr/local/squidGuard/db/blacklists/audio-video/domains
2014-03-07 12:10:50 [25303] loading dbfile /usr/local/squidGuard/db/blacklists/audio-video/domains.db
2014-03-07 12:10:50 [25303] init urllist /usr/local/squidGuard/db/blacklists/audio-video/urls
2014-03-07 12:10:50 [25303] loading dbfile /usr/local/squidGuard/db/blacklists/audio-video/urls.db
2014-03-07 12:10:50 [25303] init domainlist /usr/local/squidGuard/db/blacklists/social_networks/domains
2014-03-07 12:10:50 [25303] loading dbfile /usr/local/squidGuard/db/blacklists/social_networks/domains.db
2014-03-07 12:10:50 [25303] init urllist /usr/local/squidGuard/db/blacklists/social_networks/urls
2014-03-07 12:10:50 [25303] loading dbfile /usr/local/squidGuard/db/blacklists/social_networks/urls.db
2014-03-07 12:10:50 [25303] squidGuard 1.4 started (1394190650.411)
2014-03-07 12:10:50 [25303] Info: recalculating alarm in 15550 seconds
2014-03-07 12:10:50 [25303] squidGuard ready for requests (1394190650.414)
2014-03-07 12:10:50 [25303] source not found
2014-03-07 12:10:50 [25303] no ACL matching source, using default
2014-03-07 12:10:50 [25303] Request(default/audio-video/-) http://www.youtube.com 10.33.8.50/- – – REDIRECT
http://adresa-na-koju-se-vrši-redirekcija 10.33.8.50/- – –
2014-03-07 12:10:50 [25303] squidGuard stopped (1394190650.414)

This entry was posted in Linux and tagged , , . Bookmark the permalink.

Comments are closed.