Squid+SquidGuard

Čemu uopšte služi SquidGuard? Pa on ima predefinisani kategorije sajtova (koje se mogu menjati i dopunjavati), kojima možete zabraniti pristup (opet pa po IP adresama korisnika).
Koristim ga već prilično dugo, i pokazao se kao dobar. Homepage : link. Njegova mana je to što ga (trenutno) niko ne održava…..
Ali srećom postoji sajt srećnih korisnika SquidGuard-a, gde postoje sasvim ažurne crne liste link. Kako ih primeniti uz već postojeće, navedeno je jednom od sledećih postova.

Naravno ima i drugih programa, koji rade to isto, ali o tome u nekom od sledećih postova.
Instalacija :
1. Potrebno je imati funkcionalni proxy Squid server
2. Potrebni početni uslovi : bison, Flex, GCC kompajler, Berkley DB. Uglavnom su već instalirani (sem Berkley DB), ali evo kako proveriti :
# rpm -qa|grep bison
bison-2.4.1-5.el6.x86_64
(Ako ga nema, instalira se ovako : # yum install bison* )
# rpm -qa|grep flex
flex-2.5.35-8.el6.x86_64
(Ako ga nema, instalira se ovako : # yum install flex* )
# rpm -qa|grep gcc
gcc-gfortran-4.4.7-3.el6.x86_64
libgcc-4.4.7-3.el6.x86_64
gcc-4.4.7-3.el6.x86_64
gcc-c++-4.4.7-3.el6.x86_64
(Ako ga nema, instalira se ovako : # yum install gcc i # yum install gcc-c++ )
# rpm -qa|grep db4 Berkley DB
db4-java-4.7.25-17.el6.x86_64
db4-devel-4.7.25-17.el6.x86_64
db4-tcl-4.7.25-17.el6.x86_64
db4-devel-static-4.7.25-17.el6.x86_64
db4-utils-4.7.25-17.el6.x86_64
db4-4.7.25-17.el6.x86_64
db4-cxx-4.7.25-17.el6.x86_64
(Ako ga nema, instalira se ovako : # yum install db4* )
I da SVE mora da bude instalirano, inače neće da radi….
3. Spustiti SquidGuard odavde, i otpakovati ga na licu mesta :
# tar xvfz squidGuard-1.4.tar.gz
# cd squidGuard-1.4
# ./configure
# make
# make install
…..
Congratulation. SquidGuard is sucessfully installed.
…..
4. Konfiguracija
BlackLists (videti u ovom mom postu za nove BL, jer stare su SKROZ zastarele) se stavljaju na lokaciju : /usr/local/squidGuard/db, a sa lokacije : /nalog/squidGuard-1.4/samples/dest/blacklists.tar.gz, i tamo se razvijaju :
# pwd
/usr/local/squidGuard/db
# tar xvfz blacklists.tar.gz
Dobijamo folder sa crnim listama (paziti, crne liste koje u originalu dolaze sa SG su JAKO zastarele, i moraju se staviti nove, ali o tome u sledećim postovima), ali to nije upotrebljivo, one se moraju prebaciti u DB formu, ali tek pošto oformimo osnovi konfiguracioni fajl za SquidGuard.
Gde se koji fajlovi nalaze :
* Definicije blacklists : /usr/local/squidGuard/db/blacklists
* DataBase : /usr/local/squidGuard/db
* Logovi : /usr/local/squidGuard/log
* Konfiguracioni fajl : /usr/local/squidGuard/squidGuard.conf
Glavni konfiguracioni fajl /usr/local/squidGuard/squidGuard.conf :
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
time workhours {
weekly mtwhf 08:00 – 16:30
date *-*-01 08:00 – 16:30
}
src admin {
ip 10.10.10.140
user root
within workhours
}
dest good {
}
dest local {
}
dest porn {
domainlist blacklists/porn/domains
urllist blacklists/porn/urls
expressionlist blacklists/porn/expressions
redirect http://10.10.10.94
log porn.log
}
acl {
admin {
pass any
}
default {
pass !porn all
redirect http://10.10.10.94
}
}
Posle ovoga BL se moraju prebaciti u db format da bi ih SG čitao :
# squidGuard -u -C all
Paralelno u drugom prozoru pratiti dešavanja u log fajlu :
# tail -f /usr/local/squidGuard/log/squidGuard.log
…..
2013-11-26 14:39:55 [7126] squidGuard 1.4 started (1385473195.539)
2013-11-26 14:39:55 [7126] db update done
2013-11-26 14:39:55 [7126] squidGuard stopped (1385473195.905)
Time se u svakom od podfoldera /usr/local/squidGuard/db/blacklists/ pravi nove fajlove urls.db i domains.db.
PAZITI!!! Ovime će biti obrađene samo liste koje su navedene u /usr/local/squidGuard/squidGuard.conf fajlu.

4a. Testiranje
Posle završene konfiguracije, testiranje :
# pwd
/nalog/squidGuard-1.4
# make test
making test in squidGuard-1.4
(cd test && make test)
make[1]: Entering directory `/nalog/squidGuard-1.4/test’
test1..
Database size:
5643 blacklist/domains
7442 blacklist/urls
13085 total
Running test1 with 1005 requests…Done
Checking number of output lines..
.OK
Checking the output against the expected..
.OK
squidGuard initialization took 0.018 seconds
squidGuard handled 1005 requests in 0.008 seconds

test2..
Database size:
5643 blacklist/domains
7442 blacklist/urls
3 blacklist/expressions
13088 total
Running test2 with 1005 requests…Done
Checking number of output lines..
.OK
Checking the output against the expected..
.OK
squidGuard initialization took 0.016 seconds
squidGuard handled 1005 requests in 0.013 seconds

benchmark..
Database size:
5643 blacklist/domains
7442 blacklist/urls
13085 total
Running benchmark test with 100500 requests…Done
squidGuard initialization took 0.017 seconds
squidGuard handled 100500 requests in 0.694 seconds
make[1]: Leaving directory `/nalog/squidGuard-1.4/test’
4b. Sređivanje vlasništva nad konfiguracionim fajlom crnim listama i logovima :
# chmod -R 770 /usr/local/squidGuard/db/*
# chmod -R 770 /usr/local/squidGuard/log/*
# chmod 770 /usr/local/squidGuard/squidGuard.conf
# chown -R squid.squid /usr/local/squidGuard/squidGuard.conf
# chown -R squid.squid /usr/local/squidGuard/db/blacklists/
# chown -R squid.squid /usr/local/squidGuard/log/
5. Prebacivanje BL lista u upotrebljiv (DB) oblik :
# pwd
/usr/local/squidGuard/db
# squidGuard -u -C all
Paralelno u drugom prozoru :
# tail -f /usr/local/squidGuard/log/squidGuard.log
…..
2013-08-27 09:03:24 [5796] squidGuard 1.4 started (1377587003.855)
2013-08-27 09:03:24 [5796] db update done
2013-08-27 09:03:24 [5796] squidGuard stopped (1377587004.098)
6. Povezivanje na Squid
Vrši se kroz /etc/squid/squid.conf (videti predhodni post), samo se doda jedan red :
redirect_program /usr/local/bin/squidGuard
redirect_children 5
(Drugi red već postoji, on je samo orjentacije radi naveden).
Kako videti da Squid zbilja poziva SquidGuard :
# ps -axf
…..
10903 ? Ss 0:00 squid -f /etc/squid/squid.conf
10905 ? S 0:00 \_ (squid) -f /etc/squid/squid.conf
10907 ? S 0:00 \_ (squidGuard) -c /usr/local/squidGuard/squidGuard.conf
10908 ? S 0:00 \_ (squidGuard) -c /usr/local/squidGuard/squidGuard.conf
10909 ? S 0:00 \_ (squidGuard) -c /usr/local/squidGuard/squidGuard.conf
10910 ? S 0:00 \_ (squidGuard) -c /usr/local/squidGuard/squidGuard.conf
…..
7. Završno testiranje :
# echo “http://www.pussy.com 10.10.10.140/ – – GET” | squidGuard -c /usr/local/squidGuard/squidGuard.conf -d
2013-08-27 09:05:07 [5844] New setting: dbhome: /usr/local/squidGuard/db
2013-08-27 09:05:07 [5844] New setting: logdir: /usr/local/squidGuard/log
2013-08-27 09:05:07 [5844] Added User: root
2013-08-27 09:05:07 [5844] destblock good missing active content, set inactive
2013-08-27 09:05:07 [5844] destblock local missing active content, set inactive
2013-08-27 09:05:07 [5844] init domainlist /usr/local/squidGuard/db/blacklists/porn/domains
2013-08-27 09:05:07 [5844] loading dbfile /usr/local/squidGuard/db/blacklists/porn/domains.db
2013-08-27 09:05:07 [5844] init urllist /usr/local/squidGuard/db/blacklists/porn/urls
2013-08-27 09:05:07 [5844] loading dbfile /usr/local/squidGuard/db/blacklists/porn/urls.db
2013-08-27 09:05:07 [5844] init expressionlist /usr/local/squidGuard/db/blacklists/porn/expressions
2013-08-27 09:05:07 [5844] squidGuard 1.4 started (1377587107.119)
2013-08-27 09:05:07 [5844] Info: recalculating alarm in 26693 seconds
2013-08-27 09:05:07 [5844] squidGuard ready for requests (1377587107.122)
2013-08-27 09:05:07 [5844] source not found
2013-08-27 09:05:07 [5844] no ACL matching source, using default
2013-08-27 09:05:07 [5844] Request(default/porn/-) http://www.pussy.com 10.10.10.140/- – – REDIRECT
http://10.10.10.94 10.10.10.140/- – –
2013-08-27 09:05:07 [5844] squidGuard stopped (1377587107.122)

I na kraju, posle svega, OBAVEZNO još jednom proveriti SVE dozvole i vlasništva za baze i logove!!!! To ume posle kompajliranja baza ta se na volšeban način razdesi…..

8. SquidGuard logovi i njihova rotacija
Da bi se oni rotirali, potrebno je u folderu /etc/logrotate.d napraviti fajl squidGuard sa sledećim sadržajem :
/usr/local/squidGuard/log/*.log {
daily
rotate 30
compress
notifempty
missingok
sharedscripts
postrotate
# Asks squid to reopen its logs. (log_rotate 0 is set in squid.conf)
# errors redirected to make it silent if squid is not running
/usr/sbin/squid -k rotate 2>/dev/null
# Wait a little to allow Squid to catch up before the logs is compressed
sleep 1
endscript
}
On će rotirati log fajlove na dnevnoj bazi, i čuvati ih 30 dana.
Testiranje postavke :
# logrotate -f /etc/logrotate.d/squidGuard
I proveriti na lokaciji, da li su logovi izrotirani.