Scribd Logo
Upload

Welcome to Scribd!

  • Setup Squidguard Centos 6

    Uploaded by

    Roberto Carlos
    1K views4 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1K views4 pages

    Setup Squidguard Centos 6

    Uploaded by

    Roberto Carlos

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Setup squidguard Centos 6.

    2
    Referensi: http://www.squidguard.org/ http://www.server-world.info/en/note?os=CentOS_6&p=squid&f=3 I. Download & install squidguard # mkdir /tmp/squidguard # cd /tmp/squidguard For squidguard x64: # wget http://pkgs.repoforge.org/squidguard/squidguard-1.3-2.el6.rf.x86_64.rpm # rpm -ivh squidguard-1.3-2.el6.rf.x86_64.rpm For squidguard x32: # wget http://pkgs.repoforge.org/squidguard/squidguard-1.3-2.el6.rf.i686.rpm # rpm -ivh squidguard-1.3-2.el6.rf.i686.rpm II. Konfigurasi squidguard - Download squidguard blacklist # cd /tmp/squidguard # wget http://squidguard.mesd.k12.or.us/blacklists.tgz # tar -zxvf blacklists.tgz -C /var/lib/squidguard/ - Copy squidguard.cgi access denied homepage if you want to use it.. # cp /usr/share/doc/squidguard-1.3/squidGuard.cgi /var/www/cgi-bin/ # cp /usr/share/doc/squidguard-1.3/squidGuard-simple.cgi /var/www/cgi-bin/ - Backup original file & edit squidguard.conf # cp /etc/squid/squidguard.conf /etc/squid/squidguard.conf.asli # vi /etc/squid/squidguard.conf # CONFIG FILE FOR SQUIDGUARD # See http://www.squidguard.org/config/ for more examples # ------------------------------------------------------dbhome /var/lib/squidguard/blacklists logdir /var/log/squidguard # TIME RULES: # abbrev for weekdays: # s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat time workhours { weekly mtwhf 08:00 - 17:00 date *-*-01 08:00 - 17:00 } # REWRITE RULES: # ----------------#rew dmz { # s@://admin/@://admin.foo.bar.de/@i # s@://foo.bar.de/@://www.foo.bar.de/@i #} # SOURCE ADDRESSES: # ----------------src admin { ip 192.168.10.99 # user root foo bar # within workhours } src managers { ip 192.168.10.201-192.168.10.220 # user root foo bar # within workhours }

    src users { ip 192.168.10.100-192.168.10.200 # within workhours } # DESTINATION CLASSES: # -------------------dest good { log good domainlist good/domains #urllist good/urls } dest bad { log bad domainlist bad/domains #urllist bad/urls } dest restrict { log restrict domainlist restrict/domains #urllist restrict/urls } dest ads { log ads domainlist ads/domains urllist ads/urls } dest audio-video { log audio-video domainlist audio-video/domains urllist audio-video/urls } dest aggressive { log aggressive domainlist aggressive/domains urllist aggressive/urls } dest drugs { log drugs domainlist drugs/domains urllist drugs/urls } dest gambling{ log gambling domainlist gambling/domains urllist gambling/urls } dest hacking { log hacking domainlist hacking/domains urllist hacking/urls }

    dest mail { log mail domainlist mail/domains #urllist mail/urls } dest porn{ log porn domainlist porn/domains urllist porn/urls } dest proxy{ log proxy domainlist proxy/domains urllist proxy/urls } dest violence{ log violence domainlist violence/domains urllist violence/urls } dest warez{ log warez domainlist warez/domains urllist warez/urls } acl { admin { pass any } managers { pass good restrict !bad !porn !proxy any } users within workhours { pass good !bad !restrict !ads !audio-video !aggressive !drugs !gambling !hacking !porn !proxy !violence !warez all } else { pass good !bad !ads !audio-video !aggressive !drugs !gambling !hacking !porn !proxy !violence !warez all } default { pass good !bad !restrict !ads !audio-video !aggressive !drugs !gambling !hacking !mail !porn !proxy !violence !warez all #redirect 302:http://cumi.tahubachem.net/cgibin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetg roup=%t&url=%u redirect 302:http://cumi.tahubachem.net/cgi-bin/squidGuardsimple.cgi?clientaddr=%a&targetgroup=%t&url=%u } } - Extract /var/lib/squidguard/blacklists.tar.gz # cd /var/lib/squidguard # tar -xzf blacklists.tar.gz

    - (Optional)Buat database good (domain web yg akan whitelist), bad (domain yg akan diblacklist) dan restrict (domain yg dibatasi selama jam kerja) # mkdir /var/lib/squidguard/blacklists/good bad restrict # vi /var/lib/squidguard/blacklists/good/domains #Contoh: yahoo.com gmail.com jobstreet.com jobsdb.com # vi /var/lib/squidguard/blacklists/bad/domains #-isi dengan bad domain terlarang yg ingin diblock permanenfaithfreedom.org faithfreedom.com # vi /var/lib/squidguard/blacklists/restrict/domains #-isi dengan domain yg dibatasi pada jam kerjafacebook.com - Change permission /var/www/cgi-bin # chmod -R 755 /var/www/cgi-bin/ - Ubah database blacklist menjadi format .db (berkeley DB) agar dapat diakses oleh squidguard # squidguard -C all - Ubah permission direktori /var/lib/squidguard/blacklist sesuai user squid # chown -R squid:squid /var/lib/squidguard/blacklist - Edit /etc/squid/squid.conf & add this script: url_rewrite_program /usr/bin/squidguard -c /etc/squid/squidguard.conf - Reload squid: # squid -k reconfigure - Testing:

    URL: http::/bahhem.wortoheemawe:/20/:20:/2:ehett-eqtirgtbor-ahnewe-6-/:

    You might also like