Scribd Logo
Upload

Welcome to Scribd!

  • Squid Guard

    Uploaded by

    mamamaria2009
    47 views5 pages
    a

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    a

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    47 views5 pages

    Squid Guard

    Uploaded by

    mamamaria2009
    a

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Steelmon's tech stuff

    Setting up a blacklist proxy with automatic updates using


    Squid and SquidGuard
    Posted in Howto, Linux, Proxy, Security by steelmon on December 9, 2010
    The versatile, open source proxy server Squid can be used together with the plug-in
    SquidGuard to set up a flexible blacklist proxy server Together with a simple cron !ob and a
    shell script, the database of blacklisted sites is kept up to date This article describes the
    process step-by-step of how to get up and running
    I will be setting up the solution on n !buntu 9 ser"er which con"eniently hs the necessry
    so#twre "ilble in its repositories$ %he setup should be "ery similr #or other Linux
    en"ironments, but you might h"e to compile the so#twre #rom scrtch$
    "nstall and configure Squid
    &irst o# ll, instll nd con#igure S'uid$ I did this in pre"ious post when I ws loo(ing t
    con#iguring whitelist proxy$
    # sudo apt-get install squid
    )dit the S'uid con#igurtion #ile, /etc/squid/squid.conf nd #ind the http_port tg$
    *y de#ult S'uid listens to port +12, #or re'uests$ I# you wnt to chnge it, uncomment the line nd
    chnge the port number$
    -ext, de#ine who is llowed to ccess the proxy$ &ind the TAG: http_access heding nd below it
    the .INSET !"# "$N #%E&S' (EE). !ncomment the line /
    #http_access allo* localnet
    0ou will lso need to de#ine wht is ment by localnet$ &ind the TAG: A+% heding, nd loo(
    #or something li(e the #ollowing line/
    #acl localnet src ,-..,/0.,.1/.2 ,-..,/0...1/.2
    1hnge the IP ddress nd netms( bo"e so tht it mtches your locl networ($ In my cse, I m
    on locl networ( with ddresses rnging #rom ,-..,/0.1., to ,-..,/0.1..33$ %his mens
    tht the netms( is .33..33..33.1 2 i$e$ + bytes o# 3ones4, or 25 bits$ So #or my networ( it
    loo(s li(e this/
    acl localnet src ,-..,/0.1.1/.2
    -ow strt S'uid i# it6s not lredy running nd then tell it to relod its con#igurtion/
    sudo /etc/init.d/squid start
    squid -4 reconfigure
    0ou should now be ble to use the proxy ser"er #rom your web browser$ 0ou will not be ble to get
    nything bloc(ed 7ust yet, but you should get pges ser"ed i# e"erything ws set up correctly$
    "nstall SquidGuard
    Strt by instlling S'uid8urd using pt9get/
    sudo apt-get install squidguard
    -ext, prepre S'uid #or use with S'uid8urd, so once more open up
    /etc/squid/squid.conf in your #"orite text editor$
    0ou need to tell s'uid where S'uid8urd is$ &ind the TAG: url_re*rite_progra5 heding$ %here
    is no de#ult setting so dd new line/
    url_re*rite_progra5 /usr/6in/squidGuard 7c
    /etc/squid/squidGuard.conf
    #repare the blacklist database
    *e#ore going in to #urther con#igurtion o# S'uid8urd, h"ing ccess to dtbse o# blc(listed
    sites nd !:Ls is desirble$
    Downlod the #ile getlists$odt, set the executble #lg nd renme it getlists.sh/
    *get http://steel5on.files.*ordpress.co5/.1,1/,./getlists.odt
    sudo 58 getlists.odt /usr/local/6in/getlists.sh
    sudo ch5od 9: /usr/local/6in/getlists.sh
    %he #ile ending is odt rther thn sh since wordpress does not llow shell scripts to be uploded$
    -ow, crete the dtbse by executing the script/
    sudo getlists.sh
    0ou should now see some output #rom the script, nd #ter some time o# processing, you should be
    ble to see the output by listing the contents o# the blc(lists dtbse directory/
    ls -l /8ar/li6/squidguard/d6/6lac4lists/
    $onfigure SquidGuard
    ;pen the S'uid8urd con#igurtion #ile, /etc/squid/squidGuard.conf #or edit, nd
    replce the contents with the #ollowing/
    #
    # +"N;IG ;I%E ;" S<#I=G#A=
    #
    d6ho5e /8ar/li6/squidguard/d6/6lac4lists
    logdir /8ar/log/squid
    dest ads >
    do5ainlist ads/do5ains
    urllist ads/urls
    ?
    dest aggressi8e >
    do5ainlist aggressi8e/do5ains
    urllist aggressi8e/urls
    ?
    dest drugs >
    do5ainlist drugs/do5ains
    urllist drugs/urls
    ?
    dest hac4ing >
    do5ainlist hac4ing/do5ains
    urllist hac4ing/urls
    ?
    dest porn >
    do5ainlist porn/do5ains
    urllist porn/urls
    ?
    dest redirector >
    do5ainlist redirector/do5ains
    urllist redirector/urls
    ?
    dest suspect >
    do5ainlist suspect/do5ains
    urllist suspect/urls
    ?
    dest *are@ >
    do5ainlist *are@/do5ains
    urllist *are@/urls
    ?
    dest audio-8ideo >
    do5ainlist audio-8ideo/do5ains
    urllist audio-8ideo/urls
    ?
    dest ga56ling >
    do5ainlist ga56ling/do5ains
    urllist ga56ling/urls
    ?
    dest 5ail >
    do5ainlist 5ail/do5ains
    ?
    dest pro:A >
    do5ainlist pro:A/do5ains
    urllist pro:A/urls
    ?
    dest spA*are >
    do5ainlist spA*are/do5ains
    urllist spA*are/urls
    ?
    dest 8iolence >
    do5ainlist 8iolence/do5ains
    urllist 8iolence/urls
    ?
    acl >
    default >
    pass Bads Baggressi8e Bdrugs Bhac4ing Bporn Bredirector B
    suspect B*are@ Baudio-8ideo Bga56ling B5ail Bpro:A BspA*are B
    8iolence all
    redirect http://***.:31-.se/6loc4.ht5l
    ?
    ?
    <mong the lst lines, there is !:L to pge tht gets ser"ed whene"er there is bloc(ed content$
    0ou should chnge the !:L to your own bloc( pge =unless your hppy with my extremely sprse
    one in Swedish> $
    1ompile the S'uid8urd dtbse$ %his my t(e while to complete/
    sudo squidGuard 7+ all
    Strt S'uid, which in turn will strt S'uid8urd, nd recon#igure
    sudo /etc/init.d/squid start
    sudo squid -4 reconfigure
    Troubleshooting
    I# you re h"ing problems, most li(ely it6s relted to permissions$ 0ou cn get some use#ul
    in#ormtion by running S'uid8urd #rom the commnd line/
    sudo su 7 pro:A
    echo Chttp://***.u6untu.co5 >client ip address?/ - - GETC D
    squidGuard -d -c /etc/squid/squidGuard.conf
    0ou cn chnge the !:L to whte"er you6d li(e to test #or ccess or denil$ %he IP ddress is the
    ddress o# the computer you wnt to simulte s sur#ing the net #rom$
    I# you encounter ny problems with permissions, you my try the #ollowing/
    sudo cho*n pro:A:pro:A /etc/squid/squidGuard.conf
    sudo cho*n - pro:A:pro:A /8ar/li6/squidguard/d6
    sudo cho*n - pro:A:pro:A /8ar/log/squid/
    ch5od /22 /etc/squid/squidGuard.conf
    ch5od - /21 /8ar/li6/squidguard/d6
    ch5od - /22 /8ar/log/squid/
    find /8ar/li6/squidguard/d6 -tApe d -e:ec ch5od E33 F>F? FG -print
    ch5od E33 /8ar/log/squid
    %here re more detiled trouble shooting "ilble in the re#erence section$
    %utomating the blacklist updates
    ?hen e"erything is up nd running, you my wnt to utomte the updte procedure$ %his is esily
    ccomplished by setting up cron 7ob$ ;pen the cron tble in intercti"e mode/
    sudo cronta6 -e
    <dd the #ollowing line t the end o# the #ile/
    H1 H I I I /usr/local/6in/getlists.sh
    %his will run the blc(list downlod script e"ery night t +0 minutes pst +$
    &eferences
    https/@@help$ubuntu$com@community@S'uid8urd
    http/@@www$s'uidgurd$org@Doc@
    http/@@www$mynide$com@s'uidgurd@getlists$html

    You might also like