You are on page 1of 12

Installation Guide for

SME V5.6 Server (e-smith)


Includes update 6

with

squidGuard (3.2) Internet filter

- Setup and Configuration Documentation UPDATED: 3/5/04

Basic Proxy for filtering using e-smith, squid, and squidGuard.


Mission: Build a system to provide an Internet filter for a school building network. HARDWARE Components needed: 1 computer (P266 or higher, 64M Ram or higher, 1.2G Drive, CD, Keyboard, Monitor, network connection to the Internet). PC BIOS must be configurable to boot from the CDRom. **RECOMMEND A P400 with 128MB Ram and 4GB drive minimum. Ethernet NIC needs to be from the Supported Adapter List (see SME documentation) SOFTWARE NEEDED E-Smith / SME v5.6 Installation CD OR Create the installation cd from the CD Image (*.iso) that can be downloaded from the following location. Use the 5.6 .iso file to create your installation cd. Version 5.6: http://www.tech-geeks.org/servers/sme/v5.6/iso/

SETUP PROCESS Set the PC you will be using to boot from the CD. -CMOS change

Page 2 of 12

Installing SME Version 5.6


1) 2) 3) 4) 5) 6) 7) 8) 9) 10) 11) 12)
13)

14) 15) 16)

Set the computer to boot from the CDRom by changing the BIOS setting. Startup the computer with the CD in the CD drive Type "accept" (without quotes) at the [boot:] prompt. Press Enter Wait. For the "Welcome to the e-smith server and gateway" message and the "Service LINK License Agreement" Tab to the "ACCEPT" choice and press Enter Select (up/down arrow) "Install using Single Hard Drive Tab to "OK" and press Enter Type "proceed" at the prompt and press Enter Wait. (for formatting, file transfer, etc. - 15-20 minutes on a 266) When prompted to create a Boot Diskette, insert a diskette in the drive and type press Enter to select "Yes" Press Enter to select "OK" Press Enter and be ready to eject the CD. Remove the CD while the system is shutting down. Remove the boot floppy. Wait for the reboot process to complete.

Configuring the SME Server 1) 2) 3)


4)

5) 6)
7)

8) 9) 10) 11) 12)


13) 14)

15) 16) 17)

When prompted for the admin password, type in a password, press Enter Retype the password, press Enter Tab to "Yes" press Enter Enter a valid IP Address (or a domain name if you have one) from your local network for the domain name. Tab to "next" and press Enter Type in a server name (i.e. SME5, e-smith, etc.) tab to "Next", press Enter Confirm that your Ethernet card(s) has(have) been detected. Press Enter to select. (Note: IF your card(s) is(are) NOT detected, it is unlikely SME5 will pass the Internet test.) Enter the IP Address you used for the domain name. Tab to "Next" and press Enter Enter the subnet mask for your network (255.255.255.___) Tab to "Next" and press Enter Operation Mode: select Server Only, or Gateway IF you desire gateway mode, 2 network cards cards are required. The remainder of the instructions will vary for gateway mode or server only mode. Follow options on the config panel. Pay careful attention to the Internal and External IP Address settings. Work through the screens depending upon your mode (server only or gateway). DNS: Leave blank, tab to "Next" press Enter Proxy: NO - tab to "Next" press Enter Status to e-smith: NO press Enter
Page 3 of 12

18) 19) 20) 21) 22) 23) 24) 25)


26)

27) 28)

Console: Login arrow down to login, tab to "Next" press Enter Notify updates by e-mail, (enter address or not) Press Enter Activate Configuration: YES press Enter Wait.. for reboot. Login: "admin" Enter Your password Enter Arrow down to "Test Internet Access" press Enter Wait for "Success" or "Unsuccessful" message. IF unsuccessful, check ethernet connection, card acceptability, IP gateway, IP of server. Arrow down to Shutdown and select shutdown. Power off.

Updating the e-smith server V5.6 Install Updates SME 5.6 has a necessary update. Login to Console as root: # wget http://www.tech-geeks.org/contrib/mdrone/updates/sme56-getupdate6.sh Make it executable by root: # chmod 700 sme56-getupdate6.sh Run the Script: # ./sme56-getupdate6.sh The RPMs will be placed in /opt/SME56/Update6 Move to the /opt/SME56/Update6 folder. # cd /opt/SME56/Update6 Run the following command from within the /opt/SME56/Update6 directory: # rpm Uvh --replacepkgs *.rpm (Note 2 dashes, Note: space before *.rpm) After the package replacement is completed, issue the following commands in sequrence to complete the upgrade. # /sbin/e-smith/signal-event post-upgrade # /sbin/e-smith/signal-event reboot END OF UPGRADE

Page 4 of 12

Installing SquidGuard on SME v5.6


NOTE: On command line entries watch for the spaces. They are important. Do not use the quotes in the entries. Press Enter to enable commands. Use the below procedures. 1) Login as root to your e-smith server 2) Type "wget http://www.tech-geeks.org/servers/sme/squidGuard/ squidguard3.2.tar.gz" (Downloads Installation Program for the Content Filter) 3) Extract the file: tar xzf squidguard3.2.tar.gz 4) Change to sg3 directory: cd sg3 5) Execute the setup file: ./install.sh 6) Reboot the server: shutdown r now

NOTE: The location of the original blacklist from Norway is periodically unavailable. It
is recommended to point your blacklist to download locally. See below. To point your blacklist download to the local location (optional): - go to http://yourserver/e-smith-manager - login and password - select Content Filtering from the manager panel - edit the blacklist source to be: - http://www.tech-geeks.org/servers/sme/squidGuard/blacklists.tar.gz - save

To run and update to the blacklist now:


Logon as root: Go to /usr/local/squidGuard: # cd /usr/local/squidGuard Run the update by # ./supdate

Page 5 of 12

Installing SquidProperties on SMEv5.6


DESCRIPTION: This package will help you expand the functionality of your Squid Proxy server. You will be able to flush the cache from the server-manager panel. You will also be able to specify individual domains that should not be cached. Once added, these domains will connect directly every time accessed. INSTALLATION INSTRUCTIONS: 1. Download the tar ball to your server using wget # wget http://www.tech-geeks.org/contrib/loveless/squidProperties/squidProperties0.2.tar 2. Extract the files and change into new directory # tar -xvf squidProperties-0.2.tar # cd squidProperties 3. Run the install.sh file to copy the files # ./install.sh" 4. Log into your server-manager. There should be a "Tech-Geeks.Org" category with a "Squid Properties" panel. Custom Blacklist Repository Local SquidGuard List Adds and Deletes You may choose to maintain a local list of additions to the filter lists. This would be INSTEAD of the above (Custom SquidGuard List Option).
********************************************************************************** * * * WARNING! * * * WARNING! * * * WARNING! * * * WARNING! * * * WARNING! * ********************************************************************************** INSTALLING THIS CUSTOM BLACKLIST REPOSITIORY AND THE ASSOCIATED REMOTE FILES WILL CAUSE ANY TRUSTED/UNTRUSTED DOMAIN, EXPRESSION, AND URL CHANGES MADE FROM THE CONTENT FILTER SERVER MANAGER PANEL TO BE OVERWRITTEN NIGHTLY (OR SOONER IF THE UPDATE NOW OPTION HAS BEEN SELECTED).

********************************************************************* INSTALLATION: There are two components to the system. The MASTER Database Server and any number of REMOTE Servers. The Master Database Server houses YOUR master lists of CUSTOM trusted/untrusted domains, expressions, and URLs.

Page 6 of 12

The Remote Server(s) will receive the custom lists on an automatic nightly (or manual - now) schedule and OVERWRITE the existing custom lists. Each remote server to receive the update will require an install of the remote module. I would suggest that you begin with the installation on your Master Database Server. This can be any SME server as long as you can access the website remotely. 1. Log on the server console (putty or console) as root 2. Retrieve the package - wget http://tech-geeks.org/contrib/loveless/cbl/cbl-0.4.tar.gz (Alt site: http://roe.stclair.k12.il.us/e-smith/AddIns/cbl/cbl-0.4.tar.gz) 3. Extract the package - tar -xzf cbl-0.4.tar.gz 4. Move the package to /opt/utilities/ - mkdir /opt/utilities - mv cbl /opt/utilities - cd /opt/utilities/cbl 5. Run the appropriate installation script - ./install-master.sh (For Main/Master Server) - ./install-remote.sh (Should be run on both Master and Remote) 6. Edit the "update.sh" variables to update from the appropriate location - pico -w update.sh - The variables to be changed are on lines 5 thru 8 - You will probably only change the URL variable - It should be set to the url of your master server where the remotes will download the master files. Assuming you let the installation script install it for you, just change the "www.tech-geeks.org" section to the IP Address of your Master Server. 7. Edit the username/password combination for the websites - cd /opt/utilities/cbl/web/files - pico -w userauth.php - On lines 4 and 5, you can set a different username and password - CTRL x to exit, Y to save, Enter to keep the name - Same For Remote Site: 8. Done. Go to http://Your-Master-Server/cbl to start using the site

Page 7 of 12

USING the Custom Blacklist Repository Database - Login through a browser to your site at http://yourserver/cbl. - ADD items to the Domain, Expression, or URL list(s) as desired. - ADD remote servers to be updated (could be the same server as the master) to the list. - Click Generate Master Lists. - That's It. Updates will occur nightly. TO FORCE an update in 5 minutes: - Click the Generate Master Lists option. - Click the Update Remote Systems option and click each remote system you want to receive the 5 minute update custom list.

Page 8 of 12

Setting Browser Proxies (for SERVER ONLY MODE). Browsers require no changes in GATEWAY Mode. Setting the Proxy in Explorer Tools/Internet Options/Connections/LAN Settings Enter the IP of the proxy server Enter the PORT number 3128 Setting the Proxy in Netscape Edit/Preferences/Advanced/Proxies Select Manual Update, Click View Enter the IP of the proxy server Enter the PORT number 3128 Disabling Proxy changes in Netscape In the Programs/Netscape/Communicator/Program folder Rename "prefui32.dll" to newname (remember this so you can reverse the status) This will disable all the changes under Edit/Preferences Disabling Proxy changes in Explorer Win95/98 In the Windows/System folder Rename "inetcpl.cpl" to newname (remember this so you can reverse the status) This will disable all the changes under Tools/Options Disabling Proxy changes in Explorer WinXP Run gpedit.msc from the Run Menu. Under User/Config choose Administrative Template ->Internet Explorer ->Browser Menus ->Then Enable the Tools Menu: Disable Internet Options. Menu option.

Test the Filter


IF in server only mode, (Point your proxy in your web browser to yourServerIP port 3128. ) Try to access a known blocked site. (e.g. www.playboy.com) Logging on to e-smith Manager In your web browser enter the IP address of your server and /e-smith-manager. (e.g. 123.123.123.123/e-smith-manager) Your login is "admin" and the password you set during install.

Page 9 of 12

MISCELLANEOUS INFORMATION Enabling Webmail Logged in to e-smith-manager select "Other e-mail settings" Scroll to the page bottom and select "public" and "enable e-mail" from the drop down boxes. Click SAVE to save. An email confirmation of the squidGuard update will appear in the admin email account. Using e-smith webmail. The admin email account will receive a daily message confirming the updated blacklists. To access the webmail go to:
https://xxx.yyy.zzz.aaa/webmail

Login as admin with your password. Examine messages. /home/e-smith/files/primary/cgi-bin/blocked.cgi This file dynamically creates the "Access Denied" page. Edit the HTML for changes.

Page 10 of 12

Recovery from power interruption with file check errors on reboot. A power interruption shutdown may cause a file check error to occur during booting. To clear the file check error: Login as "root" Type: "fsck /dev/hda1" (no quotes, last character is a one, space after fsck) and press enter. Type: "fsck /dev/hda6" and enter. Reboot How-To flush the E-Smith cache manually (not necessary if you install SquidProperties see above) login as "root" squid -k shutdown echo "" > /var/spool/squid/swap.state squid Note: See the add in panel for Squid cache management. http://www.tech-geeks.org/contrib/loveless/squidProperties/ OTHER Add-Ins to Consider DHCP Log File Exchange SARG MRBS Meeting Room Booking System CHRoot

Page 11 of 12

Websites www.tech-geeks.org www.e-smith.org www.e-smith.com http://www.squidguard.org/ http://e-smith.org/bboard/ www.stclair.k12.il.us/e-smith

Local area techs and Area 5 Hub (e-smith site) (e-smith commercial site, now MITEL networks) (squidGuard site) (e-smith forums) This document and other e-smith add ins

Page 12 of 12