Squid+SquidGuard

What is SquidGuard even for? Well it has categories of sites defined in advance (you can add and remove them), for which you can deny access.
I have been using it for some time, and it is OK. Homepage : link. It has disadvantage of being discontinued, and unsupported…..
But luckilly there is the site of its happy users, with quite nice updated lists link. How to set them up, along the already existing ones, is explained in future posts.

Of course, there are other programs for this, but about this in future posts.
Installation :
1. You have to have a functioning Squid proxy server
2. Necessary SW : bison, Flex, GCC kompajler, Berkley DB. Mostly are already there (except Berkley DB), and here is how you can check this :
# rpm -qa|grep bison
bison-2.4.1-5.el6.x86_64
# rpm -qa|grep flex
flex-2.5.35-8.el6.x86_64
# rpm -qa|grep gcc
gcc-gfortran-4.4.7-3.el6.x86_64
libgcc-4.4.7-3.el6.x86_64
gcc-4.4.7-3.el6.x86_64
gcc-c++-4.4.7-3.el6.x86_64
# rpm -qa|grep db4 Berkley DB
db4-java-4.7.25-17.el6.x86_64
db4-devel-4.7.25-17.el6.x86_64
db4-tcl-4.7.25-17.el6.x86_64
db4-devel-static-4.7.25-17.el6.x86_64
db4-utils-4.7.25-17.el6.x86_64
db4-4.7.25-17.el6.x86_64
db4-cxx-4.7.25-17.el6.x86_64
And YES you do have to have all of this installed….
3. Download SquidGuard, and unpack it :
# tar xvfz squidGuard-1.4.tar.gz
# cd squidGuard-1.4
# ./configure
# make
# make install
…..
Congratulation. SquidGuard is sucessfully installed.
…..
4. Configuration
BlackLists are put here : /usr/local/squidGuard/db, from your donwload location (for me it is as given) : /nalog/squidGuard-1.4/samples/dest/blacklists.tar.gz, and unpack them in situ :
# pwd
/usr/local/squidGuard/db
# tar xvfz blacklists.tar.gz
You get a folder with BL, but they can not be used as such, they have to be transformed into DB format. But that is done AFTER we configure SquidGuard.

Where are the files :
* Blacklists : /usr/local/squidGuard/db/blacklists
* DataBase : /usr/local/squidGuard/db
* Logs : /usr/local/squidGuard/log
* Configuration file (one and only) : /usr/local/squidGuard/squidGuard.conf
And it look like this (/usr/local/squidGuard/squidGuard.conf) :
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
time workhours {
weekly mtwhf 08:00 – 16:30
date *-*-01 08:00 – 16:30
}
src admin {
ip 10.10.10.140
user root
within workhours
}
dest good {
}
dest local {
}
dest porn {
domainlist blacklists/porn/domains
urllist blacklists/porn/urls
expressionlist blacklists/porn/expressions
redirect http://10.10.10.94
log porn.log
}
acl {
admin {
pass any
}
default {
pass !porn all
redirect http://10.10.10.94
}
}
4a. First testing
After we finish with configuration file :
# pwd
/nalog/squidGuard-1.4
# make test
making test in squidGuard-1.4
(cd test && make test)
make[1]: Entering directory `/nalog/squidGuard-1.4/test’
test1..
Database size:
5643 blacklist/domains
7442 blacklist/urls
13085 total
Running test1 with 1005 requests…Done
Checking number of output lines..
.OK
Checking the output against the expected..
.OK
squidGuard initialization took 0.018 seconds
squidGuard handled 1005 requests in 0.008 seconds

test2..
Database size:
5643 blacklist/domains
7442 blacklist/urls
3 blacklist/expressions
13088 total
Running test2 with 1005 requests…Done
Checking number of output lines..
.OK
Checking the output against the expected..
.OK
squidGuard initialization took 0.016 seconds
squidGuard handled 1005 requests in 0.013 seconds

benchmark..
Database size:
5643 blacklist/domains
7442 blacklist/urls
13085 total
Running benchmark test with 100500 requests…Done
squidGuard initialization took 0.017 seconds
squidGuard handled 100500 requests in 0.694 seconds
make[1]: Leaving directory `/nalog/squidGuard-1.4/test’
4b. Ownerships on configuration file, BLs and logs :
# chmod -R 770 /usr/local/squidGuard/db/*
# chmod -R 770 /usr/local/squidGuard/log/*
# chmod 770 /usr/local/squidGuard/squidGuard.conf
# chown -R squid.squid /usr/local/squidGuard/squidGuard.conf
# chown -R squid.squid /usr/local/squidGuard/db/blacklists/
# chown -R squid.squid /usr/local/squidGuard/log/
5. Transforming BL into (usable) DB format :
# pwd
/usr/local/squidGuard/db
# squidGuard -u -C all
And ina paralel window, look up logs, to see all has passed well :
# tail -f /usr/local/squidGuard/log/squidGuard.log
…..
2013-08-27 09:03:24 [5796] squidGuard 1.4 started (1377587003.855)
2013-08-27 09:03:24 [5796] db update done
2013-08-27 09:03:24 [5796] squidGuard stopped (1377587004.098)
6. Tying it up with Squid
It is done using /etc/squid/squid.conf (see post before), only one line is added :
redirect_program /usr/local/bin/squidGuard
redirect_children 5
(The second line already exists, it is for reference)
7. Final testing :
# echo “http://www.pussy.com 10.32.34.140/ – – GET” | squidGuard -c /usr/local/squidGuard/squidGuard.conf -d
2013-08-27 09:05:07 [5844] New setting: dbhome: /usr/local/squidGuard/db
2013-08-27 09:05:07 [5844] New setting: logdir: /usr/local/squidGuard/log
2013-08-27 09:05:07 [5844] Added User: root
2013-08-27 09:05:07 [5844] destblock good missing active content, set inactive
2013-08-27 09:05:07 [5844] destblock local missing active content, set inactive
2013-08-27 09:05:07 [5844] init domainlist /usr/local/squidGuard/db/blacklists/porn/domains
2013-08-27 09:05:07 [5844] loading dbfile /usr/local/squidGuard/db/blacklists/porn/domains.db
2013-08-27 09:05:07 [5844] init urllist /usr/local/squidGuard/db/blacklists/porn/urls
2013-08-27 09:05:07 [5844] loading dbfile /usr/local/squidGuard/db/blacklists/porn/urls.db
2013-08-27 09:05:07 [5844] init expressionlist /usr/local/squidGuard/db/blacklists/porn/expressions
2013-08-27 09:05:07 [5844] squidGuard 1.4 started (1377587107.119)
2013-08-27 09:05:07 [5844] Info: recalculating alarm in 26693 seconds
2013-08-27 09:05:07 [5844] squidGuard ready for requests (1377587107.122)
2013-08-27 09:05:07 [5844] source not found
2013-08-27 09:05:07 [5844] no ACL matching source, using default
2013-08-27 09:05:07 [5844] Request(default/porn/-) http://www.pussy.com 10.32.34.140/- – – REDIRECT
http://10.35.1.94 10.32.34.140/- – –
2013-08-27 09:05:07 [5844] squidGuard stopped (1377587107.122)

This entry was posted in Linux and tagged , . Bookmark the permalink.

Comments are closed.