+ Responder ao Tópico



  1. #1
    fisiconuclear18
    Visitante

    Padrão Squidguard, nao to conseguinda fazer ele rodar

    Pessoal,, instalei o squid guard aqui na rede, baixei as listas mas nao tem como ele funcionar, parece que o squid nao repassa para ele os pacotes para ele analizar.Uma duvida, eu tenho que ter servidor dns para ele funcionar?
    Abaixo segue meu squiduard.conf e depois meu squid.conf

    Squidguard.conf
    dir /var/log/squidGuard
    dbhome /var/lib/squidGuard/db/blacklist/blacklists

    #src grownups {
    #ip 10.0.0.0/24 # range 10.0.0.0 - 10.0.0.255
    # AND
    #user foo bar # ident foo or bar
    #}

    src kids {
    ip 192.168.2.0/24 # range 10.0.0.0 - 10.0.3.255
    #ip 192.168.1.0/24
    }

    dest blacklist {
    domainlist /webmail/domains
    urllist /webmail/urls
    }

    acl {
    #grownups {
    #pass all
    #}

    kids {
    pass !blacklist all
    }

    default {
    pass none
    redirect http://info.foo.bar/cgi/blocked?clie...roup=%t&url=%u
    }
    }


    Squid.conf

    http_port 3128
    acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY

    ################################################################################################
    #Definindo memória,cash e afins...
    ################################################################################################
    cache_mem 64 MB
    maximum_object_size_in_memory 64 KB
    maximum_object_size_in_memory 100 KB
    minimum_object_size 0 KB
    cache_swap_low 90
    cache_swap_high 95
    cache_dir ufs /var/spool/squid 10000 16 256
    cache_access_log /var/log/squid/access.log
    client_netmask 255.255.255.255
    refresh_pattern ^ftp: 60 20% 60
    refresh_pattern ^gopher: 60 0% 60
    refresh_pattern . 60 20% 60
    ################################################################################################
    #Criando as acls
    ################################################################################################
    redirect_program /usr/sbin/squidGuard -C /etc/squidguard.conf

    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    Depois segue como os demais, tem as linhas que o fazem ficar transparente...
    agradeço toda ajuda possivel..

  2. #2
    master_foca
    Visitante

    Padrão Re: Squidguard, nao to conseguinda fazer ele rodar

    O problema é que a sintaxe de suas regras estao bem esquisitas, vou passar um exemplo bem simples para voce entender melhor, essas regras rodam perfeitamente, no meu caso estou usando o slackware:

    squidGuard.conf

    logdir /usr/local/squidGuard/log
    dbhome /usr/local/squidGuard/db

    src telefonista {
    ip 192.168.3.1
    }

    src atendimento {
    ip 192.168.3.2 192.168.3.3 192.168.3.4
    }

    dest ads {
    domainlist blacklists/ads/domains
    urllist blacklists/ads/urls
    }

    dest aggressive {
    domainlist blacklists/aggressive/domains
    urllist blacklists/aggressive/urls
    }

    dest audio-video {
    domainlist blacklists/audio-video/domains
    urllist blacklists/audio-video/urls
    }

    dest drugs {
    domainlist blacklists/drugs/domains
    urllist blacklists/drugs/urls
    }

    dest gambling {
    domainlist blacklists/gambling/domains
    urllist blacklists/gambling/urls
    }

    dest hacking {
    domainlist blacklists/hacking/domains
    urllist blacklists/hacking/urls
    }

    dest mail {
    domainlist blacklists/mail/domains
    }
    dest porn {
    domainlist blacklists/porn/domains
    urllist blacklists/porn/urls
    expressionlist blacklists/porn/expressions
    }

    dest proxy {
    domainlist blacklists/proxy/domains
    urllist blacklists/proxy/urls
    }

    dest violence {
    domainlist blacklists/violence/domains
    urllist blacklists/violence/urls
    }

    dest warez {
    domainlist blacklists/warez/domains
    urllist blacklists/warez/urls
    }

    acl {

    telefonista {
    pass none
    }

    atendimento {
    pass all
    }

    default {
    pass !ads !aggressive !audio-video !drugs !gambling !hacking !porn !proxy !violence !warez all
    redirect http://192.168.3.200/block/index.html

    }
    }
    -----------------------------------------------------------------------------------------------------------------------------------
    squid.conf

    # TAG: redirect_program
    # Specify the location of the executable for the URL redirector.
    # Since they can perform almost any function there isn't one included.
    # See the FAQ (section 15) for information on how to write one.
    # By default, a redirector is not used.
    #
    #Default:
    # none
    redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf

    # ACCESS CONTROLS
    # -----------------------------------------------------------------------------
    acl telefonista src 192.168.3.1/255.255.255.255
    acl atendimento src 192.168.3.2 192.168.3.3 192.168.3.4/255.255.255.255

    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT

    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

    # Example rule allowing access from your local networks. Adapt
    # to list your (internal) IP networks from where browsing should
    # be allowed
    #acl our_networks src 192.168.1.0/24 192.168.2.0/24
    #http_access allow our_networks
    http_access allow telefonista
    http_access allow atendimento

    -----//------

    Apos ter configurado as regras no squid e squidGuard baixe a blacklist do site oficial squid-cache.org e descompacte no diretorio correspondente na regra do squidGuard.conf.

    Dessa forma o squid Funciona sem problemas......eu tenho um proxy funcionando a 5 anos e nunca deu problema, eh uma maravilha.

    Espero ter ajudado !

    Abraços !