Pages

Thursday, 19 April 2018

Installing SquidGuard on CentOS 7.x

Get Berkeley DB 4.6.21:
wget http://download.oracle.com/berkeley-db/db-4.6.21.tar.gz

 cd db-46..
cd build_unix
../dist/configure 
make
make install

 ln -s /usr/local/BerkeleyDB.4.6 /usr/local/BerkeleyDB


 export LD_RUN_PATH=/usr/local/BerkeleyDB/lib ./configure
./configure
make
make install

 Get the blacklist form here:
http://www.shalla.de/service.html

 Create static lists to squidGuard db: 
ln -s /opt/3rdparty/BL/anonvpn /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/hacking /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/dating /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/gamble /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/movies /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/music /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/porn /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/sex /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/spyware /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/tracker /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/urlshortener /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/violence /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/warez /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/weapons /usr/local/squidGuard/db

 
SquidGuard configuration:
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log

dest anonvpn{
         log             anonvpn
         domainlist      anonvpn/domains
         urllist         anonvpn/urls
 }

dest hacking{
         log             hacking
         domainlist      hacking/domains
         urllist         hacking/urls
 }

dest dating{
         log             dating
         domainlist      dating/domains
         urllist         dating/urls
 }


dest gamble{
         log             gamble
         domainlist      gamble/domains
         urllist         gamble/urls
 }

dest movies{
         log             movies
         domainlist      movies/domains
         urllist         movies/urls
 }

dest music{
         log             music
         domainlist      music/domains
         urllist         music/urls
 }

dest porn{
         log             porn
         domainlist      porn/domains
         urllist         porn/urls
 }



dest spyware{
         log             spyware
         domainlist      spyware/domains
         urllist         spyware/urls
 }

dest tracker{
         log             tracker
         domainlist      tracker/domains
         urllist         tracker/urls
 }

dest urlshortener{
         log             urlshortener
         domainlist      urlshortener/domains
         urllist         urlshortener/urls
 }

dest violence{
         log             violence
         domainlist      violence/domains
         urllist         violence/urls
 }

dest warez{
         log             warez
         domainlist      warez/domains
         urllist         warez/urls
 }

dest weapons{
         log             weapons
         domainlist      weapons/domains
         urllist         weapons/urls
 }




acl {
  default {
   pass !anonvpn !hacking !dating !gamble !movies !music !porn !spyware !tracker !urlshortener !violence !warez !weapons all
   redirect 302:http://www.google.com
  }
 }









Switch of SELinux /etc/sysconfig/selinux, enter:
# vi /etc/sysconfig/selinux

And set / update it as follows:
SELINUX=disabled









chkconfig squid on



You will have to compile the lists in order for squidGuard to work with them. Removing and compiling stuff from the DB:

cd /usr/local/squidGuard/db

grep -r "example.com"

/usr/local/bin/

./squidGuard -C movies/domains

service squid restart



In Squid config:

# Try connecting to first 25 ips of domain name

forward_max_tries 25

#squidGuard

redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf

url_rewrite_bypass off

url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf

#debug_options ALL,1 29,1


















Posted by



at






















Labels:
,
,