Koozali.org: home of the SME Server

Dans Guardian

Robert Heaton

Dans Guardian
« on: November 06, 2001, 06:14:47 PM »
Hi,

I am trying to install DansGuardian (www.dansguardian.org) as an alternate to SquidGuard, I have installed the RedHat 7.1 RPM, and configured it, as shown in the documentation. Dans Guardian runs on port 8080 how do i "open" this port in SME 5.0?? Because I take it this port is "blocked" by the firewall or somthing.

Kind regards,
Rob.

WXP

Re: Dans Guardian
« Reply #1 on: November 06, 2001, 09:51:46 PM »
Hi..

I installed SleezeBall...
Forgot it and installed SquidGuard..

Now I deleted those 2 things and installed DansGuardian..
Actually I followed the documentation the same way as robert I think :)

I installed:

DansGuardian-2.1.0-4.i386.rpm
compat-libstdc++-6.2-2.9.0.9.i386.rpm

My trouble is that port 8080 seems to be blocked as robert said and second thing, I installed transproxy and I want all my users to pass through squid AND dansguardian...

Is it possible ?

Thanx ppl

ps: Robert sorry I do not have the answer.. I just wanted to tell you I tried it as well :)

stephen noble

Re: Dans Guardian
« Reply #2 on: November 07, 2001, 01:16:03 AM »
it works for me

i used the ordinary not static rh7.0 rpm
no other file was needed
well they were but, after my report they were added to the latest rpm

edit the .conf file
point browser at 8080 and your away

i'd like to know how transpoxy works
when you need to point at 8080
8080 can be changed in the .conf file

i'm almost finished an e-smith-dansguardian rpm
to make it work out of the box

stephen

WXP

Re: Dans Guardian
« Reply #3 on: November 07, 2001, 09:11:07 AM »
>edit the .conf file
>point browser at 8080 and your away

Yeah which conf file?
I'm not actually at home... sweet switzerland... I'm at work :)

/etc/transproxy.conf ?

> i'm almost finished an e-smith-dansguardian rpm
> to make it work out of the box

OK That means people will just have to "rpm -Uvh" it and it will work ?!
Why doing an rpm if you just had to install the one they give on their website
what did you add in yours ?

I removed sleezball, squidguard and transproxy.. I rebooted my server (oh god.. I hate this... I wanted to keep my uptime .. anyways i'm gonna upgrade to sme 5 soon) and then I tried to point my browser at 8080 but it wasnt working...

any idea ?

Thanx

Robert Heaton

Re: Dans Guardian
« Reply #4 on: November 07, 2001, 01:12:01 PM »
Hello,

Thanks everyone for your help, any word on when e-smith-dansguardian RPM will be ready??

I would be pleased to test it for you.


Kind regards,

Rob.

stephen noble

Re: Dans Guardian
« Reply #5 on: November 07, 2001, 01:12:16 PM »
> Yeah which conf file?
you don't sound like your trying to follow the dansguardian instructions
/etc/dansguardian/dansguardian.conf

> Why doing an rpm if you just had to install the one they give
> on their website
> what did you add in yours ?

in a nutshell
/bin/ln -s /etc/init.d/dansguardian /etc/rc.d/rc7.d/S91dansguardian
/bin/ln -s /etc/init.d/dansguardian /etc/rc.d/rc0.d/K24dansguardian
/bin/cp /home/httpd/cgi-bin/dansguardian.pl /home/e-smith/files/primary/cgi-bin/dansguardian.pl

but i'm also writing a panel so fuckwits like you get of my back
just kidding OK

dansguardion should block me from seeing this because of the f word
here goes....

stephen




> any idea ?

WXP

Re: Dans Guardian
« Reply #6 on: November 07, 2001, 01:18:05 PM »
> > Yeah which conf file?
> you don't sound like your trying to follow the dansguardian
> instructions
> /etc/dansguardian/dansguardian.conf
>

I'm talking about transproxy... I dont know how it works but if the browser has to  point on 8080, transproxy should as well.... no ?

> > Why doing an rpm if you just had to install the one they give
> > on their website
> > what did you add in yours ?
>
> in a nutshell
> /bin/ln -s /etc/init.d/dansguardian
> /etc/rc.d/rc7.d/S91dansguardian
> /bin/ln -s /etc/init.d/dansguardian
> /etc/rc.d/rc0.d/K24dansguardian
> /bin/cp /home/httpd/cgi-bin/dansguardian.pl
> /home/e-smith/files/primary/cgi-bin/dansguardian.pl
>

OK I forgot that...

stephen noble

Re: Dans Guardian
« Reply #7 on: November 07, 2001, 01:42:30 PM »
Access to the page:
http://groups.yahoo.com/group/dungog_net/files/readme/demo/testing/naughty.txt
... has been denied for the following reason:
Phrase found:  @!#$

hmmm fuckwit is allowable i'll be phucked
but this one won't be visible because of line 4

robert have a go with with the info i have given + do the following after changes
the rpm will be ready when it's ready
ha, i always wanted to say that

[root@sme5 /root]# /etc/init.d/dansguardian restart
Shutting down dansguardian:                                [   OK   ]
Starting dansguardian:                                     [   OK   ]
[root@sme5 /root]# squid -k reconfigure
[root@sme5 /root]#


thanks wxp
i have some large gaps in my knowledge
i'll look at transproxy.conf

stephen noble

Re: Dans Guardian
« Reply #8 on: November 07, 2001, 01:47:15 PM »
Access to the page:
http://groups.yahoo.com/group/dungog_net/files/readme/demo/testing/naughty.txt
... has been denied for the following reason:
Phrase found:  @!#$

i better go read some more....
sometimes the f... word is, blocked but in the forum it was replaced
that's probably pretty clever ?

stephen noble

Re: Dans Guardian
« Reply #9 on: November 07, 2001, 06:29:00 PM »
> Thanks everyone for your help, any word on when
> e-smith-dansguardian RPM will be ready??

now
it's called DansGuardian-setup-0.1-1.noarch.rpm

see readme.dungog.net and it.dungog.net

regards
stephen noble

WXP

Re: Dans Guardian
« Reply #10 on: November 07, 2001, 08:03:32 PM »
OK I figured out how to make transproxy work with dansguardian.
First of all, install : e-smith-transproxy-0.3-1.noarch.rpm

Then you'll have to modify the port the requests are redirected to..
Edit : /etc/e-smith/templates/etc/rc.d/init.d/masq/35transproxy

- (line number 9)
  $OUT .= "/sbin/ipchains --append input -j REDIRECT 3128 -p tcp ";
  Modify "3128" by "8080"

- (line number 25)
  $OUT .= "    /sbin/ipchains --append input -j REDIRECT 3128 ";
  Modify "3128" by "8080"

And that's it.
All your users are now going to pass through the proxy guarded by dansguardian.
Pretty kewl heh ?

See ya !

Rob

Re: Dans Guardian
« Reply #11 on: November 08, 2001, 01:49:30 AM »
Thanks Stephen and WXP we will have a go at this tomorrow

Rob

Shad

Re: Dans Guardian
« Reply #12 on: November 08, 2001, 03:32:24 AM »
Here are the 2 template fragments that I added to /etc/e-smith/templates-custom/etc/rc.d/init.d/masq

[root@router masq]# more 35transproxy
{
    my ($network, $broadcast) =
        esmith::util::computeNetworkAndBroadcast ($LocalIP, $LocalNetmask);

    $OUT .= "/sbin/ipchains --append input -j ACCEPT -p tcp ";
    $OUT .= "--source $network/$LocalNetmask --destination $LocalIP 80\n";
    $OUT .= "/sbin/ipchains --append input -j ACCEPT -p tcp ";
    $OUT .= "--destination 127.0.0.1 80\n";
    $OUT .= "/sbin/ipchains --append input -j REDIRECT 8080 -p tcp ";
    $OUT .= "--source $network/$LocalNetmask --destination 0.0.0.0/0 80\n";

    local %networks;
    tie %networks, 'esmith::config', '/home/e-smith/networks';

    foreach my $network (keys %networks)
    {
        my ($type, %properties) = db_get(\%networks, $network);
        if ($type eq 'network')
        {
            $OUT .= "    /sbin/ipchains --append input -j ACCEPT -p tcp ";
            $OUT .= "--source $key/$properties{'Mask'} ";
            $OUT .= "--destination $LocalIP 80\n";
            $OUT .= "    /sbin/ipchains --append input -j ACCEPT -p tcp ";
            $OUT .= "--destination 127.0.0.1 80\n";
            $OUT .= "    /sbin/ipchains --append input -j REDIRECT 8080 ";
            $OUT .= "-p tcp --source $key/$properties{'Mask'} ";
            $OUT .= "--destination 0.0.0.0/0 80\n";
        }
    }
}


[root@router masq]# more 45DenyDansguardian
{
    local %services = ( dansguardian => $dansguardian );

    if ( db_get_prop(\%services, 'dansguardian', 'status') eq 'enabled' )
    {
        $OUT .= <<'HERE';
    /sbin/ipchains --append input -p tcp -y -s 0/0 -d $OUTERNET 8080 -j denylog
HERE
    }
}


I also added the following line in: /home/e-smith/configuration

dansguardian=service|InitscriptOrder|92|status|enabled

and finally added the following link in: /etc/rc7.d

ln -s  /etc/rc.d/init.d/dansguardian S92dansguardian

Everything else was done automatically buy the RPM.  Of course you still need to configure /etc/dansguardian/dansguardian.conf to you taste.

Shad

Re: Dans Guardian
« Reply #13 on: November 08, 2001, 03:36:31 AM »
One last thing that I have done is make it use squidguards blocking rules and update them automatically each week along with rotating the logfiles

Here is the file I stuck in: /etc/cron.weekly

[root@router cron.weekly]# more dansguardian
#! /bin/bash

cd /etc/dansguardian
rm -r blacklists.tar.gz
wget -qnv http://ftp.ost.eltele.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz -O blacklists.tar.gz
tar -zxf blacklists.tar.gz
chown -R root.root blacklists
chmod -R 640 blacklists
find blacklists -name new\* -exec rm {} \;
rm blacklists/README
chmod ug+x blacklists
chmod ug+x blacklists/*

exec /etc/dansguardian/logrotation

---------------
after doing this just change the bannedsitelist and bannedurllist files in /etc/dansguardian to include the lists you want to block and happy surfing.

Shad

Re: Dans Guardian
« Reply #14 on: November 08, 2001, 03:39:22 AM »
link in /etc/rc7.d should be:

ln -s /etc/rc.d/init.d/e-smith-service S92dansguardian

not

ln -s /etc/rc.d/init.d/dansguardian S92dansguardian