Topic: squidquard for sme8

[purvis]

Ok Cactus, thanks, i have submitted a wiki membership
Is there anyway for contribs.org to host files?

after many trials and working on perfecting scripts, i did not want some web surfer to not get the best coding possible or
get the wrong or old stuff, or mislead somebody. 

i am now working on trying to get the squidGuard 1.4 program to work with Berkeley db files.
i do not think i have seen a how to do that here on this forum and other web pages have links to sites that have long disappeared.
it is also very nice to use the most current release coding of a program when available.
this link below looks promising and i have done most the work, but no final success.
http://felipeferreira.net/?p=240

 

[purvis]

ok, now i have the instructions for installing the Berkeley DB data base lookup.
Maybe i had some errors in the top too, i do not know.
I believe i should have done the command "chown -R squid /var/lib/squidguard/db" especially if a command of "squidGuard -C all"
and with that might of done some good but i did not have the Berkeley DB installed.


with the below code, i found that i could not compile to squidGuard and produce the executable squidGuard program file if i installed Berkelely DB first.
so please remember to compile squidGuard first. and what seemed really weird is that as long as i compiled and created squidGuard first then i could produce and compiled squidGuard after i installed Berkeley Db also.

so just compile squidGuard first before Berkeley DB

also during my testing, one version of the squidGuard program could not find the file libdb-4.6.so in the BerkeleyDB lib folder so i copied it into the folder /usr/lib and everything went back to working, but that was during testing and the code below seems to work great as it is, but i wanted to mention it if you see that statement in an error from squidGuard.

so here is the code below as i have it

[purvis]

log into the sme server with putty
run the below


this first step of instructions just creates some directories, in the case some goes wrong with your coping and pasting in putty

Code: [Select]


cd /
mkdir -p /temp
mkdir -p /var/lib/squidguard/db
mkdir -p /var/log/squidguard
mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf
mkdir -p /var/lib/squidguard/db/dame
mkdir -p /etc/e-smith/templates-custom/etc/squid/squidguard.conf
cd /




Code: [Select]


cd /
mkdir -p /temp
cd /temp
wget http://www.xoroz.com/files/db-4.6.21.tar.gz
sleep 15
wget 'http://www.squidguard.org/Downloads/squidGuard-1.4.tar.gz'
sleep 15
tar -zxvf squidGuard-1.4.tar.gz
sleep 15
tar -zxvf db-4.6.21.tar.gz
cd /
sleep 15
cd /
yum -y install bison
sleep 15
yum -y install flex
sleep 15
yum -y install db4-devel                                                                                                                                 
sleep 15     
yum -y install gcc
sleep 15
signal-event post-upgrade
sleep 15
signal-event reboot
cd /



give your sme server some time to stablize after booting back up
i run the command "yum clean all" and look for something like below:
Loaded plugins: fastestmirror, protect-packages, smeserver
Cleaning up Everything

after a reboot then log back into the sme server with putty
run the below


this part will compile and create squidGuard and place the executable file in the /usr/bin directory
it is fairly fast
just a handy note:
on my computer inside putty, during this compile process i was able to see the file squidGuard in GREEN COLOR.
so just look for that (squidGuard file in green color) and that would confirm the squidGuard program was created during the compile.

Code: [Select]


cd /
cd /temp/squidGuard-1.4
./configure -prefix=/usr/bin --with-squiduser=squid --with-db-lib=/usr/local/BerkeleyDB/lib --with-db-inc=/usr/local/BerkeleyDB/include --with-db=/usr/local/BerkeleyDB --with-sg-config=/etc/squid/squidguard.conf --with-sg-logdir=/var/log/squidguard  --with-sg-dbhome=/var/lib/squidguard/db
sleep 5
make
ls /temp/squidGuard-1.4/src
sleep 20
cd /
cp /temp/squidGuard-1.4/src/squidGuard /usr/bin
chmod 755 /usr/bin/squidGuard
mkdir -p /var/lib/squidguard/db
mkdir -p /var/log/squidguard
rm -rf /var/log/squidguard/squidGuard.log
cp /etc/squid/squidguard.conf /etc/squid/squidguard.conf.new
rm -rf /etc/squid/squidguard.conf
chown -R squid /var/lib/squidguard/db
cd /



this part will compile BerkeleyDb and install the files in the needed place ton the server in the /usr/local/BerkeleyDB directory
this part will produce a lot of output of characters to screen and take a longer than expected but not tooo long.

Code: [Select]


cd /
cd /temp/db-4.6.21/build_unix
../dist/configure -prefix=/usr/local/BerkeleyDB
sleep 10
make
sleep 10
make install
sleep 5
dir /usr/local/BerkeleyDB
cd /




this will create some other files needed and you may have a few bell sounds occur and i do not know why but
it appears to run as it should, so do not be alarmed by any bells produced in this routine.

Code: [Select]


cd /
mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf
cd /etc/e-smith/templates-custom/etc/squid/squid.conf

echo "" > 45squidGuard
echo "redirect_program /usr/bin/squidGuard -c /etc/squid/squidguard.conf" >> 45squidGuard
echo "redirect_children 5" >> 45squidGuard
echo "" >> 45squidGuard
sleep 3
cd /
expand-template /etc/squid/squid.conf
sleep 5



mkdir -p /var/lib/squidguard/db/dame
echo "# write domains you'd like to prohibit access to" > /var/lib/squidguard/db/dame/domains
echo "yahoo.co.jp" >> /var/lib/squidguard/db/dame/domains
echo "example.com" >> /var/lib/squidguard/db/dame/domains

mkdir -p /var/lib/squidguard/db/dame
echo "# write URLs you'd like to prohibit access to" > /var/lib/squidguard/db/dame/urls
echo "www.yahoo.co.jp/deny/" >> /var/lib/squidguard/db/dame/urls
echo "www.example.com" >> /var/lib/squidguard/db/dame/urls
chown -R squid /var/lib/squidguard/db


mkdir -p /etc/e-smith/templates-custom/etc/squid/squidguard.conf
cd /etc/e-smith/templates-custom/etc/squid/squidguard.conf
echo "#" > 10abegin
echo "# CONFIG FILE FOR SQUIDGUARD" >> 10abegin
echo "#" >> 10abegin
echo ""  >> 10abegin

echo "dbhome /var/lib/squidguard/db" > 10adbhome
echo "logdir /var/log/squidguard" > 10alogdir

echo "" > 20destdame-a
echo "# define a category dame" >> 20destdame-a
echo "dest dame \{" >> 20destdame-a
echo "      # define prohibit domain file for dame" >> 20destdame-a
echo "          domainlist dame/domains" >> 20destdame-a
echo "      # define prohibit URL file for dame" >> 20destdame-a
echo "          urllist dame/urls" >> 20destdame-a
echo "\}" >> 20destdame-a
echo "" >> 20destdame-a

echo "acl \{" > 20destdame-b
echo "   default \{" >> 20destdame-b
echo "       # allow except dame" >> 20destdame-b
echo '          pass !dame all' >> 20destdame-b
echo "       # redirect URL" >> 20destdame-b
echo "          redirect http://localhost" >> 20destdame-b
echo "\}" >> 20destdame-b
echo "\}" >> 20destdame-b
echo "" >> 20destdame-b

rm -rf /etc/squid/squidguard.conf
expand-template /etc/squid/squidguard.conf
sleep 10
rm -rf /var/log/squidguard/squidGuard.log



this part restarts you squid and makes the squidGuard program active without having to reboot and
it is necessary because the squidGuard program creates some database files for faster searching of
websites located in your rules listing.
the chown line is very important after building those database files to give squidGuard permissions to  access those the database files created.
without the chown command, your squidGuard is likely to not work and it might even cause squid not to work.

Code: [Select]


clear squid cache
cd /
svc -d /service/squid
sleep 10
echo "" > /var/spool/squid/swap.state
squidGuard -C all
chown -R squid /var/lib/squidguard/db
sleep 10
/sbin/service squid restart
cd /



done with processing, check on program
now you should be able to do "squidGuard -d" to see if your program is
with no negative results working properly

Code: [Select]


squidGuard -d


now in a browser, with its proxy configuration pointing to this server, you
can go to the websites of yahoo.co.jp and/or example.com and it should point back to
your server where this is installed.

[purvis]

i did use this reference a lot while working on the code, it is a good reference.
http://felipeferreira.net/?p=240
in this reference, you will notice the squidGuard program was compiled first before BerkeleyDB.

also, the notations of somebody mentioning to change the redirect_program and redirect_children wording inside the
the squid.conf to url_rewrite_program and url_rewrite_children.
see squid.org for details on the wording

also notice that i do not let squidGuard install the program with (make install) into my system directories.
but i do let the BerkeleyDB install to my system directories.

also pay attention when installing BerkeleyDB and install it only once, if you try to install it a second time
you will have run some programs to clear out some stuff that was created during the first compile.
the info on that is  listed in the referenced linked website in this post above

some other notes:
as far as i can tell, if you have db files created in the /var/lib/squidguard/db folders and you do not have BerkeleyDB support,
then your squidguard program is likely not to work. that has been what i have seen and i again am only a beginer with using squidGuard.
How i got my squidguard program to running was by removing the db files or possibly just renaming them, which i have not tried.

More that likely though you are going to want to start making use of the blacklists db files that can be downloaded from the internet as so will i.

i did see on this form where some people where running a command "config show squidGuard" to get some feed back.
i think running the command "squidGuard -d" may possibly be your best form to check to see if the squidGuard program is running.
a very likely better form of a test, could actually be a routine to run from a cron that creates a report from trying to access either one or mulitple
webpages and the webpage is redirected to a file and that file is read in an automated way, then analyzed on the results that some get your
in a way that the squidguard routine seem broken.

Many people on this forum also suggest that you uninstall the gcc compiler after your done using it.
that can be done with a "yum -y remove gcc" then "signal-event post-upgrade;signal-event reboot" giving a immediate reboot of the sme server.
you may want to remove the directory /temp or rename it, but for me, i am going to leave those files on my server for a while

[newburns]

You have two post regarding SquidGuard and SME 8. This seems to be the latest one. Is this the only development with SquidGuard and SME 8?
What about the EPEL5 rpm? Is anyone using that, or is purvis the only one using SquidGuard?