This is an old revision of the document!
[gX:~] # pkg_add -r squid [gX:~] # rehash [gX:~] # cd /usr/local/etc/squid/
root@gX:~# apt-get install squid root@gX:~# /etc/init.d/squid stop root@gX:~# cd /etc/squid/
gX# cat squid.conf ... acl our_networks src 192.168.X.0/24 http_access allow our_networks ... cache_dir ufs /usr/local/squid/cache 200 16 256 ... gX# squid -k parse gX# squid -z
[gX:~] # cat /etc/rc.conf ... squid_enable=yes ... [gX:~] # /usr/local/etc/rc.d/squid start [gX:~] # tail -f /usr/local/squid/logs/access.log
root@gX:~# /etc/init.d/squid start root@gX:~# tail -f /var/log/squid/access.log
[gX:~] # cat /etc/rc.conf ... clamav_clamd_enable="YES" [gX:~] # /usr/local/etc/rc.d/clamav-clamd start [gX:~] # ls -l /var/run/clamav/clamd.sock
root@gX:~# /etc/init.d/clamav-daemon start root@gX:~# ls -l /var/run/clamav/clamd.ctl
gX# clamdscan virus.zip
[gX:~] # pkg_add -r squidclamav [gX:/usr/local/etc] # cat squidclamav.conf proxy http://127.0.0.1:3128/ logfile /var/log/squidclamav.log redirect http://gX.dX.class/cgi-bin/test-cgi clamd_local /var/run/clamav/clamd.sock [gX:~] # touch /var/log/squidclamav.log [gX:~] # chown squid /var/log/squidclamav.log
root@gX:~# apt-get install libcurl4-openssl-dev root@gX:~# wget http://www.darold.net/projects/squidclamav/squidclamav-4.0.tar.gz root@gX:~# tar -xvf squidclamav-4.0.tar.gz root@gX:~# cd squidclamav-4.0 root@gX:~/squidclamav-4.0# ./configure --prefix=/usr/local/ root@gX:~/squidclamav-4.0# make && make install root@gX:~/squidclamav-4.0# mkdir /usr/local/etc root@gX:~/squidclamav-4.0# cp squidclamav.conf.dist /usr/local/etc/squidclamav.conf root@gX:~# cat /usr/local/etc/squidclamav.conf squid_ip 127.0.0.1 squid_port 3128 logfile /var/log/squidclamav.log redirect http://gX.dX.class/cgi-bin/test-cgi clamd_local /var/run/clamav/clamd.ctl content ^.*\/.*$ root@gX:~# touch /var/log/squidclamav.log root@gX:~# chown proxy:proxy /var/log/squidclamav.log
gX# cat squid.conf ... redirector_access deny localhost acl localnet src 192.168.X.0/24 127.0.0.1 ... url_rewrite_program /usr/local/bin/squidclamav /usr/local/etc/squidclamav.conf ...
gX# /usr/local/bin/squidclamav /usr/local/etc/squidclamav.conf SquidClamav running as UID 0: writing logs to stderr Thu Dec 4 16:06:14 2008 LOG Reading configuration from /usr/local/etc/squidclamav.conf Thu Dec 4 16:06:14 2008 LOG SquidClamav (PID 14302) started
http://g50.class/virus.zip 10.5.1.50 squid GET
Thu Dec 4 16:07:03 2008 LOG Redirecting URL to: http://ya.ru?url=http://g50.class/virus.zip&source=10.5.1.50&user=squid&virus=stream:+Worm.Sober.U-3+FOUND http://gX.class/cgi-bin/printenv?url=http://g50.class/virus.zip&source=10.5.1.50&user=mylog&virus=stream:+Worm.Sober.U-3+FOUND 10.5.1.50 squid GET
[gX:~] # cd /usr/local/etc/squid/
root@gX:~# cd /etc/squid/
gX# cat deny_hosts.txt .*odnok.* .*com\/.* gX# cat squid.conf ... acl our_networks src 192.168.100+X.0/24 acl full_access src 192.168.100+X.2 127.0.0.1 #For FreeBSD acl deny_hosts url_regex "/usr/local/etc/squid/deny_hosts.txt" #For Ubuntu acl deny_hosts url_regex "/etc/squid/deny_hosts.txt" http_access allow full_access http_access allow our_networks !deny_hosts ... [gX:local/etc/squid] # squid -k check [gX:local/etc/squid] # squid -k reconfigure
[gX:~] # pkg_add -r sarg [gX:~] # cd /usr/local/etc/sarg/ [gX:local/etc/sarg] # cp sarg.conf.default sarg.conf [gX:local/etc/sarg] # cat sarg.conf ... access_log /usr/local/squid/logs/access.log.0 ... output_dir /usr/local/www/data/squid-reports ... [gX:~] # squid -k rotate [gX:~] # sarg SARG: Records in file: 23, reading: 0.00% SARG: Successful report generated on /usr/local/www/data/squid-reports/2006Jun28-2006Jun28
root@g13:~# apt-get install sarg root@g13:~# /etc/cron.daily/sarg Результаты на следующий день
Проверка: Наберите в MSIE http://gX.dX.class/squid-reports/
на постоянно работающем сервере:
[gX:~] # cat /usr/local/etc/periodic/daily/100.sarg.sh #!/bin/sh echo Generate Squid Access Report /usr/bin/find /usr/local/www/data/squid-reports/ -maxdepth 1 -mtime +60 -type d -name '*-*' -exec rm -r {} \; /usr/local/sbin/squid -k rotate /usr/local/bin/sarg [gX:~] # chmod +x /usr/local/etc/periodic/daily/100.sarg.sh
на сервере работающем в течении рабочего дня:
[gX:~] # cat /usr/local/etc/rc.d/sarg.sh #!/bin/sh echo Generate Squid Access Report /usr/bin/find /usr/local/www/data/squid-reports/ -maxdepth 1 -mtime +60 -type d -name '*-*' -delete /usr/local/sbin/squid -k rotate /usr/local/bin/sarg [gX:~] # chmod +x /usr/local/etc/rc.d/sarg.sh
[gX:local/etc/squid] # diff squid.conf.default squid.conf ... 938c938 < http_port 3128 --- > http_port 3128 transparent ... [gX:local/etc/squid] # squid -k check [gX:local/etc/squid] # squid -k reconfigure
[gX:~] # cat /etc/pf.conf ... rdr proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128 ... [gX:~] # /etc/rc.d/pf reload
root@gX:~# iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.X.0/24 --dport 80 -j REDIRECT --to-port 3128
gX# tail -f access.log