This is an old revision of the document!
[gate:~] # pkg_add -r squid [gate:~] # rehash [gate:~] # cd /usr/local/etc/squid/
root@gate:~# apt-get install squid root@gate:~# /etc/init.d/squid stop root@gate:~# cd /etc/squid/
gate# cat squid.conf ... #http_access allow localnet acl our_networks src 192.168.X.0/24 http_access allow our_networks ... cache_dir ufs /usr/local/squid/cache 200 16 256 ... gate# squid -k parse gate# squid -z
[gate:~] # cat /etc/rc.conf ... squid_enable=yes ... [gate:~] # /usr/local/etc/rc.d/squid start [gate:~] # tail -f /usr/local/squid/logs/access.log
root@gate:~# /etc/init.d/squid start root@gate:~# tail -f /var/log/squid/access.log
[gate:~] # pkg_add -r sarg [gate:~] # cd /usr/local/etc/sarg/ [gate:local/etc/sarg] # cp sarg.conf.default sarg.conf [gate:local/etc/sarg] # cat sarg.conf ... access_log /usr/local/squid/logs/access.log.0 ... output_dir /usr/local/www/apache22/data/squid-reports ... [gate:~] # squid -k rotate [gate:~] # sarg SARG: Records in file: 23, reading: 0.00% SARG: Successful report generated on /usr/local/www/data/squid-reports/2006Jun28-2006Jun28
root@gate:~# apt-get install sarg root@gate:~# /etc/cron.daily/sarg Результаты на следующий день
Проверка: Наберите в MSIE http://gate.corpX.un/squid-reports/
[gate:~] # cat /etc/rc.conf ... clamav_clamd_enable="YES" [gate:~] # /usr/local/etc/rc.d/clamav-clamd start [gate:~] # ls -l /var/run/clamav/clamd.sock
root@gate:~# /etc/init.d/clamav-daemon start root@gate:~# ls -l /var/run/clamav/clamd.ctl
gate# clamdscan virus.zip
[gate:~] # pkg_add -r squidclamav
или
[gate:~] # cd /usr/ports/security/squidclamav [gate:ports/security/squidclamav] # make install clean
[gate:~] # cat /usr/local/etc/squidclamav.conf proxy http://127.0.0.1:3128/ logfile /var/log/squidclamav.log redirect http://gate.corpX.un/cgi-bin/test-cgi clamd_local /var/run/clamav/clamd.sock [gate:~] # touch /var/log/squidclamav.log [gate:~] # chown squid /var/log/squidclamav.log
root@gate:~# apt-get install libcurl4-openssl-dev root@gate:~# wget http://www.darold.net/projects/squidclamav/squidclamav-4.0.tar.gz root@gate:~# tar -xvf squidclamav-4.0.tar.gz root@gate:~# cd squidclamav-4.0 root@gate:~/squidclamav-4.0# ./configure --prefix=/usr/local/ root@gate:~/squidclamav-4.0# make && make install root@gate:~/squidclamav-4.0# mkdir /usr/local/etc root@gate:~/squidclamav-4.0# cp squidclamav.conf.dist /usr/local/etc/squidclamav.conf root@gate:~# cat /usr/local/etc/squidclamav.conf squid_ip 127.0.0.1 squid_port 3128 logfile /var/log/squidclamav.log redirect http://gate.corpX.un/cgi-bin/test-cgi clamd_local /var/run/clamav/clamd.ctl content ^.*\/.*$ root@gate:~# touch /var/log/squidclamav.log root@gate:~# chown proxy:proxy /var/log/squidclamav.log
gate# cat squid.conf ... redirector_access deny localhost acl our_networks src 192.168.X.0/24 127.0.0.1 ... url_rewrite_program /usr/local/bin/squidclamav /usr/local/etc/squidclamav.conf ...
gate# /usr/local/bin/squidclamav /usr/local/etc/squidclamav.conf SquidClamav running as UID 0: writing logs to stderr Thu Dec 4 16:06:14 2008 LOG Reading configuration from /usr/local/etc/squidclamav.conf Thu Dec 4 16:06:14 2008 LOG SquidClamav (PID 14302) started
http://val.bmstu.ru/virus.zip 195.19.32.14 squid GET
Thu Dec 4 16:07:03 2008 LOG Redirecting URL to: http://gate.corpX.un/cgi-bin/test-cgi?url=http://val.bmstu.ru/virus.zip&source=195.19.32.14&user=squid&virus=stream:+Worm.Sober.U-3+FOUND http://gate.corpX.un/cgi-bin/printenv?url=http://val.bmstu.ru/virus.zip&source=195.19.32.14&user=mylog&virus=stream:+Worm.Sober.U-3+FOUND 195.19.32.14 squid GET
[gate:~] # cd /usr/local/etc/squid/
root@gate:~# cd /etc/squid/
gate# cat deny_hosts.txt .*odnok.* .*com\/.* gate# cat squid.conf ... acl our_networks src 192.168.100+X.0/24 acl full_access src 192.168.100+X.2 127.0.0.1 #For FreeBSD acl deny_hosts url_regex "/usr/local/etc/squid/deny_hosts.txt" #For Ubuntu acl deny_hosts url_regex "/etc/squid/deny_hosts.txt" http_access allow full_access http_access allow our_networks !deny_hosts ... gate# squid -k check gate# squid -k reconfigure
на постоянно работающем сервере:
[gate:~] # cat /usr/local/etc/periodic/daily/100.sarg.sh #!/bin/sh echo Generate Squid Access Report /usr/bin/find /usr/local/www/data/squid-reports/ -maxdepth 1 -mtime +60 -type d -name '*-*' -exec rm -r {} \; /usr/local/sbin/squid -k rotate /usr/local/bin/sarg [gate:~] # chmod +x /usr/local/etc/periodic/daily/100.sarg.sh
на сервере работающем в течении рабочего дня:
[gate:~] # cat /usr/local/etc/rc.d/sarg.sh #!/bin/sh echo Generate Squid Access Report /usr/bin/find /usr/local/www/data/squid-reports/ -maxdepth 1 -mtime +60 -type d -name '*-*' -delete /usr/local/sbin/squid -k rotate /usr/local/bin/sarg [gate:~] # chmod +x /usr/local/etc/rc.d/sarg.sh
gate# diff squid.conf.default squid.conf ... 938c938 < http_port 3128 --- > http_port 3128 transparent ... gate# squid -k check gate# squid -k reconfigure
[gate:~] # cat /etc/pf.conf ... rdr proto tcp from 192.168.X/24 to any port 80 -> 127.0.0.1 port 3128 ... [gate:~] # /etc/rc.d/pf reload
root@gate:~# iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.X.0/24 --dport 80 -j REDIRECT --to-port 3128
gate# tail -f access.log