Friday, September 4, 2009

INSTALL PROXY WITH ANTIVIRUS AND DB BLACKLIST

I/INSTAL SQUID PROXY
1/Install and configure squid

[root@lan ~]#yum -y install squid
[root@lan ~]#vi /etc/squid/squid.conf

http_port 8080 acl CONNECT method CONNECT
acl lan src 192.168.0.0/255.255.255.0
// (permit only LAN)
http_access allow localhost
http_access allow lan
// add (permit only LAN)
http_access deny all
visible_hostname test.vn
// add (specify hostname)
# forwarded_for on
forwarded_for off
// add (hide IP address)
header_access Referer deny all
// add

header_access X-Forwarded-For deny all
header_access Via deny all
header_access Cache-Control deny all


[root@lan ~]#/etc/rc.d/init.d/squid start
init_cache_dir /var/spool/squid... Starting squid:[ OK ]
[root@lan ~]#chkconfig squid on
II/PROXY WITH ANTI VIRUS

Configure Proxy in order to scan download files to protect from virus. Install clamav first

1/Install clamd

[root@lan ~]#yum -y install clamd ( Or download from http://rpm.pbone.net/)
[root@lan ~]#vim /etc/clamd.conf

LocalSocket /var/run/clamav/clamd.sock //change

[2] Install squidclamav

[root@lan ~]# wget http://www.darold.net/projects/squidclamav/squidclamav-4.0.tar.gz
root@lan ~]#tar zxvf squidclamav-4.0.tar.gz
[root@lan ~]#cd squidclamav-4.0
[root@lan squidclamav-4.0]#./configure
[root@lan squidclamav-4.0]#make
[root@lan squidclamav-4.0]#make install
[root@lan squidclamav-4.0]#cp squidclamav.conf.dist /etc/squidclamav.conf
[root@lan squidclamav-4.0]#cd
[root@lan ~]#vim /etc/squidclamav.conf


proxy http://127.0.0.1:8080/// change ( proxy address )
logfile /var/log/squid/squidclamav.log// change ( log file )
redirect http://www.yahoo.com/// change ( redirect URL )
# squidguard /usr/local/squidGuard/bin/squidGuard
debug 0
force 1
stat 1
clamd_local /var/run/clamav/clamd.sock// change
clamd_ip 127.0.0.1
clamd_port 3310
timeout 60
abort ^.*\.gz$
abort ^.*\.bz2$
abort ^.*\.pdf$
abort ^.*\.js$
abort ^.*\.html$
abort ^.*\.css$
abort ^.*\.xml$
abort ^.*\.xsl$
abort ^.*\.js$
abort ^.*\.ico$
aborti ^.*\.gif$
aborti ^.*\.png$
aborti ^.*\.jpg$
aborti ^.*\.swf$
content ^.*application\/.*$
whitelist .*yahoo\.com

[3] Configurarion of squid


[root@lan ~]#vim /etc/squid/squid.conf

add these 3 lines at the bottom

url_rewrite_access deny localhost
redirect_program /usr/local/bin/squidclamav
redirect_children 15


[root@lan ~]#touch /var/log/squid/squidclamav.log
[root@lan ~]#chown squid. /var/log/squid/squidclamav.log
[root@lan ~]#vim /etc/logrotate.d/squid

add at the bottom

/var/log/squid/squidclamav.log {
weekly
rotate 5
copytruncate
compress
notifempty
missingok
}


[root@lan ~]#/etc/rc.d/init.d/squid restart
Stopping squid: .............[ OK ]
Starting squid: .[ OK ]


III/PROXY WITH SQUIDGRARD

[1] Install squidguard

[root@lan ~]#yum -y install squidguard [root@lan ~]#mv /etc/squid/squidguard.conf /etc/squid/squidguard.conf.bk
[root@lan ~]#vi /etc/squid/squidguard.conf

// configure like following example

#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/lib/squidguard
logdir /var/log/squidguard

dest dame {

domainlist dame/domains
urllist dame/urls
}
acl {
default {
pass !dame all
redirect http://www.yahoo.com/

}

}

[root@lan ~]#mkdir /var/lib/squidguard/dame
[root@lan ~]#vi /var/lib/squidguard/dame/domains

// write domains you'd like to prohibit to access

yahoo.com
conheotiensinh.blogspot.com


[root@lan ~]#vi /var/lib/squidguard/dame/urls

// writeURLs you'd like to prohibit to access

www.yahoo.com/deny/
conheotiensinh.blogspot.com /


[root@lan ~]#squidGuard -C all// create DB
[root@lan ~]#chown -R squid. /var/lib/squidguard/dame

[root@lan ~]#vim /etc/squidclamav.conf

squidguard /usr/bin/squidguard
// line 42: make valid and change PASS


[root@lan ~]#/etc/rc.d/init.d/squid restart
Stopping squid: .............[ OK ]
Starting squid: .[ OK ]






2/Try to access to Yahoo set as prohibited domain in . Anyway, this redirect setting is an example to show action of this squidGuard, but please make your own original redirect page because it's meaningless to redirect to google like this example.



2 comments:

  1. Nice writeup! I will be checking out the status page accessible from a web browser. getting it through Scp everytime gets old :)

    I have a question, and I'm hoping you would have the answer, since it's nowhere to be found on the web.
    Do you happen to know if I have SSL certs on my load balanced webservers, whether I would also need to install that cert on my pen load balancer as well? it has some flags to include a cert, but there is no documentation on how to use it, and I can't seem to get it to work.

    Windows workstations accessing the load balancer are not getting a certificate error, but Mac clients are, and are request to accept the certificate into the keychain. Any ideas?

    ReplyDelete
  2. Hi Babaylon

    Thanks for your COMMENT

    For load balanced in Use Pen(i think you need comment in http://conheotiensinh.blogspot.com/2009/09/load-balance-web-server-use-pen.html).Pen simple load balance it not support Layer 7.So You need use load balance(support layer 7 as Pound LVS,HAPROXY..)But with me HAPROXY is best solution.

    Please let me know if you have any question

    Thanks and Best Regards

    ReplyDelete