LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-06-2007, 01:43 PM   #1
staleksandar
LQ Newbie
 
Registered: Apr 2006
Posts: 4

Rep: Reputation: 0
Dansguardian problem please help


Hello everyone,


I have one major problem. My collegue Linux expert left on vacation and I'm stuck with Dansguardian. Few days ago it's just stopped. I can't start dansguardian, and in log message I only hate message repeted xx times. My squid works fine. I'm not so familier with Linux. It is a CentOS distribution.
 
Old 08-07-2007, 05:18 AM   #2
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
To find for clues you may check /var/log/messages. Open two separate consoles with the one doing a "tail -f /var/log/messages" while on the other you're trying to start or restart dansguardian.

Make sure that squid is running.

------
 
Old 08-07-2007, 06:33 AM   #3
staleksandar
LQ Newbie
 
Registered: Apr 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by gani
To find for clues you may check /var/log/messages. Open two separate consoles with the one doing a "tail -f /var/log/messages" while on the other you're trying to start or restart dansguardian.

Make sure that squid is running.

------
I did that and only thing in messages is 14:28:50 last message repeated 3 times.
Squid is running ok. We are using it as proxy without web filter.
I think that some config files are invalid, but I can't find what's wrong. How can I reinstall dansguardian on CentOS 3?
 
Old 08-07-2007, 06:45 AM   #4
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Post your /etc/dansguardian/dansguardian.conf and let us see if there are invalid parameters.

--------
 
Old 08-07-2007, 07:08 AM   #5
staleksandar
LQ Newbie
 
Registered: Apr 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by gani
Post your /etc/dansguardian/dansguardian.conf and let us see if there are invalid parameters.

--------
This conf file looks ok.
Maybe problem is in one of the banned* files.




# DansGuardian config file for version 2.8.0 with Anti-Virus plug-in 6.4.2
# **NOTE** as of version 2.7.5 most of the list files are now in dansguardianf1.conf


# Web Access Denied Reporting (does not affect logging)
#
# -1 = log, but do not block - Stealth mode
# 0 = just say 'Access Denied'
# 1 = report why but not what denied phrase
# 2 = report fully
# 3 = use HTML template file (accessdeniedaddress ignored) - recommended
#
reportinglevel = 3

# Language dir where languages are stored for internationalisation.
# The HTML template within this dir is only used when reportinglevel
# is set to 3. When used, DansGuardian will display the HTML file instead of
# using the perl cgi script. This option is faster, cleaner
# and easier to customise the access denied page.
# The language file is used no matter what setting however.
#
languagedir = '/etc/dansguardian/languages'

# language to use from languagedir.
language = 'ukenglish'

# Logging Settings
#
# 0 = none 1 = just denied 2 = all text based 3 = all requests
# DG default: 2
# DGAV default: 3
loglevel = 3

# Log Exception Hits
# Log if an exception (user, ip, URL, phrase) is matched and so
# the page gets let through. Can be useful for diagnosing
# why a site gets through the filter. on | off
logexceptionhits = on

# Log File Format
# 1 = DansGuardian format 2 = CSV-style format
# 3 = Squid Log File Format 4 = Tab delimited
logfileformat = 1


# Log file location
#
# Defines the log directory and filename.
#loglocation = '/var/log/dansguardian/access.log'


# Network Settings
#
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
filterip = #0.0.0.0

# the port that DansGuardian listens to.
filterport = 8080

# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1

# the port DansGuardian connects to proxy on
proxyport = 9999

# accessdeniedaddress is the address of your web server to which the cgi
# dansguardian reporting script was copied
# Do NOT change from the default if you are not using the cgi.
#
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'

# Non standard delimiter (only used with accessdeniedaddress)
# Default is enabled but to go back to the original standard mode dissable it.
nonstandarddelimiter = on



# Banned image replacement
# Images that are banned due to domain/url/etc reasons including those
# in the adverts blacklists can be replaced by an image. This will,
# for example, hide images from advert sites and remove broken image
# icons from banned domains.
# 0 = off
# 1 = on (default)
usecustombannedimage = 1
custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'



# Filter groups options
# filtergroups sets the number of filter groups. A filter group is a set of content
# filtering options you can apply to a group of users. The value must be 1 or more.
# DansGuardian will automatically look for dansguardianfN.conf where N is the filter
# group. To assign users to groups use the filtergroupslist option. All users default
# to filter group 1. You must have some sort of authentication to be able to map users
# to a group. The more filter groups the more copies of the lists will be in RAM so
# use as few as possible.
filtergroups = 1
filtergroupslist = '/etc/dansguardian/filtergroupslist'



# Authentication files location
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'



# Show weighted phrases found
# If enabled then the phrases found that made up the total which excedes
# the naughtyness limit will be logged and, if the reporting level is
# high enough, reported. on | off
showweightedfound = on

# Weighted phrase mode
# There are 3 possible modes of operation:
# 0 = off = do not use the weighted phrase feature.
# 1 = on, normal = normal weighted phrase operation.
# 2 = on, singular = each weighted phrase found only counts once on a page.
#
weightedphrasemode = 2



# Positive result caching for text URLs
# Caches good pages so they don't need to be scanned again
# 0 = off (recommended for ISPs with users with disimilar browsing)
# 1000 = recommended for most users (DG)
# 3000 = recommended when urlcacheonly is on (DGAV)
# 5000 = suggested max upper limit
urlcachenumber = 3000
#
# Age before they are stale and should be ignored in seconds
# 0 = never
# 900 = recommended = 15 mins
urlcacheage = 900



# Smart and Raw phrase content filtering options
# Smart is where the multiple spaces and HTML are removed before phrase filtering
# Raw is where the raw HTML including meta tags are phrase filtered
# CPU usage can be effectively halved by using setting 0 or 1
# 0 = raw only
# 1 = smart only
# 2 = both (default)
phrasefiltermode = 2



# Lower casing options
# When a document is scanned the uppercase letters are converted to lower case
# in order to compare them with the phrases. However this can break Big5 and
# other 16-bit texts. If needed preserve the case. As of version 2.7.0 accented
# characters are supported.
# 0 = force lower case (default)
# 1 = do not change case
preservecase = 0



# Hex decoding options
# When a document is scanned it can optionally convert %XX to chars.
# If you find documents are getting past the phrase filtering due to encoding
# then enable. However this can break Big5 and other 16-bit texts.
# 0 = disabled (default)
# 1 = enabled
hexdecodecontent = 0



# Force Quick Search rather than DFA search algorithm
# The current DFA implementation is not totally 16-bit character compatible
# but is used by default as it handles large phrase lists much faster.
# If you wish to use a large number of 16-bit character phrases then
# enable this option.
# 0 = off (default)
# 1 = on (Big5 compatible)
forcequicksearch = 0



# Reverse lookups for banned site and URLs.
# If set to on, DansGuardian will look up the forward DNS for an IP URL
# address and search for both in the banned site and URL lists. This would
# prevent a user from simply entering the IP for a banned address.
# It will reduce searching speed somewhat so unless you have a local caching
# DNS server, leave it off and use the Blanket IP Block option in the
# bannedsitelist file instead.
reverseaddresslookups = off



# Reverse lookups for banned and exception IP lists.
# If set to on, DansGuardian will look up the forward DNS for the IP
# of the connecting computer. This means you can put in hostnames in
# the exceptioniplist and bannediplist.
# It will reduce searching speed somewhat so unless you have a local DNS server,
# leave it off.
reverseclientiplookups = off



# Build bannedsitelist and bannedurllist cache files.
# This will compare the date stamp of the list file with the date stamp of
# the cache file and will recreate as needed.
# If a bsl or bul .processed file exists, then that will be used instead.
# It will increase process start speed by 300%. On slow computers this will
# be significant. Fast computers do not need this option. on | off
createlistcachefiles = on



# POST protection (web upload and forms)
# does not block forms without any file upload, i.e. this is just for
# blocking or limiting uploads
# measured in kibibytes after MIME encoding and header bumph
# use 0 for a complete block
# use higher (e.g. 512 = 512Kbytes) for limiting
# use -1 for no blocking
#maxuploadsize = 512
#maxuploadsize = 0
maxuploadsize = -1



# Max content filter page size
# Sometimes web servers label binary files as text which can be very
# large which causes a huge drain on memory and cpu resources.
# To counter this, you can limit the size of the document to be
# filtered and get it to just pass it straight through.
# This setting also applies to content regular expression modification.
# The size is in Kibibytes - eg 2048 = 2Mb
# use 0 for no limit
maxcontentfiltersize = 256



# Username identification methods (used in logging)
# You can have as many methods as you want and not just one. The first one
# will be used then if no username is found, the next will be used.
# * proxyauth is for when basic proxy authentication is used (no good for
# transparent proxying).
# * ntlm is for when the proxy supports the MS NTLM authentication
# protocol. (Only works with IE5.5 sp1 and later). **NOT IMPLEMENTED**
# * ident is for when the others don't work. It will contact the computer
# that the connection came from and try to connect to an identd server
# and query it for the user owner of the connection.
usernameidmethodproxyauth = on
usernameidmethodntlm = off # **NOT IMPLEMENTED**
usernameidmethodident = off



# Preemptive banning - this means that if you have proxy auth enabled and a user accesses
# a site banned by URL for example they will be denied straight away without a request
# for their user and pass. This has the effect of requiring the user to visit a clean
# site first before it knows who they are and thus maybe an admin user.
# This is how DansGuardian has always worked but in some situations it is less than
# ideal. So you can optionally disable it. Default is on.
# As a side effect disabling this makes AD image replacement work better as the mime
# type is know.
preemptivebanning = on



# Misc settings

# if on it adds an X-Forwarded-For: <clientip> to the HTTP request
# header. This may help solve some problem sites that need to know the
# source ip. on | off
forwardedfor = off


# if on it uses the X-Forwarded-For: <clientip> to determine the client
# IP. This is for when you have squid between the clients and DansGuardian.
# Warning - headers are easily spoofed. on | off
usexforwardedfor = off


# if on it logs some debug info regarding fork()ing and accept()ing which
# can usually be ignored. These are logged by syslog. It is safe to leave
# it on or off
logconnectionhandlingerrors = on



# Fork pool options

# sets the maximum number of processes to sporn to handle the incomming
# connections. Max value usually 250 depending on OS.
# On large sites you might want to try 180.
maxchildren = 120


# sets the minimum number of processes to sporn to handle the incomming connections.
# On large sites you might want to try 32.
minchildren = 8


# sets the minimum number of processes to be kept ready to handle connections.
# On large sites you might want to try 8.
minsparechildren = 4


# sets the minimum number of processes to sporn when it runs out
# On large sites you might want to try 10.
preforkchildren = 6


# sets the maximum number of processes to have doing nothing.
# When this many are spare it will cull some of them.
# On large sites you might want to try 64.
maxsparechildren = 32


# sets the maximum age of a child process before it croaks it.
# This is the number of connections they handle before exiting.
# On large sites you might want to try 10000.
maxagechildren = 500



# Process options
# (Change these only if you really know what you are doing).
# These options allow you to run multiple instances of DansGuardian on a single machine.
# Remember to edit the log file path above also if that is your intention.

# IPC filename
#
# Defines IPC server directory and filename used to communicate with the log process.
ipcfilename = '/tmp/.dguardianipc'

# URL list IPC filename
#
# Defines URL list IPC server directory and filename used to communicate with the URL
# cache process.
urlipcfilename = '/tmp/.dguardianurlipc'

# PID filename
#
# Defines process id directory and filename.
#pidfilename = '/var/run/dansguardian.pid'

# Disable daemoning
# If enabled the process will not fork into the background.
# It is not usually advantageous to do this.
# on|off ( defaults to off )
nodaemon = off

# Disable logging process
# on|off ( defaults to off )
nologger = off

# Daemon runas user and group
# This is the user that DansGuardian runs as. Normally the user/group nobody.
# Uncomment to use. Defaults to the user set at compile time.
# daemonuser = 'nobody'
# daemongroup = 'nobody'

# Soft restart
# When on this disables the forced killing off all processes in the process group.
# This is not to be confused with the -g run time option - they are not related.
# on|off ( defaults to off )
softrestart = off



# ANTIVIRUS SETTINGS
# --------------------

# OPTION: virusscan
# If on, we scan all downloaded content using embedded virus engine.
# Supported engines of this version are ClamAV, ClamDScan, KAV, KAV5, Trophie, Sophie.
# If off, we don't scan any downloaded content.
# See http://sourceforge.net/projects/dgav/ for more details.
virusscan = on

# OPTION: virusengine
# Set the embedded virus scan engine to be used (clamav, clamdscan, kav, aveserver, trophie, sophie).
virusengine = 'clamav'

# OPTION: tricklelength
# With tricklelength you can choose between three different trickle modes:
# a) If set to -1, the scanner will send 1 byte per delay period
# to the client to keep a download connection alive.
# When the whole file is downloaded and scanned, the client will
# receive all remaining bytes, if the file was clean.
# b) If set to less than -1 (eg. -1024) the scanner will send,
# after firsttrickledelay seconds, a proportional amount of data
# to the client (e.g 1024 bytes per downloaded megabyte); after
# followingtrickledelay seconds again a proportional amount
# of data is sent to the client and so on. When the whole file is
# downloaded and scanned, the client will receive all remaining
# bytes, if the file was clean.
# Recommended value: -1024 (1024 bytes per downloaded megabyte)
# c) If set to a positive integer value it enables immediate delivery
# to the client. The value set means minimum number of bytes of the
# downloaded file that will be held and delivered after virus scan.
# If clean, the remaining bytes will be sent to the client.
# If infected, file downloaded will be incomplete and a warning message
# will be sent to the postmaster and possibly the user.
# Recommended minimum positive value: 32768 (32 kbytes)
#
# NOTE:
# only trickle modes a) and b) allow for limited mime-header
# rewriting; eg. if a zip file (application/zip) is downloaded
# and contains a virus it's mime-type is rewritten to text/html
# which in turn forces the browser to display the warning page;
# be aware however, that this is only possible for downloads
# that finish within firsttrickledelay seconds!
tricklelength = 32768

# OPTION: forkscanlength
# Specifies maximum file size, in bytes, that is scanned w/o parallel trickling.
# Files larger than 'forkscan_length' will be scanned in the background,
# while a foreground process trickles data to the client in order to keep
# connection alive.
# This heavily depends on the available CPU speed. Slow CPUs need smaller values.
# The size is in Kibibytes - eg 2048 = 2Mb
forkscanlength = 32768

# OPTION: firsttrickledelay
# Delay in seconds to deliver the first byte to the client.
# This option only applies if tricklelength is set to -1.
firsttrickledelay = 10

# OPTION: follwingtrickledelay
# Delay in seconds to deliver subsequent bytes to the client.
# This option only applies if tricklelength is set to -1.
followingtrickledelay = 10

# OPTION: maxcontentscansize
# Set the maximum size of a content to be virus scanned.
# Content size above this value will not be scanned against viruses.
# The size is in Kibibytes - eg 2048 = 2Mb
# To have no limit, use 0 (zero).
maxcontentscansize = 41904304

# OPTION: virusscanexceptions
# If off, antivirus scanner will ignore DG exception sites and urls.
virusscanexceptions = on

# OPTION: urlcachecleanonly
# If off, url cache will contain entries of text only urls.
# Keeping it off, preserves original Dansguardian feature and
# downloaded content will be always scanned by antivirus.
# When turned on, urlcache will be loaded only with content
# found to be good and that is virus free.
# Thus, content of urls found in urlcache WILL NOT BE SCANNED AGAIN.
urlcachecleanonly = on

# OPTION: virusscannertimeout
# The maximum length of time the commercial virus scanner is allowed to run
# for 1 batch of messages (in seconds).
virusscannertimeout = 60

# OPTION: notify
# Sets who receives email notification when a virus is found.
# Users must be authenticated to be able to receive messages.
# Email address for users will be formed by the authentication name received by DG
# plus @emaildomain (see option below)
# 0 = disabled
# 1 = user only
# 2 = postmaster only
# 3 = postmaster and users (default)
notify = 0

# OPTION: emaildomain
# Set email domain to use when notifying users of an infected file.
# This is just the domain name part, after the @
emaildomain = 'your.domain.com'

# OPTION: postmaster
# Set email address of who to notify about any infections found.
# Should put your full domain name here too.
postmaster = 'postmaster@your.domain.com'

# OPTION: emailserver
# Set the address and port of the Mail Server to send notifications through.
#
emailserver = '127.0.0.1:25'


# OPTION: downloaddir
# Set where the files are downloaded to before they are scanned.
# Since version 6.4.2 it is strongly recommended to define a directory path
# TO BE USED ONLY BY DGAV.
# YOU WILL LOOSE FILES inside this directory path if it is used for any other purpose.
downloaddir = '/tmp/dgvirus'

# CLAMAV SETTINGS
# --------------------
# OPTION: clmaxfiles
# Set maximum number of files inside a compressed file
# default: 1500 files
clmaxfiles = 1500

# OPTION: clmaxreclevel
# Set maximum recursion level to perform scan on a compressed file
# that is inside a compressed file
# default: 3 levels
clmaxreclevel = 3

# OPTION: clmaxfilesize
# Set maximum file size of a file inside a compressed file
# default: 10485760 = 10 Mbytes
clmaxfilesize = 10485760

# OPTION: clblockencryptedarchives
# Treat encrypted compressed file as virus infected content.
# default: off
clblockencryptedarchives = off


# OPTION: cldetectbroken
# Activate improved detection of broken executable files.
# default: off
cldetectbroken = off


# CLAMDSCAN SETTINGS
# --------------------
# OPTION: clamdsocket
# Set the name of a local clamd socket (file)
# or the hostnameort of a remote clamd server
# default: '/tmp/clamd'
clamdsocket = '/tmp/clamd'


# KASPERSKY 5 SETTINGS
# --------------------
# OPTION: avesocket
# Set name of the local socket file
# default: '/var/run/aveserver'
avesocket = '/var/run/aveserver'


# TROPHIE SETTINGS
# --------------------
# OPTION: trophiesocket
# Set name of the local socket file
# default: '/var/run/trophie'
trophiesocket = '/var/run/trophie'


# SOPHIE SETTINGS
# --------------------
# OPTION: sophiesocket
# Set name of the local socket file
# default: '/var/run/sophie'
sophiesocket = '/var/run/sophie'


# ICAP SETTINGS (experimental)
# ----------------------------
# OPTION: icapsocket
# Set hostnameort of the icap server
# default: 'localhost:1344'
icapsocket = 'localhost:1344'

# OPTION: icapservice
# Set the icap service to be used
# default: 'icap://localhost/avscan'
icapservice = 'icap://localhost/avscan'
 
Old 08-07-2007, 07:20 AM   #6
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
Code:
# Network Settings
#
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
filterip = #0.0.0.0
I'm sure that this is not the way dansguardian's filterip must be configured. Change it to this:

filterip = 192.168.x.y

Or set it to 127.0.0.1 if this is a transparent proxy.

Code:
# the port that DansGuardian listens to.
filterport = 8080

# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1
The above are correct.

Code:
# the port DansGuardian connects to proxy on
proxyport = 9999
This might have been intentionally changed. Squid listens by default at port 3128 and you can verify it by checking your squid config file /etc/squid/squid.conf and look for "http_port ....." paramter or simply do a netstat.

# netstat -anp tcp

-------
 
Old 08-07-2007, 07:35 AM   #7
staleksandar
LQ Newbie
 
Registered: Apr 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by gani
Code:
# Network Settings
#
# the IP that DansGuardian listens on. If left blank DansGuardian will
# listen on all IPs. That would include all NICs, loopback, modem, etc.
# Normally you would have your firewall protecting this, but if you want
# you can limit it to only 1 IP. Yes only one.
filterip = #0.0.0.0
I'm sure that this is not the way dansguardian's filterip must be configured. Change it to this:

filterip = 192.168.x.y

Or set it to 127.0.0.1 if this is a transparent proxy.

Code:
# the port that DansGuardian listens to.
filterport = 8080

# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1
The above are correct.

Code:
# the port DansGuardian connects to proxy on
proxyport = 9999
This might have been intentionally changed. Squid listens by default at port 3128 and you can verify it by checking your squid config file /etc/squid/squid.conf and look for "http_port ....." paramter or simply do a netstat.

# netstat -anp tcp

-------
Still same with filterip. Port is intentionally changed.
Now I have this message in /var/log/messages "Can't locate module char-major-10-165" is this bad?
 
Old 08-07-2007, 07:57 AM   #8
gani
Member
 
Registered: Jun 2004
Location: Metro Manila, Philippines
Distribution: OpenBSD, Slackware, XP
Posts: 347

Rep: Reputation: 31
I don't have clearer idea about this module. Your DG .conf file looks a bit different from its standard .conf file. There might have been other or several third party modules/libraries compiled in that might be causing this error.

You can try to compile from source or find a ready package for your distro. If you prefer to compile, use a different install --prefix in your ./configure script in order to avoid overriding your present installation in case you still cares about that. Read INSTALL readme file that goes with the tar ball or "./configure --help". You must have clamav installed.

-------
 
  


Reply

Tags
dansguardian


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem installing squid as a web filter with dansguardian davimint Slackware 3 07-21-2007 05:18 AM
Dansguardian deadeye16 Linux - Security 1 04-04-2007 03:35 PM
Dansguardian Thakowbbery Linux - Networking 0 11-09-2006 11:32 AM
Problem using Squid, Dansguardian and IPtables as web filtering! cryonics Linux - Networking 7 05-09-2006 01:00 PM
using DansGuardian Trio3b Linux - Security 4 12-02-2005 03:18 AM


All times are GMT -5. The time now is 09:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration