squidGuard on MDK 10.1

MeridianRebel · 03-30-2005, 10:47 AM

Hey guys, I'm new to the world of Linux (installed it for the first time last week), so I'm probably missing something. Anyways, here's the problem I'm having:

I have Squid setup and running on a MDK 10.1 box. The proxy is running fine on it, and I can connect through it without any problems. However, I'm trying to get it to redirect to squidGuard, but it's still allowing all websites to go through.

I have modded the squid.conf to include:

redirect_program /usr/local/bin/squidGuard -c /etc/squid/squidGuard.conf

The squidGuard.conf reads:

Code:

#
# Configuration File for SquidGuard
#
# Created with the SquidGuard Configuration Webmin Module
# Copyright (C) 2001 by Tim Niemueller <tim@niemueller.de>
# 
#
# File created on 28/Mar/2005 14:31
#

dbhome /home/brad/local/squidguard/db
logdir /home/brad/local/squidguard/logs

destination bl_drugs {
   log      drugs
   domainlist   drugs/domains
   urllist      drugs/urls
}

destination bl_ads {
   log      ads
   domainlist   ads/domains
   urllist      ads/urls
}

destination bl_aggressive {
   log      aggressive
   domainlist   aggressive/domains
   urllist      aggressive/urls
}

destination bl_proxy {
   log      proxy
   domainlist   proxy/domains
   urllist      proxy/urls
}

destination bl_mail {
   log      mail
   domainlist   mail/domains
   urllist      mail/urls
}

destination bl_audio-video {
   log      audio-video
   domainlist   audio-video/domains
   urllist      audio-video/urls
}

destination bl_violence {
   log      violence
   domainlist   violence/domains
   urllist      violence/urls
}

destination bl_warez {
   log      warez
   domainlist   warez/domains
   urllist      warez/urls
}

destination bl_gambling {
   log      gambling
   domainlist   gambling/domains
   urllist      gambling/urls
}

destination bl_hacking {
   log      hacking
   domainlist   hacking/domains
   urllist      hacking/urls
}

destination bl_porn {
   log      porn
   domainlist   porn/domains
   urllist      porn/urls
}
 
acl {

   default {
      pass !porn !hacking !gambling !warez !violence !audio-video !mail !proxy !aggressive !drugs !ads all
      redirect 302:nowhere
   }
}

My squidGuard.log (/var/log/squidGuard/squidGuard.log) contains the following:

Code:

2005-03-29 04:02:03 [11299] destblock bl_drugs missing active content, set inactive
2005-03-29 04:02:03 [11299] destblock bl_ads missing active content, set inactive
2005-03-29 04:02:03 [11299] destblock bl_aggressive missing active content, set inactive
2005-03-29 04:02:03 [11299] destblock bl_proxy missing active content, set inactive
2005-03-29 04:02:03 [11299] destblock bl_mail missing active content, set inactive
2005-03-29 04:02:03 [11299] destblock bl_audio-video missing active content, set inactive
2005-03-29 04:02:03 [11299] destblock bl_violence missing active content, set inactive
2005-03-29 04:02:03 [11299] destblock bl_warez missing active content, set inactive
2005-03-29 04:02:03 [11299] destblock bl_gambling missing active content, set inactive
2005-03-29 04:02:03 [11299] destblock bl_hacking missing active content, set inactive
2005-03-29 04:02:03 [11299] destblock bl_porn missing active content, set inactive
2005-03-29 04:02:03 [11299] (squidGuard): can't write to logfile /home/brad/local/squidguard/logs/squidGuard.log

So, on that last line, it looks like squidGuard has two log files on my system? If that's the case, then I'm assuming I screwed up somewhere when installing it?

Any help on pointing me in right direction on getting this resolved would be much appreciated, even if it's removing squidGuard and reinstalling it.

Thanks.

MeridianRebel · 03-30-2005, 03:07 PM

Bump.

)

Niceman2005 · 03-30-2005, 06:14 PM

Hi MeridianRebel,

1) Regards to the logfile path: at the start of your squidguard.conf, changed the "logdir /home/brad/local/squidguard/logs" to l/var/log/squidGuard/squidGuard.log. That logdir tells squidguard where to log.

2) Where do you place your blacklist files? Is that path correct dbhome /home/brad/local/squidguard/db?

dbhome is where you place all your blacklist files. I placed mine in /var/db so in my squidguard.conf I set
dbhome /var/db

try to change these first, and see what difference it makes in your squidguard.log

MeridianRebel · 03-31-2005, 09:42 AM

Niceman,

Thank you for the suggestion. I made the changes to both paths, and copied the blacklists folder over to the /var/db.

I then did a "squid -k reconfigure" and stopped squid and restarted it (just to make sure that everything would be reinitialized correctly).

squidGuard still isn't filtering out any websites. I looked at the /var/log/squidGuard/squidGuard.log, and it's unchanged (same entries as above).

What's the next step that I should take? Thanks again for your help, I really do appreciate it.

MeridianRebel · 03-31-2005, 10:43 AM

Okay, I made some progress. I went into the squid.conf and changed the redirect path from

redirect_program /usr/local/bin/squidGuard -c etc/squid/squidGuard.conf to
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

I also edited the db path in the squidGuard.conf to read:

/var/db/blacklists

That made a fairly big difference in what is being recording in the squidGuard.log now. Here's part of it:

Code:

2005-03-31 10:26:03 [3232] init domainlist /var/db/blacklists/warez/domains     
2005-03-31 10:26:03 [3232] init urllist /var/db/blacklists/warez/urls           
2005-03-31 10:26:03 [3232] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log/gambling                                                     2005-03-31 10:26:03 [3232] init domainlist /var/db/blacklists/gambling/domains  
2005-03-31 10:26:03 [3232] init urllist /var/db/blacklists/gambling/urls        
2005-03-31 10:26:03 [3232] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log/hacking                                                      2005-03-31 10:26:03 [3232] init domainlist /var/db/blacklists/hacking/domains   
2005-03-31 10:26:03 [3232] init urllist /var/db/blacklists/hacking/urls         
2005-03-31 10:26:03 [3232] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log/porn                                                         2005-03-31 10:26:03 [3232] init domainlist /var/db/blacklists/porn/domains      
2005-03-31 10:26:03 [3235] init urllist /var/db/blacklists/ads/urls
2005-03-31 10:26:03 [3235] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log/aggressive
2005-03-31 10:26:03 [3235] init domainlist /var/db/blacklists/aggressive/domains
2005-03-31 10:26:03 [3235] init urllist /var/db/blacklists/aggressive/urls
2005-03-31 10:26:03 [3235] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log/proxy
2005-03-31 10:26:03 [3235] init domainlist /var/db/blacklists/proxy/domains
2005-03-31 10:26:03 [3235] init urllist /var/db/blacklists/proxy/urls
2005-03-31 10:26:03 [3235] urllist empty, removed from memory
2005-03-31 10:26:03 [3235] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log/mail
2005-03-31 10:26:03 [3235] init domainlist /var/db/blacklists/mail/domains
2005-03-31 10:26:03 [3235] init urllist /var/db/blacklists/mail/urls
2005-03-31 10:26:03 [3235] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log/audio-video
2005-03-31 10:26:03 [3235] init domainlist /var/db/blacklists/audio-video/domains
2005-03-31 10:26:03 [3235] init urllist /var/db/blacklists/audio-video/urls
2005-03-31 10:26:03 [3235] (squidGuard): can't write to logfile /var/log/squidGuard/squidGuard.log/violence
2005-03-31 10:26:03 [3235] init domainlist /var/db/blacklists/violence/domains
2005-03-31 10:26:03 [3235] init urllist /var/db/blacklists/violence/urls

So, it looks like it's looking for a log file per category?

MeridianRebel · 03-31-2005, 01:42 PM

I went ahead and commented out the lines in the squidGuard.conf under each category where it was looking for a log, and then did a squid -k reconfigure, and that got rid of the errors for being unable to write in the log file squidGuard.log, so that's the good news. The bad news is that it's still not filtering yet.

Niceman2005 · 03-31-2005, 06:05 PM

Hi MeridianRebel,

Your squidguard will not start filtering untill your squidguard.log untill it says "squidguard starts" at the end of the line.

The following is an example of a section my squidguard.log:
2005-04-01 01:00:28 [4768] init expressionlist /var/db/blacklists/proibidos/expressions
2005-04-01 01:00:28 [4768] init expressionlist /var/db/blacklists/proibidos/blockaccess
2005-04-01 01:00:28 [4768] init expressionlist /var/db/blacklists/proibidos/file2005-04-01 01:00:28 [4768] squidGuard 1.2.0 started (1112288402.666)
2005-04-01 01:00:28 [4768] squidGuard ready for requests (1112288428.317)
2005-04-01 01:00:28 [4772] init expressionlist /var/db/blacklists/proibidos/expressions
2005-04-01 01:00:28 [4772] init expressionlist /var/db/blacklists/proibidos/blockaccess
2005-04-01 01:00:28 [4772] init expressionlist /var/db/blacklists/proibidos/file2005-04-01 01:00:28 [4772] squidGuard 1.2.0 started (1112288402.711)
2005-04-01 01:00:28 [4772] squidGuard ready for requests (1112288428.544)
2005-04-01 01:00:30 [4771] init expressionlist /var/db/blacklists/proibidos/expressions
2005-04-01 01:00:30 [4771] init expressionlist /var/db/blacklists/proibidos/blockaccess
2005-04-01 01:00:30 [4771] init expressionlist /var/db/blacklists/proibidos/file2005-04-01 01:00:30 [4771] squidGuard 1.2.0 started (1112288402.716)
2005-04-01 01:00:30 [4771] squidGuard ready for requests (1112288430.324)

see at the end it says squidGuard ready for requests. When you get that, then your squidguard should be ready to filter.

Niceman2005 · 03-31-2005, 06:09 PM

continue:

As for the part that says "cannot write to log file", I think that is because you did not change the squidguard.log 's owner. By default the owner is "root". So you should change it to be owned by squid.

Thats because squid automatically run by owner squid instead of root because of secuirty reason or something. So everything that needs to be read by squid would be better changed to owner squid.

try do these first, and send post your log file again if there is error.

thanks.

MeridianRebel · 04-01-2005, 09:24 AM

Okay, I went in and did:

chown squid squidGuard.log

Afterwards, I did a squid -k reconfigure to restart it, and looked at the log file. I do have something new showing now:

"ACL destination porn is not defined in configfile /etc/squid/squidGuard.conf"

If you're able to do so, could you post your squidGuard.conf and squid.conf so that I could compare them? Again, I really do appreciate you helping me out on this.

I'm setting this up temporarily on a "test" server to try it out, and then I'll end up putting this on a new server if all goes well. I also plain on writing "an idiot's guide to setting up squidGuard by an idiot" on how to get this going. lol

MeridianRebel · 04-01-2005, 01:43 PM

Okay, I removed the entire ACL section on the bottom, and also changed the log path to:
/var/log/squidGuard/

That got me -
squidGuard ready for requests

Now I've just gotta figure out why it's not filtering, which has got to have something to do with that ACL section?

Here's my squidGuard.conf:

Code:

#
# Configuration File for SquidGuard
#
# Created with the SquidGuard Configuration Webmin Module
# Copyright (C) 2001 by Tim Niemueller <tim@niemueller.de>
# http://www.niemueller.de/webmin/modules/squidguard/
#
# File created on 28/Mar/2005 14:31
#

dbhome /var/db/blacklists
logdir /var/log/squidGuard

destination bl_drugs {
#	log		drugs
	domainlist	drugs/domains
	urllist		drugs/urls
        redirect whatever.cgi
}


destination bl_ads {
#	log		ads
	domainlist	ads/domains
	urllist		ads/urls
	redirect whatever.cgi
}

destination bl_aggressive {
#	log		aggressive
	domainlist	aggressive/domains
	urllist		aggressive/urls
	redirect whatever.cgi
}

destination bl_proxy {
#	log		proxy
	domainlist	proxy/domains
	urllist		proxy/urls
	redirect whatever.cgi
}

destination bl_mail {
#	log		mail
	domainlist	mail/domains
	urllist		mail/urls
	redirect 302:http://www.google.com
}

destination bl_audio-video {
#	log		audio-video
	domainlist	audio-video/domains
	urllist		audio-video/urls
	redirect whatever.cgi
}

destination bl_violence {
#	log		violence
	domainlist	violence/domains
	urllist		violence/urls
	expressionlist	violence/expressions
        redirect whatever.cgi
}

destination bl_warez {
#	log		warez
	domainlist	warez/domains
	urllist		warez/urls
	redirect whatever.cgi
}

destination bl_gambling {
#	log		gambling
	domainlist	gambling/domains
	urllist		gambling/urls
	redirect whatever.cgi
}

destination bl_hacking {
#	log		hacking
	domainlist	hacking/domains
	urllist		hacking/urls
	redirect whatever.cgi
}

destination bl_porn {
#	log		porn
	domainlist	porn/domains
	urllist		porn/urls
	expressionlist	porn/expressions
	redirect http://www.google.com
}

acl {
	default {
		pass all
		redirect 302:http://www.google.com
	}
}

MeridianRebel · 04-01-2005, 03:26 PM

Update - got it working! On the ACL section, I needed to use bl_porn instead of just porn.

Niceman2005 · 04-01-2005, 06:06 PM

Hi there,

Cool,

The name of the acl "porn" or "bl_porn" depends on your blacklist folder. If inside your blacklist folder its. the blacklist file I downloaded has it named porn so my acl should be porn. But I think the blacklist you downloaded named it bl_porn .

Anyway, have fun filtering. But I find it still not very effective because squidguard just do url filtering, for some websites that don't contain porny expression on it won't get filtered. However I don't think there is any free content filtering software around. So squidguard should be the best you can get.

Good luck,

MeridianRebel · 04-04-2005, 10:16 AM

Thanks for all of your help man.

Oh, one more question. I'm using Sarg for the reporting, and it seems to be working great with the exception of the "denied" sites. The ones that were denied, and I was redirected elsewhere, are showing up on the site report as being accessed. Is that just the way it's going to work, or is there something else that I need to set?

Thanks man.

MeridianRebel · 04-04-2005, 01:34 PM

I edited the squidGuard.conf to include:
log stopped.log
after each category. I then tested, and it's recording the denied sites to that file. How do I get Sarg to pick that up and include it was only "denied" on the reports?

Thanks man.

Niceman2005 · 04-04-2005, 07:37 PM

hello friend,

In regards to generating report from squidguard log. I expected the same too. But I think it didn't do what I expected to log the report in denied sites.
Wondering if you use webmin. If you use webmin to configure sarg, there is one setting that it ask you to fill in the path of your squidguard's log file. I did that but as far as I remember it didn't do much even after I provided the path of the squidguard log file.