Problem running squidGuard -C all

uglygizmo · 03-13-2010, 10:37 PM

Hi everyone, first post.

System Details;
CentOS 5.4
Kernal 2.6.18-164.11.1.el5
Squid 2.6 Stable 21-3.e15
BerkeleyDB 2.7.7
SquidGuard 1.4

Problem Description;
I am setting up a proxy server mainly for a good reason to learn Linux but also to block access to sites for my kids (I don'e like ISA much). I have been working with Windows and Cisco in the industry for > 10yrs now.

I have gotten Squid working well by installing using yum.

I am trying to use squidGuard as a block list filter and having a few problems. I had to try three different versions of BerkeleyDB before I could get squidGuard to compile. It is installed and logging with the correct config for squid to pass requests through squidGuard.

The problem is formatting the Shallalist domain and urls files to the db format required for squidGuard.

When I run the command /usr/local/bin/squidGuard -C all the terminal window (Putty) returns to the start of the next line down with no text and does nothing. I have to use CTRL-C to get the [root@proxy db]# prompt back.

The command seems to have made db files, but the are empty.

I have changed the permissions as suggested by this site with no luck;
http://www.linux-tip.net/cms/content/view/294/26/

Here is the tail of the squidguard log;
2010-03-15 01:00:52 [19591] New setting: dbhome: /usr/local/squidGuard/db
2010-03-15 01:00:52 [19591] New setting: logdir: /usr/local/squidGuard/logs
2010-03-15 01:00:52 [19591] init domainlist /usr/local/squidGuard/db/porn/domains
2010-03-15 01:00:52 [19591] Error db_open: Invalid argument
2010-03-15 01:00:52 [19591] Going into emergency mode

Here is the squid log from service squid start;
2010/03/15 01:26:44| Starting Squid Cache version 2.6.STABLE21 for x86_64-redhat-linux-gnu...
2010/03/15 01:26:44| Process ID 19759
2010/03/15 01:26:44| With 1024 file descriptors available
2010/03/15 01:26:44| Using epoll for the IO loop
2010/03/15 01:26:44| DNS Socket created at 0.0.0.0, port 53860, FD 6
2010/03/15 01:26:44| Adding nameserver 172.30.1.10 from /etc/resolv.conf
2010/03/15 01:26:44| helperOpenServers: Starting 5 'squidGuard' processes
2010-03-15 01:26:44 [19760] (squidGuard): can't write to logfile /usr/local/squidGuard/log/squidGuard.log
2010-03-15 01:26:44 [19760] New setting: dbhome: /usr/local/squidGuard/db
2010-03-15 01:26:44 [19760] New setting: logdir: /usr/local/squidGuard/logs
2010-03-15 01:26:44 [19760] init domainlist /usr/local/squidGuard/db/porn/domains
2010-03-15 01:26:44 [19760] loading dbfile /usr/local/squidGuard/db/porn/domains.db
2010-03-15 01:26:44 [19761] (squidGuard): can't write to logfile /usr/local/squidGuard/log/squidGuard.log
2010-03-15 01:26:44 [19761] New setting: dbhome: /usr/local/squidGuard/db
2010-03-15 01:26:44 [19761] New setting: logdir: /usr/local/squidGuard/logs
2010-03-15 01:26:44 [19761] init domainlist /usr/local/squidGuard/db/porn/domains
2010-03-15 01:26:44 [19761] loading dbfile /usr/local/squidGuard/db/porn/domains.db
2010-03-15 01:26:44 [19762] (squidGuard): can't write to logfile /usr/local/squidGuard/log/squidGuard.log
2010-03-15 01:26:44 [19762] New setting: dbhome: /usr/local/squidGuard/db
2010-03-15 01:26:44 [19762] New setting: logdir: /usr/local/squidGuard/logs
2010-03-15 01:26:44 [19762] init domainlist /usr/local/squidGuard/db/porn/domains
2010-03-15 01:26:44 [19762] loading dbfile /usr/local/squidGuard/db/porn/domains.db
2010-03-15 01:26:44 [19763] (squidGuard): can't write to logfile /usr/local/squidGuard/log/squidGuard.log
2010-03-15 01:26:44 [19763] New setting: dbhome: /usr/local/squidGuard/db
2010-03-15 01:26:44 [19763] New setting: logdir: /usr/local/squidGuard/logs
2010-03-15 01:26:44 [19763] init domainlist /usr/local/squidGuard/db/porn/domains
2010-03-15 01:26:44 [19763] loading dbfile /usr/local/squidGuard/db/porn/domains.db
2010-03-15 01:26:44 [19764] (squidGuard): can't write to logfile /usr/local/squidGuard/log/squidGuard.log
2010-03-15 01:26:44 [19764] New setting: dbhome: /usr/local/squidGuard/db
2010-03-15 01:26:44 [19764] New setting: logdir: /usr/local/squidGuard/logs
2010-03-15 01:26:44 [19764] init domainlist /usr/local/squidGuard/db/porn/domains
2010-03-15 01:26:44 [19764] loading dbfile /usr/local/squidGuard/db/porn/domains.db
2010/03/15 01:26:44| User-Agent logging is disabled.
2010/03/15 01:26:44| Referer logging is disabled.
2010/03/15 01:26:44| Unlinkd pipe opened on FD 16
2010/03/15 01:26:44| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
2010/03/15 01:26:44| Target number of buckets: 425
2010/03/15 01:26:44| Using 8192 Store buckets
2010/03/15 01:26:44| Max Mem size: 8192 KB
2010/03/15 01:26:44| Max Swap size: 102400 KB
2010/03/15 01:26:44| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2010/03/15 01:26:44| Rebuilding storage in /var/spool/squid (CLEAN)
2010/03/15 01:26:44| Using Least Load store dir selection
2010/03/15 01:26:44| Set Current Directory to /var/spool/squid
2010/03/15 01:26:44| Loaded Icons.
2010/03/15 01:26:44| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 18.
2010/03/15 01:26:44| Accepting ICP messages at 0.0.0.0, port 3130, FD 19.
2010/03/15 01:26:44| WCCP Disabled.
2010/03/15 01:26:44| Ready to serve requests.
2010/03/15 01:26:45| Store rebuilding is 85.6% complete
2010/03/15 01:26:45| Done reading /var/spool/squid swaplog (4785 entries)
2010/03/15 01:26:45| Finished rebuilding storage from disk.
2010/03/15 01:26:45| 4785 Entries scanned
2010/03/15 01:26:45| 0 Invalid entries.
2010/03/15 01:26:45| 0 With invalid flags.
2010/03/15 01:26:45| 4785 Objects loaded.
2010/03/15 01:26:45| 0 Objects expired.
2010/03/15 01:26:45| 0 Objects cancelled.
2010/03/15 01:26:45| 0 Duplicate URLs purged.
2010/03/15 01:26:45| 0 Swapfile clashes avoided.
2010/03/15 01:26:45| Took 0.3 seconds (17237.5 objects/sec).
2010/03/15 01:26:45| Beginning Validation Procedure
2010/03/15 01:26:45| Completed Validation Procedure
2010/03/15 01:26:45| Validated 4785 Entries
2010/03/15 01:26:45| store_swap_size = 80284k
2010/03/15 01:26:45| storeLateRelease: released 0 objects
2010-03-15 01:26:47 [19760] Error db_open: Invalid argument
2010-03-15 01:26:47 [19760] Going into emergency mode
2010-03-15 01:26:47 [19761] Error db_open: Invalid argument
2010-03-15 01:26:47 [19761] Going into emergency mode
2010-03-15 01:26:47 [19762] Error db_open: Invalid argument
2010-03-15 01:26:47 [19762] Going into emergency mode
2010-03-15 01:26:47 [19763] Error db_open: Invalid argument
2010-03-15 01:26:47 [19763] Going into emergency mode
2010-03-15 01:26:47 [19764] Error db_open: Invalid argument
2010-03-15 01:26:47 [19764] Going into emergency mode

The current permissions on squidGuard.log are: rwxr-xr-x

The errors at the bottom of the squid log would be because I can't make the db files with the squidGuard -C all command.

Can someone help me please?

Regards,

Grant.

datopdog · 03-14-2010, 01:56 AM

There is something wrong with your squidguard db files, it is going into panic mode. Why didn't you use a prebuilt rpm instead of building your own squidguard

uglygizmo · 03-15-2010, 01:42 AM

Thanks for your reply datopdog.

I managed to get it working finally.
I decided to move everything into more logical locations and after reconfiguring the conf files it is filtering.

Following is what I did to get it working just in case it can help someone else...

I placed the files in the following directories;
/usr/local/bin/squidGuard (program file)
/usr/local/etc/squidGuard/squidGuard.conf
/usr/local/etc/squidGuard/db/* (the block lists)
/var/log/squidGuard (log path)

Here is the line from my squid.conf file;
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf

Here is my squidGuard.conf file;
# SquidGuard Config File
#-----------------------------------
dbhome /usr/local/etc/squidGuard/db
logdir /var/log/squidGuard

# Destinations
#-----------------------------------
dest porn {
domainlist porn/domains
urllist porn/urls
log /var/log/squidGuard/blocked.log
}
dest gamble {
domainlist gamble/domains
urllist gamble/urls
log /var/log/squidGuard/blocked.log
}
dest spyware {
domainlist spyware/domains
urllist spyware/urls
log /var/log/squidGuard/blocked.log
}

# Access Control List
#-----------------------------------
acl {
default {
pass !porn !gamble !spyware all
redirect http://homepage.carthew.net/default.htm
}
}

I also made sure the owner of the files was squid and I set the permissions to full access.

Hope this helps someone else.