Thursday, 19 April 2018

Installing SquidGuard on CentOS 7.x

Get Berkeley DB 4.6.21:

cd db-46..
cd build_unix
make install

ln -s /usr/local/BerkeleyDB.4.6 /usr/local/BerkeleyDB

export LD_RUN_PATH=/usr/local/BerkeleyDB/lib ./configure
make install

Get the blacklist form here:

Create static lists to squidGuard db: 
ln -s /opt/3rdparty/BL/anonvpn /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/hacking /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/dating /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/gamble /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/movies /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/music /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/porn /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/sex /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/spyware /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/tracker /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/urlshortener /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/violence /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/warez /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/weapons /usr/local/squidGuard/db

SquidGuard configuration:
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log

dest anonvpn{
         log             anonvpn
         domainlist      anonvpn/domains
         urllist         anonvpn/urls

dest hacking{
         log             hacking
         domainlist      hacking/domains
         urllist         hacking/urls

dest dating{
         log             dating
         domainlist      dating/domains
         urllist         dating/urls

dest gamble{
         log             gamble
         domainlist      gamble/domains
         urllist         gamble/urls

dest movies{
         log             movies
         domainlist      movies/domains
         urllist         movies/urls

dest music{
         log             music
         domainlist      music/domains
         urllist         music/urls

dest porn{
         log             porn
         domainlist      porn/domains
         urllist         porn/urls

dest spyware{
         log             spyware
         domainlist      spyware/domains
         urllist         spyware/urls

dest tracker{
         log             tracker
         domainlist      tracker/domains
         urllist         tracker/urls

dest urlshortener{
         log             urlshortener
         domainlist      urlshortener/domains
         urllist         urlshortener/urls

dest violence{
         log             violence
         domainlist      violence/domains
         urllist         violence/urls

dest warez{
         log             warez
         domainlist      warez/domains
         urllist         warez/urls

dest weapons{
         log             weapons
         domainlist      weapons/domains
         urllist         weapons/urls

acl {
  default {
   pass !anonvpn !hacking !dating !gamble !movies !music !porn !spyware !tracker !urlshortener !violence !warez !weapons all
   redirect 302:

Switch of SELinux /etc/sysconfig/selinux, enter:
# vi /etc/sysconfig/selinux

And set / update it as follows:

chkconfig squid on

You will have to compile the lists in order for squidGuard to work with them. Removing and compiling stuff from the DB:
cd /usr/local/squidGuard/db
grep -r ""
./squidGuard -C movies/domains
service squid restart

In Squid config:
# Try connecting to first 25 ips of domain name
forward_max_tries 25
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
url_rewrite_bypass off
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
#debug_options ALL,1 29,1