Topic: SquidGuard 3.2

[byte]

May i give you one more suggestion: a pannel to configure the squidguard, and to select a way to update blacklist via download manually or cronly.

Yes I would like to do something like that but its something new to me creating a panel, if anyone can create the panel I can assist with the squidguard part, or if I get some time (alot of time) I may attempt this.

here an example of an ipcop contrib (with an excellent pannel):
http://franck78.ath.cx/index-en.html ( download the package to have an idea of the work.

Yes those screen shots do make me go "wow" something like that within SME panel would be great

[mrjhb3]

Hey guys a great work is on its way.


May i give you one more suggestion: a pannel to configure the squidguard, and to select a way to update blacklist via download manually or cronly .

There's some location in the web where you can find updated blacklist : i know one in a french University : Toulouse:

here an example of an ipcop contrib (with an excellent pannel):
http://franck78.ath.cx/index-en.html ( download the package to have an idea of the work.

here is the link of the university and the black list:

ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz

One thing at a time.  I am not a panel nor perl specialist, so if that is to be added some help is going to be needed.  All I am doing is trying to port the squidguard script that was written by Trevor Ouellette, that I use on 6.5 to work on 7.1 into an RPM form that can be built upon and expandad.  

John

[byte]

All I am doing is trying to port the squidguard script that was written by Trevor Ouellette

That's what I started to do then found that there was alot of changes needed so left that part for now, because there's only me looking after our 2 SME Servers at work I probably would stick to the command line as its working lovely (and I'm a command line lover)...Blocking loads of pesty ads     and webmail   atm  

[Jean-Philippe Pialasse]

I might help you for the pannel part, i am not a specialist on Perl, but i am able to make a tiny simple pannel, I can start with one without the multilingual support thanks to FormMagick, and add it in a second time.

just give me 2 weeks.

[byte]

I might help you for the pannel part, i am not a specialist on Perl, but i am able to make a tiny simple pannel, I can start with one without the multilingual support thanks to FormMagick, and add it in a second time.

just give me 2 weeks.

OK - Be interested in what you do.

[mrjhb3]

I might help you for the pannel part, i am not a specialist on Perl, but i am able to make a tiny simple pannel, I can start with one without the multilingual support thanks to FormMagick, and add it in a second time.

just give me 2 weeks.

Don't work on creating a panel yet.  From my limited testing, I have everything working 99%, and the previous install contrib had a server-manager like panel that you could use as a reference.  I do need to add 1 or 2 more things that I want, and will hopefully finish that over the weekend and post a link for testing.

JB

[Jean-Philippe Pialasse]

ok so i wait for some new defore doing anything

[mrjhb3]

Install to a non-production server first!!!!

You can find all the RPMS and the SRPM here once the mirrors sync. http://mirror.contribs.org/smeserver/contribs/jbennett/sme7/squidguard/.  I did a heck of a lot more things that I had planned on, but I did learn quite a bit in the process.  Here is a summary of the changes/updates:
1.  All of the entries are now DB settings.  To view - config show squidguard
2.  All of the entries in the Squidguard_Alllow and Block DB values will be  populated to the squidguard.conf once the template is expanded.  No  more manually creating the ACL templates unless you use some of the new topics from the new blacklist that is noted within the package.  Actually the whole squidguard.conf file will use entries from the DB values.
3.  If you use SARG and an Ident program you can - config setprop squid Ident enabled ; expand-template /etc/squid/squid.conf ; /etc/rc7.d/S90squid stop ; /etc/rc7.d/S90squid start.  This will allow you to view SARG reports based on userid and not PC name or locally resolved DNS name.
4.  The supdate cron job has been re-worked to work with the new shalla blacklist as the old blacklist site wasn't being updated.  More info at squidguard.org.  If you leave the default in place, then you won't get any updates.  If you change to the shalla list, then make sure to adhere to their terms.  They have a lot more entries.  I have been testing this on my 333 Celeron and it takes 20 minutes to reload squidguard once I use their list.
5.  If you make changes to the trusted or untrusted entries, you have to manually restart squid before the entries will be used.
6. I have not tested the fullaccess and noaccess options.

That's all of the major changes I can remember.  When you install, do a signal-event post-upgrade ; signal-event reboot.  There are a potential 3 templates that need to be expanded, and I didn't create an action to automatically do that which is why the post-upgrade ; reboot is recommended.  Maybe later I'll look at creating an event.

Good Luck to all,

John Bennett

P.S. Make sure to check the MD5SUM on the smeserver rpm.  I uploaded it using Horde's Gollem File Manager and I would like to make sure the files uploaded correctly.

[EDIT]  Did some further testing, the fullaccess and no access work just fine after you stop and start squid.  I am going to add a different message for noaccess users.  After that, I'm finished.  So, for me, I'm very pleased with the outcome.

[Tib]

mrjhb3

I'm getting a bad sinature error when trying to install

error: squidguard-blacklists-20050528-1.2.el4.rf.noarch.rpm: V3 DSA signature: BAD, key ID 6b8d79e6

Regards,

Tib

[mrjhb3]

mrjhb3

I'm getting a bad sinature error when trying to install

error: squidguard-blacklists-20050528-1.2.el4.rf.noarch.rpm: V3 DSA signature: BAD, key ID 6b8d79e6

Regards,

Tib

Damn, looks like Gollem has messed up the upload.  I'll upload them again.  You will know it's good when smeserver-squidguard is at 1.0-2

JB

[mrjhb3]

Just re-uploaded them.  Had to do it twice because I stopped squid on my test server and that was the server I was going through.  If the Md5sums still don't match for the other RPMS, you could add and enable the DAG repo by doing this:

To add the DAG repo do this:
/sbin/e-smith/db yum_repositories set dag repository \
Name 'Dag - EL4' \
BaseURL 'http://apt.sw.be/redhat/el4/en/$basearch/dag' \
EnableGroups no \
GPGCheck yes \
GPGKey http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt \
Visible yes \
Exclude freetype,htop,iptraf,rsync,syslinux \
status disabled

expand-template /etc/yum.conf

Then install,  yum --enablerepo=dag install smeserver-squidguard-1.0-2.noarch.rpm.  I just did this and the two other files were found.

John

[Tib]

mrjhb3

Everything loaded with no errors this time .... so files must be good.

Now to test a few things

Regards,

Tib

[p-jones]

Is this good for 7.2 ? Is yum localinstall the way to go ? Are there any updated threads or links ?
Thanks P

[mrjhb3]

Is this good for 7.2 ? Is yum localinstall the way to go ? Are there any updated threads or links ?
Thanks P

Am I using this on my 7.2 server.  I would suggest putting it on a test server first to make sure it will do what you need/want it to do.  Look at the changelog so you will see what some of the db settings do.

John

[p-jones]

Thanks John. Yum localinstall ??
Peter