SquidGuard package TEST

dvserg

"Waite mode"=ON ;D
I all sources already sent.

sullrich

I have received them and they are on my list. I am still waiting for confirmation that lightsquid works as well before I keep adding untested packages.

mhohman

Great! Lightsquid gave me problems when I first installed. The script that pulls and processes the log files didn't run the first time automatically I had to go in on the shell to execute it. It's still not running automatically, I have to click the refresh now button.

Matt Hohman
New Heights Church

dvserg

@mhohman:

Great! Lightsquid gave me problems when I first installed. The script that pulls and processes the log files didn't run the first time automatically I had to go in on the shell to execute it. It's still not running automatically, I have to click the refresh now button.

Shedules compatible only on pfsense 1.2 What you version use?
If older-need setup task manually

mhohman

@dvserg:

@mhohman:

Great! Lightsquid gave me problems when I first installed. The script that pulls and processes the log files didn't run the first time automatically I had to go in on the shell to execute it. It's still not running automatically, I have to click the refresh now button.

Shedules compatible only on pfsense 1.2 What you version use?
If older-need setup task manually

1.2 Beta 1

dvserg

Post plz here or to my PM file '/etc/crontab' content

mhohman

cat /etc/crontab

SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#minute hour mday month wday who command

pfSense specific crontab entries

Created: June 3, 2007, 10:54 pm

0 * * * * root /usr/bin/nice -n20 newsyslog
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 * 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 1800 snort2c
*/5 * * * * root /usr/local/bin/checkreload.sh

If possible do not add items to this file manually.

If you do so, this file must be terminated with a blank line (e.g. new line)

*/60 * 1 * * root /usr/bin/nice -n20 /usr/local/pkg/snort_check_for_rule_updates.php

dvserg

I'm have small problem with eanglish ::) Sorry for my many questions

Do you setup auto refresh (update) period in Lightsquid GIU?

Post pls '/cf/conf/config.xml' file part

dhipo

squidguard is not in official packages ??? only squidgurad … whats is wrong ??

dvserg

@dhipo:

squidguard is not in official packages ??? only squidgurad … whats is wrong ??

Nothing wrong.
Expects(Waits) his queue
May be developers veri bisy ?

dhipo

ok

can you help with some situaton in squidguard ?

look

3 sources
3 destinations
3 ACL

sourceA = 100.0.0.0/24
sourceB = 192.168.0.0/16
sourceC= 100.0.0.1 192.168.2.1

destX = xxx.com
destY = yyy.com
destZ = zzz.com

ACL1 = sourceA pass destZ !all
acl2 = sourceB pass destY !all
acl3 = sourceC pass !destX all

everything and everybody have full access ….
i'm going crazy ...

dhipo

@dhipo:

ok

can you help with some situaton in squidguard ?

look

3 sources
3 destinations
3 ACL

sourceA = 100.0.0.0/24
sourceB = 192.168.0.0/16
sourceC= 100.0.0.1 192.168.2.1

destX = xxx.com it's a blacklist
destY = yyy.com it's a whitelist
destZ = zzz.com it's a whitelist

ACL1 = sourceA pass destZ !all
acl2 = sourceB pass destY !all
acl3 = sourceC pass !destX all

everything and everybody have full access ….
i'm going crazy ...

dvserg

Pls Show me you SG config
This situation can be if SG not started or used default config
Default config created if found any error in you config data.
Also how old you SG package installation?

dhipo

more /usr/local/etc/squidGuard/squidGuard.conf

============================================================

SquidGuard configuration file

This file generated automaticly with SquidGuard configurator

(C)2006 Serg Dvoriancev

email: dv_serg@mail.ru

============================================================

logdir /var/squidGuard/log
dbhome /var/db/squidGuard

Todas as lojas (users in branchoffice)

src lojas {
ip 192.168.0.0/255.255.0.0
log block.log
}

Todos do Escritorio Central (users in HeadOffice)

src EC {
ip 100.0.2.0/16
log block.log
}

Acesso especial (special access users)

src especiais_loja {
ip 192.168.11.98
ip 192.168.37.32
ip 192.168.38.12
log block.log
}

Acesso sem limites (without limits users)

src super-users {
ip 100.0.0.1
ip 100.0.0.195
ip 100.0.2.40
log block.log
}

dest ads {
domainlist ads/domains
urllist ads/urls
log block.log
}

dest aggressive {
domainlist aggressive/domains
urllist aggressive/urls
log block.log
}

dest audio-video {
domainlist audio-video/domains
urllist audio-video/urls
log block.log
}

dest drugs {
domainlist drugs/domains
urllist drugs/urls
log block.log
}

dest gambling {
domainlist gambling/domains
urllist gambling/urls
log block.log
}

dest hacking {
domainlist hacking/domains
urllist hacking/urls
log block.log
}

dest mail {
domainlist mail/domains
log block.log
}

dest porn {
domainlist porn/domains
expressionlist porn/expressions
urllist porn/urls
log block.log
}

dest proxy {
domainlist proxy/domains
urllist proxy/urls
log block.log
}

dest redirector {
domainlist redirector/domains
urllist redirector/urls
log block.log
}

dest spyware {
domainlist spyware/domains
urllist spyware/urls
log block.log
}

dest suspect {
domainlist suspect/domains
urllist suspect/urls
log block.log
}

dest violence {
domainlist violence/domains
expressionlist violence/expressions
urllist violence/urls
log block.log
}

dest warez {
domainlist warez/domains
urllist warez/urls
log block.log
}

Lista Negra Leo (our black list)

dest ListaNegra {
domainlist ListaNegra/domains
expressionlist ListaNegra/expressions
urllist ListaNegra/urls
log block.log
}

Lista de Sites Liberados (our white list)

dest ListaBranca {
domainlist ListaBranca/domains
expressionlist ListaBranca/expressions
urllist ListaBranca/urls
}

Sites liberados para lojas (free sites to branchoffice users)

dest permitidosLoja {
domainlist permitidosLoja/domains
log block.log
}

Sites Liberados para EC (free sites to HeadOffice)

dest permitidosEC {
domainlist permitidosEC/domains
log block.log
}

acl {
# Lista de Lojas Liberadas
lojas {
pass ListaBranca permitidosLoja none
}

# permitidos EC
EC {
pass ListaBranca permitidosEC none
}

# usuarios controlados com acesso total
especiais_loja {
pass !ads !aggressive !audio-video !drugs !gambling !hacking !m
ail !porn !proxy !redirector !spyware !suspect !violence !warez !ListaNegra all
}

# Super usuarios
super-users {
pass all
}
default {
pass ListaBranca none
redirect http://127.0.0.1/sgerror.php
}
}

dvserg

Make this for testing

disable all ACL's (checkbox on every acl)
uncheck all items on Default rule and set !all (deny all) - test this for block all traffic
enable ListaBranca in default and test acces to him and no-access for other
one by one enable ACLS and test him for access (first enable you special acls)

You need find what ACL wrong configured.

PS after any change before test press Apply button and see Servise string for green (in latest version SG)(mean - SG success started) below Apply button

dvserg

2 mantunespb

installed to put happened this error in the end of the site is the same not initiated

Warning: fopen(/usr/local/etc/squidGuard/squidguard_conf.xml): failed to open stream: No such file or directory in /etc/inc/pfsense-utils.inc on line 1094 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1095 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1096 Warning: fopen(/usr/local/etc/squidGuard/squidguard_conf.xml): failed to open stream: No such file or directory in /etc/inc/pfsense-utils.inc on line 1094 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1095 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1096

Several questions

do you have installed squidGuard port before installation package? (must be deinstalled)
check /usr/local/etc/squidGuard/ path for exists

dhipo

ok /// i do this and satyed strange… but i found an tip ... andnow evething is working... we need compile the lists (blacklists ,destinations, etc) every time what anything is added or removed from blacklists or destinations... the command is ... to first time :
/usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf -C all -d

or to updates

/usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf -u -d

the acls are working now
....

dvserg

<english problem="">I have understood that there is problems with(since) rebuilding db?
Blacklist db rebuild once after his downloading and installation
User db may be processed with each pressing by button 'Apply'
(user db each time created as new but not diff)

Please post you detail ussues - where problem?

ps i will have test too</english>

dhipo

ok …. i will try be clear ..... on press apply button or save new Destinations is not creating the db files..
i created manually using the comand
/usr/local/bin/squidguard -c /usr/local/etc/squidGuard/squidGuard.conf -C all

but every time , when a new url ,expression or domain is added to destinations is necessary run the command
/usr/local/bin/squidguard -c /usr/local/etc/squidGuard/squidGuard.conf -d

if db files was not created manually the rules (ACLS) does not work ..
but, after db creation (manually) works fast and was expected..

dhipo

new doubt …
Can i have an acl like this

" pass MyList "

without the ' !all ' at the end of line ?