Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squidguard Auto Blacklist Updating

    pfSense Packages
    8
    16
    29369
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fthomasr last edited by

      I've been using and installing pfSense for over a year now. Today we built some boxes for web filtering so I installed Squidguard. Configured it and it works well so far.

      So it won't auto grab the blacklist periodically? Only manually? What good is that? If so does anyone have a script to update it? Or use something else entirely that autoupdates its blacklist urls?

      I don't want to have to log into 30+ boxes every week/month and manually update them. Any/all advise appreciated.

      1 Reply Last reply Reply Quote 1
      • F
        fthomasr last edited by

        So everyone logs into their routers and updates them manually?

        1 Reply Last reply Reply Quote 1
        • S
          seraphyn last edited by

          It is possible to write a script and use it with a cronjob.
          Greetings

          1 Reply Last reply Reply Quote 1
          • F
            fthomasr last edited by

            @seraphyn:

            It is possible to write a script and use it with a cronjob.
            Greetings

            I'm sure you can write a script. But that's silly. Think about it, a content filter is only as good as it's blacklist. It should be incorporated in the GUI by default. Just like virus definitions. I'm sure the Antivirus packages autoupdates. Who wrote the Squidguard package for pfSense? Maybe they can help.

            1 Reply Last reply Reply Quote 1
            • _
              _igor_ last edited by

              I had the same idea, but when i looked into the respective pages (squidguard.inc, xml) i found out that i don't understand how its done. Maybe some other persion with knowledge of scripting php will find out how its being done. I think, a simple shell-script which downloads the shallalist or other resource and moves the content to the right place will do that too.

              1 Reply Last reply Reply Quote 1
              • T
                tester_02 last edited by

                I even have issues with the manual update.  I run the manual update and all goes well.  But when I go into the browser I notice that all blocking is disabled.  So i then have to go back to squidguard and hit the apply settings.
                  I guess if there is enough people that want it, we could start a bounty and see if any developer wants to take up the task.

                1 Reply Last reply Reply Quote 1
                • T
                  thekITchen last edited by

                  That actually would be a handy feature.  I know that in the case of urlblacklist, downloads are tracked if you are not a member, so in cases like that an auto-downloader may not be practical.  However, an auto-download would be a wonderful addition to pfSense.

                  • Can pfSense handle more than one Blacklist?  (Say downloading both the Shalla list and urlblacklist?)

                  • It seems that after upgrading to 2.0 RC1, that I can no longer download from urlblacklist.  Anyone know what might be causing that?

                  1 Reply Last reply Reply Quote 1
                  • B
                    ben.suffolk last edited by

                    If you manually update the blacklist, you will see squidGuardcreates a script :-

                    /tmp/squidGuard_blacklist_update.sh

                    Copy this script to /usr/local/bin, and then add it to cron to run once a day.

                    That should auto update your rules.

                    Note: I have not actually tested this yet.

                    Regards

                    Ben

                    1 Reply Last reply Reply Quote 1
                    • S
                      seraphyn last edited by

                      @ben.suffolk:

                      /tmp/squidGuard_blacklist_update.sh

                      Copy this script to /usr/local/bin, and then add it to cron to run once a day.

                      That should auto update your rules.

                      Note: I have not actually tested this yet.

                      Regards

                      Ben

                      Sounds nice.
                      Would be a nice addition to further things,
                      Thanks

                      1 Reply Last reply Reply Quote 1
                      • B
                        ben.suffolk last edited by

                        BTW I set it up laster night so it would update this morning, and it worked fine.

                        Ben

                        1 Reply Last reply Reply Quote 1
                        • S
                          seraphyn last edited by

                          Hi Ben,

                          possible to post the script, so we do not need to go to /tmp and all other user could be send to this thread?
                          Or what about a wiki entry?
                          Greetings Chris

                          1 Reply Last reply Reply Quote 1
                          • B
                            ben.suffolk last edited by

                            I'm not sure copying a file from /tmp is that hard for people, in fact probably easier than creating a new file ;)

                            #!/usr/local/bin/php -f
                                $incl = "/usr/local/pkg/squidguard_configurator.inc";
                                if (file_exists($incl)) {
                                    require_once($incl);
                                    sg_reconfigure_blacklist( "http://www.shallalist.de/Downloads/shallalist.tar.gz", "" );
                                }
                                exit;
                            ?>
                            

                            Regards

                            Ben

                            1 Reply Last reply Reply Quote 1
                            • S
                              seraphyn last edited by

                              g
                              Read the Forum… I read some things that .... Keep up the good work  ;D
                              In short: It's Easier to link to this thread.
                              Thx and greetings

                              1 Reply Last reply Reply Quote 1
                              • N
                                noitalever last edited by

                                so… lets say I'm pretty good at following directions, but seem to be missing some steps...

                                I'm only familar with the web interface of pfsense when it comes to linux. I've done some cisco programming, and use dos all the time, just don't know the commands or security structure here.

                                I installed cron on pfsense 1.2.3 and understand how I "might" upload a file(script) under the Diagnostics>Command section and even could maybe figure out how to then run that script daily...

                                so, am I on the right track? and if so... what format does the file need to be in. (speak windows for me please, I know, I know) i.e. script.txt or cronjob.cron or whatever...

                                or, using the aforementioned "command" line, could I just copy the above script from the tmp folder to the right folder for cron to access it? if so, what would the commands be and then what would the cron command be to start running it daily.

                                If someone feels like holding my hand through this, awesome. If not... then I probably won't do it, no prob.
                                And yes, I could probably google and rtfm but this seems pretty easy for someone who lives in linuxville.  I just don't know if I can copy from tmp to the right folder just using the command line, or things like that, and I'd really rather not learn the base security premise of this linux distro just to setup a cron job.

                                Peace.

                                1 Reply Last reply Reply Quote 1
                                • _
                                  _igor_ last edited by

                                  to get that thing running start up putty (http://www.putty.org/) and open a new connection, IP or name of your pfsense.
                                  You get a typical login-window, name: root, password: put in your pw.
                                  then start via webbrowser the update of squidguard.

                                  Now do a (in the putty-window)

                                  cd /tmp
                                  cp squidGuard_blacklist_update.sh /root
                                  exit
                                  
                                  

                                  Your putty will close. The shell-part is done.

                                  Now open cron via "Services" - "Cron" and add a new job.

                                  Fill in the time you want the script gets started.
                                  The correct calll of the script will be (in our case)

                                  /root/squidGuard_blacklist_update.sh
                                  

                                  The right user is "root".

                                  I like to settle scripts like this in /root, because in case of a software-crash its much easier to get all self created or changed portions of whatever from one folder than looking for them all over the system. After a while i don't know what and where i changed things, so this is a good place for that. But feel free to put your script whereever you want.

                                  Good luck!

                                  1 Reply Last reply Reply Quote 1
                                  • B
                                    benafed last edited by

                                    thans scripts is very good. :)

                                    1 Reply Last reply Reply Quote 1
                                    • First post
                                      Last post