*******************************************
*******************************************
** **
** Installation of SquidGuard on TRU64 **
** **
*******************************************
*******************************************
Environment
-----------
Hardware: COMPAQ Professional Workstation XP1000
OS: Compaq Tru64 UNIX V5.1A (Rev. 1885) Patchkit 3
Shell: Korn shell /usr/bin/ksh
Proxy: Squid 2.5 Stable 1
I managed to install SquidGuard: 1.2.0 (SG) with Berkeley DB 4.0.14 and
made SG work with Squid.
Thanks a lot to Michael Grau [m.grau_at_kcc.state.ks.us] who gave me many
helpful hints.
For installation of SG we need the Gnu C-compiler gcc. In order to install
gcc we nedd GNU make (because of problems with standard make). This gives
following installation steps which I will explain in detail below:
Step 1: Berkeley DB 4.0.14
Step 2: Gnu make 3.79.1
Step 3: gcc 3.0
Step 4: Installation of SquidGuard: 1.2.0 (SG)
Step 5: Configuration of SG
Step 6: Configuring squid using squidguard
Step 7: Further configurations
====================================================
Step 1: Installation of Berkeley DB 4.0.14
====================================================
We find Berkeley DB on
http://www.sleepycat.com.
1. Download Release 4.0.14 from
http://www.sleepycat.com/update/index.html
---------------------------------------------
link 4.0.14.tgz
file db-4.0.14.tar.gz
2. Put this file on directory /usr/local
----------------------------------------
3. Unpack this file
-------------------
cd /usr/local
gunzip db-4.0.14.tar.gz
tar -xf db-4.0.14.tar
Result: Directory tree /usr/local/BerkeleyDB.4.0
4. Installation of Berkeley DB
------------------------------
cd /usr/local/db-4.0.14/build_unix
../dist/configure
make
make install
====================================================
Step 3: Installation of GNU make 3.79.1
====================================================
GNU make is needed for installation of gcc. If you have
already installed gcc proceed with step 4.
1. Download GNU make from
http://ftp.gnu.org/pub/gnu/make/
----------------------------------------------------------
file make-3.79.1.tar.gz
2. Put this file on directory /usr/local
----------------------------------------
3. Unpack this file
-------------------
cd /usr/local
gunzip make-3.79.1.tar.gz
tar -xf make-3.79.1.tar
Result: Directory tree /usr/local/make-3.79.1
4. Installation of GNU make
---------------------------
cd make-3.79.1
./configure
make
# Ignore error message about misc.c
./make check
# should give no errors
make install
make clean
Result: /usr/local/bin/make
====================================================
Step 3: Installation of gcc 3.0
====================================================
gcc is needed for installation of squidguard. If you have
already installed gcc proceed with step 4.
1. Download gcc from a ftp server, maybe
ftp://ftp.fu-berlin.de/unix/gnu/gcc/gcc-3.0/
-----------------------------------------------
file gcc-3.0.tar.gz
2. Put this file on directory /usr/local
----------------------------------------
3. Unpack this file
-------------------
cd /usr/local
gunzip gcc-3.0.tar.gz
tar -xf gcc-3.0.tar
Result: Directory tree /usr/local/gcc-3.0
4. Configuration of gcc
-----------------------
mkdir /usr/local/gcc
cd /usr/local/gcc
/usr/local/gcc-3.0/configure
5. Build gcc
------------
# Be sure to use GNU make !!
/usr/local/bin/make bootstrap (duration about 1,5h !)
which gives following error message:
/usr/local/gcc/gcc/xgcc -B/usr/local/gcc/gcc/
-B/usr/local/alphaev56-dec-osf5.1/
bin/ -B/usr/local/alphaev56-dec-osf5.1/lib/ -isystem
/usr/local/alphaev56-dec-os
f5.1/include -c -DSkip_f2c_Undefs -DAllow_TYQUAD -I.
-I../../../../gcc-3.0/libf2
c/libI77 -I.. -I../../../../gcc-3.0/libf2c/libI77/.. -DHAVE_CONFIG_H -g
-mieee
../../../../gcc-3.0/libf2c/libI77/backspace.c
In file included from ../../../../gcc-3.0/libf2c/libI77/fio.h:1,
from ../../../../gcc-3.0/libf2c/libI77/backspace.c:4:
/usr/local/gcc/gcc/include/stdio.h:241: parse error before "__va_list"
/usr/local/gcc/gcc/include/stdio.h:242: parse error before "__va_list"
/usr/local/gcc/gcc/include/stdio.h:243: parse error before "__va_list"
make[3]: *** [backspace.o] Error 1
make[3]: Leaving directory
`/usr/local/gcc/alphaev56-dec-osf5.1/libf2c/libI77'
make[2]: *** [i77] Error 2
make[2]: Leaving directory `/usr/local/gcc/alphaev56-dec-osf5.1/libf2c'
make[1]: *** [all-target-libf2c] Error 2
make[1]: Leaving directory `/usr/local/gcc'
make: *** [bootstrap] Error 2
# exit
Now edit file /usr/local/gcc/gcc/include/stdio.h
replace "__va_list" by "va_list" (near line 240 )
Repeat the last command:
/usr/local/bin/make bootstrap (duration about 3 min !)
6. Install gcc
--------------
/usr/local/bin/make install
Maybe above error message disappears when using another release
of gcc.
====================================================
Step 4: Installation of SquidGuard: 1.2.0 (SG)
====================================================
Remember: I use the Korn-shell /usr/bin/ksh
The official SG homepage is
http://www.squidguard.org/
Some hints from Michael Grau:
When building squidGuard be sure to build the shared db library
and link squidGuard against it. I believe 'parse error before
"DB_INFO"' is an error when building against the static library,
at least it was for me. (db-4.0.14 builds both the static and
shared by default.)
Then when building squidGuard you to have to set the
LD_LIBRARY_PATH environmental variable to your db lib. It is
not enough to just "--with-db-lib=/usr/local/BerkeleyDB.4.0/lib".
Therefore I inserted in /.profile following lines:
LD_LIBRARY_PATH=/usr/local/BerkeleyDB.4.0/lib
export LD_LIBRARY_PATH
1. Download SG from
http://ftp.teledanmark.no/pub/www/proxy/squidGuard/
-----------------------------------------------------------------------
file squidGuard-1.2.0.tar.gz
2. Put this file on directory /usr/local
----------------------------------------
3. Unpack this file
-------------------
cd /usr/local
gunzip squidGuard-1.2.0.tar.gz
tar -xf squidGuard-1.2.0.tar
Result: Directory tree /usr/local/squidGuard-1.2.0
4. Installation of SG
---------------------
cd /usr/local/squidGuard-1.2.0
LD_LIBRARY_PATH=/usr/local/BerkeleyDB.4.0/lib
export LD_LIBRARY_PATH
CC="/usr/local/bin/gcc" CFLAGS="-O3" \
./configure \
--with-db_lib=/usr/local/BerkeleyDB.4.0/lib \
--with-db_inc=/usr/local/BerkeleyDB.4.0/include \
--with-sg-config=/usr/local/squidGuard/squidguard.conf \
--with-sg-logdir=/usr/local/squidGuard/logs \
--with-sg-dbhome=/usr/local/squidGuard/db
make
make install
5. Test the installation
------------------------
make test
making test in squidGuard-1.2.0
(cd test && make test)
test1..
Database size:
5643 blacklist/domains
7442 blacklist/urls
13085 total
Running test1 with 1000 requests...Done
Checking number of output lines..
.OK
Checking the output against the expected..
.OK
squidGuard initialization took 0.125 seconds
squidGuard handled 1000 requests in 0.105 seconds
test2..
Database size:
5643 blacklist/domains
7442 blacklist/urls
3 blacklist/expressions
13088 total
Running test2 with 1000 requests...Done
Checking number of output lines..
.OK
Checking the output against the expected..
.OK
squidGuard initialization took 0.125 seconds
squidGuard handled 1000 requests in 0.434 seconds
benchmark..
Database size:
5643 blacklist/domains
7442 blacklist/urls
13085 total
Running benchmark test with 100000 requests...Done
squidGuard initialization took 0.131 seconds
squidGuard handled 100000 requests in 9.124 seconds
====================================================
Step 5: Configuration of SG
====================================================
1. create a simple configuration file
-------------------------------------
/usr/local/squidGuard/etc/squidguard.conf
logdir /usr/local/squidGuard/logs
dbhome /usr/local/squidGuard/db
destination porn {
domainlist porn/domains
urllist porn/urls
log porn.log
}
acl {
default {
pass !porn all
redirect
http://www.web.de
}
}
2. create a small database for domains
--------------------------------------
cd /usr/local/squidGuard/db/porn
use vi to create a file "domains",
insert one line: "sex.com"
now create the database domains.db:
/usr/local/bin/squidGuard \
-c /usr/local/squidGuard/etc/squidguard.conf \
-C /usr/local/squidGuard/db/porn/domains
3. Test the configuration (without squid)
-----------------------------------------
LD_LIBRARY_PATH=/usr/local/BerkeleyDB.4.0/lib
export LD_LIBRARY_PATH
echo "
http://www.sex.com 192.125.128.156/- - GET" | \
/usr/local/bin/squidGuard \
-c /usr/local/squidGuard/etc/squidguard.conf -d
2002-12-17 10:36:21 [54137] init domainlist
/usr/local/squidGuard/db/porn/domais
2002-12-17 10:36:21 [54137] loading dbfile
/usr/local/squidGuard/db/porn/domain.db
2002-12-17 10:36:21 [54137] init urllist /usr/local/squidGuard/db/porn/urls
2002-12-17 10:36:21 [54137] loading dbfile
/usr/local/squidGuard/db/porn/urls.d
2002-12-17 10:36:21 [54137] squidGuard 1.2.0 started (1040117781.433)
2002-12-17 10:36:21 [54137] squidGuard ready for requests (1040117781.525)
2002-12-17 10:36:21 [54137] Request(default/porn/-)
http://www.sex.com
192.125.28.156/- - GET
http://www.web.de 192.125.128.156/- - GET **** BLOCKED
****
2002-12-17 10:36:21 [54137] squidGuard stopped (1040117781.537)
LD_LIBRARY_PATH=/usr/local/BerkeleyDB.4.0/lib
export LD_LIBRARY_PATH
echo "
http://www.google.de 192.125.128.156/- - GET" | \
/usr/local/bin/squidGuard \
-c /usr/local/squidGuard/etc/squidguard.conf -d
2002-12-17 10:38:26 [54148] init domainlist
/usr/local/squidGuard/db/porn/domains
2002-12-17 10:38:26 [54148] loading dbfile
/usr/local/squidGuard/db/porn/domains.db
2002-12-17 10:38:26 [54148] init urllist /usr/local/squidGuard/db/porn/urls
2002-12-17 10:38:26 [54148] loading dbfile
/usr/local/squidGuard/db/porn/urls.db
2002-12-17 10:38:26 [54148] squidGuard 1.2.0 started (1040117906.501)
2002-12-17 10:38:26 [54148] squidGuard ready for requests (1040117906.503)
**** blank line --> NOT BLOCKED ****
2002-12-17 10:38:26 [54148] squidGuard stopped (1040117906.555)
4. Troubleshooting
------------------
Check the log file /usr/local/bin/squidGuard/logs/squidGuard.log
carefully.
Possible problems: missing access rights to some files
wrong directories
====================================================
Step 6: Configuring squid using squidguard
====================================================
1. Create a wrapper for SG
--------------------------
You must write a wrapper for squidGuard (say squidGuard.sh,
for example) that sets the LD_LIBARY_PATH since squid will
know nothing of LD_LIBARY_PATH when it tries to start
squidGuard.
Michael Grau gave me a wrapper which I modified slightly.
/usr/local/bin/squidGuard.sh:
#!/usr/bin/ksh -
# Wrapper to set LD_LIBRARY_PATH for squidGuard
# Mike Grau - Nov 26 2002
# [ sigh ]
LD_LIBRARY_PATH='/usr/local/BerkeleyDB.4.0/lib'
export LD_LIBRARY_PATH
SG='/usr/local/bin/squidGuard'
SG_CONF='/usr/local/squidGuard/etc/squidguard.conf'
set -- `getopt uvc:C:d $*`
if [ $? != 0 ]; then
exit 1
fi
while [ $1 != -- ]
do
case $1 in
-v)
vFLG="-v"
;;
-u)
uFLG="-u"
;;
-c)
cFLG="-c $2"
shift;;
-C)
CFLG="-C $2"
shift;;
-d)
dFLG="-d"
;;
esac
shift
done
shift
if [ -n "$vFLG" ]; then
if [ -n "$ARGS" ]; then
ARGS="$ARGS $vFLG"
else
ARGS=$vFLG
fi
fi
if [ -n "$uFLG" ]; then
if [ -n "$ARGS" ]; then
ARGS="$ARGS $uFLG"
else
ARGS=$uFLG
fi
fi
if [ -n "$cFLG" ]; then
if [ -n "$ARGS" ]; then
ARGS="$ARGS $cFLG"
else
ARGS=$cFLG
fi
fi
if [ -n "$CFLG" ]; then
if [ -n "$ARGS" ]; then
ARGS="$ARGS $CFLG"
else
ARGS=$CFLG
fi
fi
if [ -n "$dFLG" ]; then
if [ -n "$ARGS" ]; then
ARGS="$ARGS $dFLG"
else
ARGS=$dFLG
fi
fi
if [ -n "$ARGS" ]; then
exec $SG $ARGS -c $SG_CONF
else
exec $SG -c $SG_CONF
fi
2. Configure squid for using SG
-------------------------------
Insert following 2 lines in squid.conf:
redirect_program /usr/local/bin/squidGuard.sh
redirect_children 2
3. Test squid with squidguard
-----------------------------
Restart squid and test this configuration:
www.sex.com should be blocked, instead you should
see the page www.web.de
4. Troubleshooting
------------------
Check the log files /usr/local/bin/squidGuard/logs/squidGuard.log
and cache.log (in the squid directory) carefully.
In case of problems you may visit
http://www.squidguard.org/ or
search the archive of the squid mailinglist
http://list.cineca.it/archives/squid.html
====================================================
Step 7: Further configurations
====================================================
You may do further configurations according your needs.
- download blacklists maybe from
http://www.squidguard.org/blacklist/
- create another html page for redirection in case of
accessing banned sites
- etc
> Mit freundlichen Grüßen / regards
> Werner Rost
>
> ---------------------------------------------------------------------
> ZF Boge GmbH
> Werner Rost
> IT
> Friesdorfer Str. 175
> D-53175 Bonn
>
>
> phone: +49/228/3825 420
> fax: +49/228/3825 398
> werner.rost_at_zfboge.com
>
> www.boge-vibrationcontrol.com/
> ---------------------------------------------------------------------
>
>
Received on Tue Dec 17 2002 - 16:10:38 NZDT