Saita SquidGuard, Ba da damar Dokokin Abun ciki da Yin nazarin Logs na Squid - Kashi na 6


A LFCE (Linux Foundation Certified Engineer) ƙwararren ƙwararren ne wanda ke da ƙwarewar da ake buƙata don shigarwa, sarrafawa, da magance ayyukan cibiyar sadarwa a cikin tsarin Linux, kuma shine ke kula da ƙira, aiwatarwa da ci gaba da kiyaye tsarin gine-ginen gaba ɗaya.

Gabatar da Shirin Takaddar Gidauniyar Linux.

A cikin rubuce-rubucen da suka gabata mun tattauna yadda ake saka Squid + squidGuard da yadda ake saita squid don sarrafa ko hana buƙatun shiga yadda ya kamata. Da fatan za a tabbatar kun wuce waɗannan koyawawan guda biyu kuma shigar da Squid da squidGuard kafin ci gaba yayin da suke saita bango da mahallin abin da za mu rufe a cikin wannan post ɗin: haɗa squidguard a cikin yanayin squid mai aiki don aiwatar da ƙa'idodin baƙar fata da sarrafa abun ciki akan uwar garken wakili.

  1. Saka Squid da SquidGuard - Part 1
  2. Hanyar da Squid Proxy Server tare da Ƙuntataccen shiga – Sashe na 5

Me zan iya/Ba zan iya amfani da SquidGuard Don?

Kodayake squidGuard tabbas zai haɓaka da haɓaka fasalin Squid, yana da mahimmanci don haskaka abin da zai iya da abin da ba zai iya yi ba.

Ana iya amfani da squidGuard don:

  1. iyakance damar shiga yanar gizo da aka yarda ga wasu masu amfani zuwa jerin sabar yanar gizo da aka yarda da su da/ko URL kawai, yayin da aka hana shiga wasu sabar yanar gizo da/ko URLs da aka baƙaƙe.
  2. toshe damar shiga rukunin yanar gizo (ta adireshin IP ko sunan yanki) wanda ya dace da jerin maganganu na yau da kullun ko kalmomi ga wasu masu amfani.
  3. ana buƙatar amfani da sunayen yanki/hana amfani da adireshin IP a cikin URLs.
  4. juyar da katange URLs zuwa kuskure ko shafukan bayani.
  5. amfani da ƙa'idodin shiga daban-daban dangane da lokacin rana, ranar mako, kwanan wata da sauransu.
  6. aiwatar da dokoki daban-daban don ƙungiyoyin masu amfani daban-daban.

Koyaya, ba za a iya amfani da squidGuard ko Squid don:

  1. nazartar rubutu a cikin takardu kuma yi aiki a sakamakon.
  2. gane ko toshe harsunan rubutun da aka haɗa kamar JavaScript, Python, ko VBscript cikin lambar HTML.

Blacklists wani muhimmin sashi ne na squidGuard. Ainihin, fayilolin rubutu ne a sarari waɗanda za su ba ku damar aiwatar da matatun abun ciki dangane da takamaiman kalmomi. Akwai duka samuwa kyauta da kuma lissafin baƙar fata na kasuwanci, kuma kuna iya samun hanyoyin zazzagewa a cikin gidan yanar gizon aikin squidguard blacklists.

A cikin wannan koyawa zan nuna muku yadda ake haɗa jerin baƙaƙen da Shalla Secure Services ke bayarwa zuwa shigarwar squidGuard ɗin ku. Waɗannan baƙaƙen lissafin kyauta ne don amfanin sirri/na kasuwanci kuma ana sabunta su kullun. Sun haɗa da, har zuwa yau, sama da shigarwar 1,700,000.

Don dacewarmu, bari mu ƙirƙiri adireshi don zazzage fakitin baƙar fata.

# mkdir /opt/3rdparty
# cd /opt/3rdparty 
# wget http://www.shallalist.de/Downloads/shallalist.tar.gz

Sabuwar hanyar zazzagewar tana samuwa koyaushe kamar yadda aka yi alama a ƙasa.

Bayan cire sabon fayil ɗin da aka sauke, za mu bincika zuwa babban fayil ɗin blacklist (BL).

# tar xzf shallalist.tar.gz 
# cd BL
# ls

Kuna iya tunanin kundayen adireshi da aka nuna a cikin fitarwa na ls a matsayin nau'ikan jerin bayanan baya, da kuma madaidaitan kundin adireshi (na zaɓi) azaman rukunin rukuni, suna gangarowa har zuwa takamaiman URLs da yanki, waɗanda aka jera a cikin fayilolin. urls da domains, bi da bi. Duba hoton da ke ƙasa don ƙarin bayani.

Ana yin shigar da dukkan fakitin blacklist, ko na nau'ikan nau'ikan guda ɗaya, ta hanyar kwafin littafin BL, ko ɗaya daga cikin kundin adireshi, bi da bi, zuwa /var/. lib/squidguard/db directory.

Tabbas kuna iya sauke blacklist kwal ɗin kwal ɗin zuwa wannan kundin tun farko, amma tsarin da aka bayyana a baya yana ba ku ƙarin iko akan nau'ikan nau'ikan da yakamata a toshe (ko a'a) a takamaiman lokaci.

Bayan haka, zan nuna muku yadda ake shigar da anonvpn, hacking, da chat blacklists da yadda ake saita squidGuard don amfani da su.

Mataki na 1: Kwafi akai-akai akan anonvpn, hacking, da chat kundayen adireshi daga /opt/3rdparty/ BL zuwa /var/lib/squidguard/db.

# cp -a /opt/3rdparty/BL/anonvpn /var/lib/squidguard/db
# cp -a /opt/3rdparty/BL/hacking /var/lib/squidguard/db
# cp -a /opt/3rdparty/BL/chat /var/lib/squidguard/db

Mataki na 2: Yi amfani da wuraren yanki da fayilolin url don ƙirƙirar fayilolin bayanan squidguard. Da fatan za a lura cewa umarni mai zuwa zai yi aiki don ƙirƙirar fayilolin .db don duk jerin baƙaƙen da aka shigar - ko da wani nau'i yana da ƙananan rukunoni 2 ko fiye.

# squidGuard -C all

Mataki na 3: Canja ikon mallakar /var/lib/squidguard/db/ directory da abinda ke cikinsa ga mai amfani da wakili domin Squid ya iya karanta fayilolin bayanai.

# chown -R proxy:proxy /var/lib/squidguard/db/

Mataki na 4: Sanya Squid don amfani da squidGuard. Za mu yi amfani da umarnin Squid's url_rewrite_program a cikin /etc/squid/squid.conf don gaya wa Squid ya yi amfani da squidGuard azaman URL mai sake rubutawa/mai gudanarwa.

Ƙara layin mai zuwa zuwa squid.conf, tabbatar da cewa /usr/bin/squidGuard ita ce cikakkiyar hanya a cikin lamarin ku.

# which squidGuard
# echo "url_rewrite_program $(which squidGuard)" >> /etc/squid/squid.conf
# tail -n 1 /etc/squid/squid.conf

Mataki na 5: Ƙara umarni masu mahimmanci zuwa fayil ɗin sanyi na squidGuard (wanda yake cikin /etc/squidguard/squidGuard.conf).

Da fatan za a koma zuwa hoton hoton da ke sama, bayan lambar mai zuwa don ƙarin bayani.

src localnet {
        ip      192.168.0.0/24
}

dest anonvpn {
        domainlist      anonvpn/domains
        urllist         anonvpn/urls
}
dest hacking {
        domainlist      hacking/domains
        urllist         hacking/urls
}
dest chat {
        domainlist      chat/domains
        urllist         chat/urls
}

acl {
        localnet {
                        pass     !anonvpn !hacking !chat !in-addr all
                        redirect http://www.lds.org
                }
        default {
                        pass     local none
        }
}

Mataki na 6: Sake kunna Squid kuma gwada.

# service squid restart 		[sysvinit / Upstart-based systems]
# systemctl restart squid.service 	[systemctl-based systems]

Bude mai binciken gidan yanar gizo a cikin abokin ciniki a cikin hanyar sadarwar gida kuma bincika zuwa rukunin yanar gizon da aka samo a cikin kowane fayil ɗin baƙar fata (domains ko urls - za mu yi amfani da http://spin.de/ taɗi a cikin misali mai zuwa ) kuma za a tura ku zuwa wani URL, www.lds.org a wannan yanayin.

Kuna iya tabbatar da cewa an yi buƙatar zuwa uwar garken wakili amma an ƙi (301 http martani - An ƙaura har abada) kuma an tura shi zuwa www.lds.org maimakon.

Idan saboda wasu dalilai kuna buƙatar kunna nau'in da aka toshe a baya, cire kundin adireshi mai dacewa daga /var/lib/squidguard/db> sannan kuyi sharhi (ko share) acl mai alaƙa a cikin squidguard.conf fayil.

Misali, idan kuna son kunna wuraren da urls da aka yiwa baƙaƙen jeri na anonvpn, kuna buƙatar aiwatar da matakai masu zuwa.

# rm -rf /var/lib/squidguard/db/anonvpn

Kuma a gyara squidguard.conf fayil kamar haka.

Da fatan za a lura cewa an share sassan da aka yi haske da rawaya a ƙarƙashin KAFIN a Bayan.

A wasu lokuta kuna iya ba da izinin wasu URLs ko yankuna, amma ba gabaɗayan kundin adireshi ba. A wannan yanayin, ya kamata ka ƙirƙiri adireshi mai suna myWhiteLists (ko kowane sunan da kuka zaɓa) sannan ku saka URLs da domains da ake so a ƙarƙashin /var/lib/squidguard/db/myWhiteListsa cikin fayilolin mai suna urls da domains, bi da bi.

Sannan, fara sabbin dokokin abun ciki kamar da,

# squidGuard -C all

kuma gyara squidguard.conf kamar haka.

Kamar yadda ya gabata, sassan da aka haskaka a cikin rawaya suna nuna canje-canjen da ake buƙatar ƙarawa. Lura cewa layin myWhiteLists yana buƙatar zama na farko a jere wanda ke farawa da wucewa.

A ƙarshe, tuna sake kunna Squid don aiwatar da canje-canje.

Kammalawa

Bayan bin matakan da aka zayyana a cikin wannan koyawa ya kamata ku sami matatar abun ciki mai ƙarfi da adireshin URL da ke aiki hannu da hannu tare da wakilin ku na Squid. Idan kun fuskanci kowace matsala yayin tsarin shigarwa/daidaitawar ku ko kuna da tambayoyi ko sharhi, kuna iya komawa zuwa takaddun gidan yanar gizon squidGuard amma koyaushe ku ji daɗin sauke mana layi ta amfani da fom ɗin da ke ƙasa kuma za mu dawo gare ku da zaran. mai yiwuwa.