Help with squid / squidGuard

Arthur Dent selinux.list at troodos.demon.co.uk
Tue Feb 10 15:43:04 UTC 2009


On Tue, Feb 10, 2009 at 09:34:35AM -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Arthur Dent wrote:
> > On Thu, Feb 05, 2009 at 11:40:10PM +0100, Dominick Grift wrote:
> >> Op donderdag 05-02-2009 om 22:33 uur [tijdzone +0000], schreef Arthur
> >> Dent:
> >>
> >>> Am I right in thinking that all this would be unnecessary if the files
> >>> were in /var/lib/squidGuard ?
> >> No, there is policy missing in the squid module i think. We appended
> >> that policy by installing our module.
> >>
> >> Nonetheless, the proper location is still /var/lib/squidGuard i think.
> >>
> >> I just was not sure if some part of the policy i wrote is working as
> >> expected since the location you use is /var/squidGuard instead.
> >>
> >> Seems that it is working though so that is fine.
> > 
> > Thanks again.
> > 
> > I will see what happens overnight.
> > 
> > Just a final thought however. Both squid and squidGuard are installed
> > via yum from the standard repositories. I still have a copy of the
> > original squidGuard.conf file and here are the first 8 lines:
> > 
> > #
> > # CONFIG FILE FOR SQUIDGUARD
> > #
> > # See http://www.squidguard.org/config/ for more examples
> > #
> > 
> > dbhome /var/squidGuard/blacklists
> > logdir /var/log/squidGuard
> > 
> > So it seems that is where I got my file layout from!
> > 
> > At least I know I not completely crazy...
> > 
> > Thanks once again
> > 
> > Mark
> > 
> > 
> > 
> > ------------------------------------------------------------------------
> > 
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> A simpler solution would have been to add a context that squid can write.
> 
> # semanage fcontext -a -t squid_cache_t '/var/squidGuard(/.*)?'
> # restorecon -R -v /var/squidGuard
> 
> Does squid try to write to  /var/log/squidGuard?

Yes. 
Well, squid itself has a variety of logs in /var/log/squid/ and squidGuard
keeps its log (/var/log/squid/squidGuard.log) there too.
 
> What does /var/www/cgi-bin/squidGuard.cgi and
> /var/www/cgi-bin/squidGuard-simple.cgi do?

squidGuard maintains lists of blacklisted URLs. My users (my family) access
the web via the squid proxy. If they stumble upon one of the blacklisted sites
squidGuard redirects the browser to the /var/www/cgi-bin/squidGuard.cgi page
which displays an intelligent (i.e. says which blacklist has triggered)
warning and blocks the site.

> Do they need to read the
> /var/squidGuard?

Yes. The blacklists are stored in /var/squidGuard/blacklists/ (and updated
from a variety of sources using a nightly script).

Is all that as it should be, or would there be a better configuration? (Both
squid and squidGuard are installed using yum from standard F9 repositories).

Thanks for your suggestion. I will try it later when time permits.

Best regards

Mark

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090210/3d66eae5/attachment.sig>


More information about the fedora-selinux-list mailing list