Ubuntu 16.01 w/Squid and E2Guardian 3.x

Mindwatering Incorporated

Author: Tripp W Black

Created: 01/06/2017 at 05:02 PM

 

Category:
Linux
Installation

Installed server iso of Ubuntu 16.04.

Set server networking to static IP.
# sudo vi /etc/network/interfaces
<edit the settings>
# reboot

Updated server software to latest:
# sudo su
< enter password>
# apt-get update
# apt-get upgrade

Installed squid:
# apt-get install squid

Download or copy E2Guardian to server:
# cd /home/myloginid/
# mkdir tmp
# cd tmp
With FileZilla, copied e2guarding_3.4.0.3_wheezy-jessie_amd64.deb to server to tmp folder just created.
# dpkg -i e2guardian_3.4.0.3_wheezy-jessie_amd64.deb
Note: It will install w/dependency issues ( libtommath0 ), and not be configured. Fix with below command:
# apt-get install -f

Enable the service to start w/system:
# systemctl enable e2guardian

Open the firewall:
# ufw allow 8080
# ufw allow from 192.168.99.0/24 to any port 22

At this point the filter is now functioning. Try it out by updating the proxy settings on your Mac or PC for HTTP and HTTPS requests to go through your new filter.

Notes:
URL Blackslists: /etc/e2guardian/lists/
- bannedextensionlist
- bannediplist
- bannedphraselist
- bannedsitelist (blocked sites by domains for ALL of a site)
- bannedurllist (blocked site URLs for PART of a site)
- exceptionlist (whitelist, overrides ALL lists)
- greysitelist (overrides the banned lists - other filtering still is in effect (extensions, downloads, etc.)


Optional:

Make Google and Youtube Safer:

Update the urlregexplist file:
# cd /etc/e2guardian/lists
# vi urlregexplist
<make updates, save>
# service e2guardian restart

URLRegExpList:
# Redirect SSL Google to Safesearch Google
"^https://www(\.google\..*)"->https://forcesafesearch.google.com

SSLSiteRegexplist:
# Enforce restricted mode in YouTube
"(^https://www.youtube.com)"->"https:// restrictmoderate.youtube.com"
"(^https://m.youtube.com)"->"https:// restrictmoderate.youtube.com"
"(^https://youtubei.googleapis.com)"->"https:// restrictmoderate.youtube.com"
"(^https://youtube.googleapis.com)"->"https:// restrictmoderate.youtube.com"
"(^https://www.youtube-nocookie.com)"->"https:// restrictmoderate.youtube.com"


Note:
You can uncomment the lines in the file for various search engines (e.g. Google).
You can add your own regex code at the bottom, of course.
Make ONE change at a time, restart the e2guardian service, and test. That way if you hose the lists, you know exactly what to undo w/o troubleshooting logs.

Google:
"(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/images\?)"->"\1safe=vss&"
"(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/search\?)"->"\1safe=vss&"
"(^http://[0-9a-z]+\.google\.[a-z]+[-/%.0-9a-z]*/s\?)"->"\1safe=vss&"

You can also use DNS. If you create a local (intranet) DNS override for www.google.com and google.com as a CNAME for forcesavesearch.google.com (216.239.38.120).



Install Webmin...
# vi /etc/apt/sources.list
Add the following lines:
deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
Save and quit: <wq>

Update the repository and perform the installation:
# apt-get update
# apt-get install webmin
Note: Part of the install just looks like it is hanging. It may be "stuck" there for a couple minutes. If you look at the server activity, you will see that memory and CPU are fluctuating.

Update the firewall:
# ufw allow 10000

Test:
https://myserver.mydomain.local:10000
Login w/myadminid and its password

Add the DansGuardian webmin module.
Webmin (main menu) --> Webmin Config --> Webmin Modules --> Upload method --> <select file and upload>
Now update the module config
Servers (main menu) --> DansGuardian Web Content --> On the warning line, select module config link.
Update the following:
Full path to DG config directory: /etc/e2guardian/
Full path to DG pid file: /var/run/e2guardian.pid
Full path to DG binary: /usr/sbin/e2guardian
Full path to DG log directory: /var/log/e2guardian
Full path to DG messages file: < don't know what to change in this one ? >
Command to restart DG: /etc/rc.d/init.d/e2guardian restart
Command to start DG: /etc/rc.d/init.d/e2guardian start
Command to stop DG: /etc/rc.d/init.d/e2guardian stop
Click Save.

Now create a link for the e2guardian.conf:
ln -s /etc/e2guardian/e2guardian.conf /etc/e2guardian/dansguardian.conf

Note:
The webmin module still warns that the version of DansGuardian is too new.
The analyze log files doesn't work. There a diff patch, but mine didn't fix this problem. Therefore, I just updated the webmin conf paths for DansGuardian to e2guardian, and went with that.


previous page

×