azecraze
May 11th, 2008, 11:43 PM
Installing DansGuardian and SquidProxy on Ubuntu7.10
Deployed in a Windows Domain
This is a quick and dirty method of installing DansGuardian combined with SquidProxy on a computer running Ubuntu 7.10 for a windows user with basically zero experience at using anything Linux….
No regard has been taken at all to security of the system but rather on functionality and this is just how I went about getting it all running prior to hardening it; really all just a proof of concept for me, as I know next to nothing about Linux having been brought up in a 100% Windows environment…..
After searching throught the internet and finding next to no information on this I really struggled initially to put this package together as linux commands are beyond me as yet. This caused a lot of stress until I found Webmin; a browser based interface to the config files. So, I have put this together to give help to any other people wanting to try and accomplish the same thing as I have done in as short a time as possible, and with some ease of usage.
The core purpose of this project was to provide for the clients on a Windows Domain with Active Directory :
1. Access control to internet for clients (Username/Password)
2. Various levels of access from clients to the internet – whitelists, full access, no access, limited to specific sites etc….
3. Content filtering – Prevent access to objectionable content…
Only number 3 above can actually be handled effectively by DansGuardian from what I have been able to figure out….. (excluding NTLM which I did not want to use) so I decided on a mixed bag. A windows server containing a proxy server to provide client authentication and whitelisting, passing through to a linux server containing content filtering….
The windows proxy server I chose to use which provided everything for me at the correct price (free) was Jana Server 2 http://www.janaserver.de/start.php?lang=en
The data flow then becomes:
Client Jana Server DansGuardian SquidProxy Internet
Port usage is thus:
Client 31283128 JanaServer 8080 8080 DansGuardian 3128 3128 SquidProxy 80 Internet
The client proxies are set to Jana Server port 3128
The Jana Server proxy (setup on DUN page) is set to DansGuardian port 8080
DansGuardian is set to Squid Proxy port 3128
SquidProxy to the Internet on port 80?
Another reason I was happy to use two different physical boxes was because if one layer of protection broke down, the other layers would still be in place and only a minor adjustment in group policy will send it to a different proxy…
However this document does not include installation and setup of JanaServer, only the linux components of the system.
Anyway, JanaServer is relatively easy to set up for those interested…..
And now onto the setup:
1. Boot up PC with Ubuntu disk in drive and click choice to install on startup menu….Allow the PC to boot up fully to the Ubuntu desktop…
2. Double click the “Install” icon on the Ubuntu Desktop….
3. Set correct Date/Time options when requested….
4. When the dialog for choosing the partition method comes up, choose “Use entire disk” (Use the guided method for this so that Ubuntu automatically chooses the correct partition sizes)…
5. Next screen set username etc…
Name : Administrator
Login: administrator
Passwd: ********
ComputerName: UberGuardian
6. Install
7. A dialog will appear saying that “Security Updates cannot be accessed on Ubuntu.com”. This is because there is not yet an internet connection….
8. Dialog to “Restart Now” …CD will eject and computer restart….
9. At login page, login as administrator + password
10. Go to : System>Administration>Screens and Graphics, to set the correct monitor… then go System>Preferences>Screen Resolution to set correct resolution…
11. Go to : System>Adminstration>Network to set correct IP address:
Network Settings>Wired Connection
Uncheck “Enable Roaming Mode”
Configuration = Static IP Address
IP = 192.168.40.14
Mask = 255.255.255.0
Gateway = 192.168.40.23
DNS>Add> 160.234.4.1 (Your ISP’s DNS numbers)
160.234.4.2
12. Restart Computer
13. Test internet connectivity using Firefox…..
14. Go to : System>Administration>LoginWindow>Security> Check “Allow local system administrator login” (This allows the computer to be logged in as root)
15. Goto : System>Administration>Users&Groups> Select “root”>Properties>Set password the same as administrator (********)
16. Logoff
17. Login as root so that you have the ability to write to system files etc……
18. Open Firefox and browse to http://www.webmin.com/download.html
Click to download: webmin_1.410_all.deb (version number may vary)
This will redirect you to a sourceforge download page…..
“Save to Disk” - this will dump it on your desktop
19. Go back to http://www.webmin.com/download.html
20. Click on “Third Party Modules” in left hand menu column…
21. Type “dans” (without quotes) in the text entry box labelled “Find modules or themes matching” ….. then click Search…..
22. The search result will bring up the module called Dans Guardian…..(webmin_1.410_all.deb) Click on the download link .. then… Save File…..
23. Close Firefox and move downloaded files to a more user friendly location if desired…
24. Update Packages:
System>Administration>SoftwareSources>UbuntuSoftware>
(Check or uncheck to equate with the following):
(Check) Canonical – supported OpenSourceSoftware (main)
(Check) Community Maintained OpenSourceSoftware (restricted)
(Uncheck) Proprietary drivers for devices (restricted)
(Check) Software restricted by copyright or legal issues (multiverse)
(Uncheck) Source Code
25. Click “Close”
Dialog: “The information about available software is out of date”
Click “Reload” (Package info will now begin downloading)
26. After completion of download, Go>SystemAdministration>Synaptic Package Manager>
Find and select the following packages:
libio-compress-zlib-perl (allows decompression of files)
dansguardian (content filtering package)
dglog (view dansguardian logs)
squid (squid proxy server)
While selecting these packages, you will be prompted to “mark additional”. All dependant packages will automatically be marked for download as well. This is needed because additional essential packages are required to allow the marked packages to run properly….
27. Click “Apply”to download and install the packages…
28. Locate and double click to install the file you downloaded called “webmin_1.410_all.deb”
29. Open Firefox
30. Browse to the webmin management page by typing into the address bar:
https://localhost:10000
31. Login as “root” using the password you set for root
32. Press Ctrl+D to set a bookmark for easy access to this page later
33. In the left hand menu column of the webmin page:
Click: Webmin>WebConfiguration>WebminModules>Install:
“From local file” (Browse to locate the file you previously downloaded called dg-0.5.10-pr4.wbm) > Install Module
34. Click “Refresh Modules” in left hand menu to refresh
35. Left hand menu: Click: Servers>DansGuardian to confirm the module has been installed and is active….
36. Left hand menu: Un-used Modules>Squid Proxy Server
37. Click : Administrative Options
Change : “Visible Hostname” from Automatic to Manual and
type in a hostname…… I put in “UberProxy” (withoutquotes)
Click: Save
38. Click “Initialize Cache” as Unix user (type in “administrator”…. It will not accept “root” as the Unix user…. You may come up with errors here while trying to initialize the cache if all the preceeding instructions were not followed correctly…..more specifically, if you did not define a “Visible Hostname”
39. Left hand menu> Click: “Refresh Modules” – this will move the link for SquidProxy further up the menu list under the heading “Server” near the link for DansGuardian…
40. Left hand menu>Servers>SquidProxyServer>AccessControl>
Change dropdown box to read: “Client Address” then
Click: “Create new ACL”
ACLName = LocalYourNetwork
From IP = 192.168.10.1
To IP = 192.168.50.1
Netmask = 255.255.255.255 (any other netmask = an error)
Click: Save
Click Tab: Proxy Restrictions>Add Proxy
Restriction>Allow>MatchACLs>LocalYourNetwork>Save
Click Tab: Access Control Lists
Click “UP” arrow at right hand end of “Allow-LocalYourNetwork”....
Continue clicking the up arrow on this rule to move it up the list till it is sitting directly below “Deny-Manager”
41. Use file Explorer to browse to the folder location: var\log\dansguardian\
and create an empty document here called access.log
Right Click the file> Properties>Permissions then change all accesses to “Read and Write”
Note: This step is not actually required because squid will create a log here, but I wanted to make sure that I could actually read a log before running squid so I needed to create the file manually…..
42. Reopen Firefox if you closed it and log back into Webmin again using the username root then:
Left hand menu>Servers>SquidProxy> Start Squid
Left hand menu>Servers>DansGuardian>StartDG
(This will start both Squid Proxy and DansGuardian)
43. Both SquidProxy and Dansguardian should now be up and running and all that is required is to point the client browser PROXY to the Ubuntu PC IP using port 8080
44. To edit the “Access Denied” page displayed to clients:
Open File Explorer: etc\dansguardian\languages\UKEnglish\template.html
Right click file: template.html and make a backup copy called template.html.old……
Right click file: template.html>Open with Text Editor……
Edit file as required then: File > Save
DansGuardian must be restarted to show up the new page:
Open Webmin on Firefox (https://localhost:1000) and restart DansGuardian to reflect changes to the new template file…
I made various changes to this page including colouring, adding a banner, changing some of the displayed text etc….
The End
Deployed in a Windows Domain
This is a quick and dirty method of installing DansGuardian combined with SquidProxy on a computer running Ubuntu 7.10 for a windows user with basically zero experience at using anything Linux….
No regard has been taken at all to security of the system but rather on functionality and this is just how I went about getting it all running prior to hardening it; really all just a proof of concept for me, as I know next to nothing about Linux having been brought up in a 100% Windows environment…..
After searching throught the internet and finding next to no information on this I really struggled initially to put this package together as linux commands are beyond me as yet. This caused a lot of stress until I found Webmin; a browser based interface to the config files. So, I have put this together to give help to any other people wanting to try and accomplish the same thing as I have done in as short a time as possible, and with some ease of usage.
The core purpose of this project was to provide for the clients on a Windows Domain with Active Directory :
1. Access control to internet for clients (Username/Password)
2. Various levels of access from clients to the internet – whitelists, full access, no access, limited to specific sites etc….
3. Content filtering – Prevent access to objectionable content…
Only number 3 above can actually be handled effectively by DansGuardian from what I have been able to figure out….. (excluding NTLM which I did not want to use) so I decided on a mixed bag. A windows server containing a proxy server to provide client authentication and whitelisting, passing through to a linux server containing content filtering….
The windows proxy server I chose to use which provided everything for me at the correct price (free) was Jana Server 2 http://www.janaserver.de/start.php?lang=en
The data flow then becomes:
Client Jana Server DansGuardian SquidProxy Internet
Port usage is thus:
Client 31283128 JanaServer 8080 8080 DansGuardian 3128 3128 SquidProxy 80 Internet
The client proxies are set to Jana Server port 3128
The Jana Server proxy (setup on DUN page) is set to DansGuardian port 8080
DansGuardian is set to Squid Proxy port 3128
SquidProxy to the Internet on port 80?
Another reason I was happy to use two different physical boxes was because if one layer of protection broke down, the other layers would still be in place and only a minor adjustment in group policy will send it to a different proxy…
However this document does not include installation and setup of JanaServer, only the linux components of the system.
Anyway, JanaServer is relatively easy to set up for those interested…..
And now onto the setup:
1. Boot up PC with Ubuntu disk in drive and click choice to install on startup menu….Allow the PC to boot up fully to the Ubuntu desktop…
2. Double click the “Install” icon on the Ubuntu Desktop….
3. Set correct Date/Time options when requested….
4. When the dialog for choosing the partition method comes up, choose “Use entire disk” (Use the guided method for this so that Ubuntu automatically chooses the correct partition sizes)…
5. Next screen set username etc…
Name : Administrator
Login: administrator
Passwd: ********
ComputerName: UberGuardian
6. Install
7. A dialog will appear saying that “Security Updates cannot be accessed on Ubuntu.com”. This is because there is not yet an internet connection….
8. Dialog to “Restart Now” …CD will eject and computer restart….
9. At login page, login as administrator + password
10. Go to : System>Administration>Screens and Graphics, to set the correct monitor… then go System>Preferences>Screen Resolution to set correct resolution…
11. Go to : System>Adminstration>Network to set correct IP address:
Network Settings>Wired Connection
Uncheck “Enable Roaming Mode”
Configuration = Static IP Address
IP = 192.168.40.14
Mask = 255.255.255.0
Gateway = 192.168.40.23
DNS>Add> 160.234.4.1 (Your ISP’s DNS numbers)
160.234.4.2
12. Restart Computer
13. Test internet connectivity using Firefox…..
14. Go to : System>Administration>LoginWindow>Security> Check “Allow local system administrator login” (This allows the computer to be logged in as root)
15. Goto : System>Administration>Users&Groups> Select “root”>Properties>Set password the same as administrator (********)
16. Logoff
17. Login as root so that you have the ability to write to system files etc……
18. Open Firefox and browse to http://www.webmin.com/download.html
Click to download: webmin_1.410_all.deb (version number may vary)
This will redirect you to a sourceforge download page…..
“Save to Disk” - this will dump it on your desktop
19. Go back to http://www.webmin.com/download.html
20. Click on “Third Party Modules” in left hand menu column…
21. Type “dans” (without quotes) in the text entry box labelled “Find modules or themes matching” ….. then click Search…..
22. The search result will bring up the module called Dans Guardian…..(webmin_1.410_all.deb) Click on the download link .. then… Save File…..
23. Close Firefox and move downloaded files to a more user friendly location if desired…
24. Update Packages:
System>Administration>SoftwareSources>UbuntuSoftware>
(Check or uncheck to equate with the following):
(Check) Canonical – supported OpenSourceSoftware (main)
(Check) Community Maintained OpenSourceSoftware (restricted)
(Uncheck) Proprietary drivers for devices (restricted)
(Check) Software restricted by copyright or legal issues (multiverse)
(Uncheck) Source Code
25. Click “Close”
Dialog: “The information about available software is out of date”
Click “Reload” (Package info will now begin downloading)
26. After completion of download, Go>SystemAdministration>Synaptic Package Manager>
Find and select the following packages:
libio-compress-zlib-perl (allows decompression of files)
dansguardian (content filtering package)
dglog (view dansguardian logs)
squid (squid proxy server)
While selecting these packages, you will be prompted to “mark additional”. All dependant packages will automatically be marked for download as well. This is needed because additional essential packages are required to allow the marked packages to run properly….
27. Click “Apply”to download and install the packages…
28. Locate and double click to install the file you downloaded called “webmin_1.410_all.deb”
29. Open Firefox
30. Browse to the webmin management page by typing into the address bar:
https://localhost:10000
31. Login as “root” using the password you set for root
32. Press Ctrl+D to set a bookmark for easy access to this page later
33. In the left hand menu column of the webmin page:
Click: Webmin>WebConfiguration>WebminModules>Install:
“From local file” (Browse to locate the file you previously downloaded called dg-0.5.10-pr4.wbm) > Install Module
34. Click “Refresh Modules” in left hand menu to refresh
35. Left hand menu: Click: Servers>DansGuardian to confirm the module has been installed and is active….
36. Left hand menu: Un-used Modules>Squid Proxy Server
37. Click : Administrative Options
Change : “Visible Hostname” from Automatic to Manual and
type in a hostname…… I put in “UberProxy” (withoutquotes)
Click: Save
38. Click “Initialize Cache” as Unix user (type in “administrator”…. It will not accept “root” as the Unix user…. You may come up with errors here while trying to initialize the cache if all the preceeding instructions were not followed correctly…..more specifically, if you did not define a “Visible Hostname”
39. Left hand menu> Click: “Refresh Modules” – this will move the link for SquidProxy further up the menu list under the heading “Server” near the link for DansGuardian…
40. Left hand menu>Servers>SquidProxyServer>AccessControl>
Change dropdown box to read: “Client Address” then
Click: “Create new ACL”
ACLName = LocalYourNetwork
From IP = 192.168.10.1
To IP = 192.168.50.1
Netmask = 255.255.255.255 (any other netmask = an error)
Click: Save
Click Tab: Proxy Restrictions>Add Proxy
Restriction>Allow>MatchACLs>LocalYourNetwork>Save
Click Tab: Access Control Lists
Click “UP” arrow at right hand end of “Allow-LocalYourNetwork”....
Continue clicking the up arrow on this rule to move it up the list till it is sitting directly below “Deny-Manager”
41. Use file Explorer to browse to the folder location: var\log\dansguardian\
and create an empty document here called access.log
Right Click the file> Properties>Permissions then change all accesses to “Read and Write”
Note: This step is not actually required because squid will create a log here, but I wanted to make sure that I could actually read a log before running squid so I needed to create the file manually…..
42. Reopen Firefox if you closed it and log back into Webmin again using the username root then:
Left hand menu>Servers>SquidProxy> Start Squid
Left hand menu>Servers>DansGuardian>StartDG
(This will start both Squid Proxy and DansGuardian)
43. Both SquidProxy and Dansguardian should now be up and running and all that is required is to point the client browser PROXY to the Ubuntu PC IP using port 8080
44. To edit the “Access Denied” page displayed to clients:
Open File Explorer: etc\dansguardian\languages\UKEnglish\template.html
Right click file: template.html and make a backup copy called template.html.old……
Right click file: template.html>Open with Text Editor……
Edit file as required then: File > Save
DansGuardian must be restarted to show up the new page:
Open Webmin on Firefox (https://localhost:1000) and restart DansGuardian to reflect changes to the new template file…
I made various changes to this page including colouring, adding a banner, changing some of the displayed text etc….
The End