EFW Support

Development => Contribute Your Customisations & Modifications => Topic started by: martman22 on Tuesday 02 July 2013, 02:39:39 am

Title: UFDBGuard Content Filter
Post by: martman22 on Tuesday 02 July 2013, 02:39:39 am
UFDBGuard Install  for Endian 2.51

          This software package does appear to work within Endian, although this install is designed to use Webmin to configure and manage it.  Also the content filtering will affect “ALL” users unless exceptions are created within Ufdbguard itself. The multiple content filtering rules of Endian will no longer apply.

•   SSH into your Endian box and create the user “ufdb”.   [useradd  ufdb].
•   Copy the file “ufdbguard.tar.gz” to  directory “/”  and untar. [tar zxvf ufdbguard.tar.gz].
Note:  This will install the /usr/local/ufdbguard directories and files as well /usr/bin/wget which is need by the blacklist updater and /usr/bin/gdb which is need by ufdbguard. The file /root/blacklist.sh is installed as well as /etc/init.d/squid which has two lines added after “start ()” and “stop ()” to start ufdbguard daemons and the miniweb program “ufdbhttpd” for web block messages. (You can back up /etc/init.d/squid prior to this step as this is the only file overwritten)
•   With the Endian Web Administrator create a host entry for the name “firewall.local” which should point to your Green IP address . [Network/Edit Hosts/Add a Host].
•   While in the Administrator create two firewall rules.  One rule to allow system access to port 1000 for Webmin for administrators and another rule to allow system access to port 8010 for web proxy users. [Firewall/System Access/Add a new system access rule].
Note:  For example  Source address= your subnet; Source interface=Green; Service=TCP/10000; Allow.
•   Download webmin from http://webmin.com and copy to you Endian box and install.  [rpm –Uvh Webmin-1.630*]
Note:  You may need to start webmin manually.  “/etc/init.d/webmin start” and then “checkconfig webmin on”.  Access webmin with either http://<your ip>:10000 or https://<your ip>:10000. Use your root credentials to login.
•   Configure Squid webmin module.  Type “squid” in the bottom search box and click on the top link that appears. Enter the information as per the pdf file: “config_squid.pdf”.
Note: This module is not used but is required to be configured for the Ufdb module to function.
•   Copy the “ufdbguard.wbm” file to your Endian box. Install under the left menu: Webmin/Webmin Configuration/Webmin modules. Once it is installed click on the link that appears on the same page. Otherwise type “ufdb” in the search box and then click on the link. Configure the Ufdbguard paths:  db=/usr/local/ufdbguard/blacklists  and log=/usr/local/ufdbguard/logs. Then configure the Ufdbguard user and group as “ufdb”.
The module should then start and appear in the menu under servers. Open the Ufdbguard webmin module and configure your subnet under “Source Groups”. Click on “All System” and change the subnet to your correct Green network subnet.
•   Add the following two lines to the bottom of your “squid.conf” and “squid.conf.tmpl” files: 

url_rewrite_program /usr/local/ufdbguard/bin/ufdbgclient
url_rewrite_children 16

•   Update your blacklist by running   “/root/blacklists.sh”
Note:  This will delete and download a new blacklist locate in /usr/local/ufdbguard/blacklist. It will also convert the domain information to ufdbguard format. You can use other blacklists but you will need to configure your ufdbguard.conf file to match or use the webmin ufdbguard module.
Thanks goes to Monklinux at http://monklinux.blogspot.com/2012/03/installing-squid-proxy-with-reporting.html for his blacklist updater and install help.

•   Restart Squid and test.  [/etc/init.d/squid restart]

files are located here: "http://www.2shared.com/file/h9cjqbrt/ufdbguard.html"