Monthly Archives: March 2015

Sarg – Squid Analysis Report Generator

Install Sarg – Squid Analysis Report Generator

wget -O sarg-latest.tar.gz http://sourceforge.net/projects/sarg/files/latest/download?source=files
tar zxvf sarg-latest.tar.gz
cd sarg-*
./configure
make
sudo make install

/usr/local/etc/sarg.conf

access_log /var/log/squid3/access.log
output_dir /var/www/squid-reports
temporary_dir /var/tmp/sarg
date_format e
overwrite_report yes
lastlog 45
resolve_ip yes

mkdir -p /var/www/squid-reports /var/tmp/sarg
chown www-data:www-data /var/www/squid-reports /var/tmp/sarg
chmod 775 /var/tmp/sarg
usermod -a -G proxy,staff www-data

Generate Sarg report
su -c "sarg -x" www-data

Access Sarg report
http://your_server/squid-reports

Automatic generating Sarg reports

Daily report
/etc/cron.daily/sarg

#!/bin/sh
su -c "sarg -d day-1 -w /var/tmp/sarg/sarg.daily -o /var/www/squid-reports/Daily /var/log/squid3/access.log*" www-data

Weekly report
/etc/cron.weekly/sarg

#!/bin/sh
su -c "sarg -d week-1 -w /var/tmp/sarg/sarg.weekly -o /var/www/squid-reports/Weekly /var/log/squid3/access.log*" www-data

Monthly report
/etc/cron.monthly/sarg

#!/bin/sh
su -c "sarg -d month-1 -w /var/tmp/sarg/sarg.monthly -o /var/www/squid-reports/Monthly /var/log/squid3/access.log*" www-data

chmod 755 /etc/cron.daily/sarg /etc/cron.weekly/sarg /etc/cron.monthly/sarg

Squid transparent proxy

Setup Squid transparent proxy

http://thejimmahknows.com/squid-3-1-caching-proxy-with-ssl/
http://codepoets.co.uk/2014/squid-3-4-x-with-ssl-for-debian-wheezy/

Install required dependencies:

apt-get build-dep squid3 openssh openssl
apt-get install devscripts build-essential fakeroot libtool libssl-dev libcrypto++-dev devscripts ssl-cert squid-langpack libecap2-dev

Download Squid sources:

cd /usr/src
wget http://ftp.debian.org/debian/pool/main/s/squid3/squid3_3.4.8.orig.tar.bz2
wget http://ftp.debian.org/debian/pool/main/s/squid3/squid3_3.4.8-6.debian.tar.xz
tar -xvf squid3_3.4.8.orig.tar.bz2
cd squid-3.4.8/
tar -xvf ../squid3_3.4.8-6.debian.tar.xz

Include Squid transparent SSL support:

vi debian/rules
--enable-ssl \
--enable-ssl-crtd \

Build Deb packages:

./configure
debuild -us -uc -b -d

Check Squid3 version:
squid3 -v

Initialise certificates directory:

/usr/lib/squid3/ssl_crtd -c -s /var/lib/ssl_db/
chown -R proxy:proxy /var/lib/ssl_db/

Create Squid caching directory:

mkdir /var/cache/squid
chown proxy:proxy /var/cache/squid/

Generate a certificate for Squid:

cd /etc/ssl/private
openssl genrsa -out squid.key 2048
openssl req -new -key squid.key -out squid.csr    
openssl x509 -req -days 1825 -in squid.csr -signkey squid.key -out squid.crt

Squid configuration file:

cd /etc/squid3
mv squid.conf squid.conf.orig

/etc/squid3/squid.conf

#Proxy Name
visible_hostname home-server.homelan

#Proxy Logs
access_log stdio:/var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
coredump_dir /var/cache/squid

#SSL Parametres
ssl_bump none localhost
always_direct allow all
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db/ -M 256MB
sslcrtd_children 50
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER,NO_DEFAULT_CA

#Access Lists
acl localnet src 192.168.122.0/27

#Ports allowed through Squid
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl CONNECT method CONNECT

#Allow/Deny
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

#Proxy Ports
http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=256MB cert=/etc/ssl/private/squid.crt key=/etc/ssl/private/squid.key version=3

#Caching Directory
cache_dir ufs /var/spool/squid3 500 16 256
cache_mem 512 MB

#DNS Servers
dns_nameservers 127.0.0.1

#Shutdown time
shutdown_lifetime 3 seconds

Load Sysctl settings:
/etc/sysctl.conf

net.ipv4.ip_forward=1

sysctl -p

Adjust UFW rules to redirect web traffic to Squid:
/etc/ufw/before.rules

# Port Forwardings
-A PREROUTING -s 192.168.122.0/27 -p tcp --dport 80 -j REDIRECT --to-port 3129
-A PREROUTING -s 192.168.122.0/27 -p tcp --dport 443 -j REDIRECT --to-port 3130

# Forward traffic through eth0 (Internet)
-A POSTROUTING -s 192.168.122.0/27 -o eth0 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't
# be processed
COMMIT

Run Squid in foregroud:
squid3 -NCd1

See Squid activity using:

tail -f /var/log/squid3/cache.log
tail -f /var/log/squid3/access.log

Start Squid as a daemon:
/etc/init.d/squid3 restart