Line 40: |
Line 40: |
| Download the required rpms into an empty folder on your sme server using the Linux wget command | | Download the required rpms into an empty folder on your sme server using the Linux wget command |
| | | |
− | wget <nowiki>http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/contribs/dansguardian/rpms/2.9.8-2/dansguardian-2.9.8-2.noarch.rpm</nowiki> | + | wget <nowiki>http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/contribs/dansguardian/rpms/2.9.8-2/dansguardian-2.9.8-2.noarch.rpm</nowiki> |
| | | |
− | wget <nowiki>http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/contribs/dansguardian/rpms/2.9.8-2/smeserver-dansguardian-2.9-3.el4.sme.noarch.rpm</nowiki> | + | wget <nowiki>http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/contribs/dansguardian/rpms/2.9.8-2/smeserver-dansguardian-2.9-3.el4.sme.noarch.rpm</nowiki> |
| | | |
− | wget <nowiki>http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/contribs/dansguardian/rpms/2.8.0.6/dungog-blacklists-1.0-20061002.noarch.rpm</nowiki> | + | wget <nowiki>http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/contribs/dansguardian/rpms/2.8.0.6/dungog-blacklists-1.0-20061002.noarch.rpm</nowiki> |
| | | |
− | Instal the rpms
| + | Install the rpms |
| | | |
− | rpm -Uvh *.rpm
| + | yum localinstall *.rpm |
| | | |
− |
| |
− |
| |
− | Alternatively you can add the dungog repository & use yum --enablerepo to download & install
| |
− |
| |
− | Add the dungog repository from dungog.net (with status disabled as recommended by sme developers) with the following command:
| |
− |
| |
− | db yum_repositories set dungog repository BaseURL <nowiki>http://sme.dungog.net/packages/smeserver/7.0/i386/dungog/</nowiki> EnableGroups yes GPGCheck no Name 'SME Server 7 - dungog' Visible yes status disabled
| |
− |
| |
− | (the above command should all be on one line)
| |
| | | |
− | expand-template /etc/yum.conf
| |
| | | |
− | Then download & install the packages
| + | Alternatively you can add the dungog repository |
| + | {{Repository|Dungog}} |
| | | |
− | yum --enablerepo=dungog install dansguardian smeserver-dansguardian dungog-blacklists pcre | + | yum --enablerepo=dungog install dansguardian smeserver-dansguardian dungog-blacklists pcre |
| | | |
| To view available updates | | To view available updates |
− | | + | yum --enablerepo=dungog list updates |
− | yum --enablerepo=dungog list updates | |
| | | |
| ==='''Modifying Dansguardian configuration'''=== | | ==='''Modifying Dansguardian configuration'''=== |
Line 194: |
Line 184: |
| '''1) Configure your sme server to use Transparent Proxy port 8080 and to block direct access to the squid proxy port 3128 & redirect port 80 to port 8080''' | | '''1) Configure your sme server to use Transparent Proxy port 8080 and to block direct access to the squid proxy port 3128 & redirect port 80 to port 8080''' |
| | | |
− | Note the functionality to create custom firewall rules using iptables is built in to the rpms provided by Stephen Noble | + | Note the functionality to create custom firewall rules using iptables is built in to the rpms provided by http://www.dungog.net |
| | | |
− | config setprop squid TransparentPort 8080 | + | config setprop squid TransparentPort 8080 |
− | | + | config setprop dansguardian portblocking yes |
− | config setprop dansguardian portblocking yes | + | signal-event post-upgrade; signal-event-reboot |
− | | |
− | signal-event post-upgrade | |
− | | |
− | reboot | |
| | | |
| To return Transparent Proxy port to default value and to disable portblocking | | To return Transparent Proxy port to default value and to disable portblocking |
| | | |
− | config delprop squid TransparentPort 3128 | + | config delprop squid TransparentPort 3128 |
− | | + | config delprop dansguardian portblocking |
− | config delprop dansguardian portblocking | + | signal-event post-upgrade; signal-event-reboot |
− | | + | |
− | signal-event post-upgrade | |
− | | |
− | reboot | |
− | | |
| '''2) Configure your workstation web browser to auto detect proxy port''' | | '''2) Configure your workstation web browser to auto detect proxy port''' |
| | | |
Line 227: |
Line 209: |
| ==='''Configuring Dansguardian to use Auth login'''=== | | ==='''Configuring Dansguardian to use Auth login'''=== |
| | | |
− | This functionality is built in to the rpms provided by Stephen Noble & requires enabling with a db command | + | This functionality is built in to the rpms provided by http://www.dungog.net & requires enabling with a db command |
| | | |
| Dansguardian supports different types of auth login ie nsca, pam & ident | | Dansguardian supports different types of auth login ie nsca, pam & ident |
Line 233: |
Line 215: |
| Depending on your requirements, enable using the appropriate command. Most users of sme will probably use pam auth as that will authorise access against sme users and passwords. | | Depending on your requirements, enable using the appropriate command. Most users of sme will probably use pam auth as that will authorise access against sme users and passwords. |
| | | |
− | For details regarding the various auth login methods & other configuration requirements, see http://dansguardian.org or Google | + | For details regarding the various auth login methods & other configuration requirements, see http://dansguardian.org or Google, select one |
| | | |
− | config setprop squid RequireAuth pam | + | config setprop squid RequireAuth pam |
− | | + | config setprop squid RequireAuth nsca |
− | or
| + | config setprop squid RequireAuth ident |
− | | |
− | config setprop squid RequireAuth nsca | |
− | | |
− | or
| |
− | | |
− | config setprop squid RequireAuth ident | |
| | | |
| To disable Auth login | | To disable Auth login |
| | | |
− | config delprop squid RequireAuth | + | config delprop squid RequireAuth |
| | | |
| To enable any of the above setting changes you must follow the command with: | | To enable any of the above setting changes you must follow the command with: |
| | | |
− | expand-template /etc/squid/squid.conf | + | expand-template /etc/squid/squid.conf |
− | | + | sv t /service/squid |
− | svc -t /service/squid
| |
| | | |
| If you are using nsca auth, create the user & password authentication list (you don't require users to be valid sme users) | | If you are using nsca auth, create the user & password authentication list (you don't require users to be valid sme users) |
| | | |
− | touch /home/e-smith/db/proxyusers | + | touch /home/e-smith/db/proxyusers |
| | | |
| Enter user names & password combinations one by one using this command | | Enter user names & password combinations one by one using this command |
Line 271: |
Line 246: |
| You will see a ERR or OK response | | You will see a ERR or OK response |
| | | |
− | If you are using ident auth, you will require a ident client/server on your workstation available from: | + | If you are using ident auth, you will require a ident client/server on your workstation. One windows ident client is available from: |
| | | |
− | http://dansguardian.org/downloads/michaelpike/DGID.zip
| + | https://sourceforge.net/projects/retinascan |
| | | |
| | | |