1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
Squidtaild readme 2.1 Alpha 6 (Perlized)
1) What is squidtaild
2) How does it work
3) How to install
4) Additional information
5) License agreement
1 - What is Squidtaild
Squidtaild is a Squid proxy traffic monitoring
program that gives the people managing the proxy
server the ability to closely monitor the kind
of pages his/her users should not be visiting.
Squidtaild is a very fast, highly configurable Perl
program that will dynamicly create html pages that
display the violations that people made one or more
of the filters you have applied to the squid proxy
logging system.
What is this good for?
More and more companies and schools are implementing
internet access in the networks.
What does this do for productivity?
To keep an eye on the amount of i.e porn, mp3,
warez, etc. sites visited squidtaild is an ideal program.
It can also track down possible company/school internet
policily violators, it can warn them when they have
violated a policy as well.
2 - How does it work
First you design a set a filters the way you see fit.
There are three filters, one being the green filter
one being the yellow filter and the last being the red
filter. A filter is nothing more than a file containing
wildcards you want to be monitored in the URL's visited
by the people using the proxyserver.
An example for the filters:
filter 'possilbe' (green)
--------------------------
gambeling
girls
sexy
etc
--------------------------
filter 'probable' (yellow)
--------------------------
porn
mp3
etc
--------------------------
filter 'definite' (red)
--------------------------
hackingtools
etc
--------------------------
With these filters (being really strange in the
example) squidtaild will filter out all new entry's
in the access.log file (generated by Squid) and
generate a nice html file as soon as a match is found.
Squidtaild will generate a main page displaying
the total amount of hits with each filter.
You can click on this number and view all hits.
It will display the last violation on each filter
And it will also generate a list of all violators,
these are all seperate pags that carry the name of
the ip address by the violator and it's violation.
Each violation is a hyperlink so you can easaly
verify if a violation is indeed a violation.
Requirements are:
Squid proxy server with logging enabled
http server of somekind to display pages
Optional is:
Samba client for sending messages
email address to send violations to
Sending us gratitude for the software
3 - How to install
Installing Squidtaild can be done in two way's
1 - Using the 'install' script
2 - By hand
The install script is very simple but should do the trick.
We haven't heard any problems with it lately so it's
probably safe.
When installing by hand do the following
The first thing to do is install the Perl modules
needed for Squidtaild to work correctly.
It's highly unlikely you allready have these installed
on your system. so enter the 'perl-modules' directory
and from there entry each directory seperatly and install
the modules.
After you have installed the perl modules
it's time to install squidtaild, since it's a perl
program there is no compiling to be done.
Just enter the 'sbin' directory and copy the 'squidtaild'
file to '/usr/sbin' or wherever you like having your
executables.
The last thing to do is make a directory called 'squidtaild'
in your '/etc/' directory and copy the ENTIRE contense of the
'config' directory into '/etc/squidtaild/' (including the
subdirectory 'config/squdtaild/filters')
After this is done the configuration file needs to be set.
open '/etc/squidtaild/squidtaild.conf' in your favorite
editor and adjust the settings to your liking.
(happens automaticly when using the install script)
4 - Additional Information
Squidtaild has more options such as:
- Mailing matches that occur
- Sending sambaclient messages to the violator
(Samba req. and configured correctly)
- Sending sambaclient message to the administrator
(Samba req. and configured correctly)
- A exclude filter for suppressing hits on
certain sites
- Incremental check is optional
Configuration file options:
* HTML of plain ACSI mail reporting
mailstyle text (this will send mail in asci mode)
mailstyle html (this will send mail in HTML mode)
* truncate_url & urllenght
These options are used to specify the lenght of the url
shown
* status_refresh
allows the user to specify the time (in secondes) between
page refresh
* dns_lookups
makes squidtaild display hostname (if found by dns
lookup) instead of ip adress
The init.d scripts are writen for Redhat/Mandrake type systems, it may
result in minor problems shutting down the program on other systems.
For questions, comments or bug reports send an email to
squidtaild@usa.net
|
