1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173
|
Squidtaild readme 2.1 Alpha 6 (Perlized)
1) What is squidtaild
2) How does it work
3) How to install
4) Additional information
5) License agreement
1 - What is Squidtaild
Squidtaild is a Squid proxy traffic monitoring
program that gives the people managing the proxy
server the ability to closely monitor the kind
of pages his/her users should not be visiting.
Squidtaild is a very fast, highly configurable Perl
program that will dynamicly create html pages that
display the violations that people made one or more
of the filters you have applied to the squid proxy
logging system.
What is this good for?
More and more companies and schools are implementing
internet access in the networks.
What does this do for productivity?
To keep an eye on the amount of i.e porn, mp3,
warez, etc. sites visited squidtaild is an ideal program.
It can also track down possible company/school internet
policily violators, it can warn them when they have
violated a policy as well.
2 - How does it work
First you design a set a filters the way you see fit.
There are three filters, one being the green filter
one being the yellow filter and the last being the red
filter. A filter is nothing more than a file containing
wildcards you want to be monitored in the URL's visited
by the people using the proxyserver.
An example for the filters:
filter 'possilbe' (green)
--------------------------
gambeling
girls
sexy
etc
--------------------------
filter 'probable' (yellow)
--------------------------
porn
mp3
etc
--------------------------
filter 'definite' (red)
--------------------------
hackingtools
etc
--------------------------
With these filters (being really strange in the
example) squidtaild will filter out all new entry's
in the access.log file (generated by Squid) and
generate a nice html file as soon as a match is found.
Squidtaild will generate a main page displaying
the total amount of hits with each filter.
You can click on this number and view all hits.
It will display the last violation on each filter
And it will also generate a list of all violators,
these are all seperate pags that carry the name of
the ip address by the violator and it's violation.
Each violation is a hyperlink so you can easaly
verify if a violation is indeed a violation.
Requirements are:
Squid proxy server with logging enabled
http server of somekind to display pages
Optional is:
Samba client for sending messages
email address to send violations to
Sending us gratitude for the software
3 - How to install
Installing Squidtaild can be done in two way's
1 - Using the 'install' script
2 - By hand
The install script is very simple but should do the trick.
We haven't heard any problems with it lately so it's
probably safe.
When installing by hand do the following
The first thing to do is install the Perl modules
needed for Squidtaild to work correctly.
It's highly unlikely you allready have these installed
on your system. so enter the 'perl-modules' directory
and from there entry each directory seperatly and install
the modules.
After you have installed the perl modules
it's time to install squidtaild, since it's a perl
program there is no compiling to be done.
Just enter the 'sbin' directory and copy the 'squidtaild'
file to '/usr/sbin' or wherever you like having your
executables.
The last thing to do is make a directory called 'squidtaild'
in your '/etc/' directory and copy the ENTIRE contense of the
'config' directory into '/etc/squidtaild/' (including the
subdirectory 'config/squdtaild/filters')
After this is done the configuration file needs to be set.
open '/etc/squidtaild/squidtaild.conf' in your favorite
editor and adjust the settings to your liking.
(happens automaticly when using the install script)
4 - Additional Information
Squidtaild has more options such as:
- Mailing matches that occur
- Sending sambaclient messages to the violator
(Samba req. and configured correctly)
- Sending sambaclient message to the administrator
(Samba req. and configured correctly)
- A exclude filter for suppressing hits on
certain sites
- Incremental check is optional
Configuration file options:
* HTML of plain ACSI mail reporting
mailstyle text (this will send mail in asci mode)
mailstyle html (this will send mail in HTML mode)
* truncate_url & urllenght
These options are used to specify the lenght of the url
shown
* status_refresh
allows the user to specify the time (in secondes) between
page refresh
* dns_lookups
makes squidtaild display hostname (if found by dns
lookup) instead of ip adress
The init.d scripts are writen for Redhat/Mandrake type systems, it may
result in minor problems shutting down the program on other systems.
For questions, comments or bug reports send an email to
squidtaild@usa.net
|