Av. Circular, Nº. 1192 - Goiânia contato[@]cuidadodigital.com.br
Estamos pronto para ajudar o seu negócio crescer.

e2guardian CentOS 7 com SSL MITM

Preparando o Ambiente

yum groupinstall 'Development Tools' yum install zlib-devel pcre-devel openssl-devel git vim bash-completion wget xz-devel bzip2-devel openldap-devel gd gd-devel
Desabilitando Firewall
systemctl disable firewalld systemctl stop firewalld
Desabilitando SElinux
vim /etc/selinux/config SELINUX=disabled
Baixando o Instalador
git clone https://github.com/e2guardian/e2guardian.git cd e2guardian
Compilando e Instalando
./autogen.sh ./configure '--prefix=/usr' '--enable-clamd=yes' '--with-proxyuser=e2guardian' '--with-proxygroup=e2guardian' '--sysconfdir=/etc' '--localstatedir=/var' '--enable-icap=yes' '--enable-commandline=yes' '--enable-email=yes' '--enable-ntlm=yes' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--enable-pcre=yes' '--enable-sslmitm=yes' 'CPPFLAGS=-mno-sse2 -g -O2' make make install
Criando os Serviços SystemCTL
cp /usr/share/e2guardian/scripts/e2guardian.service /etc/systemd/system/ cp /usr/share/e2guardian/scripts/e2guardian /etc/logrotate.d/
Necessário criar Log e Setar Permissão
touch /var/log/e2guardian/access.log useradd e2guardian chown -R e2guardian:e2guardian /var/log/e2guardian/
Gerando Certificado SSL Para MITM Crie o diretório /etc/e2guardian/ssl/generatedcerts:
mkdir -p /etc/e2guardian/ssl/generatedcerts
Mude o mode do diretório /etc/e2guardian/ssl/generatedcerts para 777:
chmod 777 /etc/e2guardian/ssl/generatedcerts
Crie o arquivo /etc/e2guardian/sslgen.sh e o execute:
#!/bin/bash openssl genrsa 4096 > ca.key openssl req -new -x509 -days 3650 -key ca.key -out ca.pem openssl x509 -in ca.pem -outform DER -out ca.der openssl genrsa 4096 > cert.key
Execute
chmod +x sslgen.sh cp /etc/e2guardian/ssl/ca.pem /etc/e2guardian/ssl/ca.crt
Copiar o CA.crt para Maquina Windows Importar no Diretório de CA Confiáveis Edite os arquivos: /etc/e2guardian/e2guardian.conf:
# Enable SSL support # This must be present to enable MITM and/or Cert checking # default is off enablessl = on ... #SSL man in the middle #CA certificate path #Path to the CA certificate to use as a signing certificate for #generated certificates. # default is blank - required if ssl_mitm is enabled. cacertificatepath = '/etc/e2guardian/ssl/ca.pem' #CA private key path #path to the private key that matches the public key in the CA certificate. # default is blank - required if ssl_mitm is enabled. caprivatekeypath = '/etc/e2guardian/ssl/ca.key' #Cert private key path #The public / private key pair used by all generated certificates # default is blank - required if ssl_mitm is enabled. certprivatekeypath = '/etc/e2guardian/ssl/cert.key' #Generated cert path #The location where generated certificates will be saved for future use. #(must be writable by the dg user) # default is blank - required if ssl_mitm is enabled. generatedcertpath = '/etc/e2guardian/ssl/generatedcerts/'
Edite o arquivo e2guardianf1.conf e Habilite
sslmitm = on
Adicione alguns sites para teste /etc/e2guardian/lists/bannedsitelist: ... #List other sites to block: # badboys.com xxxbucetas.net bucetas.b-cdn.net xvideos.blog Habilite e inicie o serviço e2guardian.service:
systemctl enable e2guardian.service systemctl start e2guardian.service
Instale uma Blacklist (Opicional)
cd ~ wget http://www.shallalist.de/Downloads/shallalist.tar.gz tar -xvzf shallalist.tar.gz mv BL/ /etc/e2guardian/lists/ chown -R e2guardian:e2guardian /etc/e2guardian/lists/
Instale o SARG (Opicional)
wget https://sourceforge.net/projects/sarg/files/sarg/sarg-2.4.0/sarg-2.4.0.tar.gz tar -xvzf sarg-2.4.0.tar.gz cd sarg-2.4.0 ./configure make make install