- Crie o diretório /etc/e2guardian/ssl/generatedcerts:
mkdir -p /etc/e2guardian/ssl/generatedcerts
- Mude o mode do diretório /etc/e2guardian/ssl/generatedcerts para 777:
chmod 777 /etc/e2guardian/ssl/generatedcerts
- Crie o arquivo /etc/e2guardian/ssl/mkcert e o execute:
#!/bin/bash openssl genrsa 4096 > ca.key openssl req -new -x509 -days 3650 -key ca.key -out ca.pem openssl x509 -in ca.pem -outform DER -out ca.der openssl genrsa 4096 > cert.key
- Edite os arquivos:
/etc/e2guardian/e2guardian.conf:
# Enable SSL support # This must be present to enable MITM and/or Cert checking # default is off enablessl = on ... #SSL man in the middle #CA certificate path #Path to the CA certificate to use as a signing certificate for #generated certificates. # default is blank - required if ssl_mitm is enabled. cacertificatepath = '/etc/e2guardian/ssl/ca.pem' #CA private key path #path to the private key that matches the public key in the CA certificate. # default is blank - required if ssl_mitm is enabled. caprivatekeypath = '/etc/e2guardian/ssl/ca.key' #Cert private key path #The public / private key pair used by all generated certificates # default is blank - required if ssl_mitm is enabled. certprivatekeypath = '/etc/e2guardian/ssl/cert.key' #Generated cert path #The location where generated certificates will be saved for future use. #(must be writable by the dg user) # default is blank - required if ssl_mitm is enabled. generatedcertpath = '/etc/e2guardian/ssl/generatedcerts/'
Edite o arquivo e2guardianf1.conf
Localize a linha e ligue o SSLMITM
sslmitm = on
/etc/e2guardian/lists/bannedsitelist:
... #List other sites to block: # badboys.com xxxbucetas.net bucetas.b-cdn.net xvideos.blog ... # You will need to edit to add and remove categories you want .Include</etc/e2guardian/lists/BL/porn/domains> .Include</etc/e2guardian/lists/BL/aggressive/domains>
- Habilite e inicie o serviço e2guardian.service:
systemctl enable e2guardian.service systemctl start e2guardian.service
Sobre o Autor