Preparando o Ambiente
yum groupinstall ‘Development Tools’
yum install zlib-devel pcre-devel openssl-devel git vim bash-completion wget xz-devel bzip2-devel openldap-devel gd gd-devel
Desabilitando Firewall
systemctl disable firewalld
systemctl stop firewalld
Desabilitando SElinux
vim /etc/selinux/config
SELINUX=disabled
Baixando o Instalador
git clone https://github.com/e2guardian/e2guardian.git
cd e2guardian
Compilando e Instalando
./autogen.sh
./configure ‘–prefix=/usr’ ‘–enable-clamd=yes’ ‘–with-proxyuser=e2guardian’ ‘–with-proxygroup=e2guardian’ ‘–sysconfdir=/etc’ ‘–localstatedir=/var’ ‘–enable-icap=yes’ ‘–enable-commandline=yes’ ‘–enable-email=yes’ ‘–enable-ntlm=yes’ ‘–mandir=${prefix}/share/man’ ‘–infodir=${prefix}/share/info’ ‘–enable-pcre=yes’ ‘–enable-sslmitm=yes’ ‘CPPFLAGS=-mno-sse2 -g -O2’make
make install
Criando os Serviços SystemCTL
cp /usr/share/e2guardian/scripts/e2guardian.service /etc/systemd/system/
cp /usr/share/e2guardian/scripts/e2guardian /etc/logrotate.d/
Necessário criar Log e Setar Permissão
touch /var/log/e2guardian/access.log
useradd e2guardian
chown -R e2guardian:e2guardian /var/log/e2guardian/
Gerando Certificado SSL Para MITM
Crie o diretório /etc/e2guardian/ssl/generatedcerts:
mkdir -p /etc/e2guardian/ssl/generatedcerts
Mude o mode do diretório /etc/e2guardian/ssl/generatedcerts para 777:
chmod 777 /etc/e2guardian/ssl/generatedcerts
Crie o arquivo /etc/e2guardian/sslgen.sh e o execute:
#!/bin/bash
openssl genrsa 4096 > ca.key
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
openssl x509 -in ca.pem -outform DER -out ca.der
openssl genrsa 4096 > cert.key
Execute
chmod +x sslgen.sh
cp /etc/e2guardian/ssl/ca.pem /etc/e2guardian/ssl/ca.crt
Copiar o CA.crt para Maquina Windows
Importar no Diretório de CA Confiáveis
Edite os arquivos:
/etc/e2guardian/e2guardian.conf:
# Enable SSL support
# This must be present to enable MITM and/or Cert checking
# default is off
enablessl = on
…
#SSL man in the middle
#CA certificate path
#Path to the CA certificate to use as a signing certificate for
#generated certificates.
# default is blank – required if ssl_mitm is enabled.
cacertificatepath = ‘/etc/e2guardian/ssl/ca.pem’#CA private key path
#path to the private key that matches the public key in the CA certificate.
# default is blank – required if ssl_mitm is enabled.
caprivatekeypath = ‘/etc/e2guardian/ssl/ca.key’#Cert private key path
#The public / private key pair used by all generated certificates
# default is blank – required if ssl_mitm is enabled.
certprivatekeypath = ‘/etc/e2guardian/ssl/cert.key’#Generated cert path
#The location where generated certificates will be saved for future use.
#(must be writable by the dg user)
# default is blank – required if ssl_mitm is enabled.
generatedcertpath = ‘/etc/e2guardian/ssl/generatedcerts/’
Edite o arquivo e2guardianf1.conf e Habilite
sslmitm = on
Adicione alguns sites para teste
/etc/e2guardian/lists/bannedsitelist:
…
#List other sites to block:
# badboys.com
xxxbucetas.net
bucetas.b-cdn.net
xvideos.blog
Habilite e inicie o serviço e2guardian.service:
systemctl enable e2guardian.service
systemctl start e2guardian.service
Instale uma Blacklist (Opicional)
cd ~
wget http://www.shallalist.de/Downloads/shallalist.tar.gz
tar -xvzf shallalist.tar.gz
mv BL/ /etc/e2guardian/lists/chown -R e2guardian:e2guardian /etc/e2guardian/lists/
Instale o SARG (Opicional)
wget https://sourceforge.net/projects/sarg/files/sarg/sarg-2.4.0/sarg-2.4.0.tar.gz
tar -xvzf sarg-2.4.0.tar.gz
cd sarg-2.4.0
./configure
make
make install
Sobre o Autor