E2Guardian MITN Criando Certificados

E2Guardian MITN Criando Certificados


  1. Crie o diretório /etc/e2guardian/ssl/generatedcerts:
    mkdir -p /etc/e2guardian/ssl/generatedcerts
  2. Mude o mode do diretório /etc/e2guardian/ssl/generatedcerts para 777:
    chmod 777 /etc/e2guardian/ssl/generatedcerts
  3. Crie o arquivo /etc/e2guardian/ssl/mkcert e o execute:
    #!/bin/bash
    
    openssl genrsa 4096 > ca.key
    openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
    openssl x509 -in ca.pem -outform DER -out ca.der
    openssl genrsa 4096 > cert.key
  4. Edite os arquivos:

/etc/e2guardian/e2guardian.conf:

# Enable SSL support
# This must be present to enable MITM and/or Cert checking
# default is off
enablessl = on
...
#SSL man in the middle
#CA certificate path
#Path to the CA certificate to use as a signing certificate for
#generated certificates.
# default is blank - required if ssl_mitm is enabled.
cacertificatepath = '/etc/e2guardian/ssl/ca.pem'

#CA private key path
#path to the private key that matches the public key in the CA certificate.
# default is blank - required if ssl_mitm is enabled.
caprivatekeypath = '/etc/e2guardian/ssl/ca.key'

#Cert private key path
#The public / private key pair used by all generated certificates
# default is blank - required if ssl_mitm is enabled.
certprivatekeypath = '/etc/e2guardian/ssl/cert.key'

#Generated cert path
#The location where generated certificates will be saved for future use.
#(must be writable by the dg user)
# default is blank - required if ssl_mitm is enabled.
generatedcertpath = '/etc/e2guardian/ssl/generatedcerts/'

Edite o arquivo e2guardianf1.conf

Localize a linha e ligue o SSLMITM

sslmitm = on

/etc/e2guardian/lists/bannedsitelist:

...
#List other sites to block:

# badboys.com
xxxbucetas.net
bucetas.b-cdn.net
xvideos.blog
...
# You will need to edit to add and remove categories you want
.Include</etc/e2guardian/lists/BL/porn/domains>
.Include</etc/e2guardian/lists/BL/aggressive/domains>
  1. Habilite e inicie o serviço e2guardian.service:
    systemctl enable e2guardian.service
    systemctl start e2guardian.service

Sobre o Autor

Diego Elcain administrator