�ｽv�ｽ�ｽ�ｽL�ｽV�ｽT�ｽ[�ｽo�ｽ[�ｽﾅコ�ｽ�ｽ�ｽe�ｽ�ｽ�ｽc�ｽt�ｽB�ｽ�ｽ�ｽ^�ｽ�ｽ�ｽ�ｽ�ｽO�ｽisquidGuard�ｽj

�ｽﾅ終�ｽX�ｽV�ｽ�ｽ�ｽF 2019.06.17

�ｽ�ｽ�ｽT�ｽv

Squid�ｽﾆ連�ｽg�ｽ�ｽ�ｽﾄ使�ｽp�ｽ�ｽ�ｽ�ｽt�ｽB�ｽ�ｽ�ｽ^�ｽ�ｽ�ｽ�ｽ�ｽO�ｽ\�ｽt�ｽg�ｽﾅゑｿｽ�ｽ�ｽsquidGuard�ｽ�p�ｽ�ｽ�ｽﾄ子�ｽ�ｽ�ｽ�ｽ�ｽX�ｽ}�ｽz�ｽﾅア�ｽ_�ｽ�ｽ�ｽg�ｽT�ｽC�ｽg�ｽ�ｽ�ｽﾌ不�ｽK�ｽﾘなサ�ｽC�ｽg�ｽﾖア�ｽN�ｽZ�ｽX�ｽﾅゑｿｽ�ｽﾈゑｿｽ�ｽ謔､�ｽﾉゑｿｽ�ｽ�ｽB�ｽ�ｽ�ｽ�ｽ�ｽﾅは、�ｽA�ｽN�ｽZ�ｽX�ｽ�ｽIP�ｽA�ｽh�ｽ�ｽ�ｽX�ｽ�ｽ�ｽﾉゑｿｽ�ｽA�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽﾉ登�ｽ^�ｽ�ｽ�ｽ黷ｽ�ｽT�ｽC�ｽg�ｽﾖア�ｽN�ｽZ�ｽX�ｽﾅゑｿｽ�ｽﾈゑｿｽ�ｽ謔､�ｽﾉゑｿｽ�ｽ�ｽB

�ｽ�ｽ�ｽ�ｽ�ｽ轤ｩ�ｽ�ｽ�ｽ�ｽDHCP�ｽﾝ抵ｿｽﾅ固抵ｿｽIP�ｽA�ｽh�ｽ�ｽ�ｽX�ｽ�ｽ�ｽ�ｽ�ｽ闢厄ｿｽﾄてゑｿｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ

�ｽ�ｽsquidGuard�ｽC�ｽ�ｽ�ｽX�ｽg�ｽ[�ｽ�ｽ

[root@centos ~]# yum -y install squidGuard�ｽ@�ｽ�ｽ�ｽ@squidGuard�ｽC�ｽ�ｽ�ｽX�ｽg�ｽ[�ｽ�ｽ

�ｽ�ｽsquidGuard�ｽﾝ抵ｿｽ

�ｽi�ｽP�ｽjGoogle�ｽ|�ｽ�ｽR�ｽ}�ｽ�ｽ�ｽh�ｽC�ｽ�ｽ�ｽX�ｽg�ｽ[�ｽ�ｽ�ｽ�ｽ�ｽ�ｽq�ｽﾌ「�ｽi�ｽQ�ｽj�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ�ｬ�ｽv�ｽﾅ使�ｽp

[root@centos ~]# git clone https://github.com/soimort/translate-shell�ｽ@�ｽ�ｽ�ｽ@translate-shell�ｽ_�ｽE�ｽ�ｽ�ｽ�ｽ�ｽ[�ｽh

[root@centos ~]# cd translate-shell/�ｽ@�ｽ�ｽ�ｽ@�ｽ_�ｽE�ｽ�ｽ�ｽ�ｽ�ｽ[�ｽh�ｽ�ｽf�ｽB�ｽ�ｽ�ｽN�ｽg�ｽ�ｽ�ｽﾖ移難ｿｽ

[root@centos translate-shell]# make && make install�ｽ@�ｽ�ｽ�ｽ@translate-shell�ｽC�ｽ�ｽ�ｽX�ｽg�ｽ[�ｽ�ｽ

[root@centos translate-shell]# cd�ｽ@�ｽ�ｽ�ｽ@�ｽz�ｽ[�ｽ�ｽ�ｽf�ｽB�ｽ�ｽ�ｽN�ｽg�ｽ�ｽ�ｽﾖ戻ゑｿｽ

[root@centos ~]# rm -rf translate-shell/�ｽ@�ｽ�ｽ�ｽ@translate-shell�ｽf�ｽB�ｽ�ｽ�ｽN�ｽg�ｽ�ｽ�ｽ尞�

�ｽi�ｽQ�ｽj�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ�ｬ
Shalla's Blacklists�ｽﾅ提供ゑｿｽ�ｽ�ｽ�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ�ｽ�ｽg�ｽp�ｽ�ｽ�ｽ�ｽB

[root@centos ~]# rm -f /var/squidGuard/blacklists.tar.gz�ｽ@�ｽ�ｽ�ｽ@squidGuard�ｽﾆ一緒�ｽﾉイ�ｽ�ｽ�ｽX�ｽg�ｽ[�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽT�ｽ�ｽ�ｽv�ｽ�ｽ�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ尞懶ｿｽ�ｽShalla's Blacklists�ｽﾌブ�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ�ｽ�ｽg�ｽp�ｽ�ｽ�ｽ�ｽﾌで不�ｽv�ｽﾈゑｿｽ�ｽ�ｽ

[root@centos ~]# vi /etc/cron.daily/squidGuard-blacklists-udate�ｽ@�ｽ�ｽ�ｽ@�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ�ｽ�ｽ�ｽ�ｽX�ｽV�ｽX�ｽN�ｽ�ｽ�ｽv�ｽg�ｽ�ｬ
#!/bin/bash

cd /var/squidGuard/

# �ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ_�ｽE�ｽ�ｽ�ｽ�ｽ�ｽ[�ｽh
wget http://www.shallalist.de/Downloads/shallalist.tar.gz > /dev/null 2>&1
[ $? -ne 0 ] && echo "$(basename ${0}) aborted!" | mail -s "$(basename ${0}) aborted!" root && exit

# �ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽW�ｽJ
tar zxvf shallalist.tar.gz > /dev/null 2>&1
[ $? -ne 0 ] && echo "$(basename ${0}) aborted!" | mail -s "$(basename ${0}) aborted!" root && exit
rm -f shallalist.tar.gz

# squidGuard�ｽﾝ抵ｿｽt�ｽ@�ｽC�ｽ�ｽ�ｽi�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ�ｽ`�ｽj�ｽ�ｬ
rm -f /etc/squid/squidGuard-blacklist.conf
cat BL/global_usage | while read line
do
    echo ${line} | grep "^NAME:" > /dev/null 2>&1
    if [ $? -eq 0 ]; then
        NAME=`echo ${line} | awk '{print $2}'` 
    fi
    echo ${line} | grep "^DESC EN:" > /dev/null 2>&1
    if [ $? -eq 0 ]; then
        DESC=`echo ${line} | sed -e 's/DESC EN: \(.*\)/\1/p' -e d | /usr/local/bin/trans -b --no-auto :ja` 
    fi
    echo ${line} | grep "^NAME EN:" > /dev/null 2>&1
    if [ $? -eq 0 ]; then
        NAME_FULL=`echo ${line} | sed -e 's/NAME EN: \(.*\)/\1/p' -e d` 
        echo "# ${NAME_FULL}" >> /etc/squid/squidGuard-blacklist.conf
        echo "# ${DESC}" >> /etc/squid/squidGuard-blacklist.conf
        echo "dest ${NAME} {" >> /etc/squid/squidGuard-blacklist.conf
        echo "        domainlist BL/${NAME}/domains" >> /etc/squid/squidGuard-blacklist.conf
        echo "        urllist    BL/${NAME}/urls" >> /etc/squid/squidGuard-blacklist.conf
        echo "        redirect http://centossrv.com/cgi-bin/squidGuard-simple.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u" >> /etc/squid/squidGuard-blacklist.conf
        echo "        log anonymous block.log" >> /etc/squid/squidGuard-blacklist.conf
        echo "}" >> /etc/squid/squidGuard-blacklist.conf
        echo >> /etc/squid/squidGuard-blacklist.conf
    fi
done

if [ ${#} -eq 0 ]; then

    # squidGuard�ｽﾝ抵ｿｽt�ｽ@�ｽC�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ
    cat /etc/squid/squidGuard-common.conf \
        /etc/squid/squidGuard-src.conf \
        /etc/squid/squidGuard-blacklist.conf \
        /etc/squid/squidGuard-acl.conf > /etc/squid/squidGuard.conf

    # �ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽgDB�ｽ�ｽ
    squidGuard -C all
    chown -R squid.squid /var/squidGuard/
    chown -R squid.squid /var/log/squidGuard/

    # Squid�ｽﾄ読み搾ｿｽ�ｽ�ｽ
    squid -k reconfigure
fi

[root@centos ~]# chmod +x /etc/cron.daily/squidGuard-blacklists-udate�ｽ@�ｽ�ｽ�ｽ@�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ�ｽ�ｽ�ｽ�ｽX�ｽV�ｽX�ｽN�ｽ�ｽ�ｽv�ｽg�ｽﾉ趣ｿｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽt�ｽ�ｽ

[root@centos ~]# /etc/cron.daily/squidGuard-blacklists-udate 1�ｽ@�ｽ�ｽ�ｽ@�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ�ｽ�ｽ�ｽ�ｽX�ｽV�ｽX�ｽN�ｽ�ｽ�ｽv�ｽg�ｽ�ｽ�ｽs�ｽisquidGuard�ｽﾝ抵ｿｽt�ｽ@�ｽC�ｽ�ｽ�ｽi�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ�ｽ`�ｽj�ｽ�ｬ�ｽj

�ｽi�ｽR�ｽjsquidGuard�ｽﾝ抵ｿｽ

[root@centos ~]# vi /etc/squid/squidGuard-common.conf�ｽ@�ｽ�ｽ�ｽ@squidGuard�ｽﾝ抵ｿｽt�ｽ@�ｽC�ｽ�ｽ�ｽi�ｽ�ｽ{�ｽj�ｽ�ｬ
dbhome /var/squidGuard
logdir /var/log/squidGuard

[root@centos ~]# vi /etc/squid/squidGuard-src.conf�ｽ@�ｽ�ｽ�ｽ@squidGuard�ｽﾝ抵ｿｽt�ｽ@�ｽC�ｽ�ｽ�ｽiIP�ｽA�ｽh�ｽ�ｽ�ｽX�ｽ�ｽ`�ｽj�ｽ�ｬ
# IP�ｽA�ｽh�ｽ�ｽ�ｽX�ｽ�ｽ`�ｽi�ｽﾇ暦ｿｽ�ｽﾒ）
src admin {
        ip              192.168.1.11
}

# IP�ｽA�ｽh�ｽ�ｽ�ｽX�ｽ�ｽ`�ｽi�ｽ}�ｽ}�ｽj
src mama {
        ip              192.168.1.12
}

# IP�ｽA�ｽh�ｽ�ｽ�ｽX�ｽ�ｽ`�ｽi�ｽq�ｽ�ｽ�ｽj
src kids {
        ip              192.168.1.13
        ip              192.168.1.14
}

[root@centos ~]# vi /etc/squid/squidGuard-acl.conf�ｽ@�ｽ�ｽ�ｽ@squidGuard�ｽﾝ抵ｿｽt�ｽ@�ｽC�ｽ�ｽ�ｽi�ｽA�ｽN�ｽZ�ｽX�ｽ�ｽ�ｽ�ｽ�ｽ`�ｽj�ｽ�ｬ
# �ｽA�ｽN�ｽZ�ｽX�ｽ�ｽ�ｽ�ｽ�ｽ`
acl {
        
        # �ｽA�ｽN�ｽZ�ｽX�ｽ�ｽ�ｽ�ｽ�ｽ`�ｽi�ｽﾇ暦ｿｽ�ｽﾒ）
        admin {
                # �ｽ�ｽ�ｽ�ｽ�ｽ�ｽ
                pass     any
        }

        # �ｽA�ｽN�ｽZ�ｽX�ｽ�ｽ�ｽ�ｽ�ｽ`�ｽi�ｽ}�ｽ}�ｽj
        mama {
                # �ｽ�ｽ�ｽ�ｽ�ｽ�ｽ
                pass     any
        }

        # �ｽA�ｽN�ｽZ�ｽX�ｽ�ｽ�ｽ�ｽ�ｽ`�ｽi�ｽ�ｽ�ｽﾌ托ｿｽ�ｽj
        default {
                # �ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽﾌ会ｿｽ�ｽL�ｽJ�ｽe�ｽS�ｽ�ｽ�ｽﾈ外�ｽA�ｽN�ｽZ�ｽX�ｽ�ｽ�ｽ�ｽ
                # �ｽ�ｽ�ｽe�ｽJ�ｽe�ｽS�ｽ�ｽ�ｽﾌ意厄ｿｽ�ｽ�ｽsquidGuard�ｽﾝ抵ｿｽt�ｽ@�ｽC�ｽ�ｽ�ｽi�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽg�ｽ�ｽ`�ｽj�ｽQ�ｽ�ｽ
                pass !aggressive !costtraps !dating !drugs !gamble !hacking !porn !religion !sex/lingerie !sex/education !spyware !violence !warez !weapons all
        }
}

[root@centos ~]# cat /etc/squid/squidGuard-common.conf \
/etc/squid/squidGuard-src.conf \
/etc/squid/squidGuard-blacklist.conf \
/etc/squid/squidGuard-acl.conf > /etc/squid/squidGuard.conf�ｽ@�ｽ�ｽ�ｽ@squidGuard�ｽﾝ抵ｿｽt�ｽ@�ｽC�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ

[root@centos ~]# squidGuard -d -C all�ｽ@�ｽ�ｽ�ｽ@�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽX�ｽgDB�ｽ�ｽ
�ｽE
�ｽE
�ｽE
2017-06-19 16:01:40 [782] squidGuard 1.4 started (1497855664.965)
2017-06-19 16:01:40 [782] db update done
2017-06-19 16:01:40 [782] squidGuard stopped (1497855700.105)

[root@centos ~]# chown -R squid.squid /var/squidGuard/�ｽ@�ｽ�ｽ�ｽ@DB�ｽf�ｽB�ｽ�ｽ�ｽN�ｽg�ｽ�ｽ�ｽ�ｽ�ｽL�ｽﾒ変更

[root@centos ~]# chown -R squid.squid /var/log/squidGuard/�ｽ@�ｽ�ｽ�ｽ@�ｽ�ｽ�ｽO�ｽf�ｽB�ｽ�ｽ�ｽN�ｽg�ｽ�ｽ�ｽ�ｽ�ｽL�ｽﾒ変更

[root@centos ~]# vi /etc/squid/squid.conf�ｽ@�ｽ�ｽ�ｽ@Squid�ｽﾝ抵ｿｽt�ｽ@�ｽC�ｽ�ｽ�ｽﾒ集
�ｽﾈ会ｿｽ�ｽ�ｽﾇ会ｿｽ
# squidGuard�ｽA�ｽg�ｽﾝ抵ｿｽ
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

[root@centos ~]# vi /var/www/cgi-bin/squidGuard-simple.cgi�ｽ@�ｽ�ｽ�ｽ@squidGuard-simple.cgi�ｽﾒ集
# Email Adresse des Proxy Administrators:
# Edit to your requirements. Make sure to keep the @ escaped.
my $PROXYEMAIL = "root\@centossrv.com";�ｽ@�ｽ�ｽ�ｽ@�ｽﾇ暦ｿｽ�ｽﾒ�ｿｽ�ｽ[�ｽ�ｽ�ｽA�ｽh�ｽ�ｽ�ｽX�ｽﾏ更

    print "      <A HREF=\"http://www.squidguard.org/\"><IMG SRC=\"http://www.squidguard.org/Logos/squidGuard.gif\"\n";�ｽ@�ｽ�ｽ�ｽ@squidGuard�ｽ�ｽ�ｽSURL�ｽﾏ更

    print "      <A HREF=\"http://www.squidguard.org/\"><IMG SRC=\"http://www.squidguard.org/Logos/squidGuard.gif\"\n";�ｽ@�ｽ�ｽ�ｽ@squidGuard�ｽ�ｽ�ｽSURL�ｽﾏ更

    print "      <A HREF=\"http://www.squidguard.org/\"><IMG SRC=\"http://www.squidguard.org/Logos/squidGuard.gif\"\n";�ｽ@�ｽ�ｽ�ｽ@squidGuard�ｽ�ｽ�ｽSURL�ｽﾏ更

[root@centos ~]# systemctl reload squid�ｽ@�ｽ�ｽ�ｽ@Squid�ｽﾝ抵ｿｽﾄ読搾ｿｽ�ｽ�ｽ

�ｽi�ｽS�ｽjApache�ｽﾝ抵ｿｽ
�ｽA�ｽN�ｽZ�ｽX�ｽu�ｽ�ｽ�ｽb�ｽN�ｽ�ｽ�ｽﾉ趣ｿｽ�ｽs�ｽ�ｽ�ｽ�ｽ�ｽCGI�ｽX�ｽN�ｽ�ｽ�ｽv�ｽg�ｽﾖ難ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽﾌみア�ｽN�ｽZ�ｽX�ｽﾅゑｿｽ�ｽ�ｽ謔､�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ�ｽB

[root@centos ~]# vi /etc/httpd/conf.d/squidGuard.conf�ｽ@�ｽ�ｽ�ｽ@Apache�ｽpsquidGuard�ｽﾝ抵ｿｽt�ｽ@�ｽC�ｽ�ｽ�ｽ�ｬ
<Files "squidGuard-simple.cgi">
    <IfModule mod_authz_core.c>
        # Apache 2.4
        Require ip 127.0.0.1
        Require ip 10.0.0.0/8
        Require ip 172.16.0.0/12
        Require ip 192.168.0.0/16
    </IfModule>
    <IfModule !mod_authz_core.c>
        # Apache 2.2
        Order allow,deny
        Allow from 127.0.0.1
        Allow from 10.0.0.0/8
        Allow from 172.16.0.0/12
        Allow from 192.168.0.0/16
    </IfModule>
</Files>

[root@centos ~]# systemctl reload httpd�ｽ@�ｽ�ｽ�ｽ@Apache�ｽpsquidGuard�ｽﾝ定反�ｽf

[root@centos ~]# rm -f /var/www/cgi-bin/squidGuard-simple-de.cgi�ｽ@�ｽ�ｽ�ｽ@�ｽg�ｽp�ｽ�ｽ�ｽﾈゑｿｽCGI�ｽX�ｽN�ｽ�ｽ�ｽv�ｽg�ｽ尞�

[root@centos ~]# rm -f /var/www/cgi-bin/squidGuard.cgi�ｽ@�ｽ�ｽ�ｽ@�ｽg�ｽp�ｽ�ｽ�ｽﾈゑｿｽCGI�ｽX�ｽN�ｽ�ｽ�ｽv�ｽg�ｽ尞�

�ｽ�ｽsquidGuard�ｽm�ｽF

�ｽ�ｽ�ｽﾇ暦ｿｽ�ｽﾒ、�ｽ}�ｽ}�ｽﾍ厄ｿｽ�ｽ�ｽ�ｽ�ｽ�ｽﾉア�ｽN�ｽZ�ｽX�ｽﾅゑｿｽ�ｽ驍ｱ�ｽ�ｽ
�ｽ�ｽ�ｽﾇ暦ｿｽ�ｽﾒ、�ｽ}�ｽ}�ｽﾈ外�ｽﾍ撰ｿｽ�ｽ�ｽ�ｽT�ｽC�ｽg�ｽi�ｽ�ｽ:/var/squidGuard/BL/porn/domains�ｽﾉ登�ｽ^�ｽ�ｽ�ｽ�ｽﾄゑｿｽ�ｽ�ｽT�ｽC�ｽg�ｽj�ｽﾉア�ｽN�ｽZ�ｽX�ｽﾅゑｿｽ�ｽﾈゑｿｽ�ｽ�ｽ�ｽ�ｽ

�ｽ�ｽ�ｽﾖ連�ｽR�ｽ�ｽ�ｽe�ｽ�ｽ�ｽc

<!�ｽ\�ｽe�ｽL�ｽX�ｽg�ｽﾌみゑｿｽ4�ｽs�ｽ\�ｽ�ｽ�ｽﾉ追会ｿｽ�ｽ�ｽC�ｽ�ｽ�ｽ�ｽ�ｽ�ｽ\>

�ｽ�ｽ�ｽ�ｽ�ｽﾌペ�ｽ[�ｽW�ｽﾌト�ｽb�ｽv�ｽﾖ戻ゑｿｽ

�ｽv�ｽ�ｽ�ｽC�ｽo�ｽV�ｽ[�ｽ|�ｽ�ｽ�ｽV�ｽ[