ComputerSecurityStudent (CSS) [Login] [Join Now]


|UNIX >> Ubuntu >> Ubuntu 12.04 Desktop >> Current Page |Views: 62919

(Ubuntu: Lesson 12)

{ Installing and Configuring Squid Proxy Server }

Section 0. Background Information
  1. What is the Squid Proxy Server?
    • Squid is a proxy server and web cache daemon. It has a wide variety of uses, from speeding up a web server by caching repeated requests; to caching web, DNS and other computer network lookups for a group of people sharing network resources; to aiding security by filtering traffic.
     
  2. Gray Area/Malicious uses for Squid Proxy Server
    • Let's say your school or work does not allow you to view websites like google, facebook and youtube.
    • All you have to do it to either find a Squid Proxy Server on the internet or to install one at your home.  Then you can just simply use the SOCKS client in Firefox to route all your HTTP/HTTPS requests through the Squid Proxy Server, thus circumventing the school or work ACL.
    • If you install a Squid Proxy Server at your house, then you will have to allow and forward port 3128 to the correct internal address that points to your server hosting Squid.

  3. Prerequisite
  4. Lab Notes
    • In this lab we will how to do the following:
      1. We will update the apt-get package list.
      2. We will use apt-cache to search the package list for Squid.
      3. We will use apt-get to install squid3.
      4. We will use update-rc.d to create runlevel startup and kill scripts.
      5. We will configure Squid to allow access to specific networks.
      6. We will configure Squid to deny access to specific websites.
      7. We will configure Firefox to use its SOCKS client to pass requests to the Squid Server.

  5. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.

 

Section 1: Start Ubuntu 12.04
  1. Start VMware Player
    • Instructions
      1. For Windows 7
        1. Click Start Button
        2. Search for "vmware player"
        3. Click VMware Player
      2. For Windows XP
        • Starts --> Programs --> VMware Player

     

  2. Verify Virtual Machine Settings.
    • Instructions
      1. Click on Ubuntu 12.04
      2. Click on Edit virtual machine settings

     

  3. Configure Network Adapter
    • Instructions
      1. Click on Network Adapter
      2. Click on the Bridged Radio Button
      3. Click on the Close Button

     

  4. Start the Ubuntu 12.04 VM
    • Instructions
      1. Click on Ubuntu 12.04
      2. Click on Play virtual machine

 

Section 2: Login to Ubuntu
  1. Change to Gnome Classic
    • Instructions:
      1. Click on the Circle

     

  2. Select Gnome Classic
    • Instructions:
      1. Double Click on GNOME Classic

     

  3. Login to Server
    • Instructions
      1. User: Student
      2. Password: Please supply the student password.

 

Section 3: Become Root and Verify Network Connection
  1. Start up a Terminal
    • Instructions
      1. Click on the Terminal

     

  2. Become Root
    • Instructions
      1. sudo su -
      2. Supply the student password.

     

  3. Verify you have a network connection
    • Instructions
      1. ifconfig -a
        • eth0 is the name of my interface.
        • 192.168.1.104 is my network IP address.
    • Note(FYI):
      • If you do not have an DHCP IP Address try the following:
        • dhclient
          • OR
        • /etc/init.d/networking restart

 

Section 4: Update apt-get's package index
  1. Update apt-get's package index
    • Instructions
      1. apt-get update
    • Note(FYI):
      • update is used to resynchronize the package index files from their sources. I.e., The "update" flag updates apt-get's local database with debian server's pkglist files. The indexes of available packages are fetched from the location(s) specified in /etc/apt/sources.list.

 

Section 5: Search for Squid
  1. Search for squid
    • Instructions
      1. apt-cache search "squid" | grep "^squid"
    • Note(FYI):
      • apt-cache is a command to manipulate and obtain information from the ubuntu packages.

     

Section 6: Install Squid
  1. Install squid
    • Instructions
      1. apt-get install squid squid-common
        • So we are installing two packages
          1. squid
          2. squid-common
      2. Do you want to continue? Y

     

  2. Verify that squid is installed and is running
    • Instructions
      1. service squid3 status
        • The service runs a System V init script or upstart job.
        • squid3, is the service.
        • status, asks the startup script list a PID if the process is running.
      2. ps -eaf | grep -v grep | grep squid3
        • ps -eaf, show all processes.
        • grep -v grep, filter out the grep process.
        • grep suid3, show only the squid process.

 

Section 7: Startup Script for Squid
  1. Startup Script for Squid
    • Instructions
      1. ls -l /etc/init.d/squid3
    • Note(FYI):
      • As part of the Squid installation, the squid startup script is placed in /etc/init.d/squid3.

     

  2. Stopping and Starting Squid with /etc/init.d/squid3
    • Instructions
      1. cd /etc/init.d
      2. ./squid3 stop
      3. ps -eaf | grep -v grep | grep squid3
        • Notice, that no lines are returned, because squid3 is not running.
      4. ./squid3 start
      5. ps -eaf | grep -v grep | grep squid3
        • Now one line is returned, because squid3 is running.

     

  3. Stopping and Starting squid3 with the "service" command
    • Instructions
      1. service squid3 status
        • Notice, if squid is running a process number is displayed call the PID (process ID).
        • In my case, the PID is 3386.
      2. ps -eaf | grep -v grep | grep 3386
        • Replace 3386, which your ssh PID.
      3. service squid3 stop
        • This command still stop the squid daemon.
      4. ps -eaf | grep -v grep | grep squid3
        • Notice, no processes are displayed for sshd, because we stopped squid in the above command.
      5. service squid3 start
        • Since, we restarted squid, it has a new PID of 3410 in my case.
      6. ps -eaf | grep -v grep | egrep '(squid3|3410)'
        • ps -eaf, display all processes.
        • grep -v grep, filter out the grep command.
        • egrep '(sshd|3410)', search for any process containing the string squid or 3410.  Remember 3410 is my PID, and to replace 3410 with your PID.

     

  4. Create startup and kill scripts for Squid
    • Instructions
      1. update-rc.d squid3 defaults
    • Note(FYI):
      • The update-rc.d command is used to create startup, enable, kill, and remove scripts for services listed in the /etc/init.d.
      • If defaults is used then update-rc.d will make links to start the service in runlevels 2345 and to stop the service in runlevels 016. By default all the links will have sequence number 20.

     

  5. Verify startup and kill script was created
    • Instructions
      1. find /etc/rc*.d/* -print | xargs ls -l | grep squid3
        • find /etc/rc*.d/* -print, list all the file in /etc/rc*.d/*
        • xargs ls -l, Use the xargs command to issue provide a long list of each file that find displays.
        • grep squid3, only display files containing squid3.

 

Section 8: Backup Squid Configuring File
  1. Backup the Squid Configuration file
    • Instructions
      1. cd /etc/squid3
      2. cp squid.conf squid.conf.BKP
      3. ls -l squid.conf*

 

Section 9: Initial Squid Proxy Server Test
  1. Start Up Firefox
    • Note(FYI):
      • You do not have to use Ubuntu's Firefox to test the Squid Proxy Server.
      • You can use any computer's web browser that has network connectivity to the Ubuntu server.
      • For simplicity reasons, I am using Ubuntu's Firefox.
    • Instructions
      1. Applications --> Internet --> Firefox

     

  2. Select Firefox Preferences
    • Instructions
      1. Edit --> Preferences

     

  3. Network Settings
    • Instructions
      1. Click on Advanced
      2. Click on Network
      3. Click on Settings

     

  4. Configure HTTP Proxy
    • Instructions
      1. Click on Manual proxy configuration
      2. HTTP Proxy: Supply Ubuntu Server IP Address
        • Obtain IP Address from (Section 3, Step 3)
      3. Port: 3128
      4. Click on SOCKSv5 radio button
      5. Click OK

     

  5. Close Firefox Preferences
    • Instructions
      1. Click Close

     

  6. Test the Squid Proxy
    • Instructions
      1. Place www.google.com in the URL box.
    • Note(FYI):
      • Notice access to www.google.com was denied.
      • Notice this message was generated by localhost.

     

  7. View Squid Access Log
    • Instructions
      1. grep -i denied /var/log/squid3/access.log
    • Note(FYI):
      1. Notice that Squid denied access to www.google.com

 

Section 10: Configure visible_hostname
  1. Search For and Go To TAG: visible_hostname line number
    • Instructions
      1. cd /etc/squid3/
      2. grep -n "visible_hostname localhost" squid.conf
        • This will produce the line number that will be used in the next step.  (In my case, Line Number: 3761)
      3. vi +3761 squid.conf

     

  2. View Results
    • Note(FYI):
      1. The cursor should be on the start of the line that looks like the below
        • # visible_hostname localhost
      2. Continue to next step

     

  3. Change the Visible Hostname
    • Instructions
      1. Type "dw"
        • This will delete all character in front of the word visible_hostname.
      2. Right cursor over the where the "l" is highlighted in the word localhost.
      3. Type "cw"
        • This will allow VI to change the word.
      4. Rename localhost to whatever you want to call the Squid Proxy Server.
        • In my case, I am calling it ComputerSecurityStudent.
      5. Press the <Esc> key
      6. Type ":wq!"
      7. Press the <Enter> key

     

  4. Restart Squid
    • Instructions
      1. service squid3 restart

     

  5. Test visible_hostname
    • Instructions
      1. Go Back to your Firefox Web Browser
      2. Place www.cnn.com in the URI box.
      3. Although CNN's access is still denied, localhost was changed to ComputerSecurityStudent.  (See Below).

 

Section 11: Allow Access
  1. Determine Subnet
    • Instructions
      1. ifconfig | grep eth | awk '{print $1}'
        • The first returned interface will be used in the next step.
      2. ifconfig eth0 | grep "inet addr:" | head -1
      3. In my case, Ubuntu's IP address is 192.168.1.104.
      4. To convert this IP address simply replace the last octet of the IP with 0.
      5. My subnet is 192.168.1.0
      6. Since the Mask is 255.255.255.0, I know that this converts to a /24. 
        • E.g., 11111111.11111111.11111111.00000000

     

  2. Search For Possible Internet Network
    • Instructions
      1. cd /etc/squid3/
      2. grep -n "192.168.0" squid.conf
        • Actually, use the IP Address 192.168.0 because this is a default rule in the squid.conf file.
        • This will produce the line number that will be used in the next step.  (In my case, Line Number: 703)
      3. vi +703 squid.conf

     

  3. Create Duplicate Entry
    • Instructions
      1. Press "yy" to make a copy of the line that contains "192.168.0.0"
      2. Press "p" to past the copied line.
      3. Continue to Next Step

     

  4. View and Save Entry
    • Instructions
      1. Press "x" to delete the "#" character.
      2. Right arrow over first number in the IP address and press "x" to delete the IP Address.
      3. Press "i" to get into insert mode and type in the correct subnet and range.
      4. Press the <Esc> key
      5. Type ":wq!"
      6. Press the <Enter> key

     

  5. Search for allow localnet
    • Instructions
      1. cd /etc/squid3/
      2. grep -n "http_access allow localnet" squid.conf
        • This will produce the line number that will be used in the next step.  (In my case, Line Number: 842)
      3. vi +842 squid.conf

     

  6. Modify allow localnet
    • Instructions
      1. The cursor should be on the "#" character in the below line.
        • E.g., #http_access allow localnet
      2. Press the "x" key to delete the "#" character
      3. Press the <Esc> key
      4. Type ":wq!" to save the file
      5. Press the <Enter> key

     

  7. Restart Squid
    • Instructions
      1. service squid3 restart

     

  8. Test Proxy Server Access
    • Instructions
      1. Go Back to your Firefox Web Browser
      2. Place www.cnn.com in the URI box.
    • Note(FYI):
      • You should now be able to access CNN and any website.

 

Section 12: Deny Access to Certain Websites
  1. Search for "TAG: http_access"
    • Instructions
      1. cd /etc/squid3/
      2. grep -n "TAG: http_access" squid.conf
        • This will produce the line number that will be used in the next step.  (In my case, Line Number: 792)
      3. vi +792 squid.conf

     

  2. Deny Access to Certain Websites
    • Instructions
      1. Press Shift and "o" to add a blank line above the below line.
        • E.g., # TAG: http_access
      2. Add the following two line
        • acl block_websites dstdomain .facebook.com .youtube.com
        • http_access deny block_websites
        • Press <Enter> to add spacing.
      3. Press the <Esc> key to get out of insert mode.
      4. Type ":wq!" to save and quit the file.
      5. Press the <Enter> key

     

  3. Restart Squid
    • Instructions
      1. service squid3 restart

     

  4. Test Blocked Website Access
    • Instructions
      1. Go Back to your Firefox Web Browser
      2. Place www.facebook.com in the URI box.
      3. Place www.youtube.com in the URI box.
      4. Place www.cnn.com in the URI box.
    • Note(FYI):
      • You should NOT be able to access the FACEBOOK or YOUTUBE websites, but you should be able to access all other network available websites.

 

Section 13: Restore Firefox Proxy Settings
  1. Select Firefox Preferences
    • Instructions
      1. Edit --> Preferences

     

  2. Network Settings
    • Instructions
      1. Click on Advanced
      2. Click on Network
      3. Click on Settings

     

  3. Connection Settings
    • Instructions
      1. Click on No proxy
      2. Click the OK Button

     

  4. Close Firefox Preferences
    • Instructions
      1. Click Close

 

Section 14: Proof of Lab
  1. Proof of Lab
    • Instructions
      1. cd /var/log/squid3/
      2. grep -i denied access.log | grep -i facebook
      3. grep -i denied access.log | grep -i youtube
      4. date
      5. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press both the <Ctrl> and <Alt> keys at the same time.
      2. Do a <PrtScn>
      3. Paste into a word document
      4. Upload to Moodle

 


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth