CentOS 5.5(final)
Kernel 2.6.30.5
套件:
SQUID 3.1.7
(http://www.squid-cache.org/Versions/v3/3.1/)
Kaspersky Security for Internet Gateway 5.5.51
(http://www.t-techftp.com/Products/Kaspersky/Internet_gateway/For_ProxyServer/For_Linux/kav4proxy-5.5-51.i386.rpm)
Kaspersky Security for Internet Gateway 30day trial_key申請位置
(http://www.kaspersky.com/kaspersky_security_internet_gateway_trial_download)
一.SQUID安裝
下載檔至 /usr/src/
[root@CentOS src]#wget http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.7.tar.bz2
將檔案squid-3.1.7.tar.bz2解壓縮
[root@CentOS src]#tar xjf squid-3.1.7.tar.bz2
[root@CentOS src]#cd squid-3.1.7
[root@CentOS squid-3.1.7]#./configure --enable-icap-client --disable-loadable-modules --enable-icap-support
(--disable-loadable-modules沒加上去,下面進行make編譯會出現"../libltdl/libltdl/lt_error.h:35:31: error: libltdl/lt_system.h: No such file or directory")
(--enable-icap-support沒加上去 Kaspersky ICAP Server啟動或出現錯誤)
[root@CentOS squid-3.1.7]#make && make install
squid初始化
[root@CentOS squid-3.1.7]#/usr/local/squid/sbin/squid -z
WARNING: Cannot write log file: /usr/local/squid/var/logs/cache.log
/usr/local/squid/var/logs/cache.log: Permission denied
messages will be sent to 'stderr'.
2010/08/30 15:33:17
Creating Swap Directories
從新設定/usr/local/squid/var/logs/權限
[root@CentOS squid-3.1.7]#chmod 777 /usr/local/squid/var/logs/
[root@CentOS squid-3.1.7]#/usr/local/squid/sbin/squid -z
[root@CentOS squid-3.1.7]#/usr/local/squid/sbin/squid -s
[root@CentOS ~]# netstat -tln grep 3128
tcp 0 0 :::3128 :::* LISTEN
Squid預設port是3128,出現Listen表示已經啟用了
於Client端IE 掛上proxy IP:3128 即可使用
二.安裝 Kaspersky Security for Internet Gateway
下載檔至 /usr/src/
[root@CentOS ~]#cd /usr/src
[root@CentOS src]#wget http://www.t-techftp.com/Products/Kaspersky/Internet_gateway/For_ProxyServer/For_Linux/kav4proxy-5.5-51.i386.rpm
[root@CentOS src]# rpm -ivh kav4proxy-5.5-51.i386.rpm
Preparing... ########################################### [100%]
1:kav4proxy ########################################### [100%]
Kaspersky Anti-Virus for Proxy Server has been installed
successfully but needs to be properly configured before using.
Unfortunately, RPM is not able to run scripts interactively, so
please run
/opt/kaspersky/kav4proxy/lib/bin/setup/postinstall.pl
script by yourself to configure it.
[root@CentOS src]#/opt/kaspersky/kav4proxy/lib/bin/setup/postinstall.pl
Configuring KeepUp2Date proxy settings.
If you use an http proxy server to access the Internet, you need
to tell the Kaspersky Anti-Virus for Proxy Server KeepUp2Date
component about it. Please enter the address of your http proxy
server in one of the following forms, http://proxyIP:port or
http://user:pass@proxyIP:port. If you don't have or need a proxy
server to access the Internet, enter 'no' here [no]:
no
Latest anti-virus bases are an essential part of your anti-virus
protection. Do you want to download the latest anti-virus bases
right now to insure your application is up to date? (If you
answer 'yes', make sure you are connected to the Internet):
[yes]:
yes
Kaspersky KeepUp2Date 5.5.50/RELEASE build #43
Copyright (C) Kaspersky Lab, 1997-2007.
Portions Copyright (C) Lan Crypto
Configuration file: /etc/opt/kaspersky/kav4proxy.conf
=== Update task started
Update source selected 'http://dnl-eu4.kaspersky-labs.com/'
Downloading file 'index/master.xml.klz'
.......
開始進行Kaspersky anti-virus Base更新
Update 'Kaspersky Anti-Virus for Proxy Server' completed successfully
Do you want to activate regular updates? [y/N]:y
Default Webmin configuration file was not found. This means that
either Webmin is not installed at all, or is installed into a
non-default location.
Webmin (www.webmin.com) is a web-based interface for system
administration for various Unix components. If you install it,
you'll be able to configure and use Kaspersky Anti-Virus through
the web interface. If you want to use this functionality, but
haven't installed Webmin yet, you can skip this stage and
install this module later using Webmin's built-in installation
procedure.
If you have Webmin installed in a non-default path, please enter
the path to the location of the Webmin configuration file, or
leave blank to skip?
Setting up protection with Kaspersky Anti-Virus for Proxy
server.
The installation program can automatically configure your
ICAP-enabled Squid to be protected by Kaspersky Anti-Virus ICAP
server.
1) No integration
2) Configure to work with remote proxy
3) Configure Squid manually
4) Squid (/usr/local/squid/etc/squid.conf)
Please Choose 1-4
4
Configuring Squid to use Kaspersky Anti-Virus
ICAP-Server
Proxy server binary path: /usr/local/squid/sbin/squid
Proxy server configuration file: /usr/local/squid/etc/squid.conf
Please enter 'Y' to confirm that you want to protect this proxy
server with Kaspersky Anti-Virus. Enter 'N' if proxy server has
been detected incorrectly, or if you do not want to protect it.
[Y]:
Y
Stopping ICAP server: kavicapserver stopped
Starting ICAP server: kavicapserver started
Reconfigure Squid - 2010/08/30 17:15:02
WARNING: 'icap_class' is depricated. Use 'adaptation_service_set' instead
2010/08/30 17:15:02
WARNING: 'icap_class' is depricated. Use 'adaptation_service_set' instead
2010/08/30 17:15:02
WARNING: 'icap_access' is depricated. Use 'adaptation_access' instead
2010/08/30 17:15:02
WARNING: 'icap_access' is depricated. Use 'adaptation_access' instead
success
(這部份的WARNING訊息不管他也不會對系統有影響,修改方式對squid.conf內容進行修改)
Kaspersky Anti-Virus for Proxy Server is installed.
Configuration file was installed in
/etc/opt/kaspersky/kav4proxy.conf
Binaries were installed in /opt/kaspersky/kav4proxy/bin
[root@CentOS src]#vi /usr/local/squid/etc/squid.conf
.....................
# Added by Kaspersky Anti-Virus installer
icap_enable on
icap_send_client_ip on
icap_service is_kav_req reqmod_precache 0 icap://localhost:1344/av/reqmod
icap_service is_kav_resp respmod_precache 0 icap://localhost:1344/av/respmod
icap_class ic_kav_req is_kav_req
icap_class ic_kav_resp is_kav_resp
icap_access ic_kav_resp allow all
icap_access ic_kav_req allow all !acl_kav_GET
# /Added by Kaspersky Anti-Virus installer
......................
修改後
# Added by Kaspersky Anti-Virus installer
icap_enable on
icap_send_client_ip on
icap_service is_kav_req reqmod_precache 0 icap://localhost:1344/av/reqmod
icap_service is_kav_resp respmod_precache 0 icap://localhost:1344/av/respmod
adaptation_service_set ic_kav_req is_kav_req
adaptation_service_set ic_kav_resp is_kav_resp
adaptation_access ic_kav_resp allow all
adaptation_access ic_kav_req allow all !acl_kav_GET
# /Added by Kaspersky Anti-Virus installer
......................
開機自動啟動
[root@CentOS src]#vi /etc/rc.d/rc.local
-----------------
/usr/local/squid/sbin/squid -s
-----------------
沒有留言:
張貼留言