[Linuxtrent] Re: transparent proxy

  • From: Alberto Matassoni <alberto.matassoni@xxxxxxxx>
  • To: linuxtrent@xxxxxxxxxxxxx
  • Date: Tue, 12 Aug 2014 12:03:54 +0200

Il giorno 12 agosto 2014 11:14, Roberto Resoli <roberto@xxxxxxxxxxxxxx> ha
scritto:

>
>
> Guarda che tutto sia a posto nell'alberatura /srv/chroot/squeeze su cui
> viene fatto il chroot.
>
> Inoltre vedi che lo script che avvia il dansguardian in chroot funzioni
> regolarmente; probabilmente c'è qualcosa in /etc/rc.local, oppure nello
> script di init di dansguardian.
>
>
Grazie Roberto per la pronta risposta. Ho provato i tuoi suggerimenti ma
ancora non ne esco, anche se sembra tutto a posto:

ls -l /srv/chroot/squeeze/
totale 68
drwxr-xr-x   2 root root  4096 30 lug  2012 bin
drwxr-xr-x   2 root root  4096  7 mag  2012 boot
drwxr-xr-x  15 root root  3080 11 ago 11.22 dev
drwxr-xr-x  47 root root  4096 30 lug  2012 etc
drwxr-xr-x   2 root root  4096  7 mag  2012 home
drwxr-xr-x  10 root root 12288 30 lug  2012 lib
drwxr-xr-x   2 root root  4096 30 lug  2012 media
drwxr-xr-x   2 root root  4096  7 mag  2012 mnt
drwxr-xr-x   2 root root  4096 30 lug  2012 opt
dr-xr-xr-x 259 root root     0 11 ago 11.22 proc
drwx------   2 root root  4096 30 lug  2012 root
drwxr-xr-x   2 root root  4096 30 lug  2012 sbin
drwxr-xr-x   2 root root  4096 21 lug  2010 selinux
drwxr-xr-x   2 root root  4096 30 lug  2012 srv
drwxr-xr-x  12 root root     0 11 ago 11.22 sys
drwxrwxrwt   2 root root  4096 12 ago 10.14 tmp
drwxr-xr-x  10 root root  4096 28 dic  2009 usr
drwxr-xr-x  13 root root  4096 27 mar  2012 var

Questo il mio rc.local:

cat /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

umount -f /srv/chroot/squeeze/proc ||true
umount -f /srv/chroot/squeeze/sys ||true
umount -f /srv/chroot/squeeze/dev ||true
umount -f /srv/chroot/squeeze/etc/dansguardian/lists ||true

mount -o bind /proc /srv/chroot/squeeze/proc
mount -o bind /sys /srv/chroot/squeeze/sys
mount -o bind /dev /srv/chroot/squeeze/dev
mount -o bind /etc/dansguardian/lists
/srv/chroot/squeeze/etc/dansguardian/lists
cp /etc/dansguardian/dansguardian-chroot.conf
/srv/chroot/squeeze/etc/dansguardian/dansguardian.conf

for file in /etc/dansguardian/dansguardianf*.conf
do
cp -f ${file} /srv/chroot/squeeze/etc/dansguardian/
done


schroot -c squeeze -p /etc/init.d/dansguardian -- restart
exit 0

Se lo avvio:

/etc/rc.local
Restarting DansGuardian: dansguardian.

E questo lo script in init.d:

#! /bin/sh
# Startup script for dansguardian
#
# description: A web content filtering plugin for web \
#              proxies, developed to filter using lists of \
#              banned phrases, MIME types, filename \
#              extensions and PICS labling.
# processname: dansguardian
# pidfile: /var/run/dansguardian.pid
# config: /etc/dansguardian/dansguardian.conf
### BEGIN INIT INFO
# Provides:          dansguardian
# Required-Start:    $remote_fs $network $syslog
# Required-Stop:     $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Description: Starts dansguardian content proxy
# short-description: dansguardian configuration
### END INIT INFO

#include lsb functions
. /lib/lsb/init-functions

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/dansguardian
NAME=dansguardian
DESC="DansGuardian"

CONFFILELOCATION=/etc/dansguardian/
#BINARYLOCATION=/usr/sbin/
#PIDDIR=/var/run/

grep -q ^UNCONFIGURED ${CONFFILELOCATION}dansguardian.conf && {
cat <<EOF
        DansGuardian has not been configured!
        Please edit ${CONFFILELOCATION}dansguardian.conf manually then rerun
        this script.
EOF
exit; }

test -x $DAEMON || exit 0
test -f ${CONFFILELOCATION}dansguardian.conf || exit 0

set -e

case "$1" in
  start)
    log_daemon_msg "Starting $DESC" "$NAME"
    test -d /var/lock/subsys || mkdir -p /var/lock/subsys
    start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
        --exec $DAEMON || log_end_msg 1
    log_end_msg 0
    ;;
  stop)
    log_daemon_msg "Stopping $DESC" "$NAME"
    start-stop-daemon --stop --quiet --retry 15 --oknodo --pidfile
/var/run/$NAME.pid \
        --exec $DAEMON || log_end_msg 1
    log_end_msg 0
    ;;
  reload)
    log_action_begin_msg "Reloading $DESC configuration..."
    echo "Reloading $DESC configuration files."
    start-stop-daemon --stop --signal 1 --quiet --pidfile \
        /var/run/$NAME.pid --exec $DAEMON || log_action_end_msg 1
    log_action_end_msg 0
      ;;
  restart|force-reload)
    #
    #    If the "reload" option is implemented, move the "force-reload"
    #    option to the "reload" entry above. If not, "force-reload" is
    #    just the same as "restart".
    #
    log_daemon_msg "Restarting $DESC" "$NAME"
    start-stop-daemon --stop --quiet --retry 15 --oknodo --pidfile \
        /var/run/$NAME.pid --exec $DAEMON || log_end_msg 1
    start-stop-daemon --start --quiet --pidfile \
        /var/run/$NAME.pid --exec $DAEMON || log_end_msg 1
    log_end_msg 0
    ;;
  *)
    N=/etc/init.d/$NAME
    # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
    log_action_msg "Usage: $N {start|stop|restart|force-reload}" >&2
    exit 1
    ;;
esac

exit 0


E anche questo, se lo riavvio non da errori, però se metto il proxy
esplicito nel browser, viene richiesta l'autenticazione all'infinito e non
ne esco.


-- 
Alberto Matassoni

Other related posts:

  1. Home
  2. linuxtrent
  3. Archive
  4. 08-2014