Endian CUSTOM.TMPL and Custom SARG Reporting

While building our new Endian 2.5.1 box we had the need to add some custom rules. After a poke around the internet and following up the now defunct option from Patricio Bruna (only works on 2.2) we needed a GUI option for the helpdesk staff at work.


I quickly found the /var/efw/proxy/custom.tmpl file which is easy to change if you're happy with SSH etc but wanted a simple solution for staff to just cut and paste rules into.


After a look around I couldn't find a solution to the problem so quickly coded a page to achieve this with minimal fuss. I created a /home/httpd/cgi-bin/custom.cgi file to allow staff to cut and paste new rules provided to them. This file also sets the 'apply rules' flag on the proxy page to save them manually restarting the system (as well as getting Endian to recompile the squid.conf file).


This file has now been updated to include custom SARG reports any date range. It uses an independent conf file for the report setup so can be configured differently from the automatic reports.


In addition, reports can be filtered by a simple search term.


The attached archive (ZIP) contains all the files you will need to make the customisations.




DOWNLOAD

Please select the file below to download everything required including installation instructions.


Endian_2.5.1_alteration files_v3.0.zip



INSTRUCTIONS

The following instructions are included in the file but I've added here for easy access:



*****************************************************************
CUSTOM.TMPL EDITOR PAGE AND ANONYMOUS PASS-THROUGH AUTHENTICATION
               AND
SARG CUSTOM REPORTING INCLUDING INSTANTANEOUS REPORTS
               version 3.0
*****************************************************************

--------
SUMMARY:
--------

We had a need to allow non linux users to be able to simply edit the custom.tmpl file with either their own SQUID rules or ones we passed to them.

Additionally, we needed to allow anonymous access to some sites like BOX that do not work with the AD integrated rules we have on Edian.

The script now includes the ability to run SARG reports for TODAY and any other custom timeframe for which logs are available.

[NEW] SARG now only opens log files from the current date back to the first log date (instead of default 31)

[NEW] Reports can be run further into the past although this will take a long time

[NEW] Reports can now be filtered by a search term (e.g. bbc or bbc.co.uk)

NEW INSTALLTION: Just install the latest version.

UPGRADE: Install over previous version to upgrade.


-------------
REQUIREMENTS:
-------------

1. These files and instructions are specifically for Endian 2.5.1 but may work on later versions.

2. You will need WinSCP/Putty or similar to upload files to the Endian firewall. I will assume use of these apps for this doc although there are many other ways to achieve the same results.

-------------
INSTALLATION:
-------------

1. Enable SSH access on the Endian firewall. Log in and go to SYSTEM > SSH ACCESS and turn on the 'Enable Secure Shell Access' option.

2. Upload the custom.tmpl file.

Using WinSCP login to your Endian box using the IP, root and the password.

Browse to the folder '/home/httpd/cgi-bin' and copy the file custom.cgi into it.

Now right-click the file and set the permissions to 0755 (owner RWX, group RX, others RX).

3. If all you need is the ability to add some simple rules you can now skip to 'How to use' but if you require anonymous access to sites or other rules that must come BEFORE the Endian rules please continue.

4. Now browse to the folder '/etc/squid'.

Rename the existing 'squid.conf.tmpl' to 'squid.conf.tmpl.default'.

Copy the file 'squid.conf.tmpl' in this package to the folder '/etc/squid'.

5. Copy the files 'custom.cgi' and 'custom_sarg.cgi' in this package to '/home/httpd/cgi-bin'.

Change the permissions on the files 'custom.cgi' and 'custom_sarg.cgi' to 755 ('chmod 755 /home/httpd/cgi-bin/custom.cgi' and 'chmod 755 /home/httpd/cgi-bin/custom_sarg.cgi').

6. Change the permissions on the folder '/var/www/sarg/ONE-SHOT' to 777 ('chmod 757 /var/www/sarg/ONE-SHOT' - this could be improved but I've not had time to yet).

7. Copy the files 'sargNow.sh' and 'sargNow.conf' in this package to '/etc/sarg'.

Change the permissions on the file 'sargNow.sh' to 757 ('chmod 757 /etc/sarg/sargNow.sh').

-----------
HOW TO USE:
-----------
CUSTOM RULES

1. Set up all other rules in Endian as usual and test.

2. Once ready browse to the folder 'https://[ENDIAN_IP]:10443/cgi-bin/custom.cgi'.

3. In the large text box add your rule sets as required.

4. WARNING: Endian does not provide any errors so please test the rules first or restart Squid using Putty to see any generated errors.

5. When your rules are complete press the 'Save Changes' button.

6. Due to issues linking with Endian you'll now need to chose the 'Proxy' menu and click the 'Apply' button to make your changes live.

7. To ensure that the changes have been made check the file '/etc/squid/squid.conf'.


CUSTOM SARG REPORTS

1. Browse to the folder 'https://[ENDIAN_IP]:10443/cgi-bin/custom_sarg.cgi'.

2. Enter a date range for the report in the format dd/mm/yyyy.

3. If you wish to filter the report enter the search term into the box otherwise leave it blank for a full report.

4. To run a report for 1 day enter the same date in both fields.

5. Press 'Create SARG Report' when ready. This process takes a while so please be patient.

6. Once finished click the 'HERE' or browse to 'https://[ENDIAN_IP]:10443/sarg/ONE-SHOT/'.


-------------

EXAMPLE RULE:

-------------

To allow anonymous access to box.com we had to add the follwoing rule. This also uses the amended 'squid.conf.tmpl' in step 4 of Installation.

   acl listallowanon dst 173.236.154.8 209.249.140.0/24 74.112.184.0/24 74.208.18.6/32

   http_access allow listallowanon

   always_direct allow listallowanon


-----------
ADDITIONAL:
-----------

These files are provided as assistance only and I am not responsible for any problems caused by their use.

I STRONGLY advise you to create a backup first which can always be returned to although you will need to reinstate the 'squid.conf.tmpl.default' file manually.

Please feel free to amend and update these files as you see fit, I just ask you to please send me the changes if you make any significant improvements :).

By reading the attached files you will see that I'm no PERL expert so please don't be too critical of my code... it was simply enough to do a job :)

If you'd like to contact me please email endian[at]vidler[dot]org[dot]uk


*****************************************************************
END
*****************************************************************
If you would like to contact me please email webmaster[at]vidler.org.uk
www.VIDLER.org.uk © 2008