DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 28th September 2009
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Thanked 0 Times in 0 Posts
Question Dansguardian Issues

A little while ago I installed Dansguardian w/ ClamAV from the OpenBSD 4.5 package. I'm running squid for the proxy all on the same OpenBSD 4.5 system.

The software seems to be 'working' fine with the exception of a few issues I've encountered. Most likely these are configuration errors as apposed to application malfunction. Hoping someone will be able to help!

Issue 1:

I've been trying to have more than one filter group with authentication based on the IP address only. When I run Dans I see the following:

Code:
Filter group out of range; entry 10.10.200.0/255.255.255.0 = LAN in /etc/dansguardian/lists/authplugins/ipgroups
Sep 28 10:49:55 FW002 dansguardian[24093]: Filter group out of range; entry 10.10.200.0/255.255.255.0 = LAN in /etc/dansguardian/lists/authplugins/ipgroups
Configuration files (relevant)

Standard dansguardian.conf
Code:
# Filter groups options
# filtergroups sets the number of filter groups. A filter group is a set of cont
# filtering options you can apply to a group of users.  The value must be 1 or m
# DansGuardian will automatically look for dansguardianfN.conf where N is the fi
# group.  To assign users to groups use the filtergroupslist option.  All users
# to filter group 1.  You must have some sort of authentication to be able to ma
# to a group.  The more filter groups the more copies of the lists will be in RA
# use as few as possible.
filtergroups = 2
filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'
/etc/dansguardian/lists/filtergroupslist
Code:
/etc/dansguardian/lists/filtergroupslist

user1=WIRELESS
user2=LAN
/etc/dansguardian/lists/authplugins/ipgroups
Code:
#10.10.200.0/255.255.255.0 = LAN
#10.10.220.0/255.255.255.0 = WIRELESS

10.10.200.2-10.10.200.254 = LAN
10.10.220.1-10.10.210.254 = WIRELESS
I've tried using different combination's to specify the IP range as shown above.

Any idea how to make Dans except the IP range?

Issue 2:

Regarding the AD blocking. How can I specify a custom list to be treated as an AD list. I would like to make use of replacing images with the replacement image provided with Dans. Currently I seem to only be able to block using my "denied page" which technically works but I'd prefer to just see nothing at all.

Code:
# Banned image replacement
# Images that are banned due to domain/url/etc reasons including those
# in the adverts blacklists can be replaced by an image.  This will,
# for example, hide images from advert sites and remove broken image
# icons from banned domains.
# 0 = off
# 1 = on (default)
usecustombannedimage = 1
custombannedimagefile = '/usr/local/share/dansguardian/transparent1x1.gif'
Issue 3:

Not sure if this is an issue. However I see prompts about ClamAV when I start Dans. Should I upgrade or will this cause compatibility issues?

Code:
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
If I've missed some configs please let me know.

Any help/suggestions would be greatly appreciated.
Thanks!
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange issues with 7.2 DNAeon FreeBSD General 5 26th September 2009 11:19 AM
Set Of gnome issues jaideep_jdof NetBSD General 13 17th September 2009 06:39 AM
mounting issues??? mt85m FreeBSD General 19 17th July 2008 07:58 PM
KVM issues lil_elvis2000 FreeBSD General 5 9th June 2008 07:55 PM
Sendmail, issues... pcfxer FreeBSD General 2 8th May 2008 10:07 AM


All times are GMT. The time now is 10:17 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick