Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Dynamic filtering with dansguardian
Special Forums Cybersecurity Dynamic filtering with dansguardian Post 302139669 by rossella on Monday 8th of October 2007 03:04:45 PM
Old 10-08-2007
Dynamic filtering with dansguardian
Hi everybody!
Sorry for my intrusion but I'd like to submit a problem which is driving me crazy!
To implement the application I'm working on I must set an application layer firewall,
consequently I've installed and configured on my machine Squid + Dansguardian vs 2.8
(I'm using Debianrelease 2.6.18 amd 64).
As further setting I enabled the mode "Blanked Block" on file "bannedsitelist" so that
only the connections whose url are in the file "exceptionsitelist" are allowed, while for the
other connections the message "Access Denied" is displayed.
My work is focused on writing a module for bypassing the message "Access Denied" by asking to the
user when receives the message if he wants to continue anyway. In case of agreeing the file
"exceptionsitelist" will be updated by including the new url.

Now, my problem is following: any time I write an istruction on the file exceptionsitelist,
I must restart dansguardian in order to apply the new instruction.
Is this tricky or normal? There is any way to run this new instruction without closing and restart
dansguardian?

I'd like to thank anyone could help me, please

Bye

Rossella
 

10 More Discussions You Might Find Interesting

1. OS X (Apple)

dansguardian

I've just Dl'd and installed the osxgnu package of danguardian and squid on my 10.2 machine, which is mainly used as a router/firewall (set up with brickhouse) And now I'm not quite sure what to do next...I have a speedtouch 330 USB ADSL modem and I share the connection via built in ethernet. ... (1 Reply)
Discussion started by: mistafeesh
1 Replies

2. Programming

Web server for dansguardian

Hi, I am currently doing a project to remove the dependency on a web server of dansguardian if anyone has any tips or points either on sections of code I need to modify or about how to build a very very simple web server. I would be very appreciative Thanks.. (4 Replies)
Discussion started by: cb.mark
4 Replies

3. UNIX for Advanced & Expert Users

Sql dynamic table / dynamic inserts

I have a file that reads File (X.txt) Contents of record 1: rdrDESTINATION_ADDRESS (String) "91 971502573813" rdrDESTINATION_IMSI (String) "000000000000000" rdrORIGINATING_ADDRESS (String) "d0 movies" rdrORIGINATING_IMSI (String) "000000000000000" rdrTRAFFIC_EVENT_TIME... (0 Replies)
Discussion started by: magedfawzy
0 Replies

4. Red Hat

Dansguardian Access rights

well hi to all The thing is I need to allow particular site to just one or 2 user not to everybody. Can anybody tell me how do i do it. If i put there ip in exception then whole Restriction would be bypassed which i dont want. Your Responses would be highly appreciated THANKS in ADVANCE (0 Replies)
Discussion started by: achtani_jeetu
0 Replies

5. UNIX for Dummies Questions & Answers

Filtering some columns

Hi, I would like to get some specific coloumns from from line. My line looks CcnCDRFile0-8380123164201007114335_2010-07-20_11:51:02:,,9963387265,,,,,00720105720,,-0.010,+101.785,+101.795,,,,1492,,,,0,... (3 Replies)
Discussion started by: kkarthik_kaja
3 Replies

6. Shell Programming and Scripting

Please help me to do some filtering

I have to grep a pattern. scenario is like :- Suppose "/etc/sec/one" is a string, i need to check if this string contains "one" using any utility something like if /etc/sec/one | grep ; then Thanks in advance Renjesh Raju (3 Replies)
Discussion started by: Renjesh
3 Replies

7. AIX

Need help with filtering

Hi!! I have a bit of a task here and filtering/scripting not my strongest. I have to collect info of approx 1100 hdiskpower.so i have appended all the hdisk into a text file and i need it to run the command lscfg -vl to confirm if the drive is symmetrix. here's what i have so far at... (3 Replies)
Discussion started by: vpundit
3 Replies

8. Shell Programming and Scripting

Filtering

Hi I am interested in DNS resolving a set of sites and each time the output is different- $ host www.yahoo.com www.yahoo.com is an alias for fd-fp3.wg1.b.yahoo.com. fd-fp3.wg1.b.yahoo.com is an alias for ds-fp3.wg1.b.yahoo.com. ds-fp3.wg1.b.yahoo.com is an alias for... (1 Reply)
Discussion started by: jamie_123
1 Replies

9. Shell Programming and Scripting

Need help on filtering

Hi experts, I have a file image.csv as below: COMPUTERNAME,23/07/2013,22/07/2013,21/07/2013,20/07/2013,19/07/2013,18/07/2013,17/07/2013 AED03852180,3,3,3,3,3,3,3 AED03852181,3,3,3,3,3,3,1 AED09020382,3,0,3,0,3,3,3 AED09020383,1,3,3,3,2,1,3 AED09020386,3,3,0,3,3,0,3 ... (4 Replies)
Discussion started by: zaq1xsw2
4 Replies

10. BSD

Can't install Dansguardian in 9.2-RELEASE-p2

Hi Guys, I'm a FreeBSD newbie with some basic Linux experience. I have installed FreeBSD 9.2 with Squid and IPFW but am struggling to get dansguardian working. I have also installed apache24 which I believe is a pr-requisite dependency and that seems to be running happily enough I have... (0 Replies)
Discussion started by: andyh2451
0 Replies

LEARN ABOUT DEBIAN

filterctl

COURIERFILTER(8)					      Double Precision, Inc.						  COURIERFILTER(8)

NAME

       courierfilter - Courier mail filters

SYNOPSIS

       courierfilter [[start] | [stop] | [restart]]

       filterctl [[start] | [stop]] [filter]

DESCRIPTION

       The filterctl commands install or uninstall global mail filters. Global mail filters are used to selectively block unwanted mail. More than
       one mail filter can be enabled at the same time. Two filters - dupfilter(8)[1] and courierperlfilter(8)[2] - are provided as examples for
       writing mail filters.

       courierfilter start runs all mail filters that have been installed by filterctl.  courierfilter stop shuts down all running mail filters.
       After courierfilter start, any filterctl commands take effect immediately. After courierfilter stop any filterctl commands will take effect
       at the next courierfilter start.

       courierfilter restart signals the running courierfilter to reread its configuration files. This is normally done automatically, by
       filterctl.

       If any mail filter is installed, the mail filter must be running in order for any mail to be processed. Mail filters are assumed to be
       empowered to enforce system-wide mail policies, so if an installed mail filter is not running then mail will not be accepted by the system.
       Note that mail will not be rejected, if possible. Every attempt will be made to send a temporary error code to an external mail system,
       asking it to try again later.

       For this reason, you should modify your system boot script to run courierfilter start as soon as possible, and run courierfilter stop
       during the final portion of your system shutdown script. It is not necessary to run courierfilter if you do not install a mail filter with
       filterctl.

MAIL FILTER IMPLEMENTATION

       This section explains how mail filters are implemented, and how to write a new global mail filter.

       Available mail filter binaries are located in the directory /usr/lib/courier/filters. The filterctl script looks in this directory to see
       which mail filters are available to be installed. Installing a mail filter consists of simply creating a soft link from the directory
       /etc/courier/filters/active to its corresponding binary in /usr/lib/courier/filters. The courierfilter start command simply reads
       /etc/courier/filters/active and runs every program in this directory.

       The filterctl script sends a HUP signal to courierfilter after installing or uninstalling a filter.  courierfilter will reread the contents
       of /etc/courier/filters/active then start or stop individual mail filters.

       After starting, an individual mail filter must create a filesystem domain socket in one of two directories: /var/lib/courier/filters or
       /var/lib/courier/allfilters. The name of the socket should be the same as a name of the filter, and the mail filter must make sure to
       remove any socket by the same name in the other directory. For various silly reasons, the recommended implementation is to create
       /var/lib/courier/filters/.NAME or /var/lib/courier/allfilters/.NAME (after making sure that it doesn't exist) then rename .NAME to NAME.

       After initializing the socket, the mail filter must then close its file descriptor #3. File descriptor 3 is inherited by every mail filter
       that's executed by the courierfilter start command. The mail filter's file descriptor 3 is connected to the write end of a pipe, which may
       be relevant to certain ways of implementing the closing of the file descriptor, for instance in Perl where you may be forced to pseudo-open
       the descriptor (in write mode) before closing it. The courierfilter start command will not exit until every started mail filter closes its
       file descriptor 3. This allows for all mail filters to orderly initialize themselves before courierfilter start command returns.

       All mail filters also inherit a pipe on standard input, and must terminate when the pipe is closed. Mail filters must simultaneously listen
       for new connections on the mail filter socket, and for their standard input to close.

       The mail filter receives a new connection on its socket for every message that needs to be filtered. After establishing a connection, the
       mail filter will immediately read the following information from the new socket:

       A pathname to a file containing the contents of the message.

       One or more pathnames to control files for this message.

       Each pathname is terminated by a single newline character. The last pathname is followed by a second newline character. The pathnames may
       either be relative pathnames to /usr or absolute pathnames, depending on the system configuration.

       The mail filter is free to judge the message's worthiness by reading its contents and/or control file(s) as soon as a second consecutive
       newline character is received. The final verdict is rendered by writing back a result code on the same socket. The result code follows the
       same format as regular SMTP replies (even though the message may not have been received via SMTP), and can be used to communicate
       acceptance, temporary failure, or a permanent failure. If it's a failure, then the text portion of the result code will be used, if
       possible. The result code may be a multiline response, just like a regular SMTP reply. The mail filter must immediately close the
       connection after writing the result code. After closing the socket the mail filter must then proceed to wait for another connection request
       on the original listening socket.

       The mail filter can be multithreaded or multitasked, and can accept multiple connections simultaneously. When its standard input is closed
       the mail filter should stop accepting new connections and wait for any existing connections to be closed, prior to exiting.

       Global mail filters must be EXTREMELY resilient to runtime failures. Since mail will not be processed if an installed mail filter is not
       running, if a mail filter crashes it will effectively shut down the mail server. Currently courierfilter does not attempt to restart mail
       filters which crash.

MAIL FILTER INVOCATION

       The system administrator defines what mail gets filtered by editing the contents of the enablefiltering configuration file in /etc/courier.
       This configuration file contains a list of mail sources that should be filtered, like esmtp or local. See courier(8)[3] for more
       information. A default /etc/courier/enablefiltering file is installed that specifies only the esmtp mail source as subject to filtering.

       A message is not subject to filtering if its source is not listed in /etc/courier/enablefiltering. Otherwise the following rules apply.

       Certain mail destinations have the ability to selectively whitelist arbitrary messages. For example, local mail recipients have the ability
       to selectively whitelist individual messages, provided that a local mail filter (independent of any global mail filter) is installed that
       implements the maildrop filtering API[4].

       New messages are filtered by connecting to every socket in /var/lib/courier/filters and/or /var/lib/courier/allfilters, one at a time. All
       mail filters must accept the message, for it to be accepted by Courier. If a socket exists but a connection cannot be established then the
       message is not accepted, and a temporary failure indication is returned. That's why no mail will be accepted unless all installed mail
       filters are running.

       Mail recipients that did not whitelist the sender, via the maildrop API, will have their mail filtered against everything in
       /var/lib/courier/filters and /var/lib/courier/allfilters. Mail to recipients that whitelisted the sender, or mail to destinations that do
       not use a maildrop API-compatible filter, will be filtered only against the contents of /var/lib/courier/allfilters.

       This gives system administrators a choice whether to install selective, or mandatory mail filters, or a combination of both.

BUGS

       Many filesystem domain socket implementation are buggy.

       Handling of crashed mail filters could be improved.

FILES

       /usr/lib/courier/filters
	   Available mail filters.

       /etc/courier/filters
	   Miscellaneous configuration files.

       /etc/courier/filters/active
	   Installed mail filters.

       /etc/courier/enablefiltering
	   Which mail sources to filter.

       /var/lib/courier/allfilters
	   Mandatory filters.

       /var/lib/courier/filters
	   Optional filters.

SEE ALSO

       localmailfilter(7)[4], courier(8)[3], dupfilter(8)[1], courierperlfilter(8)[2].

AUTHOR

       Sam Varshavchik
	   Author

NOTES

	1. dupfilter(8)
	   [set $man.base.url.for.relative.links]/dupfilter.html

	2. courierperlfilter(8)
	   [set $man.base.url.for.relative.links]/courierperlfilter.html

	3. courier(8)
	   [set $man.base.url.for.relative.links]/courier.html

	4. maildrop filtering API
	   [set $man.base.url.for.relative.links]/localmailfilter.html

Courier Mail Server						    04/04/2011							  COURIERFILTER(8)
All times are GMT -4. The time now is 10:33 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy