企业解决方案实践squid+squidGuard+sarg+clamav+mrtg

seewo

前不久为公司做了一个Squid Proxy Server测试，达到以下要求，供大家参考
１：ＮＴ４．０域用户认证,  只部分用户上internet网, 全部用户能上公司intranet.
２：网站过滤
３：on-access 防病毒, 病毒库升级速度快.
４：上网记录分析. 可以为经理级人员提供相关员工上网记录分析. 需密码验证.
５：mrtg流量分析

因为以下英文较简单，就没必要转成中文了
硬件配置
找了ＤＥＬＬ台式机ＧＸ２７０，内存增至1GRAM,　一张网卡，放在公司firewall后边，default gateway设成firewall address
Redhat Linux 9.0 Installation
１：Insert the boot diskette into CD drive and reboot, Your BIOS settings may need to be changed to allow you to boot from the diskette or CD-ROM. After a short delay, a screen containing the boot: prompt should appear. Press ENTER continuous, Click Skip when prompt you to test the CD media.
２：Using your mouse select the relative option refer to the following for the installation:
Language Selection: English (English)
Keyboard Configuration: U.S. English
Mouse Configuration: PS/2
Installation Type: Server
Disk Partitioning Setup: Manually Partition with Disk Druid.
File System (ext3)        Size        Description
/boot        　　　　　150MB       
<swap>;        　　　　　2048MB       
/        　　　　　5000MB       
/var        　Remained space         　For proxy log
/cache1        　　　　　10000MB        　For proxy cache
/cache2        　　　　　10000MB        　For proxy cache

3:Boot Loader Configuration:
Network Configuration:
                        Eth0
IP address        10.160.1.114
submask                        255.255.252.0
Gateway                        10.160.1.10
Primary DNS         10.160.1.1
                        10.160.1.3
Firewall Configuration: No Firewall
Additional language support: English (USA)
Time Zone Selection: Asia/ShangHai
Set Root Password: xxxxxxxx
Package Group Selection (included the following only):
        Applications:         Editors: Vim-enhanced only
                        Text-base Internet: Add Lynx
        Servers:        Server configuration tools: Default
                        Web Server: move squid only
        Network Servers: Telnet-server only
Development tools: Default
Proceed with Install
Do not create boot disk
Install will complete and system will reboot.

seewo

Logon as root,add user: support,squid
#useradd -c "Remote support User" support
#passwd support
#useradd -g squid -s /bin/false -c "For Squid Only" squid
#chown –R squid.squid /cache1
#chown –R squid.squid /cache2
#chmod 770 /cache1
#chmod 770 /cache2
#mkdir /etc/squid
#vi /etc/rc.d/rc.local add: 因为公司DHCP的默认网关不是默认gateway,而是另外一台路由器,故在此增加本地路由
echo "" >;/etc/issue
echo "" >;/etc/issue.net
/sbin/hdparm -c 1 /dev/hda
touch /var/lock/subsys/local
/sbin/ip route add 10.0.0.0/8 via 10.160.1.21
/sbin/ip route add 172.160.0.0/12 via 10.160.1.21
/sbin/ip route add 192.168.0.0/16 via 10.160.48.21
#vi /etc/hosts add:在些增加内部某些主机的ＩＰ映射, 如下要用到的域名服务器, 可以多域.
Compile and Install Squid-2.5.STABLE7
Download squid2.5Stable7 and save it to /usr/local/src after connect internet:
#wget http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE7.tar.gz
#tar zxvf squid-2.5STABLE7.tar.gz
#./configure  --prefix=/usr/local/squid --sysconfdir=/etc/squid --enable-auth=ntlm --enable-ntlm-auth-helpers=SMB --disable-internal-dns --enable-storeio=aufs,ufs --with-aufs-threads=32 --enable-cache-digests --enable-underscores  --enable-removal-policies
#make
#make install
#make clean
#strip /usr/local/squid/sbin/squid
#strip /usr/local/squid/bin/squidclient
#strip /usr/local/squid/libexec/dnsserver
#strip /usr/local/squid/libexec/unlinkd
#strip /usr/local/squid/libexec/cachemgr.cgi

Delete Squid-2.5.STABLE7 folder and Squid-2.5.STABLE7.tar.gz
#mkdir /var/log/squid
#chown -R squid.squid /var/log/squid

Move the cache manager program to /var/www/cgi-bin/
#mv /usr/lib/squid/cachemgr.cgi /var/www/cgi-bin/cachemgr.cgi

Start the http and squid proxy server automatically during boot
#cp /usr/local/squid/sbin/squid /etc/init.d/squid
#ln –s /etc/rc.d/init.d/http /etc/rc3.d/S86httpd
#ln –s /etc/rc.d/init.d/squid /etc/rc3.d/S876squid

Modify /etc/httpd/conf/httpd.conf please refer to Appendix I;
Modify /etc/squid/squid.conf file please refer to Appendix II;
Create wpad.dat on /var/www/html Please refer to Appendix III.

Create swap space
#/etc/init.d/squid –z
Reboot

Appendix I:
/etc/httpd/conf/httpd.conf
Listen 10.160.1.114:8000
ServerAdmin Seewo@msn.com
ServerName ServerName:8000
AddType application/x-ns-proxy-autoconfig .dat
DocumentRoot /var/www/html
AccessFileName .htaccess
AllowOverride All

Appendix II:
/etc/squid/squid.conf
# NETWORK OPTIONS
http_port 10.160.1.114:80
http_port 10.160.1.114:8080
icp_port 0

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl localserver dst 10.160.1.0/255.255.252.0
no_cache deny localserver

# OPTIONS WHICH AFFECT THE CACHE SIZE
cache_mem 256MB
cache_swap_low 93
cache_swap_high 95
maximum_object_size 20480 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LRU

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
cache_dir aufs /cache1 10000 16 123
cache_dir aufs /cache2 10000 16 123
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
log_ip_on_direct off

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
ftp_user Squid@yahoo.com
ftp_list_width 64
cache_dns_program /usr/local/squid/libexec/dnsserver
dns_children 10
dns_nameservers 10.160.1.1 10.160.1.3
redirect_program /usr/local/squidguard/bin/squidGuard -c /etc/squid/squidGuard.conf
redirect_children 5
redirect_rewrites_host_header on
acl Intranet dst 10.0.0.0/8 172.160.0.0/12 192.168.0.0/16 redirector_access allow !Intranet
auth_param ntlm program /usr/local/squid/libexec/ntlm_auth 域名/服务器名　(可以有多个, 服务器最好在/etc/hosts 里加IP映射)
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 120 seconds
auth_param ntlm use_ntlm_negotiate off

# OPTIONS FOR TUNING THE CACHE
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

# TIMEOUTS
client_lifetime 120 minutes

# ACCESS CONTROLS
acl AuthorizedUsers proxy_auth REQUIRED
acl deny_users proxy_auth -i "/etc/squid/deny_users"
acl fileupload req_mime_type -i ^multipart/form-data$
acl javascript rep_mime_type -i ^application/x-javascript$
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl anth_clients src 10.160.1.0/255.255.252.0
acl to_localhost dst 127.0.0.0/8
acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563 8000 8080 8888
acl Safe_ports port 80                # http
acl Safe_ports port 21                # ftp
acl Safe_ports port 443 563        # https, snews
acl Safe_ports port 70                # gopher
acl Safe_ports port 210                # wais
acl Safe_ports port 1025-65535        # unregistered ports
acl Safe_ports port 280                # http-mgmt
acl Safe_ports port 488                # gss-http
acl Safe_ports port 591                # filemaker
acl Safe_ports port 777                # multiling http
acl CONNECT method CONNECT

http_access allow manager anth_clients
http_access deny manager all
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl msnmessenger url_regex -i gateway.dll
acl deny_sites url_regex -i "/etc/squid/deny_sites"
acl OnlyIpOne max_user_ip 1
http_access allow anth_clients Intranet
http_access deny msnmessenger
http_access deny deny_sites
http_access deny deny_users
http_access deny OnlyIpOne
http_access allow AuthorizedUsers
http_access deny all
http_reply_access allow all
icp_access allow all

# ADMINISTRATIVE PARAMETERS
cache_mgr admin
cache_effective_user squid
cache_effective_group squid
visible_hostname ServerName

# HTTPD-ACCELERATOR OPTIONS
httpd_accel_host 10.160.6.133 公司另外一台ＷＥＢ服务器
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_with_proxy on
httpd_accel_uses_host_header off
forwarded_for off
cachemgr_passwd zxxxxx all
buffered_logs on

# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
coredump_dir /usr/local/squid/var/cache
digest_generation on
digest_rebuild_period 1 hour
digest_rewrite_period 1 hour
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10

Appendix III:
/var/www/html/wpad.dat
function FindProxyForURL(url, host)
{
        if (isPlainHostName(host))
                return "DIRECT";
        else
                return "ROXY 10.160.1.114:8080";
}

seewo

SquidGuard 1.2.0 compiling and installation procedure

Get the following file and save it to /usr/local/src
#wget http://ftp.teledanmark.no/pub/db/db-2.7.7.tar.gz
#wget http://ftp.teledanmark.no/pub/www/proxy/squidGuard/squidGuard-1.2.0.tar.gz

Build and install BerkeleyDB
#tar zxvf db-2.2.7.tar.gz
#cd db-2.2.7
#cd build_unix
#../dist/configure
#make
#make install

Build and Intall SquidGuard
#tar zxvf squidGuard-1.2.0.tar.gz
#cd squidGuard-1.2.0
# export LIBS="-lpthread"
#./configure --prefix=/usr/local/squidguard --datadir=/usr/share --sysconfdir=/etc/squid
    --localstatedir=/var --infodir=/usr/share/info --mandir=/usr/share/man
    --with-sg-config=/etc/squid/squidguard.conf --with-sg-logdir=/var/log/squidguard
    --with-sg-dbhome=/usr/local/squidguard/db --with-db=/usr/local/BerkeleyDB
#make
#make install

Create the log directories and files
#mkdir /var/log/squidguard
#touch /var/log/squidguard/squidguard.log
#touch /var/log/squidguard/ads.log
#touch /var/log/squidguard/stopped.log
#chown –R squid.squid /var/log/squidguard

Set up the page to redirect users to when they're blocked:
Download a modified squidGuard.cgi file and save it to /var/www/html/cgi-bin/
#wget http://www.maynidea.com/squidguard/squidGuard.cgi
Download an “invisible” gif file and save it to /var/www/html/images/
#wget http://www.maynidea.com/squidguard/1x1.gif

Add the following lines in /etc/squid/squid.conf
redirect_program /usr/local/squid/bin/squidGuard -c /etc/squid/squidGuard.conf
redirect_children 5

Download the newest blacklists and save it to /usr/local/squidguard/db
#wget http://ftp.teledanmark.no/pub/www/proxy/squidguard/contrib/blacklists.tar.gz
#tar zxvf blacklists.tar.gz
#rm blacklists.tar.gz

Modify /etc/squid/squidGuard.conf file please refer to Appendix I;


Clam AntiVirus compiling and installation  procedure

Download the following file and save it to /usr/local/src
#wget http://jaist.dl.sourceforge.net/sourceforge/clamav/clamav-0.80.tar.gz
#wget http://dazuko.org/files/dazuko-2.0.4.tar.gz
#tar xvzf clamav-0.80.tar.gz
#/usr/sbin/groupadd clamav
#/usr/sbin/useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
#cd clamav-0.80
#./configure
#make && make install

Setting up auto-updating
#touch /var/log/clam-update.log
#chmod 600 /var/log/clam-update.log
#chown clamav /var/log/clam-update.log

Edit the configuration file in /usr/local/etc/freshclam.conf:
UpdateLogFile /var/log/clam-update.log

Add the closest mirrors database into /usr/local/etc/freshclam.conf server freshclam will attempt to download the newest virus database from.
DatabaseMirror clamav.ialfa.net
DatabaseMirror clamavdb.hostlink.com.hk
DatabaseMirror database.clamav.net

Enable On-access scanning
Copy kernel-source-2.4.20-8.i386.rpm from second disk to /usr/local/src
#rpm –ivh kernel-source-2.4.20-8.i386.rpm
#tar –xzvf dazuko-2.0.4.tar.gz
#./configure
#make
#/sbin/insmod dazuko.o
#mknod -m 600 /dev/dazuko c 254 0
#chown root:root /dev/dazuko

Protect a whole system, add the following lines to /usr/local/etc/clamd.conf
ClamukoScanOnAccess
ClamukoIncludePath /
ClamukoIncludePath /var
ClamukoIncludePath /cache1
ClamukoIncludePath /cache2
ClamukoExcludePath /proc
Add the following line to the crontab of the root users:
35 * * * * /usr/local/bin/freshclam --quiet

Squid Analysis Report Generator

Download the following file and save it to /usr/local/src
#wget http://jaist.dl.sourceforge.net/sourceforge/sarg/sarg-2.0.2.tar.gz
#tar –xzvf sarg-2.0.2.tar.gz
#cd sarg-2.0.2
#mkdir /var/www/html/sarg
#./configure --enable-sysconfdir=/etc/squid  --enable-html=/var/www/html/sarg
#wget http://sarg.sourceforge.net/sarg-2.0.2-version.patch.gz
#make
#gzip -d sarg-2.0.2-version.patch.gz
#patch -p0<sarg-2.0.2-version.patch
#make install
#export LC_ALL=C

Create sarg.daily sard.weekly sarg.monthly in /usr/sbin, Please refer to Appendix II;
#chmod 755 /usr/sbin/sarg.*

Create password file for allow user authentication in User Reports using .htaccess
        #/usr/bin/htpasswd -c /usr/local/sarg/passwd admin
        #chmod 644 /usr/local/sarg/passwd       
Install change passwd tools for User need to access User Reports
#http://jaist.dl.sourceforge.net/sourceforge/orsochpasswd/chpasswd-2.2.2.tar.gz
#tar zxvf chpasswd-2.2.2.tar.gz
#cd chpasswd-2.2.2
#./configure --enable-cgidir=/var/www/cgi-bin
#make && make install
#vi /usr/local/etc/chpasswd/chpasswd.conf
password_file /usr/local/sarg/passwd
header "Change Your Proxy Server User Access Reports Account Password"
minimum_length 7
enable_log /usr/local/etc/chpasswd/chpasswd.log
#chown apache.apache /usr/local/sarg/passwd
#touch /var/www/html/sarg/.htaccess
#vi /var/www/html/sarg/.htaccess
AuthUserFile /usr/local/sarg/passwd
AuthName "SARG, Restricted Access"
AuthType Basic
Require user admin       

Create Script file to generate user reports
#mkdir /var/www/html/sarg/daily
#mkdir /var/www/html/sarg/weekly
#mkdir /var/www/html/sarg/monthly


Add the following line using crontab -e
05 0 * * * root /usr/sbin/sarg.daily
15 0 * * 1 root /usr/sbin/sarg.weekly
30 1 1 * * root /usr/sbin/sarg.monthly

Modify /etc/sarg/sarg.conf file please refer to Appendix III;

MRTG-2.10.15 compiling and installation procedure

SNMP configure
Insert the second disk and install net-snmp
#mount /dev/cdrom
#cd /mnt/cdrom/RedHat/RPMS/
#rpm –ivh net-snmp-*
#vi /etc/snmp/snmpd.conf
view mib2 included.iso.org.dod.internet.mgmt.mib-2 fc
change access notConfigGroup “” any noauth exact systemview none none
to access notConfigGroup “” any noauth exact mib2 none none
#ln –s /etc/rc.d/init.d/snmpd /etc/rc3.d/S88snmpd

Download the following file and save it to /usr/local/src
#wget http://people.ee.ethz.ch/~oetiker/webtools/mrtg/pub/mrtg-2.11.0.tar.gz
#tar xvzf mrtg-2.11.0.tar.gz
#mkdir /var/mrtg-2
# ./configure --prefix=/var/mrtg-2
--with-gd=/usr/include
--with-gd-lib=/usr/lib
--with-gd-inc=/usr/include
--with-png=/usr/include
--with-zlib=/usr/include
#make
#make install
#mkdir –p /var/www/html/mrtg/images
#cp images/*.* /var/www/html/mrtg/images/
#cd /usr/local/mrtg-2/bin
#/usr/local/mrtg-2/bin/cfgmaker --output=/usr/local/mrtg-2/bin/mrtg.cfg public@localhost
#vi /usr/local/mrtg-2/bin/mrtg.cfg
WorkDir: /var/www/html/mrtg
#/usr/local/mrtg-2/bin/indexmaker --output=/var/www/html/mrtg/index.html /usr/local/mrtg-2/bin/mrtg.cfg
Run the following command three times:
# env LANG=C /usr/local/mrtg-2/bin/mrtg /usr/local/mrtg-2/bin/mrtg.cfg

Add the following line using crontab –e:
*/5 * * * *  env LANG=C /usr/local/mrtg-2/bin/mrtg /usr/local/mrtg-2/bin/mrtg.cfg

Appendix I:
/etc/squid/squidGuard.conf
dbhome /usr/local/squidguard/db/blacklists
logdir /var/log/squidguard

# DESTINATION CLASSES:
destination bl_ads {
  domainlist ads/domains
  urllist    ads/urls
  redirect http://10.160.1.114:8000/images/1x1.gif
  log ads.log
}

destination bl_aggressive {
  domainlist     aggressive/domains
  urllist        aggressive/urls
  redirect http://10.160.1.114:8000/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
  log stopped.log
}

destination bl_drugs {
  domainlist     drugs/domains
  urllist        drugs/urls
  redirect http://10.160.1.114:8000/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
  log stopped.log
}

destination bl_gambling {
  domainlist     gambling/domains
  urllist        gambling/urls
  redirect http://10.160.1.114:8000/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
  log stopped.log
}

destination bl_hacking {
  domainlist     hacking/domains
  urllist        hacking/urls
  log stopped.log
  redirect http://10.160.1.114:8000/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}

destination bl_porn {
  domainlist     porn/domains
  urllist        porn/urls
  expressionlist porn/expressions
  redirect http://10.160.1.114:8000/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
  log stopped.log
}

destination bl_violence {
  domainlist     violence/domains
  urllist        violence/urls
  redirect http://10.160.1.114:8000/cgi-bin/squidGuard.cgi?clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
  log stopped.log
}

acl {
   default {
pass !bl_ads !bl_aggressive !bl_drugs !bl_gambling !bl_hacking !bl_porn !bl_violence all
        }
}

Appendix II:
/usr/sbin/sarg.daily
#!/bin/bash
#Get yesterday date
YESTERDAY=$(date --date "1 day ago" +%d/%m/%Y)
export LC_ALL=C
/usr/sbin/sarg -o /var/www/html/sarg/daily –f /usr/local/sarg/sarg.conf –l /var/log/squid/access.log -d $YESTERDAY >; /dev/null 2>;&1
exit 0

/usr/sbin/sarg.weekly
#!/bin/bash
#Generate Access.log for correct weekly reports
cat /var/log/squid/access.log.0 /var/log/squid/access.log >; /var/log/squid/access.log.week
#Get yesterday date
YESTERDAY=$(date --date "1 days ago" +%d/%m/%Y)
#Get one week ago date
WEEKAGO=$(date --date "7 days ago" +%d/%m/%Y)
export LC_ALL=C
/usr/sbin/sarg -l /var/log/squid/access.log.week -o /var/www/html/sarg/weekly –f /usr/local/sarg/sarg.conf -d $WEEKAGO-$YESTERDAY >; /dev/null 2>;&1
exit 0

/usr/sbin/sarg.monthly
#!/bin/bash
#Get yesterday date
YESTERDAY=$(date --date "1 day ago" +%d/%m/%Y)
#Get 1 month ago date
MONTHAGO=$(date --date "1 month ago" +%d/%m/%Y)
export LC_ALL=C
/usr/sbin/sarg –l /var/log/squid/access.log -o /var/www/html/sarg/monthly –f /usr/local/sarg/sarg.conf -d $MONTHAGO-$YESTERDAY >; /dev/null 2>;&1
/etc/rc.d/init.d/squid -k rotate
exit 0

Appendix III:
/usr/local/sarg/sarg.conf
title "Company Name. Proxy Server User Access Reports"
temporary_dir /tmp
records_without_userid ignore
use_comma yes
topsites_num 100
max_elapsed 28800000
report_type topsites users_sites date_time denied auth_failures site_user_time_date
topuser_num 0
displayed_values abbreviation
authfail_report_limit 50
denied_report_limit 50
#siteusers_report_limit 0
squidguard_report_limit 50
user_report_limit 50
download_suffix "zip,arj,iso,cab,com,mdb,exe,mp3,avi,mpg,mpeg,ZIP,RAR,EXE,ARJ,CAB,MDB,MP3,AVI,MPG,MPEG"

ae66

中文的可理解性要强一点！还是看中文更有帮助！

段誉

加精了，再接再励！谢谢楼主。

wxijin

不错

qinzhen

seewo

谢谢这么好的贴子

不过有几个问题还要请教   

1.能不能把squid 防病毒的部分再详细说明一下?我非常感兴趣。
如何作On-access scanning?
是用 dazuko作On-access scanning吗 ？
是clamd.conf中的 ClamukoScanOnAccess起作用吗？
另外Clamuko是否大量消耗系统资源，容易导致
It is very likely it will hang up your system.


kernel-source-2.4.20-8.i386.rpm 是不是只是更新内核？


另外我个人认为在Firewall前加Anti-Virus Walll可能会效果更好，
不过Anti-Virus Walll不是中小企业所能承担的



2.关于认证部分 既然使用NTLM,为什么又要使用password file,那用户管理是不是很麻烦？

3.关于流量监控
squid 好像并没有用snmp编译，mrtg如何得到流量的数据？

如果方便的话，请告知联系方法，可以互相交流

MSN:qinzhen0721@hotmail.com

seewo

感谢楼上各位的关注, 本人参考本论坛很多有价值的文章才促成此文.  在些先谢谢各位啦.  以上各步已经经过实践,  希望能抛砖引玉,吸引更多人关注, 最后形成一个完善的企业解决方案,

经过二三个月的实践证明, Cllamuko 并不占用很多系统资源,  现在小范围在试用(20个用户吧, 过年后可能在公司全球范围内使用这个解决方案了)

Dazuko: 它的简介里说是 An Open Solution to Facilitate "On-Access " scanning.  它本身不做杀毒, 它只是为一些第三方的应用软件(如:杀毒引擎clamAV )提供一个简单界面去控制文件的访问. 你可以访问 http://www.dazuko.org/ 得到更多资讯.

至于kernel-source-2.4.20-8.i386.rpm 因为安装需要内核源, 这只是内核源.
因公司内部客户端都装有Mcafee Viruscan Enterprise 7.1.0 , 故在代理服务器端只要对内存及cache提供保护就可以了, 从实际情况来看, 病毒库升级也很快


认证部分 NTLM用来做用户上网时用户认证;而使用password file,是提供部门经理权限去访问 用户上网记录的,  这些用户不多.  
Allow User authentication to access Proxy Server User Access Reports  http://10.160.1.114:8000/sarg
Change User Password for Access Proxy Server User at:
http://10.160.1.114:8000/cgi-bin/chpasswd.cgi
Monitor Squid Object Cache via Web interface:
http://10.160.1.114:8000/cgi-bin/cachemgr.cgi

关于流量监控
Linux 默认安装了snmp 在第二部分你应该看到SNMP配置的一些细节.

我的联系方式其实在配置文件里有:
MSN: seewo@msn.com
[url][/url]

zdl333

好文章！