Thursday, December 12, 2024
Latest:
Linux serverNETWORK ADMINISTRATIONS

e2guardian CentOS 7 com SSL MITM

Instalação e Configuração do E2Guardian no CENTOS 7

https://cuidadodigital.com.br/e2guardian-centos-7-com-ssl-mitm/

yum groupinstall ‘Development Tools’
yum install zlib-devel pcre-devel openssl-devel git vim bash-completion wget xz-devel bzip2-devel openldap-devel gd gd-devel

systemctl disable firewalld
systemctl stop firewalld

vim /etc/selinux/config
SELINUX=disabled

git clone https://github.com/e2guardian/e2guardian.git
cd e2guardian
./autogen.sh
./configure ‘–prefix=/usr’ ‘–enable-clamd=yes’ ‘–with-proxyuser=e2guardian’ ‘–with-proxygroup=e2guardian’ ‘–sysconfdir=/etc’ ‘–localstatedir=/var’ ‘–enable-icap=yes’ ‘–enable-commandline=yes’ ‘–enable-email=yes’ ‘–enable-ntlm=yes’ ‘–mandir=${prefix}/share/man’ ‘–infodir=${prefix}/share/info’ ‘–enable-pcre=yes’ ‘–enable-sslmitm=yes’ ‘CPPFLAGS=-mno-sse2 -g -O2’

make
make install

cp /usr/share/e2guardian/scripts/e2guardian.service /etc/systemd/system/
cp /usr/share/e2guardian/scripts/e2guardian /etc/logrotate.d/

touch /var/log/e2guardian/access.log
useradd e2guardian
chown -R e2guardian:e2guardian /var/log/e2guardian/

Crie o diretório /etc/e2guardian/ssl/generatedcerts:
mkdir -p /etc/e2guardian/ssl/generatedcerts
Mude o mode do diretório /etc/e2guardian/ssl/generatedcerts para 777:
chmod 777 /etc/e2guardian/ssl/generatedcerts

Crie o arquivo /etc/e2guardian/sslgen.sh e o execute:
#!/bin/bash
openssl genrsa 4096 ca.key
openssl req -new -x509 -days 3650 -key ca.key -out ca.pem
openssl x509 -in ca.pem -outform DER -out ca.der
openssl genrsa 4096 cert.key

chmod +x sslgen.sh

Copiar o CA.crt para Maquina Windows
Importar no Diretório de CA Confiáveis
cp /etc/e2guardian/ssl/ca.pem /etc/e2guardian/ssl/ca.crt

Edite os arquivos:
/etc/e2guardian/e2guardian.conf:

# Enable SSL support
# This must be present to enable MITM and/or Cert checking
# default is off
enablessl = on

#SSL man in the middle
#CA certificate path
#Path to the CA certificate to use as a signing certificate for
#generated certificates.
# default is blank – required if ssl_mitm is enabled.
cacertificatepath = ‘/etc/e2guardian/ssl/ca.pem’

#CA private key path
#path to the private key that matches the public key in the CA certificate.
# default is blank – required if ssl_mitm is enabled.
caprivatekeypath = ‘/etc/e2guardian/ssl/ca.key’

#Cert private key path
#The public / private key pair used by all generated certificates
# default is blank – required if ssl_mitm is enabled.
certprivatekeypath = ‘/etc/e2guardian/ssl/cert.key’

#Generated cert path
#The location where generated certificates will be saved for future use.
#(must be writable by the dg user)
# default is blank – required if ssl_mitm is enabled.
generatedcertpath = ‘/etc/e2guardian/ssl/generatedcerts/’

vim e2guardianf1.conf
sslmitm = on

/etc/e2guardian/lists/bannedsitelist:

#List other sites to block:
# badboys.com
xxxbucetas.net
bucetas.b-cdn.net
xvideos.blog

Habilite e inicie o serviço e2guardian.service:
systemctl enable e2guardian.service
systemctl start e2guardian.service

cd ~
wget http://www.shallalist.de/Downloads/shallalist.tar.gz
tar -xvzf shallalist.tar.gz
mv BL/ /etc/e2guardian/lists/

chown -R e2guardian:e2guardian /etc/e2guardian/lists/

SARG
wget https://sourceforge.net/projects/sarg/files/sarg/sarg-2.4.0/sarg-2.4.0.tar.gz
tar -xvzf sarg-2.4.0.tar.gz
cd sarg-2.4.0
./configure
make
make install

source

centos 7

You May Also Like

HALO 4 (2012) FULL GAME – Gameplay Movie Walkthrough【4K60ᶠᵖˢ UHD】

Alice AUSTIN

Remove Server Response Header from IIS Website!

ALTCOINS TO BUY NOW!!👑 5-10X GEMS – BEST ALTCOINS TO BUY NOW 💎 TOP ALTCOINS TO BUY NOW 2021

Leave a Reply

Your email address will not be published. Required fields are marked *