- Login to the server using Root account.
- Create a new account:
groupadd squid useradd -g squid -d /var/spool/squid -s /sbin/nologin squid - Install the following RPM files from the CentOS DVD:
rpm -ivh kernel-headers-2.6.18-194.el5.i386.rpm rpm -ivh glibc-headers-2.5-49.i386.rpm rpm -ivh glibc-devel-2.5-49.i386.rpm rpm -ivh gmp-4.1.4-10.el5.i386.rpm rpm -ivh libgomp-4.4.0-6.el5.i386.rpm rpm -ivh cpp-4.1.2-48.el5.i386.rpm rpm -ivh gcc-4.1.2-48.el5.i386.rpm rpm -ivh libstdc++-devel-4.1.2-48.el5.i386.rpm rpm -ivh gcc-c++-4.1.2-48.el5.i386.rpm - Download the latest Squid source files from: http://www.squid-cache.org/Versions/
- Copy using SCP (or PSCP), Squid source files into /tmp
- Move to /tmp
cd /tmp - Extract Squid source file:
tar zxvf squid-3.1.8.tar.gz - Move to the Squid source folder:
cd /tmp/squid-3.1.8 - Run the commands bellow to compile Squid from source files:
./configure --bindir=/usr/sbin --sbindir=/usr/sbin --libexecdir=/usr/lib/squid --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid --with-default-user=squid --sysconfdir=/etc/squid --datarootdir=/usr/share/squid --enable-http-violations make all make install - Move one folder up and remove Squid source files and default content:
cd .. rm -rf /tmp/squid-3.1.8 rm -f /tmp/squid-3.1.8.tar.gz rm -rf /usr/share/squid/man rm -f /etc/squid/cachemgr.conf.default rm -f /etc/squid/errorpage.css.default rm -f /etc/squid/mime.conf.default rm -f /etc/squid/msntauth.conf.default rm -f /etc/squid/squid.conf.default rm -f /etc/squid/squid.conf.documented - Change ownership and permissions on the log folder:
chown squid:root /var/log/squid chmod 770 /var/log/squid - Edit using VI, the file /etc/squid/squid.conf and add the following lines to the end of the file:
cache_access_log /var/log/squid/access.log cache_store_log none shutdown_lifetime 1 second icp_port 0 htcp_port 0 icp_access deny all htcp_access deny all forwarded_for off request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all visible_hostname server1 maximum_object_size 4096 KB minimum_object_size 1 KB dns_nameservers DNS_value client_lifetime 360 minutes pconn_timeout 360 minutesNote 1: Replace “server1” with the Squid server DNS name. Note 2: Replace “DNS_value” with IP addresses of DNS servers - Run the command bellow to initialize the Squid:
/usr/sbin/squid -z - In-order to manually start the Squid service, run the command bellow:
/usr/sbin/squid - In-order to start the Squid service at server startup, add the command bellow to the /etc/rc.local file:
/usr/sbin/squid - Uninstall the following RPM:
rpm -e gcc-c++-4.1.2-48.el5 rpm -e libstdc++-devel-4.1.2-48.el5 rpm -e gcc-4.1.2-48.el5 rpm -e cpp-4.1.2-48.el5 rpm -e libgomp-4.4.0-6.el5 rpm -e gmp-4.1.4-10.el5 rpm -e glibc-devel-2.5-49 rpm -e glibc-headers-2.5-49 rpm -e kernel-headers-2.6.18-194.el5
Hardening guide for Squid 3.1.8 on CentOS 5.5
·433 words·3 mins