Не стартует squidguard

0

2

Доброго времени суток. Поставил на CentOS7 связку sams2+squid3.3.8 +SquidGuard: 1.4 Berkeley DB 5.3.21. Самс и сквид работают нормально, а вот скуидГуард почему-то не отрабатывает. Посмотрел статус.

# systemctl status squidGuard.service
● squidGuard.service - Squid Internet Object Cache and squidGuard web filter
   Loaded: loaded (/usr/lib/systemd/system/squidGuard.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2017-05-24 14:06:17 MSK; 16s ago
  Process: 1803 ExecStart=/usr/bin/squidGuard-helper start (code=exited, status=6)

May 24 14:06:17 fw.domain.local systemd[1]: Starting Squid Internet Object Cache and squidGuard web filter...
May 24 14:06:17 fw.domain.local squidGuard-helper[1803]: Starting squid: [FAILED]
May 24 14:06:17 fw.domain.local systemd[1]: squidGuard.service: control process exited, code=exited status=6
May 24 14:06:17 fw.domain.local systemd[1]: Failed to start Squid Internet Object Cache and squidGuard web filter.
May 24 14:06:17 fw.domain.local systemd[1]: Unit squidGuard.service entered failed state.
May 24 14:06:17 fw.domain.local systemd[1]: squidGuard.service failed.

Из строки

Failed to start Squid Internet Object Cache and squidGuard web filter.

делаю вывод, что squidGuard-helper пытается запустить squid и squidguard. Но т.к. squid уже запущен, то он его не стартует, а следом и не стартует squidguard. Если я ошибся, то поправьте. Ниже привожу squidGuard-helper

#!/bin/bash

PATH=/usr/bin:/sbin:/bin:/usr/sbin
export PATH

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ !${NETWORKING} = "yes" ] && exit 0

# check if the squid-squidGuard.conf file is present
[ -f /etc/squid/squid-squidGuard.conf ] || exit 0

if [ -f /etc/sysconfig/squid ]; then
  . /etc/sysconfig/squid
fi

# don't raise an error if the config file is incomplete
# set defaults instead:
SQUID_OPTS=${SQUID_OPTS:-"-D"}
SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20}
SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100}

# determine the name of the squid binary
[ -f /usr/sbin/squid ] && SQUID=squid
[ -z "$SQUID" ] && exit 0

prog="$SQUID"

# determine which one is the cache_swap directory
CACHE_SWAP=`sed -e 's/#.*//g' /etc/squid/squid-squidGuard.conf | \
        grep cache_dir |  awk '{ print $3 }'`
[ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/spool/squid

RETVAL=0

start() {
    for adir in $CACHE_SWAP; do
        if [ ! -d $adir/00 ]; then
             echo -n "init_cache_dir $adir... "
             $SQUID -f /etc/squid/squid-squidGuard.conf -z -F -D 2>/dev/null
        fi
    done
    echo -n $"Starting1 $prog: "
    $SQUID $SQUID_OPTS -f /etc/squid/squid-squidGuard.conf 2> /dev/null
###   $SQUID_OPTS -f /etc/squid/squid-squidGuard.conf 2> /dev/null
   RETVAL=$?
    if [ $RETVAL -eq 0 ]; then
       timeout=0;
       while : ; do
          [ ! -f /var/run/squid.pid ] || break
          if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then
             RETVAL=1
             break
          fi
          sleep 1 && echo -n "."
          timeout=$((timeout+1))
       done
    fi
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$SQUID
    [ $RETVAL -eq 0 ] && echo_success
    [ $RETVAL -ne 0 ] && echo_failure
    echo
    return $RETVAL
}

stop() {
    echo -n  $"Stopping $prog: "
    $SQUID -k check -f /etc/squid/squid-squidGuard.conf >/dev/null 2>&1
    RETVAL=$?
    if [ $RETVAL -eq 0 ] ; then
        $SQUID -k shutdown -f /etc/squid/squid-squidGuard.conf &
        rm -f /var/lock/subsys/$SQUID
        timeout=0
        while : ; do
                [ -f /var/run/squid.pid ] || break
                if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then
                    echo
                    return 1
                fi
                sleep 2 && echo -n "."
                timeout=$((timeout+2))
        done
        echo_success
        echo
    else
        echo_failure
        echo
    fi
    return $RETVAL
}

reload() {
    $SQUID $SQUID_OPTS -k reconfigure -f /etc/squid/squid-squidGuard.conf
}

restart() {
    stop
    start
}

condrestart() {
    [ -e /var/lock/subsys/squid ] && restart || :
}

rhstatus() {
    status $SQUID
    $SQUID -k check -f /etc/squid/squid-squidGuard.conf
}

probe() {
    return 0
}

case "$1" in
start)
    start
    ;;

stop)
    stop
    ;;

#reload)
#    reload
#    ;;
#
#restart)
#    restart
#    ;;
#
#condrestart)
#    condrestart
#    ;;
#
#status)
#    rhstatus
#    ;;
#
#probe)
#    exit 0
#    ;;

*)
#    echo $"Usage: $0 {start|stop|status|reload|restart|condrestart}"
    exit 1
esac

exit $?

Где, что поправить, что бы заработало. Заранее всем спасибо.

Ссылка

←	Порядок сортировки локали

Доступ к заблокированному сайту

→

А разве squid не должен сам стартовать редиректоры, без отдельного сервиса?

Pinkbyte ★★★★★
(24.05.17 14:30:01 MSK)

Ответ на: комментарий от Pinkbyte 24.05.17 14:30:01 MSK

Он сам и стартует.

sasha198407 ★
(24.05.17 14:37:21 MSK) автор топика

Ответ на: комментарий от sasha198407 24.05.17 14:37:21 MSK

окей, а что у него в логах? в /var/log/squidGuard что-нибудь пишется? Конфиг squidGuard-а какой?

Pinkbyte ★★★★★
(24.05.17 15:22:48 MSK)

Ответ на: комментарий от Pinkbyte 24.05.17 15:22:48 MSK

squidGuard.conf

#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /usr/local/squidGuard/db/blacklists
logdir /var/log/squidGuard

dest porn {
        domainlist porn/domains
        urllist porn/urls
        }

acl {
        default {
                pass !porn all
                redirect http://192.168.0.1/block.html
        }
 }

Хм, а /var/log/squidGuard/squidGuard.log почему-то пустой

sasha198407 ★
(24.05.17 16:20:22 MSK) автор топика

Ответ на: комментарий от sasha198407 24.05.17 16:20:22 MSK

cat /var/log/squid/access.log

1495470303.549      0 104.152.52.65 NONE/400 3483 OPTIONS /RTSP/1.0 - HIER_NONE/- text/html
1495470319.470      0 104.152.52.65 NONE/400 3979 NONE error:invalid-request - HIER_NONE/- text/html
1495470319.796      0 104.152.52.65 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495474016.850      0 104.152.52.58 NONE/400 3465 GET / - HIER_NONE/- text/html
1495474017.250      0 104.152.52.58 NONE/400 3465 OPTIONS / - HIER_NONE/- text/html
1495474022.793      0 104.152.52.58 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495474028.295      0 104.152.52.58 NONE/400 3483 OPTIONS /RTSP/1.0 - HIER_NONE/- text/html
1495474044.206      0 104.152.52.58 NONE/400 3979 NONE error:invalid-request - HIER_NONE/- text/html
1495474044.537      0 104.152.52.58 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495477780.265      0 104.152.52.61 NONE/400 3465 GET / - HIER_NONE/- text/html
1495477780.633      0 104.152.52.61 NONE/400 3465 OPTIONS / - HIER_NONE/- text/html
1495477786.163      0 104.152.52.61 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495477791.650      0 104.152.52.61 NONE/400 3483 OPTIONS /RTSP/1.0 - HIER_NONE/- text/html
1495477807.503      0 104.152.52.61 NONE/400 3979 NONE error:invalid-request - HIER_NONE/- text/html
1495477807.820      0 104.152.52.61 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495480128.320      0 173.244.48.93 NONE/400 3465 GET / - HIER_NONE/- text/html
1495482802.828      0 104.152.52.56 NONE/400 3465 GET / - HIER_NONE/- text/html
1495482803.202      0 104.152.52.56 NONE/400 3465 OPTIONS / - HIER_NONE/- text/html
1495482808.737      0 104.152.52.56 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495482814.227      0 104.152.52.56 NONE/400 3483 OPTIONS /RTSP/1.0 - HIER_NONE/- text/html
1495482830.163      0 104.152.52.56 NONE/400 3979 NONE error:invalid-request - HIER_NONE/- text/html
1495482830.500      0 104.152.52.56 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495484672.769      0 104.152.52.65 NONE/400 3465 GET / - HIER_NONE/- text/html
1495484673.182      0 104.152.52.65 NONE/400 3465 OPTIONS / - HIER_NONE/- text/html
1495484678.788      0 104.152.52.65 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495484684.283      0 104.152.52.65 NONE/400 3483 OPTIONS /RTSP/1.0 - HIER_NONE/- text/html
1495484700.232      0 104.152.52.65 NONE/400 3979 NONE error:invalid-request - HIER_NONE/- text/html
1495484700.560      0 104.152.52.65 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495488802.129      0 104.152.52.56 NONE/400 3465 GET / - HIER_NONE/- text/html
1495488802.505      0 104.152.52.56 NONE/400 3465 OPTIONS / - HIER_NONE/- text/html
1495488808.115      0 104.152.52.56 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495488813.616      0 104.152.52.56 NONE/400 3483 OPTIONS /RTSP/1.0 - HIER_NONE/- text/html
1495488829.565      0 104.152.52.56 NONE/400 3979 NONE error:invalid-request - HIER_NONE/- text/html
1495488829.901      0 104.152.52.56 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495492533.949      0 104.152.52.60 NONE/400 3465 GET / - HIER_NONE/- text/html
1495492534.314      0 104.152.52.60 NONE/400 3465 OPTIONS / - HIER_NONE/- text/html
1495492539.871      0 104.152.52.60 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495492545.371      0 104.152.52.60 NONE/400 3483 OPTIONS /RTSP/1.0 - HIER_NONE/- text/html
1495492561.276      0 104.152.52.60 NONE/400 3979 NONE error:invalid-request - HIER_NONE/- text/html
1495492561.604      0 104.152.52.60 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495496025.946      0 104.152.52.55 NONE/400 3465 GET / - HIER_NONE/- text/html
1495496026.339      0 104.152.52.55 NONE/400 3465 OPTIONS / - HIER_NONE/- text/html
1495496031.976      0 104.152.52.55 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495496037.471      0 104.152.52.55 NONE/400 3483 OPTIONS /RTSP/1.0 - HIER_NONE/- text/html
1495496053.430      0 104.152.52.55 NONE/400 3979 NONE error:invalid-request - HIER_NONE/- text/html
1495496053.759      0 104.152.52.55 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495499136.477      0 104.152.52.65 NONE/400 3465 GET / - HIER_NONE/- text/html
1495499136.844      0 104.152.52.65 NONE/400 3465 OPTIONS / - HIER_NONE/- text/html
1495499142.445      0 104.152.52.65 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495499147.938      0 104.152.52.65 NONE/400 3483 OPTIONS /RTSP/1.0 - HIER_NONE/- text/html
1495499163.858      0 104.152.52.65 NONE/400 3979 NONE error:invalid-request - HIER_NONE/- text/html
1495499164.193      0 104.152.52.65 NONE/400 3985 NONE error:invalid-request - HIER_NONE/- text/html
1495502727.726      0 204.93.180.6 NONE/400 3464 GET / - HIER_NONE/- text/html
1495502728.120      0 204.93.180.6 NONE/400 3464 OPTIONS / - HIER_NONE/- text/html
1495502733.694      0 204.93.180.6 NONE/400 3984 NONE error:invalid-request - HIER_NONE/- text/html
1495502739.194      0 204.93.180.6 NONE/400 3482 OPTIONS /RTSP/1.0 - HIER_NONE/- text/html
1495502755.092      0 204.93.180.6 NONE/400 3978 NONE error:invalid-request - HIER_NONE/- text/html
1495502755.425      0 204.93.180.6 NONE/400 3984 NONE error:invalid-request - HIER_NONE/- text/html
1495512841.715      0 139.162.150.126 NONE/400 3467 GET / - HIER_NONE/- text/html
1495514507.145      0 91.196.50.33 TCP_DENIED/407 3889 GET http://testp3.pospr.waw.pl/testproxy.php - HIER_NONE/- text/html
1495585587.543      0 91.236.75.4 TCP_DENIED/407 3750 GET http://www.google.com/ - HIER_NONE/- text/html

cat /var/log/squid/access.log

2017/05/24 08:40:40 kid1| Closing HTTP port [::]:3128
2017/05/24 08:40:40 kid1| Shutdown: NTLM authentication.
2017/05/24 08:40:40 kid1| Shutdown: Negotiate authentication.
2017/05/24 08:40:40 kid1| Shutdown: Digest authentication.
2017/05/24 08:40:40 kid1| Shutdown: Basic authentication.
2017/05/24 08:41:18 kid1| Starting Squid Cache version 3.3.8 for x86_64-redhat-linux-gnu...
2017/05/24 08:41:18 kid1| Process ID 1369
2017/05/24 08:41:18 kid1| Process Roles: worker
2017/05/24 08:41:18 kid1| With 16384 file descriptors available
2017/05/24 08:41:18 kid1| Initializing IP Cache...
2017/05/24 08:41:18 kid1| DNS Socket created at [::], FD 8
2017/05/24 08:41:18 kid1| DNS Socket created at 0.0.0.0, FD 9
2017/05/24 08:41:18 kid1| Adding domain domain.local from /etc/resolv.conf
2017/05/24 08:41:18 kid1| Adding nameserver 192.168.0.2 from /etc/resolv.conf
2017/05/24 08:41:18 kid1| Adding nameserver 192.168.0.3 from /etc/resolv.conf
2017/05/24 08:41:18 kid1| helperOpenServers: Starting 0/5 'sams2redir' processes
2017/05/24 08:41:18 kid1| helperOpenServers: No 'sams2redir' processes needed.
2017/05/24 08:41:18 kid1| helperOpenServers: Starting 0/10 'ntlm_auth' processes
2017/05/24 08:41:18 kid1| helperStatefulOpenServers: No 'ntlm_auth' processes needed.
2017/05/24 08:41:19 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2017/05/24 08:41:19 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2017/05/24 08:41:19 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2017/05/24 08:41:19 kid1| Store logging disabled
2017/05/24 08:41:19 kid1| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2017/05/24 08:41:19 kid1| Target number of buckets: 1008
2017/05/24 08:41:19 kid1| Using 8192 Store buckets
2017/05/24 08:41:19 kid1| Max Mem  size: 262144 KB
2017/05/24 08:41:19 kid1| Max Swap size: 0 KB
2017/05/24 08:41:19 kid1| Using Least Load store dir selection
2017/05/24 08:41:19 kid1| Set Current Directory to /var/spool/squid
2017/05/24 08:41:19 kid1| Loaded Icons.
2017/05/24 08:41:19 kid1| HTCP Disabled.
2017/05/24 08:41:19 kid1| Squid plugin modules loaded: 0
2017/05/24 08:41:19 kid1| Adaptation support is off.
2017/05/24 08:41:19 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 12 flags=9
2017/05/24 08:41:20 kid1| storeLateRelease: released 0 objects

sasha198407 ★
(24.05.17 16:30:12 MSK) автор топика

Ссылка

Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.

←	Порядок сортировки локали

Admin

Доступ к заблокированному сайту

→

Похожие темы