Setup Your Secure Web Gateway on your preferred Linux distribution

Setup Your Secure Web Gateway on your preferred Linux distribution

Overview

SafeSquid Appliance Builder (SAB) is an optimized version of Ubuntu Linux, optimized for easy setup of your secure web gateway. The SAB installs the Ubuntu Linux operating system, downloads and deploys the SafeSquid for Linux installation package, and the necessary dependencies. SafeSquid can also be installed on any other Linux operating system like Red-Hat, SuSe, CentOS, etc.
Choose this method of installation only if you want to setup SafeSquid on already existing infrastructure or if you want to use other Operating System in Linux family other than Ubuntu. It requires some additional configurations like Monit and bind services used by SafeSquid.

Prerequisites

You must install required dependencies and other supporting services required for some modules of SafeSquid to work smoothly.
You can check and install required dependencies below.
Monit and Bind are other supporting services required by SafeSquid to work smoothly
Check - Configure Monit for SafeSquid Monitoring
Check - Bind Configuration with SafeSquid

Download latest version in Linux server

Go to the linux server and change the directory to “/usr/local/src” by using below command
  1.                                         cd /usr/local/src
Use "wget" command to download the latest SafeSquid package on the Linux machine on which you want to install the Safesquid. The command will download the tarball file.
  1.                             wget http://downloads.safesquid.net/appliance/binary/safesquid_latest.tar.gz

Extract the tarball

Extract the files from tar by using below command.
  1.                            tar -zxvf safesquid_latest.tar.gz
The output of the above command is shown below.

extracting the latest version's tar-ball
All the files will be extracted in the directory having name "_mkappliance".
You have to execute/run the setup.sh script to install SafeSquid.
  1.                        _mkappliance/installation/setup.sh
Output after script execution is shown below.
Installation completes if you did not get any error.

Dependency Check 

You can check if any of the dependencies missing for SafeSquid by using the "ldd" command as shown below.
  1.                                                     ldd /opt/safesquid/bin/safesquid
Output for the above command is shown below.
  1. root@safesquid:/opt/safesquid/bin# ldd /opt/safesquid/bin/safesquid
  2.        linux-vdso.so.1 =>  (0x00007ffebebdb000)
  3.        libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (0x00007ff03107e000)
  4.        libpam.so.0 => /lib/x86_64-linux-gnu/libpam.so.0 (0x00007ff030e70000)
  5.        liblber-2.4.so.2 => /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2 (0x00007ff030c61000)
  6.        libgssapi.so.3 => /usr/lib/x86_64-linux-gnu/libgssapi.so.3 (0x00007ff030a23000)
  7.        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ff03081f000)
  8.        libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007ff030604000)
  9.        libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007ff030300000)
  10.        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007ff02fffa000)
  11.        libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007ff02fde4000)
  12.        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007ff02fbc6000)
  13.        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ff02f7fd000)
  14.        libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007ff02f5e2000)
If any dependency is missing, then you might get error as shown below.
  1. root@safesquid:/opt/safesquid/bin# ldd /opt/safesquid/bin/safesquid
  2.        linux-vdso.so.1 =>  (0x00007ffebebdb000)
  3.        libldap_r-2.4.so.2 => /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2 (0x00007ff03107e000)
  4.        libpam.so.0 => /lib/x86_64-linux-gnu/libpam.so.0 (0x00007ff030e70000)
  5.        liblber-2.4.so.2 => /usr/lib/x86_64-linux-gnu/liblber-2.4.so.2 (0x00007ff030c61000)
  6.        libgssapi.so.3 => /usr/lib/x86_64-linux-gnu/libgssapi.so.3 (0x00007ff030a23000)
  7.        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007ff03081f000)
  8.        libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007ff030604000)
  9.        libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007ff030300000)
  10.        libgmp.so.3==> not found
  11.        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007ff02fffa000)
  12.        libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007ff02fde4000)
  13.        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007ff02fbc6000)
  14.        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007ff02f7fd000)
  15.        libsasl2.so.2 => /usr/lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007ff02f5e2000)
If you notice that any of the dependencies are not present then, you should install that dependenies to make SafeSquid work.

Start the SafeSquid

Further you need to Start the SafeSquid service by using below command
  1.                           /etc/init.d/safesquid start

Testing

You can check whether SafeSquid service is running or not by using these commands.
  1.                           pidof safesquid   OR         netstat -tulnp | grep "safesquid"
testing whether the Safesquid service is running or not
By default, SafeSquid will listen on PORT 8080. If you observe SafeSquid is listening on any one of the ports shown in the image, then it confirms that SafeSquid has started.

Note: This installation does not include the Monit and Bind configurations.

    • Related Articles

    • How To Setup Your Secure Web Gateway With SafeSquid Appliance Builder

      Overview We can use SafeSquid Appliance Builder (SAB) to setup your secure web gateway. SAB enables you to transform a standard Intel hardware architecture for servers, into a hardware web security appliance, or setup a virtual appliance on any ...
    • Install SafeSquid Secure Web Gateway using SafeSquid Appliance Builder

      Problem To set up your Secure Web Gateway appliance, you need to first install the Linux operating system on your provisioned hardware. Next, harden the system by implementing best security practices and partition the disks appropriately. Afterward, ...
    • Setup HTTPS Inspection

      Overview Over the couple of years, the internet is changing its dimensions in terms of security. The web is shifting towards HTTPS, to deliver secure services to users. “The main motivation for HTTPS is authentication of the visited website and ...
    • Setup Authentication

      Authentication in SafeSquid Proxy Authentication: Proxies can serve as access-control devices. HTTP defines a mechanism called proxy authentication that blocks requests for content until the user provides valid access-permission credentials to the ...
    • Setup Monit for SafeSquid Monitoring

      Installation and configuration of Monit Service Monit will automatically get installed when you install SafeSquid Appliance Builder (SAB) to setup your secure web gateway. You can check status of monit service using command: /etc/init.d/monit status ...