Linux Hack of the Week #14: Configuring Squid on Linux

As most websites move to SSL, packet analysis is becoming increasingly more tricky. However, setting up a proxy server is one way to create a central point for protection and monitoring. Typically, setup involves blocking all outbound network traffic that does not go through the proxy. The proxy server stores logs of all URLs accessed, and you can extend the functionality with content filtering black lists. In today’s example, I am leveraging Fedora 28 and Squid.

Installation

To get started, simply run: yum install squid

Next, start the squid service with: service squid start

Configure the Browser

If you have configured the perimeter firewall to no longer allow outbound internet only from your proxy, then the next step will be to configure the proxy server setting in your browser. You can find this in most browsers by navigating to Settings → Network Connections. I am setting this example up on my local box, so that is why I used localhost as the proxy server. In most cases, you would want to use the IP address of your proxy server:

Logs

If you run this on your network and limit all inbound/outbound traffic, then you have an amazing tool for analyzing web behavior. Looking at /var/log/squid/access.log will show you all of the web traffic for each client:

Improving Security

You can extend the use of Squid by installing blacklists from sites such as Shalla’s List and the tool SquidGuard.

Conclusion

By adding a proxy server, you are adding a significant amount of situational awareness, after incident visibility, and protection. Squid is one of the many options, but it has been around for years and supports many OS’s and other systems. As always, feel free to let me know if you have any questions via email: support@automox.com.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Get Instant Updates on Vulnerabilities

Subscribe to receive Automox vulnerability alerts

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.

Take 15 days to raise your security confidence!
Start a Free Trial