a. 說明:
PeerGuardian 是一套用來輔助防火牆的程式,裝在動物機上可以用來阻擋惡意 IP 的連線請求,透過黑名單機制也可以用來阻擋某些單位對於 P2P 程式的監控。
※一年多前的筆記,忘記參考資料來自哪個網站了....QQ
b.實作環境 :
OS : Ubuntu 7.04
CPU : Intel Celeron CPU 2.40GHz
RAM : 3G
c.載點 :
http://sourceforge.net/project/showfiles.php?group_id=131687&package_id=148849
d.安裝:
$ sudo dpkg -i peerguardnf-1.5beta.i386.deb
e.建立設定檔目錄 :
$ sudo mkdir /etc/peerguardian
f.建立啟動 Script :
$sudo touch /usr/local/bin/peerguardian.sh
$sudo chmod 750 /usr/local/bin/peerguardian.sh
g.peerguardian.sh 內容
=======================================
# version for bluetack.co.uk lists!
#!/bin/sh
# Update new blocklists and start/stop/restart PeerGuardian
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# testdescription
#
#CONFIGURATION
# Make sure PG_ETC points to the directory where
# you want to put your downloaded blocklists.
PG_ETC=/etc/peerguardian/
# Remove the lists you don't want to download and
# use from BLOCKLISTS.
BLOCKLISTS="level1"
PG_CONF=/etc/PG.conf
PG_LOG=/var/log/PG.log
PG_LIST=/etc/p2p.p2b.p2p
#The URL where the blocklists reside
URL=http://www.bluetack.co.uk/config
#The format of the lists to download
SUFFIX=gz
#The format after unpacking
SUFFIX2=txt
endscript () {
date +"------------ "%F" "%X" "%Z" End PeerGuardian Script"
exit $1
}
date +"------------ "%F" "%X" "%Z" Begin PeerGuardian $1"
case "$1" in
'start')
cd "$PG_ETC"
# check if blockfiles were updated:
UPDATED=""
for i in $BLOCKLISTS ; do
TIMESTAMP=0
if [ -e $i.$SUFFIX ] ; then
TIMESTAMP=`stat --format=%y $i.$SUFFIX`
echo "File $i.$SUFFIX last updated $TIMESTAMP"
TIMESTAMP=`stat --format=%Y $i.$SUFFIX`
fi
wget -N $URL/$i.$SUFFIX
if [ `stat --format=%Y $i.$SUFFIX` -gt $TIMESTAMP ] ; then
UPDATED=$i
fi
done
# if none of the blockfiles were updated:
if [ -z $UPDATED ] ; then
echo "No blocklists needed updating."
echo "Starting PeerGuardian"
mv $PG_LOG $PG_LOG.backup
peerguardnf -h -m -d -c "$PG_CONF" -l "$PG_LOG"
endscript 0
fi
# if any blockfiles were updated:
for i in $BLOCKLISTS ; do
gunzip -c $i.$SUFFIX > $i.$SUFFIX2
BLOCKLISTSCAT="$BLOCKLISTSCAT $i.$SUFFIX2"
done
cat $BLOCKLISTSCAT | peerguardnf -f merged.p2b.p2p
for i in $BLOCKLISTS ; do
rm $i.$SUFFIX2
done
# uncomment below to unblock Yahoo! Mail and whatever
# else needs unblocking here. Do this also in the
# restart section.
grep -v -i "yahoo\!" merged.p2b.p2p | grep -v -i "Microsoft" | grep -v "Google" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
mv $PG_LOG $PG_LOG.backup
echo "Starting PeerGuardian"
peerguardnf -h -m -d -c "$PG_CONF" -l "$PG_LOG"
endscript 0
;;
'stop')
echo "Stopping PeerGuardian"
killall peerguardnf > /dev/null 2>&1
endscript 0
;;
'restart')
cd "$PG_ETC"
# check if blockfiles were updated:
UPDATED=""
for i in $BLOCKLISTS ; do
TIMESTAMP=0
if [ -e $i.$SUFFIX ] ; then
TIMESTAMP=`stat --format=%y $i.$SUFFIX`
echo "File $i.$SUFFIX last updated $TIMESTAMP"
TIMESTAMP=`stat --format=%Y $i.$SUFFIX`
fi
wget -N $URL/$i.$SUFFIX
if [ `stat --format=%Y $i.$SUFFIX` -gt $TIMESTAMP ] ; then
UPDATED=$i
fi
done
# if none of the blockfiles were updated:
if [ -z $UPDATED ] ; then
echo "No blocklists needed updating."
echo "Stopping PeerGuardian"
killall peerguardnf > /dev/null 2>&1
mv $PG_LOG $PG_LOG.backup
sleep 4
echo "Starting PeerGuardian"
peerguardnf -h -m -d -c "$PG_CONF" -l "$PG_LOG"
endscript 0
fi
# if any blockfiles were updated:
for i in $BLOCKLISTS ; do
gunzip -c $i.$SUFFIX > $i.$SUFFIX2
BLOCKLISTSCAT="$BLOCKLISTSCAT $i.$SUFFIX2"
done
cat $BLOCKLISTSCAT | peerguardnf -f merged.p2b.p2p
for i in $BLOCKLISTS ; do
rm $i.$SUFFIX2
done
# uncomment below to unblock Yahoo! Mail and whatever
# else needs unblocking here. Do this also in the
# restart section.
grep -v -i "yahoo\!" merged.p2b.p2p | grep -v -i "Microsoft" | grep -v "Google" > merged.p2b.p2p.tmp
mv merged.p2b.p2p.tmp merged.p2b.p2p
echo "Stopping PeerGuardian"
killall peerguardnf > /dev/null 2>&1
mv $PG_LIST $PG_LIST.backup
mv merged.p2b.p2p $PG_LIST
mv $PG_LOG $PG_LOG.backup
sleep 4
echo "Starting PeerGuardian"
peerguardnf -h -m -d -c "$PG_CONF" -l "$PG_LOG"
endscript 0
;;
*)
echo "Usage: $0 { start | stop | restart }"
;;
esac
exit 0
========================
h.啟動 : $ sudo peerguardian.sh start
重新啟動 : $ sudo peerguardian.sh restart
停止 : $ sudo peerguardian.sh stop
i . 服務啟動層級設定
當系統進入Runlevel 2、3、4、5 啟動 peerguardian
$ ln -s /usr/local/bin/peerguardian.sh /etc/init.d/peerguardian.sh
$ ln -s /etc/init.d/peerguardian.sh /etc/rc0.d/K20peerguardian.sh
$ ln -s /etc/init.d/peerguardian.sh /etc/rc2.d/S95peerguardian.sh
$ ln -s /etc/init.d/peerguardian.sh /etc/rc3.d/S95peerguardian.sh
$ ln -s /etc/init.d/peerguardian.sh /etc/rc4.d/S95peerguardian.sh
$ ln -s /etc/init.d/peerguardian.sh /etc/rc5.d/S95peerguardian.sh
$ ln -s /etc/init.d/peerguardian.sh /etc/rc6.d/K20peerguardian.sh
===================================
j.建立自動更新機制
$ touch /etc/cron.daily/pg.sh
$ sudo chmod 750 /etc/cron.daily/pg.sh
k. pg.sh 的內容如下:
==========================
#!/bin/sh
/usr/local/bin/peerguardian.sh restart
================================
l.PeerGuardian的Log 檔位置在 : /var/log/PG.log
