Bug#892788: e2guardian: Please enable MITM Filtering HTTPS
Roger Lynn
roger at rilynn.me.uk
Mon Mar 12 20:42:41 UTC 2018
Package: e2guardian
Version: 3.4.0.3-2
Severity: wishlist
Hi,
Please configure and compile e2guardian with the --enable-sslmitm=yes flag set.
Without this a content filter is not very useful on the modern internet.
Thanks,
Roger
-- System Information:
Debian Release: 9.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages e2guardian depends on:
ii adduser 3.115
ii clamav 0.99.4+dfsg-1+deb9u1
ii libc6 2.24-11+deb9u3
ii libgcc1 1:6.3.0-18+deb9u1
ii libpcre3 2:8.39-3
ii libstdc++6 6.3.0-18+deb9u1
ii perl 5.24.1-3+deb9u2
ii zlib1g 1:1.2.8.dfsg-5
e2guardian recommends no packages.
Versions of packages e2guardian suggests:
ii clamav-freshclam 0.99.4+dfsg-1+deb9u1
ii squid 3.5.23-5+deb9u1
-- Configuration Files:
/etc/e2guardian/e2guardian.conf changed:
languagedir = '/usr/share/e2guardian/languages'
language = 'ukenglish'
loglevel = 2
logexceptionhits = 2
logfileformat = 1
dstatlocation = '/var/log/e2guardian/dstats.log'
filterip = 192.168.0.2
filterports = 8080
proxyip = 127.0.0.1
proxyport = 3128
proxytimeout = 20
proxyexchange = 20
pcontimeout = 55
usecustombannedimage = on
custombannedimagefile = '/usr/share/e2guardian/transparent1x1.gif'
usecustombannedflash = on
custombannedflashfile = '/usr/share/e2guardian/blockedflash.swf'
filtergroups = 1
filtergroupslist = '/etc/e2guardian/lists/filtergroupslist'
bannediplist = '/etc/e2guardian/lists/bannediplist'
exceptioniplist = '/etc/e2guardian/lists/exceptioniplist'
showweightedfound = on
urlcachenumber = 1000
urlcacheage = 900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = off
forcequicksearch = off
reverseaddresslookups = on
reverseclientiplookups = on
logclienthostnames = on
prefercachedlists = off
maxcontentfiltersize = 1024
maxcontentramcachescansize = 16384
maxcontentfilecachescansize = 65536
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 10
downloadmanager = '/etc/e2guardian/downloadmanagers/fancy.conf'
downloadmanager = '/etc/e2guardian/downloadmanagers/default.conf'
contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'
contentscannertimeout = 60
contentscanexceptions = off
recheckreplacedurls = off
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
logsslerrors = off
logchildprocesshandling = off
maxchildren = 180
minchildren = 20
minsparechildren = 16
preforkchildren = 10
maxsparechildren = 32
maxagechildren = 500
maxips = 0
ipcfilename = '/tmp/.e2guardianipc'
urlipcfilename = '/tmp/.e2guardianurlipc'
ipipcfilename = '/tmp/.e2guardianipipc'
nodaemon = off
nologger = off
logadblocks = off
loguseragent = off
softrestart = off
mailer = '/usr/sbin/sendmail -t'
cacertificatepath = '/etc/e2guardian/ssl/my_rootCA.crt'
caprivatekeypath = '/etc/e2guardian/ssl/private_root.pem'
certprivatekeypath = '/etc/e2guardian/ssl/private_cert.pem'
generatedcertpath = '/var/log/e2guardian/generatedcerts/'
/etc/e2guardian/e2guardianf1.conf changed:
groupmode = 1
groupname = ''
bannedphraselist = '/etc/e2guardian/lists/bannedphraselist'
weightedphraselist = '/etc/e2guardian/lists/weightedphraselist'
exceptionphraselist = '/etc/e2guardian/lists/exceptionphraselist'
bannedsitelist = '/etc/e2guardian/lists/bannedsitelist'
greysitelist = '/etc/e2guardian/lists/greysitelist'
bannedsslsitelist = '/etc/e2guardian/lists/bannedsslsitelist'
greysslsitelist = '/etc/e2guardian/lists/greysslsitelist'
exceptionsitelist = '/etc/e2guardian/lists/exceptionsitelist'
bannedurllist = '/etc/e2guardian/lists/bannedurllist'
greyurllist = '/etc/e2guardian/lists/greyurllist'
exceptionurllist = '/etc/e2guardian/lists/exceptionurllist'
exceptionregexpurllist = '/etc/e2guardian/lists/exceptionregexpurllist'
bannedregexpurllist = '/etc/e2guardian/lists/bannedregexpurllist'
picsfile = '/etc/e2guardian/lists/pics'
contentregexplist = '/etc/e2guardian/lists/contentregexplist'
urlregexplist = '/etc/e2guardian/lists/urlregexplist'
refererexceptionsitelist = '/etc/e2guardian/lists/refererexceptionsitelist'
refererexceptionurllist = '/etc/e2guardian/lists/refererexceptionurllist'
embededreferersitelist = '/etc/e2guardian/lists/embededreferersitelist'
embededrefererurllist = '/etc/e2guardian/lists/embededrefererurllist'
urlredirectregexplist = '/etc/e2guardian/lists/urlredirectregexplist'
!! Not compiled !! authexceptionsitelist = '/etc/e2guardian/lists/authexceptionsitelist'
!! Not compiled !! authexceptionurllist = '/etc/e2guardian/lists/authexceptionurllist'
blockdownloads = off
exceptionextensionlist = '/etc/e2guardian/lists/exceptionextensionlist'
exceptionmimetypelist = '/etc/e2guardian/lists/exceptionmimetypelist'
bannedextensionlist = '/etc/e2guardian/lists/bannedextensionlist'
bannedmimetypelist = '/etc/e2guardian/lists/bannedmimetypelist'
exceptionfilesitelist = '/etc/e2guardian/lists/exceptionfilesitelist'
exceptionfileurllist = '/etc/e2guardian/lists/exceptionfileurllist'
maxuploadsize = -1
headerregexplist = '/etc/e2guardian/lists/headerregexplist'
bannedregexpheaderlist = '/etc/e2guardian/lists/bannedregexpheaderlist'
addheaderregexplist = '/etc/e2guardian/lists/addheaderregexplist'
naughtynesslimit = 50
categorydisplaythreshold = 0
embeddedurlweight = 0
enablepics = off
bypass = 0
bypasskey = ''
infectionbypass = 0
infectionbypasskey = ''
infectionbypasserrorsonly = on
disablecontentscan = off
deepurlanalysis = off
reportinglevel = 3
usesmtp = off
mailfrom = ''
avadmin = ''
contentadmin = ''
avsubject = 'e2guardian virus block'
contentsubject = 'e2guardian violation'
notifyav = off
notifycontent = off
thresholdbyuser = off
violations = 0
threshold = 0
sslsiteregexplist = '/etc/e2guardian/lists/sslsiteregexplist'
sslcertcheck = off
sslmitm = on
onlymitmsslgrey = off
mitmcheckcert = on
nocheckcertsitelist = '/etc/e2guardian/lists/nocheckcertsitelist'
-- no debconf information
More information about the Debian-edu-pkg-team
mailing list