RE: [squid-users] Help! Can squid authentication log user activit ies?

Hi,
I think that SARG may do the trick for you:
http://web.onda.com.br/orso/index.html
It doesn't authenticate users, it just analyzes Squid logs.
This page also has some sample reports, so you can see if it meets your
needs.

Regards,

Bruno Guerreiro.

-----Original Message-----
From: Fred Kamwaza [mailto:fred@sdnp.org.mw]
Sent: sábado, 26 de Maio de 2001 12:47
To: hno@hem.passagen.se
Cc: squid-users@squid-cache.org
Subject: [squid-users] Help! Can squid authentication log user
activities?

Dear Henrik,

Thanks very much indeed for your invaluable assistance. I very much
appreciate your guidance. I have taken note of all tips.

I am, however, in a difficult situation. I operate a LAN with a very large
number of users but our bandwidth is small. The user share machines. What
I would really like to do is allow access only to those registered. When
they login, the system should then take logs of who ever is logging on to
the system, going on to the Internet. I would like to capture the following
information, 'Username', 'IP of machine logged from', 'Time logged
in', 'Time logged out' and if possible amount of data transfered in bytes.

I was of the opinion that the squid authentication would help me do that.
If this is not possible using squid, would you know of anyway I can do this?

I am running my system with RedHat 6.2 as a server, on a LAN, with Windows
98 machines as clients.

> pam_auth is not really intended for setups requiring authentication to
> /etc/shadow, but where you do have a PAM module for connecting to the
> user directory in question, but no Squid auth module. /etc/shadow is
> one such case, but not a very interesting one from a functionality
> perspective.
>
> As the author of Squid pam_auth I can only agree that there are
> concerns about running pam_auth setuserid root for authentication to
> /etc/shadow. The brute-force attack issue is a real one, and there
> always is the risk of buffer overflows in SUID applications even if the
> pam_auth code is beleived to be reasonably secure in this respec (but
> there may well be aspects I have overlooked).
>
> --
> Henrik Nordstrom
> Squid Hacker
>
> Lim Seng Chor wrote:
>
>> i personally feel pam_auth is a dangerous program to run if you are
>> running a multi-user system. unless you are running a dedicated- cache
>> system, or else pam_auth might get yourself into trouble.
>> this may allow users to do brute-force attack on password
>> guessing or password sniffing on the port pam_auth listenning. and
>> unknown setuid buffer overflow for pam_auth if exists. do this at your
>> own risk. good luck!!

--
Fred Kamwaza
University of Malawi
The Polytechnic
P/B 303, Chichiri, Blantyre 3
-------------------------------------
Tel: (265) 670 411 (o); (265) 842 891 (m)
Fax: (265) 670 578
email: fred@sdnp.org.mw
URL: http://poly.sdnp.org.mw