RE: [squid-users] Help! Can squid authentication log user activit

I just want to say thank you very much for the information. I have been to
the site and I have downloaded 'Sarg'. I will be testing it right away.

> Hi,
> I think that SARG may do the trick for you:
> http://web.onda.com.br/orso/index.html
> It doesn't authenticate users, it just analyzes Squid logs.
> This page also has some sample reports, so you can see if it meets your
> needs.
>
> Regards,
>
> Bruno Guerreiro.
>
> -----Original Message-----
> From: Fred Kamwaza [mailto:fred@sdnp.org.mw]
> Sent: sábado, 26 de Maio de 2001 12:47
> To: hno@hem.passagen.se
> Cc: squid-users@squid-cache.org
> Subject: [squid-users] Help! Can squid authentication log user
> activities?
>
>
> Dear Henrik,
>
> Thanks very much indeed for your invaluable assistance. I very much
> appreciate your guidance. I have taken note of all tips.
>
> I am, however, in a difficult situation. I operate a LAN with a very
> large number of users but our bandwidth is small. The user share
> machines. What I would really like to do is allow access only to
> those registered. When they login, the system should then take logs
> of who ever is logging on to the system, going on to the Internet. I
> would like to capture the following information, 'Username', 'IP of
> machine logged from', 'Time logged in', 'Time logged out' and if
> possible amount of data transfered in bytes.
>
> I was of the opinion that the squid authentication would help me do
> that. If this is not possible using squid, would you know of anyway I
> can do this?
>
> I am running my system with RedHat 6.2 as a server, on a LAN, with
> Windows 98 machines as clients.
>
>> pam_auth is not really intended for setups requiring authentication to
>> /etc/shadow, but where you do have a PAM module for connecting to the
>> user directory in question, but no Squid auth module. /etc/shadow is
>> one such case, but not a very interesting one from a functionality
>> perspective.
>>
>> As the author of Squid pam_auth I can only agree that there are
>> concerns about running pam_auth setuserid root for authentication to
>> /etc/shadow. The brute-force attack issue is a real one, and there
>> always is the risk of buffer overflows in SUID applications even if
>> the pam_auth code is beleived to be reasonably secure in this respec
>> (but there may well be aspects I have overlooked).
>>
>> --
>> Henrik Nordstrom
>> Squid Hacker
>>
>> Lim Seng Chor wrote:
>>
>>> i personally feel pam_auth is a dangerous program to run if you are
>>> running a multi-user system. unless you are running a dedicated-
>>> cache system, or else pam_auth might get yourself into trouble.
>>> this may allow users to do brute-force attack on password
>>> guessing or password sniffing on the port pam_auth listenning. and
>>> unknown setuid buffer overflow for pam_auth if exists. do this at
>>> your own risk. good luck!!
>

-- 
Fred Kamwaza
University of Malawi
The Polytechnic
P/B 303, Chichiri, Blantyre 3
-------------------------------------
Tel: (265) 670 411 (o); (265) 842 891 (m)
Fax: (265) 670 578
email: fred@sdnp.org.mw
URL: http://poly.sdnp.org.mw