Looking at using squid for our use with nessus. Pull together a puppetized config to make this useful for this specific purpose.
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | Dwisehaupt | T243110 OKR 2019-2020 Q3: Increase visibility and awareness of Fundraising system health and wellness | |||
| Resolved | Dwisehaupt | T243639 Research and test software to apply system configuration compliance checks. | |||
| Resolved | Dwisehaupt | T244784 Puppetize squid for proxy use |
Event Timeline
Comment Actions
This has been worked over in the VM setup and I'm happy with where it is at now. @Jgreen has spent some time reviewing with me and I will be pulling it into our repos later today.
Current config path has everything defined per site, including acls for SRC, DST, and METHOD so there should be no cross pollination. Defaults are to deny and if access is granted with no explicit method it will be GET only.
Comment Actions
base config pushed (despite my misspelling in the commit message :)
[frack::puppet] 52c014e9 Adding squiq as a package and base config
Comment Actions
firewall updates staged in commits b41307eb79bd3434e30eacb66c65c1afcd5f4f8e and 8a4307bce9600b88820037bb4b8dd6706d510ebf (branch: firewall_squid)
Comment Actions
Pushed out the changes for iptables and pfw templating together. iptables restarts to follow. pfw update will be rolled out when we roll the config for new machines that were just delivered.
[frack::puppet::private] 766c4a1 Add squid rules for pfw
Comment Actions
Verified that hosts are starting to pull in freshclam updates through squid after pfw update in T246036