Step by Step Clear Squid Cache SELinux Enable Linux Fedora

 

Step by Step Clear Squid Cache on SELinux Enable Linux Fedora System.

 

  How to clear squid cache on SELinux enable Linux Fedora?... The article below show the step by step to clear squid proxy cache on Linux Fedora system with SELinux enable.  Bare in mind that this step by step to clear squid cache start from the check location of squid cache directory... and end with the remove squid cache directory... understand the command and skip the step where you think you not need to execute them twice.

 

Step by Step Clear Squid Cache:

 

1.  Check location of Squid cache directory.(# cat /etc/squid/squid.conf | grep ^cache_dir) not need to execute this command if you know the location of squid cache directory.

2.  Check squid SELinux context policy.(# ls -Z /var/spool/ | grep squid) not need to execute this command if you know SELinux contex policy for squid.

3.  Stop squid cache proxy server.(# service squid stop).

4.  Clear squid cache file and create new squid cache directory.(# mv /var/spool/squid/ /var/spool/squid.old), (# mkdir -m 750 /var/spool/squid), (# chown squid:squid /var/spool/squid) .

5.  Restore SELinux for squid directory.(# restorecon '/var/spool/squid').

6.  Rebuild and Create Squid Cache directory.(# squid -z).

7.  Start squid with new cache.(# service squid start).

8.  Remove squid cache directory (the old one :-).(# rm -rf /var/spool/squid.old/).

 

Check location of Squid cache directory.

 

1. Check squid proxy cache directory location.  The command example below show step by step to check location of squid cache directory location on Linux Fedora system.

Check squid cache location on Linux Fedora system.

[root@fedora10 ~]# cat /etc/squid/squid.conf | grep ^cache_dir

cache_dir ufs /var/spool/squid 4000 16 256

[root@fedora10 ~]#

 

or if you get no output from command above try this command to check squid default cache directory.

[root@fedora10 ~]# cat /etc/squid/squid.conf | grep ^'# cache_dir'

# cache_dir ufs /var/spool/squid 100 16 256

[root@fedora10 ~]#

 

2. Use ls command to look and see the contents of the squid directory, make sure that the contents look little bit like figure below :-)

Squid cache directory contents.

[root@fedora10 ~]# ls /var/spool/squid

00  02  04  06  08  0A  0C  0E  swap.state

01  03  05  07  09  0B  0D  0F

[root@fedora10 ~]#

 

3. Check squid directory permission and directory ownership. 

Check squid directory permission and directory ownership

[root@fedora10 ~]# ls -al /var/spool/ | grep squid

drwxr-x--- 18 squid  squid  4096 2009-06-08 09:47 squid

[root@fedora10 ~]#

 

Check squid SELinux context policy.

 

Check SELinux security context policy on Linux Fedora system, squid cache directory and all cache contents inside the squid cache directory.

 

4. Check SELinux status on Linux Fedora system by execute the sestatus command to view SELinux status

Check SELinux status using sestatus command

[root@fedora10 ~]# sestatus

SELinux status:                 enabled

SELinuxfs mount:                /selinux

Current mode:                   enforcing

Mode from config file:          enforcing

Policy version:                 23

Policy from config file:        targeted

[root@fedora10 ~]#

 

5. Check Squid cache directory SELinux context policy.

squid selinux policy

[root@fedora10 ~]# ls -Z /var/spool/ | grep squid

drwxr-x---  squid  squid  system_u:object_r:squid_cache_t:s0 squid

[root@fedora10 ~]#

 

Stop squid cache proxy server.

 

Before we can clear squid cache, we need to stop squid proxy server first.  The command example below show step by step to check squid status, stop squid server and then recheck squid sever status. 

 

6. Check squid proxy status.

Check squid proxy status.

[root@fedora ~]# service squid status

squid (pid  7593) is running...

[root@fedora ~]#

 

7. Stop squid proxy server.

Stop squid proxy server.

[root@fedora ~]# service squid stop

Stopping squid: ................                           [  OK  ]

[root@fedora ~]#

 

8. Check and verify that squid proxy is stop.

Stop squid proxy and verify that squid proxy is stop.

[root@fedora ~]# service squid status

squid is stopped

[root@fedora ~]#

 

Clear squid cache file and create new squid cache directory.

 

  Now it time to clear squid cache file.  In order to start squid using new and clean squid cache file and minimize squid proxy server downtime, rename the squid cache directory to squid.old as show on example below. Then we create new squid cache directory, then start squid proxy server... this procedure may take a second rather then you remove/delete the 10 G squid cache files that may take 3 to 5 minutes depending on your system hardware then start your squid proxy server.  But before you follow procedure below, make sure that you stop squid service first...

 

9. Rename squid cache directory from /var/spol/squid to /var/spool/squid.old.

Rename directory for Squid Proxy cache directory

[root@fedora10 ~]# mv /var/spool/squid/ /var/spool/squid.old

[root@fedora10 ~]#

 

Check and verify that the squid directory rename to squid.old.

[root@fedora10 ~]# ls -Z /var/spool/ |grep squid

drwxr-x---  squid  squid  system_u:object_r:squid_cache_t:s0 squid.old

[root@fedora10 ~]#

 

10. Create new and squid cache directory in /var/spool/ directory that going to replace the renamed directory.  The -m option in the make directory command is to change the default directory permission from 755 (drwxr-xr-x) to new 750 (drwxr-x---) directory permisioon

mkdir for squid cache

[root@fedora10 ~]# mkdir -m 750 /var/spool/squid

[root@fedora10 ~]#

 

Check and verify the new squid directory created.

[root@fedora10 ~]# ls -Z /var/spool/ |grep squid

drwxr-x---  root   root   unconfined_u:object_r:var_spool_t:s0 squid

drwxr-x---  squid  squid  system_u:object_r:var_spool_t:s0 squid.old

[root@fedora10 ~]#

 

11. To make sure that the squid proxy have access to newly created directory, we must change squid cache directory ownership to squid user and squid group user.

change ownership chown squid

[root@fedora ~]# chown squid:squid /var/spool/squid

 

Check and verify the squid directory owner and gruop owner change to squid.

[root@fedora10 ~]# ls -Z /var/spool/ |grep squid

drwxr-x---  squid  squid  unconfined_u:object_r:var_spool_t:s0 squid

drwxr-x---  squid  squid  system_u:object_r:squid_cache_t:s0 squid.old

[root@fedora10 ~]#

 

Restore SELinux for squid directory.

 

12. Restore SELinux security context for squid cache directory.  The command below change unconfined_u:object_r:var_spool_t:s0 to system_u:object_r:squid_cache_t:s0.

restorecon squid directory cache

[root@fedora10 ~]# restorecon '/var/spool/squid'

[root@fedora10 ~]#

 

Verify squid cache directory SELinux context policy and directory ownership.

[root@fedora10 ~]# ls -Z /var/spool/ |grep squid

drwxr-x---  squid  squid  system_u:object_r:squid_cache_t:s0 squid

drwxr-x---  squid  squid  system_u:object_r:squid_cache_t:s0 squid.old

[root@fedora10 ~]#

 

Rebuild and Create Squid Cache directory.

 

13. Execute squid -z command to create squid cache swap directory.

Create squid cache directory

[root@fedora10 ~]# squid -z

2009/06/13 22:41:46| Creating Swap Directories

2009/06/13 22:41:46| /var/spool/squid exists

2009/06/13 22:41:46| Making directories in /var/spool/squid/00

2009/06/13 22:41:47| Making directories in /var/spool/squid/01

2009/06/13 22:41:47| Making directories in /var/spool/squid/02

2009/06/13 22:41:47| Making directories in /var/spool/squid/03

2009/06/13 22:41:47| Making directories in /var/spool/squid/04

2009/06/13 22:41:47| Making directories in /var/spool/squid/05

2009/06/13 22:41:47| Making directories in /var/spool/squid/06

2009/06/13 22:41:47| Making directories in /var/spool/squid/07

2009/06/13 22:41:47| Making directories in /var/spool/squid/08

2009/06/13 22:41:47| Making directories in /var/spool/squid/09

2009/06/13 22:41:47| Making directories in /var/spool/squid/0A

2009/06/13 22:41:47| Making directories in /var/spool/squid/0B

2009/06/13 22:41:47| Making directories in /var/spool/squid/0C

2009/06/13 22:41:48| Making directories in /var/spool/squid/0D

2009/06/13 22:41:48| Making directories in /var/spool/squid/0E

2009/06/13 22:41:48| Making directories in /var/spool/squid/0F

[root@fedora10 ~]#

 

Start squid with new cache.

 

14. Use command below to start squid proxy server, then check squid proxy sever status... make sure you squid proxy server is running smoothly .

Start squid with new clean cache, verify squid proxy server up and running.

[root@fedora ~]# service squid start

Starting squid: .                                          [  OK  ]

[root@fedora ~]#

[root@fedora ~]# service squid status

squid (pid  9202) is running...

[root@fedora ~]#

 

Remove squid cache directory.

 

  Remember that in order to minimize squid proxy downtime, we just rename the squid cache directory from /var/spool/squid to /var/spool/squid.old.  Its time to clean the mess.... but first, make sure that your squid proxy server up and running smoothly without any problem... and then... follow the command example below to completely remove old squid cache directory from the system and free some disk space :-)

 

15. Remove old squid cache directory that locate in the /var/spool/squid.old directory.

Remove squid cache directory

[root@fedora10 ~]# rm -rf /var/spool/squid.old/

[root@fedora10 ~]#

 

Keywords: remove squid cache, clear squid cache, rebuild squid cache, start squid new cache, create squid cache, squid selinux, squid cache directory, selinux enable squid  

 

Tags:
aaaaaaaaaaa