essandess / macos-fortress Goto Github PK

Firewall and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers with Anti-Virus On-Demand and On-Access Scanning (PF, squid, privoxy, hphosts, dshield, emergingthreats, hostsfile, PAC file, clamav)

License: MIT License

Shell 97.17% JavaScript 2.83%

proxy tracker firewall privacy-enhancing-technologies packet-filtering proxy-server macos squid privoxy privacy-tools

macos-fortress's Introduction

macOS-Fortress

macOS-Fortress: Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers; with On-Demand and On-Access Anti-Virus Scanning

Kernel-level, OS-level, and client-level security for macOS. Built to address a steady stream of attacks visible on snort and server logs, as well as blocks ads, malicious scripts, and conceal information used to track you around the web. After this package was installed, snort and other detections have fallen to a fraction with a few simple blocking actions. This setup is a lot more capable and effective than using a simple adblocking browser add-on. There's a world of difference between ad-filled web pages with and without a filtering proxy server. It's also saved me from inadvertantly clicking on phishing links.

Proxy features

macOS adaptive firewall
Adaptive firewall to brute force attacks
IP blocks updated about twice a day from emergingthreats.net (IP blocks, compromised hosts, Malvertisers) and dshield.org’s top-20
Host blocks updated about twice a day from hphosts.net
HTTPS Inspection using Privoxy
EasyList Tracker and Adblock Rules for Privoxy with adblock2privoxy
Incorporates multiple blocking rulesets into both Privoxy and PAC formats, including easyprivacy.txt, easylist.txt, fanboy-annoyance.txt, fanboy-social.txt, antiadblockfilters.txt, malwaredomains_full.txt, and the anti-spamware list adblock-list.txt.

Anti-Virus features

Configures clamAV for macOS with regular on-demand scans and on-access scanning of user Downloads and Desktop directories.
See the MacPorts port clamav-server for details, port notes clamav-server.

Installation

sudo port install macos-fortress
port notes macos-fortress
sudo port load macos-fortress

After initial installation, it is necessary to kickstart these launch daemons, which run on a schedule, and do not run at load time:

sudo launchctl kickstart -k system/org.macports.macos-fortress-dshield
sudo launchctl kickstart -k system/org.macports.macos-fortress-emergingthreats
sudo launchctl kickstart -k system/org.macports.macos-fortress-hphosts
sudo launchctl kickstart -k system/org.macports.adblock2privoxy
sudo launchctl kickstart -k system/org.macports.macos-fortress-easylistpac

The default web server is native macOS Apache, which must be started with the command:

sudo apachectl start

Note that all files in this repo are superceded by the MacPorts port macos-fortress, including the deprecated installation script readme-and-install.sh.

Firewall-only installation

sudo port install macos-fortress-pf
port notes macos-fortress-pf
sudo port load macos-fortress-pf

Proxy-only installation

sudo port install macos-fortress-proxy
port notes macos-fortress-proxy
sudo port load macos-fortress-proxy

Check and troubleshoot setup

sudo sh macosfortress_setup_check.sh

Working output:

Checking macOS-Fortress installed items (run as sudo)…

Checking launchd.plist files…
[✅] /Library/LaunchDaemons/net.openbsd.pf.plist exists
[✅] /Library/LaunchDaemons/net.openbsd.pf.brutexpire.plist exists
[✅] /Library/LaunchDaemons/net.emergingthreats.blockips.plist exists
[✅] /Library/LaunchDaemons/net.dshield.block.plist exists
[✅] /Library/LaunchDaemons/net.hphosts.hosts.plist exists
[✅] /Library/LaunchDaemons/com.github.essandess.easylist-pac.plist exists
[✅] /Library/LaunchDaemons/com.github.essandess.adblock2privoxy.plist exists
[✅] /Library/LaunchDaemons/com.github.essandess.adblock2privoxy.nginx.plist exists
[✅] /Library/LaunchDaemons/org.squid-cache.squid-rotate.plist exists
[✅] /Library/LaunchDaemons/org.macports.Privoxy.plist exists
[✅] /Library/LaunchDaemons/org.macports.clamd.plist exists
[✅] /Library/LaunchDaemons/org.macports.freshclam.plist exists
[✅] /Library/LaunchDaemons/org.macports.ClamavScanSchedule.plist exists
[✅] /Library/LaunchDaemons/org.macports.ClamavScanOnAccess.plist exists

Checking launchd.plist's. These should all be installed with return
code 0 (2d column of `sudo launchctl list`)…
[✅]	-	0	com.github.essandess.easylist-pac
[✅]	-	0	net.dshield.block
[✅]	91695	0	org.macports.ClamdScanOnAccess
[✅]	-	0	org.macports.freshclam
[✅]	-	0	net.openbsd.pf
[✅]	-	0	com.github.essandess.adblock2privoxy
[✅]	35403	0	org.macports.clamd
[✅]	-	0	org.macports.ClamavScanSchedule
[✅]	-	0	net.openbsd.pf.brutexpire
[✅]	-	0	net.emergingthreats.blockips
[✅]	36183	0	org.macports.Privoxy
[✅]	5578	0	com.github.essandess.adblock2privoxy.nginx
[✅]	-	0	net.hphosts.hosts

Checking PF files…
[✅] /etc/pf.conf exists
[✅] /usr/local/etc/blockips.conf exists
[✅] /usr/local/etc/emerging-Block-IPs.txt exists
[✅] /usr/local/etc/compromised-ips.txt exists
[✅] /usr/local/etc/dshield_block_ip.txt exists
[✅] /usr/local/etc/block.txt exists
[✅] /usr/local/etc/block.txt.asc exists

Checking PF…
[✅] PF is enabled and running

Checking hphosts files…
[✅] /etc/hosts-hphosts exists
[✅] /usr/local/etc/hosts.zip exists
[✅] /usr/local/etc/hphosts-partial.asp exists
[✅] /usr/local/etc/whitelist.txt exists
[✅] /usr/local/etc/blacklist.txt exists

Checking /etc/hosts-hphosts creation…
[✅] /etc/hosts-hphosts exists

Checking proxy PAC and proxy chain files…
[✅] /Library/WebServer/Documents/proxy.pac.orig exists
[✅] /Library/WebServer/Documents/proxy.pac exists
[✅] /usr/local/bin/easylist_pac.py exists
[✅] /usr/local/bin/adblock2privoxy exists
[✅] /usr/local/etc/proxy.pac exists
[✅] /usr/local/etc/adblock2privoxy/nginx.conf exists
[✅] /usr/local/etc/adblock2privoxy/css/default.html exists
[✅] /usr/local/etc/adblock2privoxy/privoxy/ab2p.action exists
[✅] /usr/local/etc/adblock2privoxy/privoxy/ab2p.filter exists
[✅] /usr/local/etc/adblock2privoxy/privoxy/ab2p.system.action exists
[✅] /usr/local/etc/adblock2privoxy/privoxy/ab2p.system.filter exists
[✅] /opt/local/etc/privoxy/config exists
[✅] /opt/local/var/log/privoxy/logfile exists

Checking proxy status…
[✅] Privoxy is running properly
[✅] Privoxy config http://p.p/ via http://localhost:3128 is running properly
[✅] nginx is running properly
[✅] PAC /Library/WebServer/Documents/proxy.pac.orig passes Javascript parsing
[✅] PAC /Library/WebServer/Documents/proxy.pac passes Javascript parsing
[✅] Web server for http://localhost/proxy.pac is running properly
[✅] Blackhole server for http://localhost:8119/ is running properly

Disabling

sudo port unload macos-fortress

sudo port uninstall macos-fortress

This repo is superceded by the MacPorts port macos-fortress, including the deprecated disable/uninstall script disable.sh, which was originally used to unload all launch daemons, disable the pf firewall, and list all installed files without removing them.

Configuration modifications

There are three major, independent, and configurable components to the repo: the PF firewall, the proxy chain, and the AV scanner. Here are a few configuration pointers.

PF firewall

The file pf.conf controls the firewall ruleset and likely must be edited on a specific computer and network, or edited for a VPN server configuration.

The PF firewall can be disabled with the command:

sudo pfctl -d

The variable int_if for the internal interface is set to en0. This should be changed to the active interface on your computer, which can be determined with the command ifconfig -a, or more specificall:

ifconfig | pcregrep -M -o '^[^\t:]+:([^\n]|\n\t)*status: active' | egrep -o -m 1 '^[^\t:]+'

The table <lan_inet> is set to the standard reserved ranges { 10/8, 172.16/12, 192.168/16 }. This must be changed to the CIDR ranges on the specific LAN.
Specific services accessible only on the LAN and on the open internet should be selected and set in the appropriate variables. See /etc/services.
The PF firewall ruleset can be flushed, enabled, and reintialized with the command:

sudo pfctl -Fall && sudo pfctl -ef /etc/pf.conf

See the pfctl commands in the script pf_attacks to determine IP addresses and counts for the various blocked IPs. E.g., the adaptive table <bruteforce> is shown using the command:

sudo pfctl -t bruteforce -Ts

Proxy

Privoxy on port 8118 is configured in config to sent web requests to the internet, wih HTTPS inspection configured for blocking content within TLS encrypted tunnels—the great majorityof we content. An auxiliary nginx webserver for CSS-based element hiding is configured on port 8119. Privoxy .action and .filter files, and nginx .css files are created from Easylist rules using the repo adblock2privoxy.

Browsing to the privoxy configuration page http://p.p/ through any of these proxy configurations is a check on whether the proxy is running and configured correctly.

To provide these services on a firewalled LAN, edit the privoxy and nginx configuration files config, and nginx.conf so that they're available for devices on the LAN, or connecting from a VPN tunnel.

Macports updates

Update Macports packages regularly. This command with update the Macports database, update all installed packages, and uninstall all older, inactive versions.

sudo bash -c 'port selfupdate ; port -puN upgrade outdated ; port uninstall inactive'

Warning about Privoxy compression

Though it's possible to build Privoxy with the configure --enable-compression option, compressed HTTP traffic within a VPN tunnel exposes your traffic to the CRIME/BEAST/VORACLE attacks and is generally not recommended.

Installation details

The MacPorts port macos-fortress (sudo port install macos-fortress) installs and configures an macOS Firewall and Privatizing Proxy. It will:

Uses Macports to download and install several key utilities and applications (wget gnupg p7zip squid privoxy nmap)
Configure macOS's PF native firewall (man pfctl, man pf.conf), and privoxy
Networking on the local computer can be set up to use this Automatic Proxy Configuration without breaking App Store or other updates (see Privoxy config)
Uncomment the nat directive in pf.conf if you wish to set up an OpenVPN server
Install and launch daemons that download and regularly update open source IP and host blacklists. The sources are emergingthreats.net (net.emergingthreats.blockips.plist), dshield.org (net.dshield.block.plist), hosts-file.net (net.hphosts.hosts.plist)
After installation the connection between clients and the internet looks this this:

Application ➡️ proxy.pac ➡️port 8118➡️ Privoxy ➡️ Internet

An auxilliary nginx-based webserver (nominally on localhost:8119) is used for both a proxy.pac ad and tracker blackhole and for CSS element blocking rules with the Privoxy configuration generated by adblock2privoxy.

Public Service Announcement

This firewall is configured to block all known tracker and adware content—in the browser, in-app, wherever it finds them. Many websites now offer an additional way to block ads: subscribe to their content. Security and privacy will always necessitate ad blocking, but now that this software has become mainstream with mainstream effects, ad blocker users must consider the potential impact of ad blocking on the writers and publications that are important to them. Personally, two publications that I gladly pay for, especially for their important 2016 US Presidential election coverage, are the New York Times and The Atlantic. I encourage all users to subscribe to their own preferred publications and writers.

Tracker blocking

Lightbeam, the tracking tracker Firefox add-on, shows how ad- and tracker-blocking works to prevent third parties monitoring you or your children's online activities. My daughter enjoys the learning exercises at the children's website ABCya!. The Lightbeam graph below on the left shows all the third party trackers after less than a minute of browser activity, without using a privatizing proxy. The graph on the right shows all this tracker activity blocked when this privatizing proxy is used.


Lightbeam graph without proxy	Lightbeam graph with proxy

This problem is the subject of Gary Kovacs's TED talk, Tracking Our Online Trackers:

Attack blocking

The snort intrusion detection system reports far fewer events when known attack sites are blackholed by the packet filter:


snort+BASE Overview	snort+BASE Events

Notes

Configure the squid proxy to accept connections on the LAN IP and set LAN device Automatic Proxy Configurations to http://lan_ip/proxy.pac to protect devices on the LAN.
Count the number of attacks since boot with the script pf_attacks. ``Attack'' is defined as the number of blocked IPs in PF's bruteforce table plus the number of denied connections from blacklisted IPs in the tables compromised_ips, dshield_block_ip, and emerging_threats.
Both squid and Privoxy are configured to forge the User-Agent. The default is an iPad to allow mobile device access. Change this to your local needs if necessary.
Whitelist or blacklist specific domain names with the files /usr/local/etc/whitelist.txt and /usr/local/etc/blacklist.txt. After editing these file, use launchctl to unload and load the plist /Library/LaunchDaemons/net.hphosts.hosts.plist, which recreates the hostfile /etc/hosts-hphost and reconfigures the squid proxy to use the updates.
Sometimes pf and privoxy do not launch at boot, in spite of the use of the use of their launch daemons. Fix this by hand after boot with the scripts macosfortress_boot_check, or individually using pf_restart, privoxy_restart, and squid_restart. And please post a solution if you find one.
All open source updates are done using the wget -N option to save everyone's bandwidth

Security

These services are intended to be run on a secure LAN behind a router firewall.
The default proxy configuration will only accept connections made from the local computer (localhost). If you change this to accept connections from any client on your LAN, do not configure the router to forward ports 8118, or you will be running an open web proxy.

macos-fortress's People

Contributors

Stargazers

Watchers

Forkers

nagyist nagyistoce dunolie cloudxtreme nazgul6 radeleon ikosenn mdes41 phamquocbuu lordxeth hbxc0re bhyvex ycombined puppycodes jaythemarketer evil5hadow robertmeffan maurice-schuppe l1uht19 maximejf42 donzpixelz scottk212 ro9ueadmin devopsotrator guryan ridlees andre-stuart yugandar ktgr771 morristech mushfiqur47 todun waldow90 5l1v3r1 wouldayajustlookatit omhmichaels kernal-gh dwtcourses openmicrostacks ptr1337 fbion thepsychonaut421 kseckinc 0000000100000000 streemline spacecase123 osswill mediumdragon

macos-fortress's Issues

p.p

Hello, so after my latest issue, I fixed my apache configuration (by basically, resetting everything).
My proxy.pac is is working, I have set up the automatic proxy config, based on "127.0.0.1/proxy.pac"
Now, I cannot access p.p.
I was wondering, how I can test everything is working?
PD: Both privoxy & squid, seem to be running
PD2: If I set manually the http proxy to 3128, it seems on squid's access.log, that is working, but after some correct results, it starts to make weird TCP_MISS_ABORTED, and doesn't let me into webpages, or only few.

[feature request] arch arm64

But I guess that is not possible until all deps are available as arm64 too, right?

sudo port install macos-fortress

Password:
--->  Computing dependencies for macos-fortress
Error: Cannot install macos-fortress-proxy for the arch 'arm64' because
Error: its dependency adblock2privoxy only supports the arch 'x86_64'.
Error: Follow https://guide.macports.org/#project.tickets if you believe there
is a bug.
Error: Processing of port macos-fortress failed

Uninstall/revert script

Hi, I really appreciate this project and was able to get it up and running with minimal snags. However, would you be interested in providing an uninstall script that could be used to revert your settings to pre-installation values. I think it might have some interest for Users who experience unintended consequences of enabling this level of blocking.
Cheers!

Issues?

So, I runned the script, and the last lines where...
/System/Library/LaunchDaemons/org.apache.httpd.plist: service already loaded missing header for unified diff at line 3 of patch patching file /opt/local/etc/squid/squid.conf missing header for unified diff at line 3 of patch patching file /opt/local/etc/privoxy/config install: /opt/local/etc/privoxy/match.all: No such file or directory /usr/bin/diff: /opt/local/etc/privoxy/match.all: No such file or directory /usr/bin/diff: ./match.all: No such file or directory missing header for unified diff at line 3 of patch patching file /opt/local/etc/privoxy/user.action cp: /etc/hosts: No such file or directory install: ./privoxy-adblock/privoxy-adblock.sh: No such file or directory /Users/ForgottenPlayer/Library/LaunchAgents/org.opensource.flashcookiedelete.plist: Service is disabled

And right now, I don't know how I could test, if the proxy is working... When visiting "localhost/proxy.pac", it gives connection refused, so I configured the "Automatic Proxy Config" to "/Users/ForgottenPlayer/osxfortress/proxy.pac"
When I set the proxy settings to port 8118, privoxy works, I can visit p.p, but when I change it to 3128, I get "ERR_PROXY_CONNECTION_FAILED"

Right know, I don't know what is failing... (Or working)

Enhancement? Additional host blocking list

There is an interesting list of hosts to block at https://github.com/StevenBlack/hosts.
A rough comparison of its basic Unified hosts = (adware + malware) list with hpHosts shows little overlap (barring a really dumb mistake):
hpHosts: 521k unique hosts
Black: 51k unique hosts
In both lists: 9.2k hosts
Adding the feature to merge Black's list would add more protection, and allow even a thematic blocking for fakenews, gambling, porn, social media for those who want this (e.g., the kid's laptop).

Install fails

$ cat opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_lang_stack/stack/main.log | grep -i fail

:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:info:build base-compat > [ 9 of 112] Compiling Control.Monad.Fail.Compat
:info:build base-compat > [ 10 of 112] Compiling Control.Monad.Fail.Compat.Repl
:info:build Cabal > [ 5 of 234] Compiling Distribution.Compat.MonadFail
:info:build aeson > 800 | withBoundedScientific_ whenFail f v@(Number scientific) =
:info:build aeson-compat > 119 | import Data.Aeson.Types (Parser, modifyFailure, typeMismatch, defaultOptions)
:info:build mustache > Deprecated: "Please use decodeEither' or decodeThrow, which provide more useful failures"
:info:build Process exited with code: ExitFailure 1
:info:build Command failed: cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_lang_stack/stack/work/stack-2.5.1" && /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_lang_stack/stack/work/bin/stack build --with-gcc /usr/bin/clang --allow-different-user
:error:build Failed to build stack: command execution failed
:debug:build Backtrace: command execution failed
:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:debug:archivefetch Fetching archive failed: The requested URL returned error: 404 Not Found
:info:build Process exited with code: ExitFailure 1
:info:build Command failed: cd "/opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_lang_stack/stack/work/stack-2.5.1" && /opt/local/var/macports/build/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_lang_stack/stack/work/bin/stack build --with-gcc /usr/bin/clang --allow-different-user
:error:build Failed to build stack: command execution failed
:debug:build Backtrace: command execution failed

have you considered homebrew?

Hello,

Thanks for putting this together!

I was reading through the readme-and-install.sh and noticed the use of macports? Is there a technical reason for this choice over homebrew? Or is it a personal choice?

In trying to understand some of the pros/cons of macports vs homebrew. One of the issues I found is it seems that macports requires the use of sudo, and homebrew does not.

It seems like homebrew could be considered marginally safer in that regard, do you have any thoughts on this?

Thanks,
-- Arron

Issues with easylist.script.*

Hello and first of all let me say thank you for your work on this project.

I've been trying to get this up and running and have hit a snag. I've run the installer, but it seems I am having some issues getting privoxy online. Based on the previous issues I have confirmed that it is not running (lsof -i ':8118' returns nothing, ps -ef | grep privoxy returns the query itself). Attempting to start it manually returns nothing, but no process running; manually starting it with --no-daemon however seems to finally shed some light on what is happening:

2017-04-05 18:24:34.991 7fffb076c Info: Privoxy version 3.0.26 2017-04-05 18:24:34.991 7fffb076c Info: Program name: /opt/local/sbin/privoxy 2017-04-05 18:24:34.998 7fffb076c Fatal error: can't load re_filterfile '/opt/local/etc/privoxy/easylist.script.filter': No such file or directory

For some reason in the extracted osxfortress-master folder I see nothing within the privoxy-adblock directory, so from GitHub I grab the shell script and run it. There is a typo on line 114 (the call for $sedcmd is missing the final d), once corrected I still get a small error while starting privoxy:

2017-04-05 18:27:33.388 7fffb076c Fatal error: can't load actions file '/opt/local/etc/privoxy/easylist.script.action': line 1 should begin with a '{': -e { +block{easylist} }

A quick google search for an example of the file more or less shows the same contents just without the leading -e so I manually edited it and that seems to resolve things (I won't even pretend to understand the syntax of sed, but it seems that there might be a small issue with the command that adds the leading -e). In any case, privoxy now seems to start (lsof and ps both list it) however I am still unable to access it by trying to visit the p.p page. I've tried it both with and without the "Automatic Proxy Configuration" option enabled on my network connection, though I don't think that that would make much of a difference. I am sort stuck here and not sure where to proceed next now that it seems to be running, maybe possibly.

I'll be the first to admit that I am not exactly a proficient coder, though I think I am able to follow along with a process fairly well (see debugging, at least of typos, done above). Maybe there is something that I'm missing and I'll end up in a much better place after a /facepalm moment.

Installation needs several manual fixes

Trying to install on a clean-ish system[*] I met several issues that needed a manual fix.

@essandess: As you wrote in the homebrew pull request "I personally run the install script on all new boxes I configure/reconfigure, and it’s been bulletproof for me", I understand it is thoroughly tested. Could it be that you run it against a non-standard macOS installation, and/or from a repo/cache/proxy/mirror that does not reflect recent upstream changes (or is simply not fully in sync with this repo), and/or on systems different from standard 10.13.6? Some issues make me think in that direction (gnupg deprecated, ./easylist-pac-privoxy/ empty, no squid.conf.default).

But why python and squid (and maybe privoxy) required manual port install … is unclear to me. My system may be not so clean after all...

[*]

macOS 10.13.6. Was a 10.13.x test installation (with network, printer, and computer settings via Migration Assistant from my production installation, but not Applications, Users, Other files) updated with the Install Mac OS app
Xcode 9.4.1 and latest command line tools
MacPorts base version 2.5.3 via installer .pkg
minimal drivers and some UI enhancements

FWIW, here are the fixes, maybe saving someone some headache.

At first run, a prompt to run xcode-select --install
=> did so

"xcode-select: error: command line tools are already installed, use "Software Update" to install updates"

Only at first run, so maybe xcode needed something to register first?

'/Users/test/.local/bin' is not on your PATH.
For best results, please add it to the beginning of PATH in your profile.

=> Done. Maybe not necessary?

Error: gnupg has been deprecated. If you absolutely want to stay on the classic version, install the gnupg1 port. All other users are recommended to install gnupg2.

=> sudo port install gnupg2
Error remains in later runs of the install script, but later in the script gpg actions are done OK => ignored hereafter.

Selecting 'python36' for 'python3' failed: The specified group 'python3' does not exist.

=> No Python? -- Test:
port installed python, port installed python3, port installed python36, all return

None of the specified ports are installed.

python --version

Python 2.7.10

Only the standard Apple version. Specified python was not installed by install script. Reason unclear.
=> sudo port install python36, sudo port select --set python python36, sudo port select --set python3 python36

rsync: link_stat "/Users/test/Desktop/macOS-Fortress-master-port-essandess-2018-07-20/easylist-pac-privoxy/adblock2privoxy/adblock2privoxy*" failed: No such file or directory (2)

./easylist-pac-privoxy/ is empty.
=> searched, downloaded and copied adblock2privoxy-master into easylist-pac-privoxy and renamed it to adblock2privoxy

[…lots of ghc-related errors and warnings…]

=> ignored for now.

install: /opt/local/etc/squid/squid.conf.default: No such file or directory

=> renamed the existing squid.conf to squid.conf.default.

chown: privoxy: illegal group name

=> set via System preferences and have an additional user home folder -- naaaahh.
=> sudo port install privoxy (privoxy @3.0.26) (forgot to test if privoxy had been installed at all)

install: ./easylist-pac-privoxy/easylist_pac.py: No such file or directory

=> searched and download easylist-pac-privoxy and copied its contents (!) except the empty folder (adblock2privoxy) to ./easylist-pac-privoxy/

Error: Failed to load squid: Launchd plist /Library/LaunchDaemons/org.macports.Squid.plist was not found

=> No Squid installed? -- Test:
port installed squid, port installed squid3 both return

None of the specified ports are installed.

Squid was not installed. Reason unclear.
=> sudo port install squid3
=> maybe remains of pre-existing squid? port -f activate squid3 to force the activation.

missing header for unified diff at line 3 of patch

Maybe nonconsequential? Next line says:

patching file /opt/local/etc/squid/squid.conf

/Users/test/Library/LaunchAgents/org.opensource.flashcookiedelete.plist: Service is disabled

????

Finally:

---> Loading startupitem 'Squid' for squid
---> Loading startupitem 'Privoxy' for privoxy

is "normal" version of this possible ?

is there any hope for a linux version of this ? :D