How to set up a kidsafe filter on Sabayon Linux
This is a legacy article which does not meet some of our quality standards. While it may contain useful information, is retained here for legacy reasons only.[/alert]
Surprisingly something a number of people still don’t know about is that linux has a great parental / kidsafe web filter available free of charge. It can run on your machine or on another machine serving all your computers. It can run as an optional proxy (needing to change a setting in a browser) or as a mandatory system which forces all traffic on your lan or computer to run through it (doesn’t need any special browser settings otherwise called a transparent proxy). Best of all, it’s quite easy to set up.
Enter Dansguardian – The kidsafe web filter
This Howto is based on Sabayon, a Gentoo based distribution, but other than the package install, should be able to be easily adapted to other systems.
Remember: In Sabayon you have 3 different methods of package installation, emerge (gentoo method), Spritz (Sabayon Gui Method) and equo (sabayon console method). Personally, I’ve found spritz to not work alltogether and haven’t yet gotten equo running so this howto is based on emerge. The important thing is that no matter which method you use, don’t mix a Sabayon method with the gentoo method, stick to whatever you’ve already been doing or it will stuff up the package database.
You basically need two packages, squid and Dansguardian. In Sabayon you can just sync up your repositories via emerge –sync, then install them via emerge squid and emerge dansguardian. If you have another distro it will be in it’s package manager (such as YaST) for openSuSE for sure. Source code can be obtained from http://dansguardian.org/?page=download2
Configuration – Squid
Edit the squid.conf file with your favourite editor
# vi /etc/squid/squid.conf
In the gentoo/sabayon version of squid that came down from emerge I got some sensible defaults, however if you’re feeling picky or it’s different for you, remove the three lines that say:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
and add a line that says:
acl localnet src 192.168.1.0/24
Remember to substitute your local network address range above with a 0 on the end.
Search for the visible_hostname Tag and add a line underneath #none so that it looks like this:
Save your squid.conf file and start squid as root
# /etc/init.d/squid start
# /etc/init.d/squid start
squid | * Initializing cache directories … [ ok ]
squid | * Starting squid … [ ok ]
For some reason, on the latest version of Sabayon I had to install libwww to get squid to start. So if you get an error like this, “usr/sbin/squid: error while loading shared libraries: libmd5.so.0: cannot open shared object file: No such file or directory” then run # equo install libwww.
Configuration – Dansguardian
Configuration is done in the file/etc/dansguardian/dansguardian.conf
In Sabayon/Gentoo, no configuration is needed, just start the service as root
** Update 5-11-09**
In latest version of Sabayon I had to edit the line that reads “originalip = on” and change it to off to get it to work. You probably will too as this is currently a feature that is not fully tested but enabled by default by the Gentoo/Sabayon devs.
** End of Update**
If you want you can edit the file so that your domain name shows up in the page:
- vi /etc/dansguardian/dansguardian.conf
Change accessdenied webpage from YOURSERVER.YOURSITE to IPADDRESS and save the file
# /etc/init.d/dansguardian start
dansguardian | * Starting DansGuardian … [ ok ]
If you want to add log rotation add the following:
Edit the crontab file
- vi /etc/crontab
- add the line 59 23 * * sun /etc/dansguardian/logrotation – adds a command to rotate the logs into the task schedule
Making Squid and Dansguardian start automatically at boot time
You will no doubt want it to all start automatically each time the computer/server is started or restarted, to do this, see below:
# rc-update add squid default
* squid added to runlevel default
# rc-update add dansguardian default
* dansguardian added to runlevel default
Don’t forget to set in your browser:
Proxy server = your ip address: Port 8080
Use this proxy server for all protocols if you like.
Now test it by going to a website like www.playboy.com, if it’s working you should be presented by a Dansguardian Access Denied web page.
Preventing children (and others) from Disabling the Kidsafe Web Filter
The restrictions created by a content-filtering proxy can be easily circumvented by simply not using the proxy. Assuming that the users so restricted do not have administrative access, this can be prevented as follows:
Edit /usr/lib/firefox/firefox.cfg and add the following entries: