Thursday, April 2, 2009

How-to install Virtual Machine with Ubuntu/Squid/Dansguardian/Clam AV/Bannerfilter/SARG

This is a how-to that chronicles how I setup Ubuntu/Squid/Dansguardian/Clam AV/Bannerfilter/SARG to monitor and filter the Internet content that my children have access to. Although there are many content filtering solutions, I chose this because I know it works and it was free. I have installed this same solution several times and it has always done the job. The configuration here is not guaranteed, but you should be able to copy and paste most of the commands from here to install this solution.

Briefly, the components are as follows:

  • VMWare Server
  • Ubuntu Desktop 8.10
  • Squid - Proxy server for caching and access control
  • Dansguardian - content filter that will be the "configured proxy" on the clients, and sends requests to Squid
  • Clam AV - free antivirus to stop viruses at the proxy
  • Banner Filter - scans the pages as they are returned for ads and blocks them from being displayed
  • SARG - Squid reporting module
  • Apache2 - Web server
  • Lynx - text based browser
Below are the instructions to configure this for my environment, but I have noted the areas that you will need to change for your environment (such as IP address of the proxy, etc.)

Setup the Virtual Environment

Download and install VMWare Server (or whatever virtual environment you want). There are products available that will run on almost any operating system. I use VMWare Server 2.0 running on the main computer in our house (it is always on).

Install Ubuntu

Download the Ubuntu ISO

Install Ubuntu by mounting the ISO in the Virtual Server and following the prompts to install the default desktop. If you aren't sure about what to choose, just accept the defaults.

Note: Set the IP address to a static address

Run APT Update to update the software packages cache
sudo apt-get update

Install Squid, ClamAV-daemon, Dansguardian, SARG, Apache2, Lynx

Install squid with the command

sudo apt-get install squid, clamav-daemon, dansguardian, sarg, apache2, lynx

Configure ClamAV-daemon by setting it to update the virus definitions automatically

sudo at 1:00 tomorrow
at>clamscan -i /home/username
>mail root@localhostat
> Enter
job 2 at Mon Mar 30 01:00:00 2009

You can verify that clam av is running by checking for the process

ps -ef | grep clamav


Configure Squid proxy server

Copy the file /etc/squid/squid.conf for a backup:

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

Edit the squid.conf file

sudo vim /etc/squid/squid.conf

Search for the line TAG: visible_hostname

/TAG: visible_hostname

Move the cursor to the bottom line of that section after # none and hit the "i" key to insert the text

visible_hostname squid

Find the line # http_access allow localnet
and delete the # - this will allow for all clients on the local network to get to the Internet

Add a user named squid

sudo adduser squid

Restart the squid service

sudo /etc/init.d/squid restart

Install Bannerfilter

Download bannerfilter using wget

wget http://phroggy.com/files/unix/bannerfilter-1.31.tar.gz

Expand the archive

tar -zxvf bannerfilter-1.31.tar.gz

Make a bannerfilter directory

sudo mkdir /etc/squid/bannerfilter

Move the bannerfilter folder

mv bannerfilter-1.31/* /etc/squid/bannerfilter

Make a bannerfilter directory

sudo mkdir/var/www/bannerfilter

Move the www contents to the /var/www/bannerfilter

sudo mv /etc/squid/bannerfilter/www/* /var/www/bannerfilter

You should now be able to browse http://ip_address/bannerfilter

Test that the redirector.pl script is functioning

sudo perl /etc/squid/bannerfilter/redirector.pl

Type in something like "hello world" and you should see hello world printed to the screen, hit CTRL+C

Edit the squid.conf file again

sudo vim /etc/squid/squid.conf

Add the following line to the end of the squid.conf

redirect_program /var/www/bannerfilter/redirector.pl

Then restart the Squid service

sudo /etc/init.d/squid restart

Configure your browser to use the proxy settings

Internet Explorer: Go to Tools->Options->Connection-Lan Settings and check the box for "Use a proxy server for your LAN...) then type the address of the Virtual Machine (my case 172.26.1.10) and set the port to 3128(this is the port that dansguardian uses). Check the box for Bypass proxy server for local addresses

Firefox - Tools->Options->Advanced->Network tab->Settings. Select Manual proxy configuration and set the HTTP proxy to the IP address of the Virtual Machine and the port to 3128. Check the box "use this proxy for all protocols

Go to http://127.0.0.1/test.html to see if the proxy works

Run the /update.sh script to update the data files

cd /etc/squid/bannerfilter
sudo ./update.sh

Schedule bannerfilter for auto-updates

sudo crontab -e

Add the line 0 12 * * * /etc/squid/bannerfilter/update.sh

Save the file and quit vim

To test if bannerfilter is working go to a site with a lot of ads (like about.com) and if you see the words "Blocked" in what would be an advertisement spot then it works

Configure Dansguardian

The main configuration for Dansguardian is located in /etc/dansguardian/dansguardian.conf

sudo vim /etc/dansguardian/dansguardian.conf

Change the line accessdeniedaddress = 'http://ip_address/cgi-bin/dansguardian.pl ' to the local IP address that was assigned to the Ubuntu virtual machine

Add a # in front of the line:

UNCONFIGURED - Please remove this line after configuration

Restart dansguardian:

sudo /etc/init.d/dansguardian

Configuring the browser to use Dansguardian by going back into the browser settings and change the proxy port from 3128 to 8080

Installing SARG (with Webmin)

I have found that SARG works best if you have a web interface. I like to use webmin for this.

To install the Webmin dependancies

sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl

Download Webmin

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.340_all.deb

Install webmin

sudo dpkg -i webmin_1.340_all.deb

Set the password for Webmin

sudo /usr/share/webmin/changepass.pl /etc/webmin root password

Browse to the webmin interface to check the reporting by browsing to http://ip_address:10000 where ip_address is the IP of the Ubuntu virtual machine

The following list is the features that should be working

  • Keyword blocking
  • Advertisement blocking
  • URL blocking
  • Antivirus
  • Caching
  • Reporting

4 comments:

Patrick said...

Damn. That's lots of work. Is it worth it to block couple of girlie websites?

Michael said...

I like what you have done... I too am getting concerned about my kids accidentally getting access to something they shouldn't... I hadn't thought about using a virtual machine for this... I assume you have to keep this box running full time to get the desired effect...?

Brian Bohanon said...

Michael, I do leave the VM running on an Ubuntu server that runs VMWare Server 2.0. It really does very little processing, so it doesn't impact the performance of the Ubuntu machine.

Reead said...

Thanks buddy, that was a greatful information. i was strugling with fedora to put this server on, but on my local machine it was not working. gr8 info dude.