Briefly, the components are as follows:
- VMWare Server
- Ubuntu Desktop 8.10
- Squid - Proxy server for caching and access control
- Dansguardian - content filter that will be the "configured proxy" on the clients, and sends requests to Squid
- Clam AV - free antivirus to stop viruses at the proxy
- Banner Filter - scans the pages as they are returned for ads and blocks them from being displayed
- SARG - Squid reporting module
- Apache2 - Web server
- Lynx - text based browser
Setup the Virtual Environment
Download and install VMWare Server (or whatever virtual environment you want). There are products available that will run on almost any operating system. I use VMWare Server 2.0 running on the main computer in our house (it is always on).
Install Ubuntu
Download the Ubuntu ISO
Install Ubuntu by mounting the ISO in the Virtual Server and following the prompts to install the default desktop. If you aren't sure about what to choose, just accept the defaults.
Note: Set the IP address to a static address
Run APT Update to update the software packages cache
sudo apt-get update
Install Squid, ClamAV-daemon, Dansguardian, SARG, Apache2, Lynx
Install squid with the command
sudo apt-get install squid, clamav-daemon, dansguardian, sarg, apache2, lynx
Configure ClamAV-daemon by setting it to update the virus definitions automatically
sudo at 1:00 tomorrow
at>clamscan -i /home/username
>mail root@localhostat
> Enter
job 2 at Mon Mar 30 01:00:00 2009
at>clamscan -i /home/username
>mail root@localhostat
> Enter
job 2 at Mon Mar 30 01:00:00 2009
You can verify that clam av is running by checking for the process
ps -ef | grep clamav
Configure Squid proxy server
Copy the file /etc/squid/squid.conf for a backup:
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
Edit the squid.conf file
sudo vim /etc/squid/squid.conf
Search for the line TAG: visible_hostname
/TAG: visible_hostname
Move the cursor to the bottom line of that section after # none and hit the "i" key to insert the text
visible_hostname squid
Find the line # http_access allow localnet
and delete the # - this will allow for all clients on the local network to get to the Internet
Add a user named squid
sudo adduser squid
Restart the squid service
sudo /etc/init.d/squid restart
Install Bannerfilter
Download bannerfilter using wget
wget http://phroggy.com/files/unix/bannerfilter-1.31.tar.gz
Expand the archive
tar -zxvf bannerfilter-1.31.tar.gz
Make a bannerfilter directory
sudo mkdir /etc/squid/bannerfilter
Move the bannerfilter folder
mv bannerfilter-1.31/* /etc/squid/bannerfilter
Make a bannerfilter directory
sudo mkdir/var/www/bannerfilter
Move the www contents to the /var/www/bannerfilter
sudo mv /etc/squid/bannerfilter/www/* /var/www/bannerfilter
You should now be able to browse http://ip_address/bannerfilter
Test that the redirector.pl script is functioning
sudo perl /etc/squid/bannerfilter/redirector.pl
Type in something like "hello world" and you should see hello world printed to the screen, hit CTRL+C
Edit the squid.conf file again
sudo vim /etc/squid/squid.conf
Add the following line to the end of the squid.conf
redirect_program /var/www/bannerfilter/redirector.pl
Then restart the Squid service
sudo /etc/init.d/squid restart
Configure your browser to use the proxy settings
Internet Explorer: Go to Tools->Options->Connection-Lan Settings and check the box for "Use a proxy server for your LAN...) then type the address of the Virtual Machine (my case 172.26.1.10) and set the port to 3128(this is the port that dansguardian uses). Check the box for Bypass proxy server for local addresses
Firefox - Tools->Options->Advanced->Network tab->Settings. Select Manual proxy configuration and set the HTTP proxy to the IP address of the Virtual Machine and the port to 3128. Check the box "use this proxy for all protocols
Go to http://127.0.0.1/test.html to see if the proxy works
Run the /update.sh script to update the data files
cd /etc/squid/bannerfilter
sudo ./update.sh
sudo ./update.sh
Schedule bannerfilter for auto-updates
sudo crontab -e
Add the line 0 12 * * * /etc/squid/bannerfilter/update.sh
Save the file and quit vim
To test if bannerfilter is working go to a site with a lot of ads (like about.com) and if you see the words "Blocked" in what would be an advertisement spot then it works
Configure Dansguardian
The main configuration for Dansguardian is located in /etc/dansguardian/dansguardian.conf
sudo vim /etc/dansguardian/dansguardian.conf
Change the line accessdeniedaddress = 'http://ip_address/cgi-bin/dansguardian.pl ' to the local IP address that was assigned to the Ubuntu virtual machine
Add a # in front of the line:
UNCONFIGURED - Please remove this line after configuration
Restart dansguardian:
sudo /etc/init.d/dansguardian
Configuring the browser to use Dansguardian by going back into the browser settings and change the proxy port from 3128 to 8080
Installing SARG (with Webmin)
I have found that SARG works best if you have a web interface. I like to use webmin for this.
To install the Webmin dependancies
sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl
Download Webmin
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.340_all.deb
Install webmin
sudo dpkg -i webmin_1.340_all.deb
Set the password for Webmin
sudo /usr/share/webmin/changepass.pl /etc/webmin root password
Browse to the webmin interface to check the reporting by browsing to http://ip_address:10000 where ip_address is the IP of the Ubuntu virtual machine
The following list is the features that should be working
Keyword blocking Advertisement blocking URL blocking Antivirus Caching Reporting
4 comments:
Damn. That's lots of work. Is it worth it to block couple of girlie websites?
I like what you have done... I too am getting concerned about my kids accidentally getting access to something they shouldn't... I hadn't thought about using a virtual machine for this... I assume you have to keep this box running full time to get the desired effect...?
Michael, I do leave the VM running on an Ubuntu server that runs VMWare Server 2.0. It really does very little processing, so it doesn't impact the performance of the Ubuntu machine.
Thanks buddy, that was a greatful information. i was strugling with fedora to put this server on, but on my local machine it was not working. gr8 info dude.
Post a Comment