You are here: Home / Debian GNU/Linux / Servers / HTTP / Install the parental control filtering proxy server DansGuardian on Debian

Install the parental control filtering proxy server DansGuardian on Debian

by Pierre-Yves Landuré last modified Nov 11, 2017 09:45

DansGuardian forbid the access to adult content to its users. In addition to checking the URL against a black list, this software filter the content of visited web sites. It can also check for virus in downloaded files with the help of ClamAV anti-virus.

This howto is tested on:

  • Debian 5.0 Lenny
  • Debian 6.0 Squeeze

Prerequisites

This howto recommends:

Installation

Install the installation prerequisites:

command apt-get install lsb-release debian-archive-keyring

Detect the distribution name:

DEBIAN_VERSION=$(command lsb_release -cs)

For Debian version older than Squeeze, the "Debian Volatile" repository contains the last versions of software frequently updated for security matters. Add the Debian Volatile repository to your apt configuration if they are available for your distribution:

if command wget --spider --quiet "http://volatile.debian.org/debian-volatile/dists/${DEBIAN_VERSION}"; then
command echo "# Debian Volatile
deb http://volatile.debian.org/debian-volatile ${DEBIAN_VERSION}/volatile main contrib non-free" \ > '/etc/apt/sources.list.d/debian-volatile.list'
fi

Update available packages list:

command apt-get update

Install the software:

command apt-get install dansguardian unrar-free

Ignore this error message:

DansGuardian has not been configured!
Please edit /etc/dansguardian/dansguardian.conf manually then rerun
this script.

DansGuardian need a proxy server to connect to Internet. By default, it use Squid:

command apt-get install squid3

It is possible to use another proxy server (for example tinyproxy) by editing the "proxyport" value in "/etc/dansguardian/dansguardian.conf".

Configuration

You can set the proxy server error messages language by editing the "language" value in "/etc/dansguardian/dansguardian.conf".

Lower the log level in order to only log problematic requests:

command sed -i -e 's/^\(loglevel[\t ]*=\).*$/\1 1/' \
'/etc/dansguardian/dansguardian.conf'

Enable the anti-virus extension to check the downloaded files content with ClamAV. This setting loads heavily the system:

command sed -i -e 's/^[\t #]*\(contentscanner[\t ]*=.*clamav.*$\)/\1/' \
'/etc/dansguardian/dansguardian.conf'

Enable the proxy server by commenting the "UNCONFIGURED" line:

command sed -i -e 's/^.*UNCONFIGURED.*$/#\0/' \
'/etc/dansguardian/dansguardian.conf'

Start the proxy server:

/etc/init.d/dansguardian start

Using SquidGuard black lists

SquidGuard is a parental control software for the Squid proxy server. DansGuardian can use the black lists of this tool.

Create the black lists folder:

command mkdir --parent /var/lib/squidguard/db
command chown -R proxy:proxy /var/lib/squidguard/db

Add the cron script that daily update the black lists:

command echo '#!/bin/bash

# Downloading the adult site blacklist update
/usr/bin/wget -q ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/adult.tar.gz \
--output-document=/tmp/adult.tar.gz

/bin/tar --directory /var/lib/squidguard/db -xzf /tmp/adult.tar.gz

# SquidGuard must be able to update db files.
/bin/chown -R proxy:proxy /var/lib/squidguard/db

# We update the SquidGuard database with the downloaded data :
if [ -x /usr/bin/squidGuard ]; then
/bin/su proxy -c "/usr/bin/squidGuard -C all > /dev/null 2>&1"
fi' \
> '/etc/cron.daily/update-squidguard-blacklist'
command chmod +x '/etc/cron.daily/update-squidguard-blacklist'

Initialize the black list:

/etc/cron.daily/update-squidguard-blacklist

Add the black lists to DansGuardian black lists:

command ln -s '/var/lib/squidguard/db/adult/' '/etc/dansguardian/lists/blacklists/'

Setup DansGuardian to use the black list:

/bin/sed -i -e 's/[\t #]*\(.*Include.*adult.*\)$/\1/' /etc/dansguardian/lists/bannedsitelist

Reload the configuration:

/etc/init.d/dansguardian restart

Usage

To use the proxy server, set the HTTP proxy of the browser to the server IP address with port 8080.

Remerciements