Install the parental control filtering proxy server DansGuardian on Debian
DansGuardian forbid the access to adult content to its users. In addition to checking the URL against a black list, this software filter the content of visited web sites. It can also check for virus in downloaded files with the help of ClamAV anti-virus.
This howto is tested on:
- Debian 5.0 Lenny
- Debian 6.0 Squeeze
Prerequisites
This howto recommends:
- the ClamAV anti-virus software, as described by Install ClamAV anti-virus software on Debian.
Installation
Install the installation prerequisites:
command apt-get install lsb-release debian-archive-keyring
Detect the distribution name:
DEBIAN_VERSION=$(command lsb_release -cs)
For Debian version older than Squeeze, the "Debian Volatile" repository contains the last versions of software frequently updated for security matters. Add the Debian Volatile repository to your apt configuration if they are available for your distribution:
if command wget --spider --quiet "http://volatile.debian.org/debian-volatile/dists/${DEBIAN_VERSION}"; then
command echo "# Debian Volatile
deb http://volatile.debian.org/debian-volatile ${DEBIAN_VERSION}/volatile main contrib non-free" \ > '/etc/apt/sources.list.d/debian-volatile.list'
fi
Update available packages list:
command apt-get update
Install the software:
command apt-get install dansguardian unrar-free
Ignore this error message:
DansGuardian has not been configured!
Please edit /etc/dansguardian/dansguardian.conf manually then rerun
this script.
DansGuardian need a proxy server to connect to Internet. By default, it use Squid:
command apt-get install squid3
It is possible to use another proxy server (for example tinyproxy) by editing the "proxyport" value in "/etc/dansguardian/dansguardian.conf".
Configuration
You can set the proxy server error messages language by editing the "language" value in "/etc/dansguardian/dansguardian.conf".
Lower the log level in order to only log problematic requests:
command sed -i -e 's/^\(loglevel[\t ]*=\).*$/\1 1/' \
'/etc/dansguardian/dansguardian.conf'
Enable the anti-virus extension to check the downloaded files content with ClamAV. This setting loads heavily the system:
command sed -i -e 's/^[\t #]*\(contentscanner[\t ]*=.*clamav.*$\)/\1/' \
'/etc/dansguardian/dansguardian.conf'
Enable the proxy server by commenting the "UNCONFIGURED" line:
command sed -i -e 's/^.*UNCONFIGURED.*$/#\0/' \
'/etc/dansguardian/dansguardian.conf'
Start the proxy server:
/etc/init.d/dansguardian start
Using SquidGuard black lists
SquidGuard is a parental control software for the Squid proxy server. DansGuardian can use the black lists of this tool.
Create the black lists folder:
command mkdir --parent /var/lib/squidguard/db
command chown -R proxy:proxy /var/lib/squidguard/db
Add the cron script that daily update the black lists:
command echo '#!/bin/bash
# Downloading the adult site blacklist update
/usr/bin/wget -q ftp://ftp.univ-tlse1.fr/pub/reseau/cache/squidguard_contrib/adult.tar.gz \
--output-document=/tmp/adult.tar.gz
/bin/tar --directory /var/lib/squidguard/db -xzf /tmp/adult.tar.gz
# SquidGuard must be able to update db files.
/bin/chown -R proxy:proxy /var/lib/squidguard/db
# We update the SquidGuard database with the downloaded data :
if [ -x /usr/bin/squidGuard ]; then
/bin/su proxy -c "/usr/bin/squidGuard -C all > /dev/null 2>&1"
fi' \
> '/etc/cron.daily/update-squidguard-blacklist'
command chmod +x '/etc/cron.daily/update-squidguard-blacklist'
Initialize the black list:
/etc/cron.daily/update-squidguard-blacklist
Add the black lists to DansGuardian black lists:
command ln -s '/var/lib/squidguard/db/adult/' '/etc/dansguardian/lists/blacklists/'
Setup DansGuardian to use the black list:
/bin/sed -i -e 's/[\t #]*\(.*Include.*adult.*\)$/\1/' /etc/dansguardian/lists/bannedsitelist
Reload the configuration:
/etc/init.d/dansguardian restart
Usage
To use the proxy server, set the HTTP proxy of the browser to the server IP address with port 8080.
Remerciements
- Thanks to DansGuardian developers.
- Thanks to Debian Volatile mainteners.