Content Web Filter for Fedora?

[v3n0m]

I recently switched to Fedora, which has been great besides one thing...

I'm required to have some sort of web filter so my parents know what I'm doing, and Safe Eyes doesn't work. (duh)

I've heard of people setting up a Squid server on a Linux computer and using that to filter everyones computer in the house, but I'm not sure that's nescessary since I'm the only computer in the house not using Windows.

Safe Eyes basically filters content and blocks it if needed, and also records all history so they can review what I've been doing etc. So something closer to that would be awesome.

I'd appreciate your expertise!

[Evil_Bert]

For the filtering part, you could try OpenDNS. It's as simple as setting your DNS server(s) to OpenDNS and that will filter out most nasties. If you get your parents to set the root password on your machine after that's been done, that might give them some confidence that it'll stay that way (of course, it can be bypassed with, say, a LiveCD but, hey, it's a start). That's probably the biggest bang for the buck as far as effort goes.

You could theoretically setup a local Squid proxy (and Dans Guardian) - funnel all web traffic through the local proxy. I haven't read this link in detail, but it seems to show how to do that (at least on Debian): http://www.spencerstirling.com/compu...sguardian.html

I'm sure you could find some more guides on the web about local proxies and filtering. Here are another couple of links to get you started:
http://www.howtoforge.com/content-fi...roxy-safesquid
http://www.howtoforge.com/dansguardi...tu-9.10-karmic

You could also run web-filtering in a Virtual Machine with its own IP address and set that as a proxy. Untangle used to have a pre-configured version that did just that (but only for Windows boxes).

HTH

[RHamel]

Here's another link. It's a good project, and you'll learn a lot. I'm not sure your parents are going to be satisfied though.

At this point, safe eyes is a false sense of security.

http://www.geek.com/articles/chips/f...untu-20090116/

[marriedto51]

Just to say that (as a parent) I've set up Squid and Dansguardian on the computer our youngsters use for web browsing, and that combination seems fast as well as able to block out anything I believe they shouldn't see.

I made some notes on what I did to set it up when I installed Fedora 16 (I have reached the age where unless I write something down I can't remember what it was!) -- so if you or your parents are interested I would gladly PM a copy. Alternatively, the links Evil_Bert gives above look good starting points.

[pindakoe]

Quote:

Originally Posted by marriedto51

Just to say that (as a parent) I've set up Squid and Dansguardian on the computer our youngsters use for web browsing, and that combination seems fast as well as able to block out anything I believe they shouldn't see.

Ciould you post/send me the content of your squid.conf and dansguardian.conf? I have been running DG/Squid for years (with great satisfaction) on Mandriva, but ran into some issues when switching to F16: squid no longer caches. The filtering works very well and squid not caching does not lead to noticeable slow-down, but as I have plenty of diskspace would like to fix that as well.

[sichent]

The following article may prove to be helpful... it focuses on CentOS 6.2 which is pretty close to what you have on your servers http://www.howtoforge.com/web-filtering-on-squid-proxy

Best regards
sich

[sillav]

I'm afraid once you're able to install and run linux, use a live cd, and figure out how to setup and configure various net filtering options, you're pretty much beyond the point of being able to be monitored using those same tools.

I'd suggest having a frank discussion with your parents, explaining all the trivial ways that exist to defeat these monitoring attempts, and that maybe it is time to look at other options.

Otherwise you need to have them create a bios password and disable booting from anything but hard-drive, have them create a root password and not tell you, then use one of the above options. Of course, they'll have to take you at your word that you haven't installed a keylogger by now, so again, maybe it's time to look at other methods.

If something must be done, I'd suggest signing up for opendns like above, but have the dns redirection done in your router and let them create the admin password. You can get it around it with vpn's, proxies and tethering to mobile phones...but it's at least easy to do and benefits everyone in the house, guests included.

[v3n0m]

Quote:

Originally Posted by sillav

I'm afraid once you're able to install and run linux, use a live cd, and figure out how to setup and configure various net filtering options, you're pretty much beyond the point of being able to be monitored using those same tools.

I'd suggest having a frank discussion with your parents, explaining all the trivial ways that exist to defeat these monitoring attempts, and that maybe it is time to look at other options.

Otherwise you need to have them create a bios password and disable booting from anything but hard-drive, have them create a root password and not tell you, then use one of the above options. Of course, they'll have to take you at your word that you haven't installed a keylogger by now, so again, maybe it's time to look at other methods.

If something must be done, I'd suggest signing up for opendns like above, but have the dns redirection done in your router and let them create the admin password. You can get it around it with vpn's, proxies and tethering to mobile phones...but it's at least easy to do and benefits everyone in the house, guests included.

Thank you for the striaghtforward answer, I appreciate it. This is what I was concerned about. Oh well, I'm sure they'll understand, and putting a DNS on our router might be something we'll do. Do you think it's possible to assign a DNS server to my wireless network reciever that's built into my PC? Then the filter would only apply for me? Thank you for being tolerant of my noobyness!

[sillav]

A very common home setup is something like this...[1]

Quote:

(internet) ---- (ISP)----(Modem)---(Router)---(desktop, laptops, phones, game consoles)

Everything past the isp is in your house. And the ISP is doing all the DNS work. Some people have really bad isp's, where if you type in a bad address you get redirected to their own 'search' tool, which is almost always terrible. They can do this because you're letting them do the DNS stuff.

OpenDNS looks like this:[2]

Quote:

(internet) ----(OpenDNS)--- (ISP)----(Modem)---(Router[openDNS])---(desktop, laptops, phones, game consoles)

If you have your Router direct everything to openDNS then you can see that everything behind the router is protected. Alternatively, you can just have one using opendns. In my house, it looks like this:[3]

Quote:

(internet) --- (OpenDNS)---(ISP)----(Modem)---(Router)---(desktop, [laptops(openDNS)], phones, [game consoles(openDNS)])

Here only my game console and laptop are protected by the openDNS service that sits between me and the internet

Running your own DNS, squid or whatever, looks like this (I'm guessing, I've never used it)[4]

Quote:

(internet) ----(ISP)----(Modem)---(PersonalDNS Server)--(Router)---(desktop, laptops, phones, game consoles)

You can see that it looks pretty similar to [2], but its behind the modem, so you have a lot more control over it.

So short answer is yes, you can configure just your computer to use openDNS. If you have a good router, say running ddwrt, you can even have just your computer and any unrecognised computers using openDNS, with the parents using whatever else, probably isp. But again, my opinion is to subscribe to the openDNS service for a nominal fee, let it protect you and every device connected to your router, and then make some sort of adult agreement with your parents about internet usage, that recognizes you are moving beyond their technical ability to monitor and yet still want to respect their wishes. This will likely be a non-technical/software solution.