Add Web Porn Filtering and Other Content Filtering to Linux Desktops
Microsoft users continue to adopt the Linux operating system and naturally expect to find content filters like the ones they used with Windows XP. Often, new Linux converts experiment on their standalone personal computers at home. Because many people object to some information and images readily found on the Internet, a content filtering system is top priority—especially because parents often share computers with kids, and constant adult supervision is not always possible.
Using DansGuardian with Tinyproxy is one way parents can supervise Internet content when they are away from the family computer. A versatile content filter, DansGuardian is open-source software for use in a noncommercial setting. If you want to use DansGuardian in a commercial setting, you can buy a license or buy SmoothGuardian. Working with DansGuardian is Tinyproxy, a small open-source program that understands and evaluates the information passing through the computer. Together they provide administrative controls to block objectionable content from the Internet.
DansGuardian is a collection of pass-through filters used to stop Internet Web pages with words, phrases and pictures you don't like or want others to see. The filters within DansGuardian act as an intermediary program between a client browser, like Firefox, and the Internet. Firefox makes the information request to DansGuardian. Then, DansGuardian passes the information to Tinyproxy, which communicates with the Internet.
Information coming back from the Internet passes through Tinyproxy and DansGuardian before it gets to the client browser. Only approved information gets through the filter and appears in the browser window. DansGuardian blocks restricted Web pages and replaces the unwanted content with an “access denied” security screen displayed in the browser window.
This has not been a high-level description of the filtering procedure. In fact, the way Tinyproxy and DansGuardian work together is complex and interesting. If you want to explore how this works, check out the DansGuardian “Flow of Events” page (see the on-line Resources). Here, you can find a more thorough discussion of filtering and how data passes between each program and the Internet.
What's important to know is you can define many words, phrases and specific locations you want DansGuardian to block. In addition to Web pages with text, DansGuardian also can filter pictures and prevent the downloading of certain files. This combination of filtering is superior to other methods that block access only to a list of banned sites.
With more than 20 different configuration files, setup of DansGuardian can appear complicated to new Linux users. However, the configuration files contain clear instructions on how to edit them for your needs. In my tests, I didn't need to make a lot of changes, because the default filtering arrangement is almost ideal for family use.
First, you need to install and configure DansGuardian and Tinyproxy. Second, it's important to adjust your desktop settings to prevent users from easily turning off content filtering.
Before installing, look through the package repository of your distribution to make sure it includes DansGuardian and Tinyproxy. The most simple way to install the programs is with a GUI package manager like Novel SUSE's YaST or Synaptic. For Debian, root users enter apt-get install dansguardian tinyproxy.
If you don't have these applications in your package repository, you can download DansGuardian and Tinyproxy from their respective Web pages (see Resources). After downloading, you will find generic installation instructions in the file named INSTALL.
The next task is to customize configuration files for both Tinyproxy and DansGuardian. I use Ubuntu Dapper Drake for testing purposes, and so the directory and file illustrations are likely specific to this distribution. Other distributions organize files in a similar way; you just may need to look a little more to find the installation directory. For customizing features, the only tool necessary is a simple text editor, such as GNOME's gedit.
Using your text editor, as root user, open /etc/dansguardian/dansguardian.conf. Review the file and change filterport, proxyip and proxyport to match that shown below. Depending on your distribution, it also may be necessary to comment out the line starting with UNCONFIGURED:
# the port that DansGuardian listens to. filterport = 8080 # the ip of the proxy—default is the loopback (this server) proxyip = 127.0.0.1 # the port DansGuardian connects to proxy on proxyport = 3128
DansGuardian generally connects to port 3128 by default, because that is the port used by the popular proxy called Squid. We can change this to the default port used by Tinyproxy (8888), or we can change the Tinyproxy port. In this case, we do the latter and change the port Tinyproxy uses to match the default Squid port.
For Tinyproxy, edit the file /etc/tinyproxy/tinyproxy.conf as root user. Look through this file, and make sure to change User, Group, Port and ViaProxyName, if necessary. The important thing to change is the port that Tinyproxy will use to match the DansGuardian connect port, which is 3128:
# Port to listen on. # Port 3128
Once you've finished with these changes, issue the command tinyproxy in your terminal, or if Ubuntu-based, type sudo /etc/init.d/tinyproxy start. This starts the proxy, and you're now ready to finish off the installation by adjusting your browser preferences. If you want to learn more, look at the DansGuardian documentation links (see Resources) for a description of this process.
|PostgreSQL, the NoSQL Database||Jan 29, 2015|
|HPC Cluster Grant Accepting Applications!||Jan 28, 2015|
|Sharing Admin Privileges for Many Hosts Securely||Jan 28, 2015|
|Red Hat Enterprise Linux 7.1 beta available on IBM Power Platform||Jan 23, 2015|
|Designing with Linux||Jan 22, 2015|
|Wondershaper—QOS in a Pinch||Jan 21, 2015|
- PostgreSQL, the NoSQL Database
- Sharing Admin Privileges for Many Hosts Securely
- HPC Cluster Grant Accepting Applications!
- Internet of Things Blows Away CES, and it May Be Hunting for YOU Next
- Designing with Linux
- Wondershaper—QOS in a Pinch
- Ideal Backups with zbackup
- Red Hat Enterprise Linux 7.1 beta available on IBM Power Platform
- Slow System? iotop Is Your Friend
- January 2015 Issue of Linux Journal: Security
Editorial Advisory Panel
Thank you to our 2014 Editorial Advisors!
- Jeff Parent
- Brad Baillio
- Nick Baronian
- Steve Case
- Chadalavada Kalyana
- Caleb Cullen
- Keir Davis
- Michael Eager
- Nick Faltys
- Dennis Frey
- Philip Jacob
- Jay Kruizenga
- Steve Marquez
- Dave McAllister
- Craig Oda
- Mike Roberts
- Chris Stark
- Patrick Swartz
- David Lynch
- Alicia Gibb
- Thomas Quinlan
- Carson McDonald
- Kristen Shoemaker
- Charnell Luchich
- James Walker
- Victor Gregorio
- Hari Boukis
- Brian Conner
- David Lane