Saturday, May 19, 2007

Dansguardian - web content filtering for all


What is dansguardian?
(Excerpt from dansguardian's website)

DansGuardian
is an award winning Open Source web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters.

DansGuardian is designed to be completely flexible and allows you to tailor the filtering to your exact needs. It can be as draconian or as unobstructive as you want. The default settings are geared towards what a primary school might want but DansGuardian puts you in control of what you want to block.

DansGuardian is a true web content filter.

Where to download?

The latest beta when this article is published is 2.9.8.5. Download it here. Beta doesn't mean it is unstable. From my experience, it is a very reliable piece of software. Downloading source code and compile it yourself is the best way to take full advantage of its (latest) capabilities and speed.

My setup
I have more than 200 clients in my network. To provide a fast and reliable internet connection, I have to use a proxy server and dansguardian is used for filtering unwanted websites and scanning for viruses of downloaded files and websites.

Startup script
Startup script can be taken from [source dir]/data/scripts/systemv-init. Copy it to init.d:

~#cp systemv-init /etc/init.d/dansguardian

Run chkconfig to make it start across booting properly:

~#chkconfig --add dansguardian
~#chkconfig --level 35 dansguardian on

Note: For Fedora users, you may need to use /sbin/chkconfig instead of chkconfig.

How to upgrade?
If you have installed dansguardian via package manager, it is easy to upgrade it with package manager too. So you don't need to mess up with compilation and dependencies. It will take care of them for you. I like to download source code because I can download the latest and to take the advantage of its speed. You can not always get the latest packages with package manager and the package may not optimized for your machine. YMMV.

Steps:
1. Download the latest source code.
2. Extract it: tar xzvf dansguardian-2.9.8.5.tar.gz
3. cd into the source dir.
4. configure : ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-clamd=yes
5. Run make : make
6. Install : make install

If you have previous version of dansguardian, please backup directory /etc/dansguardian/lists because installing the new one will overwrite all the files in it. You don't want to refill all the sites you have entered in all files in there for banned sites , exception site (unfiltered sites) etc2.

Configuration
The main configuration file for dansguardian is /etc/dansguardian/dansguardian.conf. It is heavily documented. Tkae your time to read the comments in there before modifying. Below is the most important directives to be modified (example):

filter_ip = 192.168.5.2
filter_port = 3128
proxy_ip = 127.0.0.1

Note: 192.168.5.2 is the IP which dansguardian will listen on. If left empty, it will listen on all IPs. For increase security, please state IP(s) that it needs to listen on. filter_port is the port it will bind to. proxy _ip is the ip where the proxy server (daemon, e.g squid) listens on. Note that you must run proxy server before running dansguardian or it will fail to start.

Integration with antivirus
Dansguardian can use antivirus for content scanning of viruses. I use clamav for this. You need to uncomment the directive contentscanner and modify file /etc/dansguardian/contentscanners/clamdscan.conf.

contentscanner = '/etc/dansguardian/contentscanners/clamdscan.conf'

In this file, change clamdudsfile like this :

clamdudsfile = '/tmp/clamd'

/tmp/clamd is the socket file for my clamav daemon (clamd). Change it accordingly.

No comments:

Renew letsencrypt ssl certificate for zimbra 8.8.15

 Letsencrypt certs usually consists of these files: 1. cert.pem 2. chain.pem 3. fullchain.pem 4. privkey.pem I am not going to discuss about...