UbuntuHelp:DansGuardian
来自Ubuntu中文
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
Dansguardian Internet Content Filtering
Description
DansGuardian is an award winning Open Source web content filter which currently runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. It does not purely filter based on a banned list of sites like lesser totally commercial filters. DansGuardian is designed to be completely flexible and allows you to tailor the filtering to your exact needs. It can be as draconian or as unobstructive as you want. The default settings are geared towards what a primary school might want but DansGuardian puts you in control of what you want to block.
Installation
sudo apt-get install clamav-freshclam iptables dansguardian squid
Download blacklists from a site such as http://urlblacklist.com/?sec=download
tar -xzf bigblacklist.tar.gz sudo mv blacklists /etc/dansguardian/blacklists sudo chown -R root:root /etc/dansguardian/blacklists
Configuration
You will likely want to customize some filtering options. In particular, you may want to comment (#) or uncomment options in these files:
- /etc/dansguardian/lists/bannedextensionlist
- /etc/dansguardian/lists/bannedsitelist
- /etc/dansguardian/lists/bannedurllist
Edit /etc/squid/squid.conf: Make these options appear as shown.
... http_port 3128 transparent ... always_direct allow all ...
Edit /etc/dansguardian/dansguardian.conf:
... #UNCONFIGURED - Please remove this line after configuration ... filterip = 127.0.0.1 ... daemonuser = 'proxy' ... daemongroup = 'proxy' ... accessdeniedaddress = 'http://localhost/cgi-bin/dansguardian.pl' ...
Change the Dansguardian log folder to the correct ownership and start Dansguardian:
sudo chown -R proxy:proxy /var/log/dansguardian sudo /etc/init.d/dansguardian start
Now configure iptables to redirect internet traffic through the filter system:
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT sudo iptables -t nat -A OUTPUT -p tcp --dport 3128 -m owner --uid-owner proxy -j ACCEPT sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080 sudo iptables -t nat -A OUTPUT -p tcp --dport 3128 -j REDIRECT --to-ports 8080 sudo iptables-save > iptables sudo mv iptables /etc/dansguardian/iptables
Create a script in /etc/rc2.d, such as S60iptables:
#! #!/bin/sh /sbin/iptables-restore < /etc/dansguardian/iptables
Make sure the script is executable:
sudo chmod 750 /etc/rc2.d/S60iptables