How to Create a CIPA Compliant Content Filter Using Free Software.

In this post I will describe how to use free open source software to create a simple CIPA compliant web filter that can be used in a small to medium public library.  I am using Ubuntu server 10.04 with Squid, Dansguardian and Webmin. I am using this post as a guide.

The first step is to install Ubuntu Server 10.04.  I chose to install the 64 bit version, since the machine I was installing it on had an AMD Turion 64 chip, but the 32 bit version will also work.  If you don’t have an extra machine to put this on, or if you just feel more comfortable using a virtual machine, you can use vmware on an existing windows or linux machine.

After the install I ran:
sudo apt-get update
Then,
sudo apt-get upgrade safe
sudo apt-get upgrade

Change to static IP


After installing the base system, I installed openssh-server, so I can log into the system using ssh, and run this server as a headless box.

sudo apt-get install openssh-server

Then connect to the server from my local machine (terminal for me as my machine is running Ubuntu, or if you are using windows you can use putty) using:
ssh -l username ipaddresss
where username is the name of the user you wish to log in as and ipaddress is the IP address of your system.

Ok, now it is time to start installing some software.

sudo apt-get install squid clamav-daemon dansguardian apache2

You may see this error:

Setting up clamav-daemon (0.96+dfsg-2ubuntu1.2) …

* Clamav signatures not found in /var/lib/clamav

* Please retrieve them using freshclam or install the clamav-data package

* Then run ‘/etc/init.d/clamav-daemon start’

So I ran

sudo freshclam
sudo /etc/init.d/clamav-daemon restart

Configure the Squid proxy server

make a backup copy of the config file:

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
Edit the squid.conf file
sudo vim /etc/squid/squid.conf
Search for the line TAG: visible_hostname
/TAG: visible_hostname

Move the cursor to the bottom line of that section after # none and hit the “i” key to insert the text
visible_hostname squid

Find the line # http_access allow localnet
and delete the # – this will allow for all clients on the local network to get to the Internet

Restart the squid service
sudo /etc/init.d/squid restart

Configure Dansguardian

The main configuration for Dansguardian is located in /etc/dansguardian/dansguardian.conf
sudo vim /etc/dansguardian/dansguardian.conf

Add a # in front of the line:
UNCONFIGURED – Please remove this line after configuration

Restart dansguardian:
sudo /etc/init.d/dansguardian restart

Configure your browser to use the proxy settings

Internet Explorer: Go to Tools->Options->Connection-Lan Settings and check the box for “Use a proxy server for your LAN…) then type the address of the Dansguardian Machine (my case 192.168.36.16) and set the port to 8080 (this is the port that dansguardian uses). Check the box for Bypass proxy server for local addresses

Firefox – Tools->Options->Advanced->Network tab->Settings. Select Manual proxy configuration and set the HTTP proxy to the IP address of the Dansguardian Machine and the port to 8080. Check the box “use this proxy for all protocols”

The system should now be working as a proxy server and content filter, but we will need some way to configure the setting sin Dansguardian.  I find that it is fairly restrictive out of the box and that I need to add some site exceptions etc, as time goes by and patrons tell me that some sites are being blocked that should not.  So in order to have a GUI to edit these files, I will install Webmin and the Webmin Dansguardian Module.

Install and configure Webmin

Download Webmin:

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.510-2_all.deb

Install the Webmin dependencies:

sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl

One other dependency is libmd5-perl, but has been deprecated and is no longer available in the Ubuntu repositories for 10.01. So to install it we need to use a workaround:
wget http://mirrors.kernel.org/ubuntu/pool/universe/libm/libmd5-perl/libmd5-perl_2.03-1_all.deb

sudo dpkg -i libmd5-perl_2.03-1_all.deb

Now it is time to Unpack Webmin

sudo dpkg -i webmin_1.510-2_all.deb

Woops, one more dependency problem…

dpkg: dependency problems prevent configuration of webmin:
webmin depends on apt-show-versions; however:
Package apt-show-versions is not installed.
dpkg: error processing webmin (–install):
dependency problems – leaving unconfigured
Processing triggers for ureadahead …
Errors were encountered while processing:

So we need to

sudo apt-get install apt-show-versions

and we get:

Reading package lists… Done
Building dependency tree
Reading state information… Done
You might want to run `apt-get -f install’ to correct these:
The following packages have unmet dependencies:
apt-show-versions: Depends: libapt-pkg-perl (>= 0.1.21) but it is not going to be installed
E: Unmet dependencies. Try ‘apt-get -f install’ with no packages (or specify a solution).

so now we try

sudo apt-get -f install

Hooray, we now have Webmin installed

Webmin install complete. You can now login to https://dansguardian:10000/
as root with your root password, or as any user who can use sudo
to run commands as root.

So try it out, open a browser and go to https://192.168.36.16:10000/ using the ip of your ubuntu server. You will need to get through the security certificate warnings then log in as a user in your sudors file.

Now we need to install the Dansguardian module for Webmin

Download the module:
wget http://sourceforge.net/projects/dgwebminmodule/files/dgwebmin-devel/0.7.0beta1b/dgwebmin-0.7.0beta1b.wbm/download

Then open webmin and go to Webmin>Webmin Configuration>Webmin Modules
Chose install from local file and navigate to the file home>user ,where user is your user name, then choose the file and click install module.

Now click on servers and you will see that Dansguardian Web Content is in the list. Unfortunately when we click on it we get the error:

Warning – DansGuardian binary file not found, maybe you need to update your module config (especially the directory paths).
(Expected location: /sbin/dansguardian)

Warning – the version of DansGuardian you have is not supported by this Webmin module version
Webmin Module Version 0.7.0beta1b supports DG version 2.10 (& 2.9)
Currently installed DG version ?

Warning – running as root(superuser) risks new files not being readable by production DansGuardian

Kinda frightening, but have no fear. Click on module config and change the full path to Dansguardian Binary to /usr/sbin/dansguardian.

We now have a functioning proxy server with content filter and a gui to help configure it. Dansguardian has zillions of configuration options, but I find that I generally only worry about the Exception site (domain) list /etc/dansguardian/lists/exceptionsitelist which can be found under View/Edit A Filter Group’s Lists. I have also changed the Banned (file)extension list /etc/dansguardian/lists/bannedextensionlist as the list of banned extensions is more restrictive than what we allow here.

Anyway, I hope this helps someone out there. Please let me know if I have made any mistakes, or if you have any questions.

Posted in Blogging, Computing, Linux, open source | Tagged , , , , | 1 Comment

Some Family Stuff

I have finally posted some flickr pics (they are all from some time ago) and I finally put up a video of from the day Julia and I stayed home from school because it was -15 ,it had been -19 earlier in the morning.

Flickr Pics are here:

Video is here:

Posted in Family | Leave a comment

Julia’s SuperTux Commercial

SuperTux

This is the commercial that Julia, Ashley and I made for Julia’s first grade advertising project.  She made the poster that is at the beggining and end of the video.  She is also going to give a presentation tomorrow.  I asked Julia why she liked SuperTux, and she told me “It’s just like Super Mario Bros, but it is free.”  So, SuperTux is Fun and it’s free. What more needs to be said?

Posted in Blogging, Computing, Linux, open source, vlog | Tagged | 1 Comment

Girl of Summer



Julia

Originally uploaded by ashkev


We all had a good time at the beach this July 4th. Julia in particular seems to be a real water child. She and I had a grand time playing in the surf and jumping over the waves.

Posted in Blogging | 1 Comment

South Bend Symphony Best Blast

Mom, Dad, Avery, Ashley and Julia

Originally uploaded by ashkev

Last night we all went to the pops concert at St. Patrick’s Park just down the road from my house. We all had a good time. We learned that if Avery can’t find us, he will go seek “official looking” people, who will make an announcement in front of several thousand people that “a little boy named Avery is looking for his mom.” Avery was fine… he was in fact playing with a firefly he had caught. He had been (like hundreds of other kids there) playing in the field next to the seating area, but when it started getting dark, he had trouble finding our seats.

See the rest of the photos here.

Posted in Blogging | Tagged | Leave a comment

What I did to make the Everex ready for patrons

The first thing I did was download and burn Ubuntu 8.04 Hardy Herron to a disk.  This was eventually done on a “gasp” Windows machine, since the gOS burning software was somehow not able to burn a readable .iso.  So…

  1. I installed Ubuntu
  2. I installed the Firefox Flash Plugin
  3. Installed mplayer, mplayer plugin, xine and codecs (see Medibuntu)
  4. Created a user “guest”
  5. Downloaded sabayon and created a profile “guest” then configured account and assigned the profile to user “guest”  See this article for more.
  6. Changed Default file formats in Open Office.
  7. Edited Menus, removed some items from the Panel, added Desktop Launchers for Firefox, Open Office Word Processor, Open Office Spreadsheet and Xine Movie Player.
  8. Once everything was set up the way I wanted in “guest”, I logged out of guest, and back in a different account.
  9. Set up a printer. I went to System>Administration>Printing.  Clicked add printer.  It automatically found our HP 4050tn and I followed the instructions to add it.
  10. Using this as a guide I did the following:
  11. I bacame root

    sudo su

    Created backup and restore scripts for guest account

    cd /root
    touch backup restore
    chmod 700 backup restore

    Opened Backup in editor

    cd /root
    sudo gedit backup
    

    Pasted the following into backup

    #!/bin/bash
    
    IMAGES=/root/images
    USER=guest
    
    mkdir -p $IMAGES
    rm -f "$IMAGES/$USER.tar"
    tar -cpPf "$IMAGES/$USER.tar" "/home/$USER"

    edited restore:

    cd /root
    sudo gedit restore

    Pasted the following into restore:

    #!/bin/bash
    
    IMAGES=/root/images
    USER=guest
    
    mkdir -p $IMAGES
    rm -fR "/home/$USER"
    tar -xpPf "$IMAGES/$USER.tar"

    Setup the restore script to execute on system startup. This allows a system reboot to reset any changes made to guest’s desktop.

    cd /etc/init.d
    ln -s /root/restore restore
    update-rc.d restore start 99 2 .

    It is also a good idea to put in a cron job to do automatic updates. As root I did this:

    crontab -e

    Add this line:

    * */4 * * * (PATH=/usr/sbin:/usr/bin:/sbin:/bin && apt-get update && apt-get upgrade -y) > /dev/null 2>&1

    I then ran the backup script

    cd /root
    sudo ./backup
  12. I then went to System>Administration>Login Window.  On the security tab I checked Enable Timed Login, set the user to guest and set the time to 10 seconds.  This means that when the machine is turned on it will allow you ten seconds to login as someone other then guest, otherwise guest will be logged in automatically without entering a password.
  13. I put it out for patrons to use.  So far one patron has been on for about an hour and she has had no problems.  She says it is working fine.  It will be very interesting to see how this works as we go forward.
Posted in Computing, Library, Linux, open source | Tagged , , | 3 Comments

Everex pc2 first impressions

The everex pc arrived today and the reviews of gos being a total piece of crap os are true.  I am sure that anyone with tech skills would put on a Distro like Ubuntu, and those without tech skills (like probably most of the customers who might buy it from walmart.com)  Would be throughly confused.  I will be installing ubuntu on it tomorrow.  In the mean time, I have found some good posts on how to “deep freeze” the desktop in Ubuntu.  I will let you know exactly what I do and, how it works.

The machine itself seems ok, but as many reviewers have said, the keyboard and speakers are very junky.

Posted in Computing, Linux | Tagged , , , | Leave a comment

New Linux Project @ Cass

The friends group at the Howard Branch of the Cass District Library have generously donated a six station computer table for patron access computers. This means that we need to come up with six new computers… Since we have a very limited budget for computers, we want to make this as cost effective as possible, while still meeting the needs of our patrons. I just ordered an Everex Pc2 for $189.00. It comes with the gOS Rocket operating system (an ubuntu derivative) installed. I plan to replace gOS with Ubuntu or Groovix.

It will be interesting to see how patrons react to the new machine. At the main library many patrons prefer the Windows XP machines, but I wonder if part of this is the quirkiness of trying to watch flash video over LTSP. In this case, since it is a standalone machine, and is brand new, the performance should be equal to, or better than the windows machines.

Posted in Computing, Library, Linux | Tagged , | 2 Comments

Julia with Sculpture @ Cass District Library

Julia with Sculpture @ Cass District Library, originally uploaded by ashkev.

Posted in Family | Tagged , | Leave a comment

Avery with Sculpture @ Cass District Library

Avery with Sculpture @ Cass District Library, originally uploaded by ashkev.

Posted in Family | Tagged , | Leave a comment