Solving parental control issues in Ubuntu with Dansguardian and Privoxy
I am of the opinion that Ubuntu is quite suitable for the role of a user-friendly desktop operating system.
Accordingly, I believe that when buying computers and laptops, it is quite possible to save money on the cost of licensed Windows by installing a free (open) OS (remember how many, about 5 years ago, Linux laptops were sold, and how many now).
I bought the Acer Aspire Revo R3700 nettop for children , which, by itself, is worth a separate review (dual-core Atom + Ion), screwed it to the back of the monitor, since both support the VESA mount standard (it’s a compact monoblock), demolished the pre-installed Linpus and installed Ubuntu 10.10
')
In principle, both I and my children were happy with everything - everything works quite fast (pah-pah-pah), surfing the Internet, watching photos, listening to music, playing children's and educational games - this is the nettop, in my opinion , perfect. The only thing that depressed them were banners on various, even children's (!), Sites with all kinds of content (first of all, visual), from which I really wanted to protect children.
It was here that I was disappointed when I found out that there was simply no built-in (regular) parental control in Ubuntu. In Windows Vista and 7 - there is, there are many separate "Windows" programs, for example, Internet Censor (I tried it under Windows at one time, in principle, I was satisfied).
But in Ubuntu with this tight. I stumbled into the repository on Gnome Nanny - put it, then pulled it down. There are terrible warnings that the Internet will now turn off and the computer will turn off, but ... nothing happens. Perhaps the calculation was on the consciousness of children (sarcasm), although, rather, I just did not understand. True, I did everything according to the manual, but I did not want to spend weeks finding out the reasons.
I will also immediately state that the provider prohibits the use of third-party DNS, otherwise it would be possible that I simply limited myself to any OpenDNS, where, like, advertising is cut and there is a filter for adult content.
Briefly about how my home network is built: there is a D-Link Dir-615 router, the main home computer is connected to it via a network cable, as well as the Popcorn Hour A-110 media player , Wi-Fi - a children's nettop, iPad, netbook, a laptop, a couple of smartphones on an android, another WD TV Live media player and ... everything seems to be.
Returning to the problem of parental control: I came across a program called Dansguardian , read, thought, decided to install.
For experiments, I got an old EEE PC 701 4G (just in case, maybe, who does not know: the digit in front of G means only “the capacity of the built-in memory (solid-state drive) in gigabytes”, and not the built-in 4G modem), put Lubuntu 10.10 on it ( By the way, Lubuntu pleased - it is undemanding to resources, because it is fast, familiar to those who are “after Windows”, all the hardware has literally worked “out of the box”):
After that, I got two accounts, one [kid] (in square brackets, hereinafter, the account designation, which you can choose according to your taste, where kid is the child's account, parent is the parent's account) and [parent]. [kid] - with user rights, [parent] - with administrator rights.
We go under the account of the child, open the terminal ("Start" (hehe, but how else would you call the button on the taskbar in the lower left corner?) -> Standard -> LXTerminal)
We type (without square brackets, of course):
Enter the password. Further:
Enter the password, follow the prompts on the screen, after which you should be installed, as you guessed, Dansguardian and Privoxy (a non-heavy proxy server - Dansguardian will actually work through it).
Then, just in case, you can check whether privoxy is running, with the command
After that, you need to configure the installed programs, for this we edit the configuration files:
We are looking for the listen-address line, we bring it to the following form (do not forget to remove the comment sign #):
We look for the accept-intercepted-requests parameter and assign it a value of 1:
That's it, the privoxy proxy setting is complete, save, exit.
Next, configure the dansguardian itself:
At the very beginning of the file it is written that it is necessary to delete the UNCOMMITED line for the settings to take effect. Remove it. Next, look for an uncommented line beginning with the word language and change it:
It is necessary that the page with the “Access denied” template be in Russian.
We are looking for and changing the following lines (if the file is written in the same way by default, then, of course, it is not necessary to change it):
Save, close. Next, restart both programs:
Next, launch the default browser (pre-installed Chromium), go to some thread playboy.com and see ... that it successfully loads, as before! In order not to tear the hair on my head (as I did it a couple of days in a row), read on.
In general, this is how it should be, because we did not change the proxy server settings in the browser. With habitual clicks we go into the advanced settings of Chromium (“After all, this is the same Chrome!”) And we see a depressing picture:
That's right, in Lubuntu there is no “gay” proxy server configuration interface. As a temporary solution, we write in the terminal:
The browser will start, go to playboy.com and see the following image:
Hurray! But the joy is overshadowed by the fact that if we restart the browser, the proxy settings will fly off, and this is not an option. Yes, and a child, having turned around, will learn to bypass the proxy server, by putting some Firefox and unchecking the box “use proxy server settings”. So you need a more reliable option.
And here we are come to the aid of iptables and ufw. I will say right away that my remaining hair almost turned gray until I reached the correct settings for this whole enterprise (I understand that someone will laugh at such “lamerism”).
So, ufw (Uncomplicated Firewall) in Lubuntu is enabled, as I later found out, by default. Therefore, do the following:
At the end of the file, after COMMIT, with the following line we insert the following lines:
Save, close, restart:
Everything, now the clever child will not be able to bypass the proxy.
Further work worth doing:
In general, judging by the description above, everything seems simple, but in fact I spent several sleepless nights trying to understand why the settings do not work.
I look forward to comments - where, if not in them, you can get additional useful information, learn a lot of newthings and how you could do the same, only easier and better . The article was written, first of all, for myself (so that I could go to Habr and check the forgotten settings) and for those who, like me, suffer from parental control in Ubuntu.
When setting up dansguardian and privoxy, the following materials helped a lot:
How to transparent proxy
Ubuntu Documentation> Community Documentation> UFW
well and dansguardian documentation
The publication of this article was made possible by MrCleaner , for which he thanks a lot.
Accordingly, I believe that when buying computers and laptops, it is quite possible to save money on the cost of licensed Windows by installing a free (open) OS (remember how many, about 5 years ago, Linux laptops were sold, and how many now).
I bought the Acer Aspire Revo R3700 nettop for children , which, by itself, is worth a separate review (dual-core Atom + Ion), screwed it to the back of the monitor, since both support the VESA mount standard (it’s a compact monoblock), demolished the pre-installed Linpus and installed Ubuntu 10.10
')
In principle, both I and my children were happy with everything - everything works quite fast (pah-pah-pah), surfing the Internet, watching photos, listening to music, playing children's and educational games - this is the nettop, in my opinion , perfect. The only thing that depressed them were banners on various, even children's (!), Sites with all kinds of content (first of all, visual), from which I really wanted to protect children.
It was here that I was disappointed when I found out that there was simply no built-in (regular) parental control in Ubuntu. In Windows Vista and 7 - there is, there are many separate "Windows" programs, for example, Internet Censor (I tried it under Windows at one time, in principle, I was satisfied).
But in Ubuntu with this tight. I stumbled into the repository on Gnome Nanny - put it, then pulled it down. There are terrible warnings that the Internet will now turn off and the computer will turn off, but ... nothing happens. Perhaps the calculation was on the consciousness of children (sarcasm), although, rather, I just did not understand. True, I did everything according to the manual, but I did not want to spend weeks finding out the reasons.
I will also immediately state that the provider prohibits the use of third-party DNS, otherwise it would be possible that I simply limited myself to any OpenDNS, where, like, advertising is cut and there is a filter for adult content.
Briefly about how my home network is built: there is a D-Link Dir-615 router, the main home computer is connected to it via a network cable, as well as the Popcorn Hour A-110 media player , Wi-Fi - a children's nettop, iPad, netbook, a laptop, a couple of smartphones on an android, another WD TV Live media player and ... everything seems to be.
Returning to the problem of parental control: I came across a program called Dansguardian , read, thought, decided to install.
For experiments, I got an old EEE PC 701 4G (just in case, maybe, who does not know: the digit in front of G means only “the capacity of the built-in memory (solid-state drive) in gigabytes”, and not the built-in 4G modem), put Lubuntu 10.10 on it ( By the way, Lubuntu pleased - it is undemanding to resources, because it is fast, familiar to those who are “after Windows”, all the hardware has literally worked “out of the box”):
After that, I got two accounts, one [kid] (in square brackets, hereinafter, the account designation, which you can choose according to your taste, where kid is the child's account, parent is the parent's account) and [parent]. [kid] - with user rights, [parent] - with administrator rights.
We go under the account of the child, open the terminal ("Start" (hehe, but how else would you call the button on the taskbar in the lower left corner?) -> Standard -> LXTerminal)
We type (without square brackets, of course):
su [parent]Enter the password. Further:
sudo apt-get install -y privoxy dansguardianEnter the password, follow the prompts on the screen, after which you should be installed, as you guessed, Dansguardian and Privoxy (a non-heavy proxy server - Dansguardian will actually work through it).
Then, just in case, you can check whether privoxy is running, with the command
sudo /etc/init.d/privoxy statusAfter that, you need to configure the installed programs, for this we edit the configuration files:
sudo leafpad /etc/privoxy/configWe are looking for the listen-address line, we bring it to the following form (do not forget to remove the comment sign #):
listen-address 127.0.0.1:8118We look for the accept-intercepted-requests parameter and assign it a value of 1:
accept-intercepted-requests 1That's it, the privoxy proxy setting is complete, save, exit.
Next, configure the dansguardian itself:
sudo leafpad /etc/dansguardian/dansguardian.confAt the very beginning of the file it is written that it is necessary to delete the UNCOMMITED line for the settings to take effect. Remove it. Next, look for an uncommented line beginning with the word language and change it:
language = 'russian-1251'It is necessary that the page with the “Access denied” template be in Russian.
We are looking for and changing the following lines (if the file is written in the same way by default, then, of course, it is not necessary to change it):
filterport=8080
proxyip=127.0.0.1
proxyport-8118
Save, close. Next, restart both programs:
sudo service dansguardian force-reload
sudo service privoxy force-reload
Next, launch the default browser (pre-installed Chromium), go to some thread playboy.com and see ... that it successfully loads, as before! In order not to tear the hair on my head (as I did it a couple of days in a row), read on.
In general, this is how it should be, because we did not change the proxy server settings in the browser. With habitual clicks we go into the advanced settings of Chromium (“After all, this is the same Chrome!”) And we see a depressing picture:
That's right, in Lubuntu there is no “gay” proxy server configuration interface. As a temporary solution, we write in the terminal:
sudo chromium-browser --proxy-server=127.0.0.1:8080The browser will start, go to playboy.com and see the following image:
Hurray! But the joy is overshadowed by the fact that if we restart the browser, the proxy settings will fly off, and this is not an option. Yes, and a child, having turned around, will learn to bypass the proxy server, by putting some Firefox and unchecking the box “use proxy server settings”. So you need a more reliable option.
And here we are come to the aid of iptables and ufw. I will say right away that my remaining hair almost turned gray until I reached the correct settings for this whole enterprise (I understand that someone will laugh at such “lamerism”).
So, ufw (Uncomplicated Firewall) in Lubuntu is enabled, as I later found out, by default. Therefore, do the following:
sudo leafpad /etc/ufw/before.rulesAt the end of the file, after COMMIT, with the following line we insert the following lines:
# Rules for Dansguardian + Privoxy
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner root -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -m owner --uid-owner [parent] -j REDIRECT --to-port 8118
-A OUTPUT -p tcp -m tcp --dport 8118 -m owner ! --uid-owner dansguardian -j REDIRECT --to-port 8080
-A OUTPUT -p tcp -m tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-port 8080
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
Save, close, restart:
sudo ufw disable && sudo ufw enable
Everything, now the clever child will not be able to bypass the proxy.
Further work worth doing:
- set up a page with the “Access denied” template (for example, find a funny picture with Smeshariki and write more cheerful text that go to this site “Uzzya!”)
- go through the directory with dansguardian carefully - everything is written in detail in the comments in the files, how and what to configure
- learn how to make a list of bad words in Russian (from dansguardian it seems to be bad with encodings different from utf-8, judging by the forums)
- it is desirable to find ready-made lists of bad Russian words on the network (so as not to make up oneself and not to excel in the mother tongue)
In general, judging by the description above, everything seems simple, but in fact I spent several sleepless nights trying to understand why the settings do not work.
I look forward to comments - where, if not in them, you can get additional useful information, learn a lot of new
When setting up dansguardian and privoxy, the following materials helped a lot:
How to transparent proxy
Ubuntu Documentation> Community Documentation> UFW
well and dansguardian documentation
The publication of this article was made possible by MrCleaner , for which he thanks a lot.
Source: https://habr.com/ru/post/119286/
All Articles