Installation Instructions for Content Filter in School Linux 5.0
In all schools in the Russian Federation, a mandatory requirement is the installation of a Content Filter to filter sites that are “incompatible with the objectives of education.”
For these purposes, the SCF was used, but 3 weeks ago with a regular update, the SCF was independently replaced with the NetPolice system.
When introducing School Linux in Nizhny Novgorod, the issue of Content Filter availability is one of the main ones. NetPolice system exists in the version for Linux and has a repository specifically for School Linux.
')
Unfortunately, the NetPolice website contains instructions for installing and configuring the system only for School Linux 4.0, which is not fully suitable for platform 5. We tried to correct this situation.
Instructions on the NNLUG School Project website
1. Connection of repositories
For School Linux 5.0.1, we need to enable the Alt Linux p5 i586 and noarch repositories. To do this, open the console and get the superuser rights
su - now open the /etc/apt/sources.list.d/alt.list file for editing and uncomment the first two repositories (delete the grid at the beginning of the line)
nano /etc/apt/sources.list.d/alt.list
# ALT Linux Platform 5
rpm [p5] ftp.altlinux.org/pub/distributions/ALTLinux/p5/branch i586 classic
rpm [p5] ftp.altlinux.org/pub/distributions/ALTLinux/p5/branch noarch classic
Now we need to connect the NetPolice repository for the school Linux 5th platform. To do this in the file /etc/apt/sources.list add the address of the repository
nano /etc/apt/sources.list
rpm update.netpolice.ru
altlinux / p5 / branch / netpolice / i586 netpolice
2. Install NetPolice
After connecting the repositories, we need to update the list of packages available for installation.
apt-get update
After downloading files with lists of packages in the repositories, you can proceed to the installation of the NetPolice complex
apt-get install netpolice-main
waiting for all the necessary packages to be downloaded from the repositories and installed in the system. After that, you can proceed to configure.
3. Basic configuration of NetPolice
Following the instructions on the NetPolice site, the first thing we need to do is to register the address of the dns server for the host2cat system, which, as I understand it, will respond to blocking sites by domain names. To do this, edit the file / etc / sysconfig / host2cat and set one of the NetPolice servers in the DNS_LIST field. As it turned out, when using DNS for home users, you get more blocking lists than on the server for schools. Therefore, we use the server dnsc1.netpolice.ru
nano / etc / sysconfig / host2cat
MEMCACHED_LIST = 127.0.0.1: 11211
UDP_PORT = 6666
# DNS LIST SERVER IP
#for example DNS_LIST = 127.0.0.1
DNS_LIST = dnsc1.netpolice.ru
TTL = 3600
HOST2CAT_OPTIONS = "- m $ MEMCACHED_LIST -u $ UDP_PORT -s $ DNS_LIST -t $ TTL"
After making changes, you need to restart the services included in the complex NetPolice. To do this, run the following commands:
/etc/rc.d/init.d/memcached restart
/etc/rc.d/init.d/host2cat restart
/etc/rc.d/init.d/c-icap restart
/etc/rc.d/init.d/squid restart
4. Configure customers
NetPolice can filter online content for all computers in a computer lab and does not require installation on each computer!
To use the NetPolice system running and configured on School Linux 5.0.1, you need to configure your web browser on your computer to work with the Internet through Proxy.
For FireFox, this is the “Edit” -> “Settings” -> “Advanced” tab -> “Network” -> “Configure” button. In the window that appears, choose “Configure proxy connection settings manually” and enter the IP address of the proxy server and port (usually 3128), then click “ok” and exit Firefox settings.
But for the School Junior 5.0.1 distribution, Ephiphany is used as the main web browser, which has no proxy settings and uses system-wide proxy settings. For this distribution, go to the “System” -> “Settings” -> “Proxy Server Settings” menu and specify the IP address of the computer on which NetPolice is installed and specify port 3128.
5. Checking the operation of the content filter
After specifying the IP address and port in a web browser, enter the site www.f-games.ru in the address bar
You should see the inscription “Permition deny!”. This indicates the correct operation of the installed NetPolice. Site f-games.ru "not compatible with the objectives of education."
6. Start Administration Console
The NetPolice system is configured using a web interface. To do this, run the http-server
/etc/rc.d/init.d/httpd2 start
Launch a web browser and go to localhost / cgi-bin / login.cgi
Login: root
Password: root
7. Creating a new administrator
To create a new administrator account, click on the link "Create a new administrator." Enter the login and password for the new administrator. After saving, return to the login and password entry page localhost / cgi-bin / login.cgi . Log in with a new login and admin password.
8. Creating a new user
When trying to access the Internet, NetPolice will ask you for a login and password code. Unfortunately, it is not possible to configure the system in a transparent mode. Therefore, we create user user with password 1.
To do this, click on the link "Create a new user."
Enter username for new user
IP address: 192.168.1.0 (your subnet address)
Subnet mask / suffix: / 24
Role: my_student (select from list)
To set a password for a user in the console as root, run the command:
htpasswd2 / etc / squid / passwd user
9. Configuring Access Policies
To configure access policies in the main menu, click the link my_student -> Edit
The “list of rejects” is a list of prohibited categories of Internet resources.
For our own implementations, we use the following set of reggits:
1 Propaganda of war, incitement of hatred and enmity, propaganda of pornography and antisocial behavior
8 Crimes
24 Ensuring user anonymity, crawling content filters
34 Murder, violence
54 killings, violence, corpses
57 terrorism
101 erotica pornography
102 social networks
104 file sharing networks and sites
107 illegal help to schoolchildren and students
109 ensuring anonymity, crawling content filters
110 online casinos
A full list of redgets can be found on the NetPolice website in the Appendix 2 section.
For these purposes, the SCF was used, but 3 weeks ago with a regular update, the SCF was independently replaced with the NetPolice system.
When introducing School Linux in Nizhny Novgorod, the issue of Content Filter availability is one of the main ones. NetPolice system exists in the version for Linux and has a repository specifically for School Linux.
')
Unfortunately, the NetPolice website contains instructions for installing and configuring the system only for School Linux 4.0, which is not fully suitable for platform 5. We tried to correct this situation.
Instructions on the NNLUG School Project website
1. Connection of repositories
For School Linux 5.0.1, we need to enable the Alt Linux p5 i586 and noarch repositories. To do this, open the console and get the superuser rights
su - now open the /etc/apt/sources.list.d/alt.list file for editing and uncomment the first two repositories (delete the grid at the beginning of the line)
nano /etc/apt/sources.list.d/alt.list
# ALT Linux Platform 5
rpm [p5] ftp.altlinux.org/pub/distributions/ALTLinux/p5/branch i586 classic
rpm [p5] ftp.altlinux.org/pub/distributions/ALTLinux/p5/branch noarch classic
Now we need to connect the NetPolice repository for the school Linux 5th platform. To do this in the file /etc/apt/sources.list add the address of the repository
nano /etc/apt/sources.list
rpm update.netpolice.ru
altlinux / p5 / branch / netpolice / i586 netpolice
2. Install NetPolice
After connecting the repositories, we need to update the list of packages available for installation.
apt-get update
After downloading files with lists of packages in the repositories, you can proceed to the installation of the NetPolice complex
apt-get install netpolice-main
waiting for all the necessary packages to be downloaded from the repositories and installed in the system. After that, you can proceed to configure.
3. Basic configuration of NetPolice
Following the instructions on the NetPolice site, the first thing we need to do is to register the address of the dns server for the host2cat system, which, as I understand it, will respond to blocking sites by domain names. To do this, edit the file / etc / sysconfig / host2cat and set one of the NetPolice servers in the DNS_LIST field. As it turned out, when using DNS for home users, you get more blocking lists than on the server for schools. Therefore, we use the server dnsc1.netpolice.ru
nano / etc / sysconfig / host2cat
MEMCACHED_LIST = 127.0.0.1: 11211
UDP_PORT = 6666
# DNS LIST SERVER IP
#for example DNS_LIST = 127.0.0.1
DNS_LIST = dnsc1.netpolice.ru
TTL = 3600
HOST2CAT_OPTIONS = "- m $ MEMCACHED_LIST -u $ UDP_PORT -s $ DNS_LIST -t $ TTL"
After making changes, you need to restart the services included in the complex NetPolice. To do this, run the following commands:
/etc/rc.d/init.d/memcached restart
/etc/rc.d/init.d/host2cat restart
/etc/rc.d/init.d/c-icap restart
/etc/rc.d/init.d/squid restart
4. Configure customers
NetPolice can filter online content for all computers in a computer lab and does not require installation on each computer!
To use the NetPolice system running and configured on School Linux 5.0.1, you need to configure your web browser on your computer to work with the Internet through Proxy.
For FireFox, this is the “Edit” -> “Settings” -> “Advanced” tab -> “Network” -> “Configure” button. In the window that appears, choose “Configure proxy connection settings manually” and enter the IP address of the proxy server and port (usually 3128), then click “ok” and exit Firefox settings.
But for the School Junior 5.0.1 distribution, Ephiphany is used as the main web browser, which has no proxy settings and uses system-wide proxy settings. For this distribution, go to the “System” -> “Settings” -> “Proxy Server Settings” menu and specify the IP address of the computer on which NetPolice is installed and specify port 3128.
5. Checking the operation of the content filter
After specifying the IP address and port in a web browser, enter the site www.f-games.ru in the address bar
You should see the inscription “Permition deny!”. This indicates the correct operation of the installed NetPolice. Site f-games.ru "not compatible with the objectives of education."
6. Start Administration Console
The NetPolice system is configured using a web interface. To do this, run the http-server
/etc/rc.d/init.d/httpd2 start
Launch a web browser and go to localhost / cgi-bin / login.cgi
Login: root
Password: root
7. Creating a new administrator
To create a new administrator account, click on the link "Create a new administrator." Enter the login and password for the new administrator. After saving, return to the login and password entry page localhost / cgi-bin / login.cgi . Log in with a new login and admin password.
8. Creating a new user
When trying to access the Internet, NetPolice will ask you for a login and password code. Unfortunately, it is not possible to configure the system in a transparent mode. Therefore, we create user user with password 1.
To do this, click on the link "Create a new user."
Enter username for new user
IP address: 192.168.1.0 (your subnet address)
Subnet mask / suffix: / 24
Role: my_student (select from list)
To set a password for a user in the console as root, run the command:
htpasswd2 / etc / squid / passwd user
9. Configuring Access Policies
To configure access policies in the main menu, click the link my_student -> Edit
The “list of rejects” is a list of prohibited categories of Internet resources.
For our own implementations, we use the following set of reggits:
1 Propaganda of war, incitement of hatred and enmity, propaganda of pornography and antisocial behavior
8 Crimes
24 Ensuring user anonymity, crawling content filters
34 Murder, violence
54 killings, violence, corpses
57 terrorism
101 erotica pornography
102 social networks
104 file sharing networks and sites
107 illegal help to schoolchildren and students
109 ensuring anonymity, crawling content filters
110 online casinos
A full list of redgets can be found on the NetPolice website in the Appendix 2 section.
Source: https://habr.com/ru/post/96951/
All Articles