Parental Controls & Filtering

nopposan · 31-Aug-2006, 13:13

Hello, I've installed OpenSuSE 10.0 on three different laptops and a desktop now; I'm still a newbie though, so I've only been able to do this with help from forums -- especially for a very old laptop that I put XFCE 4.2 on, but anyway, thanks for all of the help folks . . .

Now we've got OpenSuSE running on my niece's desktop computer. We installed Linux 'cause she crippled her Windows XP with all the malware and spyware that came from software that she allowed to be installed; since we won't be giving her root priveleges on this box, which was supposed to be for scholastics and e-mailing her pen-pals, that problem is solved. Still, we want to make it more difficult for her to wander off into the seemier side of the net when she says she's doing internet research for school. It also might be a good idea to set time limits or prevent access between say midnight and 5 a.m. when she should be getting her sleep. So, I've read some about SquidGuard and DansGuard parental control software but I'm a little uncomfortable with making decisions about how to proceed:

Is it necessary to insert another computer as a proxy server to accomplish internet filtering or can we use a virtual server on her computer?

Just how much easier would it be for a determined teenager to beat the virtual server filtering versus the separate machine filter?

Is there already a tutorial for SuSE 10.0 and DansGuard or other internet filtering software? (I'm not sufficiently familiar with the differences between SuSE and RedHat or Fedora, for example.) If so, please direct me to it.

Could filtering via a browser extension or plugin ever be made difficult to beat? I naively suppose that there must be a way to lock the configuration of Firefox with a password after installing ProCon or other web filtering extension; that would probably be a lot easier than installing a server.

Would it be advisable to have her computer connect via an ethernet cable rather than the wireless card? Would it be possible to prevent her using the neighbor's wireless connection if we use the wireless card?

How do we prevent access to the internet, or even any computer use, only during particular hours?

Thanks for any help you can offer.

ken_yap · 31-Aug-2006, 16:12

Hello, I've installed OpenSuSE 10.0 on three different laptops and a desktop now; I'm still a newbie though, so I've only been able to do this with help from forums -- especially for a very old laptop that I put XFCE 4.2 on, but anyway, thanks for all of the help folks . . .

Now we've got OpenSuSE running on my niece's desktop computer. We installed Linux 'cause she crippled her Windows XP with all the malware and spyware that came from software that she allowed to be installed; since we won't be giving her root priveleges on this box, which was supposed to be for scholastics and e-mailing her pen-pals, that problem is solved. Still, we want to make it more difficult for her to wander off into the seemier side of the net when she says she's doing internet research for school. It also might be a good idea to set time limits or prevent access between say midnight and 5 a.m. when she should be getting her sleep. So, I've read some about SquidGuard and DansGuard parental control software but I'm a little uncomfortable with making decisions about how to proceed:

Is it necessary to insert another computer as a proxy server to accomplish internet filtering or can we use a virtual server on her computer?

Just how much easier would it be for a determined teenager to beat the virtual server filtering versus the separate machine filter?

Is there already a tutorial for SuSE 10.0 and DansGuard or other internet filtering software? (I'm not sufficiently familiar with the differences between SuSE and RedHat or Fedora, for example.) If so, please direct me to it.

Could filtering via a browser extension or plugin ever be made difficult to beat? I naively suppose that there must be a way to lock the configuration of Firefox with a password after installing ProCon or other web filtering extension; that would probably be a lot easier than installing a server.

Would it be advisable to have her computer connect via an ethernet cable rather than the wireless card? Would it be possible to prevent her using the neighbor's wireless connection if we use the wireless card?

How do we prevent access to the internet, or even any computer use, only during particular hours?

Thanks for any help you can offer.
[/b]

Ideally squid should be in the path to the router, but it can be run on the same computer by redirecting browser traffic to the local instance of squid. You'd have to use a iptables rule to redirect HTTP traffic to the proxy transparently.

There are lots of sites and you may not be able to find them all, and some protocols don't involve HTTP, e.g. IM. It might be a constant battle.

Turning off access altogether at certain times is however a simpler proposition if you can control the path to the router. Some MAC address iptables rule should be able to do it.

nopposan · 31-Aug-2006, 19:57

Ideally squid should be in the path to the router, but it can be run on the same computer by redirecting browser traffic to the local instance of squid. You'd have to use a iptables rule to redirect HTTP traffic to the proxy transparently.

There are lots of sites and you may not be able to find them all, and some protocols don't involve HTTP, e.g. IM. It might be a constant battle.

Turning off access altogether at certain times is however a simpler proposition if you can control the path to the router. Some MAC address iptables rule should be able to do it.
[/b]

Thanks. I'll check the Squid documentation and forums for how to redirect the HTTP traffic. The HTTP is the biggest concern, I guess. Perhaps I put too many questions in one, but I just don't know where to begin.

How do I excercise control over the path to the router? (I think this timer option might be a really neat kudos to me; Mom & Grandparents will be thankful.) I could Wikipedia this, and I will, but what is a MAC address? What exactly is iptables? Sorry, but now you know you're dealing with a complete illiterate.

ken_yap · 31-Aug-2006, 20:23

Thanks. I'll check the Squid documentation and forums for how to redirect the HTTP traffic. The HTTP is the biggest concern, I guess. Perhaps I put too many questions in one, but I just don't know where to begin.

How do I excercise control over the path to the router? (I think this timer option might be a really neat kudos to me; Mom & Grandparents will be thankful.) I could Wikipedia this, and I will, but what is a MAC address? What exactly is iptables? Sorry, but now you know you're dealing with a complete illiterate.
[/b]

Mmm, you could be in for a long haul.

In that case my suggestion to you is to get an old PC, say a Pentium 300MHz, 128 MB RAM, 10GB disk, two NICs, CDROM drive, or better specs, and install IPCop on it (www.ipcop.org), then install various Addons (follow link from IPCop home page) to do the content filtering and access control you want. IPCop installs in about 5-10 minutes from the CD, and is managed from a web interface.

Then put this firewall/gateway in between the broadband modem and your internal LAN. At this point you can set your modem to transparent mode and let IPCop handle the firewalling. You get lots of flexibility with a Linux firewall, you can view your traffic graphs, have snort on IPCop watch for intrusion attempts, forward ports if you want to do bittorrent, set up a VPN for roadwarrior access, etc. etc. in addition to the content filtering and access control you want.

The drawback is the extra machine, noise, power, etc.

Whatevah · 02-Sep-2006, 11:02

Hello, I've installed OpenSuSE 10.0 on three different laptops and a desktop now; I'm still a newbie though, so I've only been able to do this with help from forums -- especially for a very old laptop that I put XFCE 4.2 on, but anyway, thanks for all of the help folks . . .

Now we've got OpenSuSE running on my niece's desktop computer. We installed Linux 'cause she crippled her Windows XP with all the malware and spyware that came from software that she allowed to be installed; since we won't be giving her root priveleges on this box, which was supposed to be for scholastics and e-mailing her pen-pals, that problem is solved. Still, we want to make it more difficult for her to wander off into the seemier side of the net when she says she's doing internet research for school. It also might be a good idea to set time limits or prevent access between say midnight and 5 a.m. when she should be getting her sleep. So, I've read some about SquidGuard and DansGuard parental control software but I'm a little uncomfortable with making decisions about how to proceed:

Is it necessary to insert another computer as a proxy server to accomplish internet filtering or can we use a virtual server on her computer?

Just how much easier would it be for a determined teenager to beat the virtual server filtering versus the separate machine filter?

Is there already a tutorial for SuSE 10.0 and DansGuard or other internet filtering software? (I'm not sufficiently familiar with the differences between SuSE and RedHat or Fedora, for example.) If so, please direct me to it.

Could filtering via a browser extension or plugin ever be made difficult to beat? I naively suppose that there must be a way to lock the configuration of Firefox with a password after installing ProCon or other web filtering extension; that would probably be a lot easier than installing a server.

Would it be advisable to have her computer connect via an ethernet cable rather than the wireless card? Would it be possible to prevent her using the neighbor's wireless connection if we use the wireless card?

How do we prevent access to the internet, or even any computer use, only during particular hours?

Thanks for any help you can offer.
[/b]

You could write a simple script and put in crontab to run in a certain time of day and that could do something like:
"ifconfig eth0 down". This disables the ethernet(or any interface you want) and unless someone has root access(which your niece should NOT) cannot do something about it. So there goes his/her internet connection after lets say 21:00 in the evening.

Squid is quite capable of doing what you want but be prepared to edit some configuration files and read a lot of documentation.

About the wireless thing you can hardcode the SSID name of the wireless router you want it to connect in yast. Again if she/he hasnt the root password, cannot change that.

About the login access and hour restriction I think you should do a little more complicated scripting and append it in /etc/profile. Maybe there is an easier way but as long I m concerned I cant find it in Yast.

Cure · 02-Sep-2006, 12:32

In case someone hasn't mentioned this yet, there is a program called Willow which is simple to use, and doesn't complicate things about proxies. Give it a try, I heard it works well.

nopposan · 03-Sep-2006, 18:14

In case someone hasn't mentioned this yet, there is a program called Willow which is simple to use, and doesn't complicate things about proxies. Give it a try, I heard it works well.
[/b]

I haven't heard of Willow before, but thanks for the tip. Also, thanks for the instructions with regard to the timing script; I may ask more questions about that once I actually try it.

What do you all think of this how-to?:
http://software.newsforge.com/software/04/...3/1521209.shtml

It seems to offer me a way to install Squid and DansGuardian on my niece's box -- no need for a whole computer stuck between her machine and the router.

ken_yap · 03-Sep-2006, 18:34

I haven't heard of Willow before, but thanks for the tip. Also, thanks for the instructions with regard to the timing script; I may ask more questions about that once I actually try it.

What do you all think of this how-to?:
http://software.newsforge.com/software/04/...3/1521209.shtml

It seems to offer me a way to install Squid and DansGuardian on my niece's box -- no need for a whole computer stuck between her machine and the router.
[/b]

That's probably the tute you need. You may need to adjust the iptables instructions for SUSE's firewall configuration via YaST. Squid comes on the SUSE distro, don't try to install a foreign package and get into hassles. You can also omit some of the squid instructions in the tute because the ownership is already set up when squid is installed. Dansguardian needs to be downloaded and installed. You'll need to get into the CLI with unpacking Dansguardian. In short, don't accept everything you read in that tute without question.

Anyway, it should be a good learning experience for you.

nopposan · 03-Sep-2006, 20:10

That's probably the tute you need. You may need to adjust the iptables instructions for SUSE's firewall configuration via YaST. Squid comes on the SUSE distro, don't try to install a foreign package and get into hassles. You can also omit some of the squid instructions in the tute because the ownership is already set up when squid is installed. Dansguardian needs to be downloaded and installed. You'll need to get into the CLI with unpacking Dansguardian. In short, don't accept everything you read in that tute without question.

Anyway, it should be a good learning experience for you.
[/b]

Thanks, Ken. By the way, I downloaded IPcop and I might go that route if I don't get DansGuardian to work. I think having the filter and firewall on a physically real server between her computer and the router would provide the best security, however it's probably a bit more than what my stepfather is ready to accept; the server would have to be placed in his office.

Thread: Parental Controls & Filtering

Thread Tools

Display

Bookmarks

Bookmarks

Posting Permissions