white list / whitelist - how to setup?

[ozvena]

Is there a way to setup a white list for some of the users on a machine?

It would be a list of URLs allowed to be accessed by children. Adult accounts would not use the white list.

Thanks!

[FeatherMonkey]

The only way I can see but I haven't got a clue how you would do it on a per user basis is perhaps opendns. OpenDNS | Providing A Safer And Faster Internet

Now what I noticed is it will apply different policies accordingly to network.. Web Content Filtering with OpenDNS | Linux Journal

OpenDNS > Solutions > K-12 School > Web Content Filtering

Now if the adults always use xxx.xxx.xxx.xxx then it works but if both use the same I wouldn't even know where to begin or how you would/could implement it. Guessing something psuedo like

if $USER in GROUP then ifconfig xxx.xxx.xxx.xxx

Still not sure this is whitelisting as such, and I guess like you I struggled to find a solution. The normal one is dansguardian but this is blacklisting.

[ozvena]

This can be easily done in Windows. MS Internet Explorer has a content manager that can be configured with a dummy content rating site and then you add URLs that are also allowed. The result is that only those URLs from your list are allowed.

It is unfortunate as I would like to stop using Windows but more and more things are problem under Linux.

[FeatherMonkey]

Is strange that it can't be done as easily hopefully someone else may have some better ideas.

Having not used MS for a long time, so I'm not aware of those ways, but that seems to be by user tuned browser configs, wouldn't even know where to begin.

[ozvena]

I was looking for a link how to do it with MS Windows but couldn't find it. Let me know if you need it and I will find it.

[ozvena]

Found it!

WWW FAQs: How do I restrict access to Internet Explorer so that only certain sites can be visited?

[Akoellh]

This is as "easy" as it is ineffective (but to be fair, the article states this very clearly).

B2T:

You are looking for squid or (perhaps, not 100% sure if it can do this) privoxy.

Most modern routers also offer similar features and taking the software doing this job _off_ the machine to be restricted is also the only good way to secure it against manipulations (running such code on the machine to be restricted is always prone to manipulation).

[ab@novell.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Agreed. If you want to prevent somebody from going somewhere on a
computer you need to lock down the computer from outside itself and not
just one application or the computer itself. Popping in a CD/DVD to get
around this would be even easier than the "securing" of IE, and installing
any other web browser (Firefox, Opera, Chrome) would take approximately
one minute after the download was complete (assuming it wasn't on some
other form of media). If you stick with windows just for this feature
you're going to be disappointed when the kids still end up on a site that
is not an ideal destination for them. FeatherMonkey and Akoellh have some
other options that prevent the computer from either being able to resolve
those sites (OpenDNS on its own) or from being able to pull their contents
down after resolution (Squid), both of which would be significantly harder
to circumvent even with full access to the computer in question (assuming
they were implemented at the gateway or something like that).

Good luck.





Akoellh wrote:
> This is as "easy" as it is ineffective (but to be fair, the article
> states this very clearly).
>
> B2T:
>
> You are looking for squid or (perhaps, not 100% sure if it can do this)
> privoxy.
>
> Most modern routers also offer similar features and taking the software
> doing this job _off_ the machine to be restricted is also the only good
> way to secure it against manipulations (running such code on the machine
> to be restricted is always prone to manipulation).
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJKBx09AAoJEF+XTK08PnB5/80QAM4B1R3KeQVXGIpJ3nXkVZ1u
edZTI3mvRYi9tTHIb0Di87kBOfgwtPlbMhfv+IVV+NE2JuLKQ6 NJv0p3hK2HKPJo
LuJGq2HrDTKeYVMSVJOlXqSC5nQqxW24hLZwvHkDhKhbYNo8fU zlrCIBVv3oXkY+
hZ4FTJZsuNS4rCQU67trJ4ygqq3wE6JJMeyD6ohSMFY0LuYuw/m1Sc5YafKxXk0A
FCEivpiPpUqEM9SWvcJqhNuve0qJAbNjuxSggWcLMBNjeSg/tC5fIgrUHF1tSvGT
KYcQi4lXIii/c5fvbE9W5rYGK79Wctyve8yfZVUNkjDQ6xInn0cce8bcHgcis/G1
FHAaZ/9N8hl1nSr1WL9sQaF3gMyTIy8O/dwZz/tXqr4qHlV8N4CYA22jbXaIlBEl
8niqwN0JOt4vvh85GrndQfSM91g0/4yf/SbRrHfTE0Se0rhw1eDB2LgEDJCgUypz
AodxGNEH9T30lNXt9B1fbXkkzGo8eTW3Rry1koMLgeZiBWqbKJ HPOrd+x4phXJLv
lr/Z8Yw8Lp8Z6PJFwXiGfbJnwaUtjCkIU5B9zxubDA51BW5Q6EgH0 HepY2gf6XbM
ptD6lvSbjklAhUf3011SqHlIyyYZ92YOqvfaV8Y3TDEVOyxENX 25v2x+L6VNUDUy
R79i0I8L1c5BaYYeCMnl
=+TyN
-----END PGP SIGNATURE-----

[ozvena]

I am talking about really small kids here. It is so simple with Windows and so difficult with Linux which is quite disappointing. I hoped that it would be so easy for "network oriented" OS.

[ab@novell.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Add one of the dozen extensions that Google turned up for Firefox, but
still be prepared when they aren't limited completely:

https://addons.mozilla.org/en-US/firefox/addon/4351
http://softwaregadgets.gridspace.net...fox-discovery/

Good luck.





ozvena wrote:
> I am talking about really small kids here. It is so simple with Windows
> and so difficult with Linux which is quite disappointing. I hoped that
> it would be so easy for "network oriented" OS.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJKB4qqAAoJEF+XTK08PnB5mnkP/jD+GTaxOVjvQ/boyfTJOnEV
JS+88YLY6BhdeYvWhdqdHYfrMD14A7N7o7y4lE0sQXDBIwgM10 Btwsr2Jbj8G8/q
/McKLfxQtXeZsr/K7zOkKry2d6QkKiRrpS4XZ+6MzJfjrJXbdbzIcuPK2CHD4zbA
wKFbtPmBaBq071F3qOx3tCBeRIxaxW5OMdQzrPmrHlIFHJlsEz 7QncY0O15asMOn
8iREbMkNzfT/hBALmqkVPxR+qOjSrDJ4007nnCLzfCN1IRXgmThZe4oiqPF98k 4y
eczE+8YK0/zBZmfA7BZ/GzG7l/IiTtGqaQQv+IM69RuI3KDdZtvC2ud1yaxW5S2P
nWAeaQpUDWbw6+b9sAFbJNwO4cOf2nbxadSdXjz1Wy/AhUy2V7DJ05s6WlqoXj9V
R/jibk+GpVJdQSjmh1Vtb5kBLtclreJJPE13zCKSMIo6AMvT4vIs dWwMPu/TT82C
U3rmoLw1n/HDRJLFeDn42P27GaOQdGFhUtFz3GNNu/57/fThVnH9jQyCx4FxqsDz
TqCk0EKxG6uMO/6daeIGifOY51MsbiLX4HfYMQcOcTtFmmY+rqcR8XaCZGfelOiG
ujwNDpZGDqYZYlIq6bCfgkbzhtRMLbJSt17q9/ezH/x/HvieorAzH7EZNY8DBwds
KCKSDJkJv3daqxaPCO2h
=1J8+
-----END PGP SIGNATURE-----