Dansguardian Version 2.8.0.6 - Installation und Konfiguration

Dansguardian Logo

Für die Zugriffsverwaltung und inhaltliche Bewertung der angewählten Internetseiten bedienen wir uns dem Proxy Squid und dem Contentfilter Dansguardian.
Bei dieser Konstellation arbeiten Squid und Dansguardian als einer Vermittler, der auf der einen Seite Anfragen entgegennimmt, um dann über seine eigene Adresse eine Verbindung zu einem Zielhost herzustellen. So bleibt einerseits die eigentliche Adresse des Client-Rechners dem Zielhost gegenüber komplett verborgen, was eine gewisse Anonymität schafft. Ferner können die Ergebnisse der Clientanfragen zwischengespeichert werden, um so Bandbreite zu sparen, da diese gepufferten Objekte nicht nochmals geladen werden müssen. Darüber hinaus haben wir so die Möglichkeit:

  • unerwünschte Seiten zu blocken (Pornographie)
  • bestimmte Inhalte nur bestimmten Usern zur Verfügung zu stellen (Multimediainhalte des WWW)
  • Seiten auf unerwünschten Inhalt zu überprüfen und ggf. zu blocken (Glücksspiel und politische Propaganda) oder
  • eine Virenprüfung der übermittelten Daten vorzunehmen.

Die einfachere Variante ist die Installation der Version 2.8.0.6 aus dem Dag Apt Repository. Stand Dezember 2009

Diese Version unterstützt nur die Inhaltliche Überprüfung noch noch NICHT die Virenfilterung! Diese ist im aktuellen neuen Release-Kandidaten enthalten - die Installation ist im folgenden Kapitel beschrieben.

Wie sollte es auch hier anders sein, die Installation der benötigten Programme erfolgt im gewohnten Rahmen via yum, welches wir als User root ausführen.

 # su -
 # yum install dansguardian

Was uns das Paket dansguardian alles mitbringt offenbart eine detailierte Blick1), nach erfolgter Installation des Paketes, in das RPM.

# rpm -iql dansguardian
Name        : dansguardian                 Relocations: (not relocatable)
Version     : 2.8.0.6                           Vendor: Dag Apt Repository, http://dag.wieers.com/apt/
Release     : 1.2.el5.rf                    Build Date: Mi 07 Mär 2007 19:59:59 CET
Install Date: Sa 08 Nov 2008 13:55:11 CET      Build Host: lisse.leuven.wieers.com
Group       : System Environment/Daemons    Source RPM: dansguardian-2.8.0.6-1.2.el5.rf.src.rpm
Size        : 736787                           License: GPL
Signature   : DSA/SHA1, Fr 09 Mär 2007 10:32:24 CET, Key ID a20e52146b8d79e6
Packager    : Dag Wieers <dag@wieers.com>
URL         : http://www.dansguardian.org/
Summary     : Content filtering web proxy
Description :
DansGuardian is a web filtering engine that checks the content within
the page itself in addition to the more traditional URL filtering.

DansGuardian is a content filtering proxy. It filters using multiple methods,
including URL and domain filtering, content phrase filtering, PICS filtering,
MIME filtering, file extension filtering, POST filtering.
/etc/dansguardian
/etc/dansguardian/bannedextensionlist
/etc/dansguardian/bannediplist
/etc/dansguardian/bannedmimetypelist
/etc/dansguardian/bannedphraselist
/etc/dansguardian/bannedregexpurllist
/etc/dansguardian/bannedsitelist
/etc/dansguardian/bannedurllist
/etc/dansguardian/banneduserlist
/etc/dansguardian/contentregexplist
/etc/dansguardian/dansguardian.conf
/etc/dansguardian/dansguardianf1.conf
/etc/dansguardian/exceptioniplist
/etc/dansguardian/exceptionphraselist
/etc/dansguardian/exceptionsitelist
/etc/dansguardian/exceptionurllist
/etc/dansguardian/exceptionuserlist
/etc/dansguardian/filtergroupslist
/etc/dansguardian/greysitelist
/etc/dansguardian/greyurllist
/etc/dansguardian/languages
/etc/dansguardian/languages/ReadMe
/etc/dansguardian/languages/arspanish
/etc/dansguardian/languages/arspanish/messages
/etc/dansguardian/languages/arspanish/template.html
/etc/dansguardian/languages/bulgarian
/etc/dansguardian/languages/bulgarian/messages
/etc/dansguardian/languages/bulgarian/template.html
/etc/dansguardian/languages/chinesebig5
/etc/dansguardian/languages/chinesebig5/messages
/etc/dansguardian/languages/chinesebig5/template.html
/etc/dansguardian/languages/chinesegb2312
/etc/dansguardian/languages/chinesegb2312/messages
/etc/dansguardian/languages/chinesegb2312/template.html
/etc/dansguardian/languages/czech
/etc/dansguardian/languages/czech/messages
/etc/dansguardian/languages/czech/template.html
/etc/dansguardian/languages/danish
/etc/dansguardian/languages/danish/messages
/etc/dansguardian/languages/danish/template.html
/etc/dansguardian/languages/dutch
/etc/dansguardian/languages/dutch/messages
/etc/dansguardian/languages/dutch/template.html
/etc/dansguardian/languages/french
/etc/dansguardian/languages/french/messages
/etc/dansguardian/languages/french/template.html
/etc/dansguardian/languages/german
/etc/dansguardian/languages/german/messages
/etc/dansguardian/languages/german/template.html
/etc/dansguardian/languages/hebrew
/etc/dansguardian/languages/hebrew/messages
/etc/dansguardian/languages/hebrew/template.html
/etc/dansguardian/languages/indonesian
/etc/dansguardian/languages/indonesian/messages
/etc/dansguardian/languages/indonesian/template.html
/etc/dansguardian/languages/italian
/etc/dansguardian/languages/italian/messages
/etc/dansguardian/languages/italian/template.html
/etc/dansguardian/languages/lithuanian
/etc/dansguardian/languages/lithuanian/messages
/etc/dansguardian/languages/lithuanian/template.html
/etc/dansguardian/languages/mxspanish
/etc/dansguardian/languages/mxspanish/messages
/etc/dansguardian/languages/mxspanish/template.html
/etc/dansguardian/languages/polish
/etc/dansguardian/languages/polish/messages
/etc/dansguardian/languages/polish/template.html
/etc/dansguardian/languages/portuguese
/etc/dansguardian/languages/portuguese/messages
/etc/dansguardian/languages/portuguese/messagesaccents
/etc/dansguardian/languages/portuguese/template.html
/etc/dansguardian/languages/russian-1251
/etc/dansguardian/languages/russian-1251/messages
/etc/dansguardian/languages/russian-1251/template.html
/etc/dansguardian/languages/slovak
/etc/dansguardian/languages/slovak/messages
/etc/dansguardian/languages/slovak/template.html
/etc/dansguardian/languages/spanish
/etc/dansguardian/languages/spanish/messages
/etc/dansguardian/languages/spanish/template.html
/etc/dansguardian/languages/swedish
/etc/dansguardian/languages/swedish/messages
/etc/dansguardian/languages/swedish/template.html
/etc/dansguardian/languages/turkish
/etc/dansguardian/languages/turkish/messages
/etc/dansguardian/languages/turkish/template.html
/etc/dansguardian/languages/ukenglish
/etc/dansguardian/languages/ukenglish/messages
/etc/dansguardian/languages/ukenglish/template.html
/etc/dansguardian/logrotation
/etc/dansguardian/phraselists
/etc/dansguardian/phraselists/badwords
/etc/dansguardian/phraselists/badwords/weighted_dutch
/etc/dansguardian/phraselists/badwords/weighted_french
/etc/dansguardian/phraselists/badwords/weighted_german
/etc/dansguardian/phraselists/badwords/weighted_portuguese
/etc/dansguardian/phraselists/badwords/weighted_spanish
/etc/dansguardian/phraselists/chat
/etc/dansguardian/phraselists/chat/weighted
/etc/dansguardian/phraselists/chat/weighted_italian
/etc/dansguardian/phraselists/drugadvocacy
/etc/dansguardian/phraselists/drugadvocacy/weighted
/etc/dansguardian/phraselists/gambling
/etc/dansguardian/phraselists/gambling/banned
/etc/dansguardian/phraselists/gambling/banned_portuguese
/etc/dansguardian/phraselists/gambling/weighted
/etc/dansguardian/phraselists/gambling/weighted_portuguese
/etc/dansguardian/phraselists/games
/etc/dansguardian/phraselists/games/weighted
/etc/dansguardian/phraselists/goodphrases
/etc/dansguardian/phraselists/goodphrases/exception
/etc/dansguardian/phraselists/goodphrases/exception_email
/etc/dansguardian/phraselists/goodphrases/weighted_general
/etc/dansguardian/phraselists/goodphrases/weighted_general_danish
/etc/dansguardian/phraselists/goodphrases/weighted_general_portuguese
/etc/dansguardian/phraselists/goodphrases/weighted_news
/etc/dansguardian/phraselists/googlesearches
/etc/dansguardian/phraselists/googlesearches/banned
/etc/dansguardian/phraselists/gore
/etc/dansguardian/phraselists/gore/weighted
/etc/dansguardian/phraselists/gore/weighted_portuguese
/etc/dansguardian/phraselists/illegaldrugs
/etc/dansguardian/phraselists/illegaldrugs/banned
/etc/dansguardian/phraselists/illegaldrugs/banned_portuguese
/etc/dansguardian/phraselists/illegaldrugs/weighted
/etc/dansguardian/phraselists/illegaldrugs/weighted_portuguese
/etc/dansguardian/phraselists/intolerance
/etc/dansguardian/phraselists/intolerance/banned_portuguese
/etc/dansguardian/phraselists/intolerance/weighted
/etc/dansguardian/phraselists/intolerance/weighted_portuguese
/etc/dansguardian/phraselists/legaldrugs
/etc/dansguardian/phraselists/legaldrugs/weighted
/etc/dansguardian/phraselists/malware
/etc/dansguardian/phraselists/malware/weighted
/etc/dansguardian/phraselists/news
/etc/dansguardian/phraselists/news/weighted
/etc/dansguardian/phraselists/nudism
/etc/dansguardian/phraselists/nudism/weighted
/etc/dansguardian/phraselists/peer2peer
/etc/dansguardian/phraselists/peer2peer/weighted
/etc/dansguardian/phraselists/personals
/etc/dansguardian/phraselists/personals/weighted
/etc/dansguardian/phraselists/personals/weighted_portuguese
/etc/dansguardian/phraselists/pornography
/etc/dansguardian/phraselists/pornography/banned
/etc/dansguardian/phraselists/pornography/banned_portuguese
/etc/dansguardian/phraselists/pornography/weighted
/etc/dansguardian/phraselists/pornography/weighted_danish
/etc/dansguardian/phraselists/pornography/weighted_dutch
/etc/dansguardian/phraselists/pornography/weighted_french
/etc/dansguardian/phraselists/pornography/weighted_german
/etc/dansguardian/phraselists/pornography/weighted_italian
/etc/dansguardian/phraselists/pornography/weighted_portuguese
/etc/dansguardian/phraselists/pornography/weighted_spanish
/etc/dansguardian/phraselists/proxies
/etc/dansguardian/phraselists/proxies/weighted
/etc/dansguardian/phraselists/sport
/etc/dansguardian/phraselists/sport/weighted
/etc/dansguardian/phraselists/violence
/etc/dansguardian/phraselists/violence/weighted
/etc/dansguardian/phraselists/violence/weighted_portuguese
/etc/dansguardian/phraselists/warezhacking
/etc/dansguardian/phraselists/warezhacking/weighted
/etc/dansguardian/phraselists/weapons
/etc/dansguardian/phraselists/weapons/weighted
/etc/dansguardian/phraselists/weapons/weighted_portuguese
/etc/dansguardian/phraselists/webmail
/etc/dansguardian/phraselists/webmail/weighted
/etc/dansguardian/pics
/etc/dansguardian/transparent1x1.gif
/etc/dansguardian/weightedphraselist
/etc/httpd/conf.d/dansguardian.conf
/etc/logrotate.d/dansguardian
/etc/rc.d/init.d/dansguardian
/usr/sbin/dansguardian
/usr/share/doc/dansguardian-2.8.0.6
/usr/share/doc/dansguardian-2.8.0.6/INSTALL
/usr/share/doc/dansguardian-2.8.0.6/LICENSE
/usr/share/doc/dansguardian-2.8.0.6/README
/usr/share/man/man8/dansguardian.8.gz
/var/log/dansguardian
/var/www/dansguardian
/var/www/dansguardian/dansguardian.pl

Mit dem Editor unserer Wahl z.B. vim bearbeiten wir nun die Konfigurationsdatei des Contentfilters:

 # vim /etc/dansguardian/dansguardian.conf

Das erste und wichtigste, was wir hier groß einstellen, sind die Adress- und Portangaben:

# the port that DansGuardian listens to.
filterport = 8080

# the ip of the proxy (default is the loopback - i.e. this server)
proxyip = 127.0.0.1

# the port DansGuardian connects to proxy on
proxyport = 3128

Ferner passen wir noch die Internationalisierung in der Konfigurationsdatei an:

# the port that DansGuardian listens to.
language = 'german'

In Summe ergibt sich also folgende Gesamtkonfiguration:

egrep -v '(^.*#|^$)' /etc/dansguardian/dansguardian.conf
reportinglevel = 3
languagedir = '/etc/dansguardian/languages'
language = 'german'
loglevel = 3
logexceptionhits = on
logfileformat = 1
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = 1
custombannedimagefile = '/etc/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/filtergroupslist'
bannediplist = '/etc/dansguardian/bannediplist'
exceptioniplist = '/etc/dansguardian/exceptioniplist'
banneduserlist = '/etc/dansguardian/banneduserlist'
exceptionuserlist = '/etc/dansguardian/exceptionuserlist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 1000
urlcacheage = 900
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = 0
forcequicksearch = 0
reverseaddresslookups = off
reverseclientiplookups = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
usernameidmethodproxyauth = on
usernameidmethodident = off
preemptivebanning = on
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
nodaemon = off
nologger = off
softrestart = off

Nach der erfolgten Inbetriebnahme drehen wir dem Dansguardian etwas die Luft ab, was heissen will, wir lassen uns nur noch die geblockten Seiten reporten, da das Logfile ggf. etwas arg überschwemmt wird mit Informationen, die uns eh' nicht interessieren.

# vim /etc/dansguardian/dansguardian.conf

# Logging Settings
#
# 0 = none  1 = just denied  2 = all text based  3 = all requests
loglevel = 1

In der zweiten Konfig-Datei /etc/dansguardian/dansguardianf1.conf stellen wir dann noch ein, wie scharf der Kontentfilter arbeiten soll:

 # vim /etc/dansguardian/dansguardianf1.conf

Mit einem Naughtyness limit von 100 liegt man schon mal in einem praktikablen Bereich.

# Naughtyness limit
# This the limit over which the page will be blocked.  Each weighted phrase is given
# a value either positive or negative and the values added up.  Phrases to do with
# good subjects will have negative values, and bad subjects will have positive
# values.  See the weightedphraselist file for examples.
# As a guide:
# 50 is for young children,  100 for old children,  160 for young adults.
naughtynesslimit = 100

Somit ergibt sich hier folgende Gesamtkonfiguration:

egrep -v '(^.*#|^$)' /etc/dansguardian/dansguardianf1.conf
bannedphraselist = '/etc/dansguardian/bannedphraselist'
weightedphraselist = '/etc/dansguardian/weightedphraselist'
exceptionphraselist = '/etc/dansguardian/exceptionphraselist'
bannedsitelist = '/etc/dansguardian/bannedsitelist'
greysitelist = '/etc/dansguardian/greysitelist'
exceptionsitelist = '/etc/dansguardian/exceptionsitelist'
bannedurllist = '/etc/dansguardian/bannedurllist'
greyurllist = '/etc/dansguardian/greyurllist'
exceptionurllist = '/etc/dansguardian/exceptionurllist'
bannedregexpurllist = '/etc/dansguardian/bannedregexpurllist'
bannedextensionlist = '/etc/dansguardian/bannedextensionlist'
bannedmimetypelist = '/etc/dansguardian/bannedmimetypelist'
picsfile = '/etc/dansguardian/pics'
contentregexplist = '/etc/dansguardian/contentregexplist'
naughtynesslimit = 100
bypass = 0
bypasskey = ''

Nun starten wir das erste mal unsere neuen Dienst dansguardian:

 # service dansguardian start
 Web Content Filter (dansguardian) starten:                 [  OK  ]

automatisches Starten von Dansguardian beim Systemstart

Damit der Dansguardian-daemon automatisch bei jedem Systemstart startet, kann die Einrichtung des Start-Scriptes über folgenden Befehl erreicht werden:

 # chkconfig dansguardian on

Die Überprüfungung ob der Dienst (Daemons) Dansguardian wirklich bei jedem Systemstart automatisch mit gestartet wird, kann durch folgenden Befehle erreicht werden:

 # chkconfig --list | grep dansguardian
 dansguardian    0:Aus   1:Aus   2:Ein   3:Ein   4:Ein   5:Ein   6:Aus

Wichtig sind jeweils die Schalter on bzw. Ein bei den Runleveln - 2 3 4 5.

Von Haus aus, ist der „ausgelieferte“ Dansguardian doch recht aggressiv eingestellt; d.h. viele doch erwünschten Seiten werden geblockt. Zum Erlauben dieser Seiten gibt es mehrere Möglichkeiten.

Ausnahmelisten für Web-Sites

Ganze Seiten können von der inhaltlichen Bewertung ausgenommen werden, wenn in der /etc/dansguardian/exceptionsitelist ein entsprechender Eintrag vorhanden ist, so z.B.:

# vim /etc/dansguardian/exceptionsitelist

#Sites in exception list
#Don't bother with the www. or
#the http://
#
#These are specifically domains and are not URLs.
#For example 'foo.bar/porn/' is no good, you need
#to just have 'foo.bar'.
#
#You can also match IPs here too.
#
#As of DansGuardian 2.7.3 you can now include
#.tld so for example you can match .gov for example


dansguardian.org

nausch.org
urlblacklist.com
ebay.de
bay.com

Ausnahmelisten für Hosts

Will man einzelne Workstations ausnehmen, so trägt man diese in die /etc/dansguardian/exceptioniplist ein:

# vim /etc/dansguardian/exceptioniplist

#IP addresses of computers to not filter
#and just pass requests straight through to
#
#These would be servers which
#need unfiltered access for
#updates.  Also administrator
#workstations which need to
#download programs and check
#out blocked sites should be
#put here.
#
#Only put IP addresses here,
#not host names
#
#This is not the IP of web servers
#you don't want to filter.

#192.168.0.1
#192.168.0.2
#192.168.42.2

#BOfH's Workstation
192.168.20.10

Sperrlisten für Dateiextensions

Über die /etc/dansguardian/bannedextensionlist stellen wir dann bei Bedarf noch ein, welche Datei-Extensions wird erlauben und welche wir (aus)sperren wollen:

# vim /etc/dansguardian/bannedextensionlist

#Banned extension list

# File extensions with executable code 

# The following file extensions can contain executable code.
# This means they can potentially carry a virus to infect your computer.

.ade  # Microsoft Access project extension
.adp  # Microsoft Access project
.asx  # Windows Media Audio / Video
.bas  # Microsoft Visual Basic class module
.bat  # Batch file
.cab  # Windows setup file
.chm  # Compiled HTML Help file
.cmd  # Microsoft Windows NT Command script
.com  # Microsoft MS-DOS program
.cpl  # Control Panel extension
.crt  # Security certificate 
.dll  # Windows system file
.exe  # Program
.hlp  # Help file
.ini  # Windows system file
.hta  # HTML program
.inf  # Setup Information
.ins  # Internet Naming Service
.isp  # Internet Communication settings
# .js   # JScript file - often needed in web pages
# .jse  # Jscript Encoded Script file - often needed in web pages
.lnk  # Windows Shortcut
.mda  # Microsoft Access add-in program 
.mdb  # Microsoft Access program
.mde  # Microsoft Access MDE database
.mdt  # Microsoft Access workgroup information 
.mdw  # Microsoft Access workgroup information 
.mdz  # Microsoft Access wizard program 
.msc  # Microsoft Common Console document
.msi  # Microsoft Windows Installer package
.msp  # Microsoft Windows Installer patch
.mst  # Microsoft Visual Test source files
.pcd  # Photo CD image, Microsoft Visual compiled script
.pif  # Shortcut to MS-DOS program
.prf  # Microsoft Outlook profile settings
.reg  # Windows registry entries
.scf  # Windows Explorer command
.scr  # Screen saver
.sct  # Windows Script Component
.sh   # Shell script
.shs  # Shell Scrap object
.shb  # Shell Scrap object
.sys  # Windows system file
.url  # Internet shortcut
.vb   # VBScript file
.vbe  # VBScript Encoded script file
.vbs  # VBScript file
.vxd  # Windows system file
.wsc  # Windows Script Component
.wsf  # Windows Script file
.wsh  # Windows Script Host Settings file
.otf  # Font file - can be used to instant reboot 2k and xp
.ops  # Office XP settings 



# Files which one normally things as non-executable but
# can contain harmful macros and viruses

.doc  # Word document
.xls  # Excel document
.pps  # PowerPoint selfrunning

# Other files which may contain files with executable code

#.gz   # Gziped file
#.tar  # Tape ARchive file
.zip  # Windows compressed file
#.tgz  # Unix compressed file
#.bz2  # Unix compressed file
.cdr  # Mac disk image
.dmg  # Mac disk image
.smi  # Mac self mounting disk image
.sit  # Mac compressed file
.sea  # Mac compressed file, self extracting
.bin  # Mac binary compressed file
.hqx  # Mac binhex encoded file
.rar  # Similar to zip


# Time/bandwidth wasting files

.mp3  # Music file
.mpeg # Movie file
.mpg  # Movie file
.avi  # Movie file
.asf  # this can also exploit a security hole allowing virus infection
.iso  # CD ISO image
.ogg  # Music file
.wmf  # Movie file
.bin # CD ISO image
.cue # CD ISO image

# meine eigenen 
.ani  # animated cursor

Sperrlisten für URLS (regex)

Über die /etc/dansguardian/bannedregexpurllist haben wir die möglichkeit, einzelne Seiten an Hand ihrer URL zu sperren. Hierzu Nutzen wir geeignete REGEX um die URLs zu definieren, welche wir (aus)sperren wollen:

# vim /etc/dansguardian/bannedregexpurllist

#Banned URLs based on Regular Expressions
#
# E.g. 'sex' would block sex.com and middlesex.com etc

# The following two lines may work better than the above - Philip Pearce 9/11/2004
(^|[-\?+=&/_])(big|cyber|hard|huge|mega|small|soft|super|tiny|bare|naked|nude|anal|oral|topp?les|sex){1,}.*(anal|babe|bharath|boob|breast|busen|busty|clit|cum|cunt|dick|fetish|fuck|girl|hooter|lez|lust|naked|nude|oral|orgy|penis|porn|porno|pupper|pussy|rotten|sex|shit|smutpump|teen|topp?les|xxx)s?([-\?+=&/_]|$)
(^|[-\?+=&/_])(anal|babe|bharath|boob|breast|busen|busty|clit|cum|cunt|dick|fetish|fuck|girl|hooter|lez|lust|naked|nude|oral|orgy|penis|porn|porno|pupper|pussy|rotten|sex|shit|smutpump|teen|topp?les|xxx){1,}.*(big|cyber|hard|huge|mega|small|soft|super|tiny|bare|naked|nude|anal|oral|topp?les|sex){1,}([-\?+=&/_]|$)

# Onlinegaming
(gladiatus|4story|gameforge|ikariam|pog.com|cracymonkeygames|poissonrouge)

# Musikmaffia
(musicload|musikload)

# videoportale
(vo.llnwd)

# Werbemüll
(Standardteaser|sponsorads|google-analytics)

# Schnackslanbahnungsportale
(facebook)

Oft ist es wünschenswert einzelen User(gruppen) bei der Bewertung der Verbindungswünsche in's WWW unterschiedlich zu behandeln. So könnten zum Beispiel Schüler und Lehrer, DAUs, Null- Halb- und Stellenleiter wie auch VIPs mit eigenen Filterregelsätzen belegt werden.
Was zunächst kompliziert anmutet, funktioniert recht einfach und auch überschaubar.

dansguardian.conf

Als erstes geben wir unserem Kontentfilter mit, wieviele Filtergruppen (max. 99) wir verwenden möchten.

# vim dansguardian.conf

# Filter groups options
# filtergroups sets the number of filter groups. A filter group is a set of content
# filtering options you can apply to a group of users.  The value must be 1 or more.
# DansGuardian will automatically look for dansguardianfN.conf where N is the filter
# group.  To assign users to groups use the filtergroupslist option.  All users default
# to filter group 1.  You must have some sort of authentication to be able to map users
# to a group.  The more filter groups the more copies of the lists will be in RAM so
# use as few as possible.
filtergroups = 2 
filtergroupslist = '/etc/dansguardian/filtergroupslist'

filtergroupslist

In der Datei filtergroupslist geben wir nun all diejenigen Nutzer an, die nicht in der Standardgruppe bewertet werden sollen, sondern in einer der zuvor definierten Filtergruppen.

# vim filtergroupslist

# Filter Groups List file for DansGuardian
#
# Format is <user>=filter<1-99> where 1-99 are the groups
#
jakob=filter2

dansguardianf2.conf

Die eigentliche Änderungen zur Standardkonfiguration nehmen wir nun, in der dansguardianfn.conf vor. Neben einen ggf. abweichenden Naughtyness limit definieren wir hier etwaige abweichende Sperr- und Ausnahme-Listen.

# vim dansguardianf2.conf

# Content filtering files location
bannedphraselist = '/etc/dansguardian/bannedphraselist'
weightedphraselist = '/etc/dansguardian/weightedphraselist'
exceptionphraselist = '/etc/dansguardian/exceptionphraselist'
bannedsitelist = '/etc/dansguardian/bannedsitelist_f2'
greysitelist = '/etc/dansguardian/greysitelist'
exceptionsitelist = '/etc/dansguardian/exceptionsitelist_f2'
bannedurllist = '/etc/dansguardian/bannedurllist'
greyurllist = '/etc/dansguardian/greyurllist'
exceptionurllist = '/etc/dansguardian/exceptionurllist'
bannedregexpurllist = '/etc/dansguardian/bannedregexpurllist_f2'
bannedextensionlist = '/etc/dansguardian/bannedextensionlist'
bannedmimetypelist = '/etc/dansguardian/bannedmimetypelist'
picsfile = '/etc/dansguardian/pics'
contentregexplist = '/etc/dansguardian/contentregexplist'

In den jeweiligen Listen erweitern wir nun die entsprechenden gesperrten Seiten oder definieren entsprechende Ausnahmeregelungen.


1)
zum besseren Vergleich zwischen der Verison 2.8.0.6 zur 2.10.1.1 erfolgt der Abdruck der gesamten Abfrage durch rpm -iql
Cookies helfen bei der Bereitstellung von Inhalten. Durch die Nutzung dieser Seiten erklären Sie sich damit einverstanden, dass Cookies auf Ihrem Rechner gespeichert werden. Weitere Information
  • centos/dansguardian_2.8.txt
  • Zuletzt geändert: 20.04.2018 10:36.
  • (Externe Bearbeitung)