[GLLUG] content filtering
Karl Schuttler
rexykik at gmail.com
Tue Apr 1 14:06:20 EDT 2008
I don't know if this gets logged, but you might be able to change the
banner of the browser for their firefox profiles, so that it says
their name, and then log that. Just a thought; i'm not sure how it all
works.
On Tue, Apr 1, 2008 at 2:01 PM, Michael George <george at idealso.com> wrote:
> It's a multi-user system. There could be multiple users at any given
> time. Don't get me wrong, I think the logging is a good idea, but it's
> not perfect. However, when trying to monitor web usage, there is no
> "perfect".
>
>
>
> On Tue, April 1, 2008 1:50 pm, Karl Schuttler wrote:
> > Cross reference with who was logged on at that time?
> >
> > On Tue, Apr 1, 2008 at 1:46 PM, Michael George <george at idealso.com> wrote:
> >>
> >> On Tue, April 1, 2008 1:36 pm, Karl Schuttler wrote:
> >> > If you need somewhere to store logs and stuff like that, be aware
> >> that
> >> > you can samba mount stuff with ddwrt and openwrt, so you could just
> >> > have it automount the samba partition and store stuff there.
> >>
> >> True. And for that matter, I can tell it to ship the logs off to a
> >> syslog
> >> server. As long as it will log with the detail I'd need. The downside
> >> is
> >> that the router (probably) won't know who the user is that is sending
> >> the
> >> requests.
> >>
> >>
> >>
> >> > On Tue, Apr 1, 2008 at 8:34 AM, Michael George <george at idealso.com>
> >> wrote:
> >> >> I'll look at the openwrt site and see what I can find for modules.
> >> I
> >> >> understand that dd-wrt is based on it and can use its modules, but
> >> they
> >> >> will have to be hand-configured.
> >> >>
> >> >> Do you know of any "recipies" for setting up firewall rules on a
> >> server
> >> >> to
> >> >> run transparent/forced proxy? I'm hoping for a solution that
> >> doesn't
> >> >> require me to dig knee-deep into learning firewall rules...
> >> >>
> >> >> I'm also quite happy with a multi-layered approach. I can use
> >> OpenDNS,
> >> >> and dansguardian, and the log files. Putting the system in a
> >> public
> >> >> place
> >> >> is probably one of the best moves, but there are some physical
> >> >> complexities going in that direction...
> >> >>
> >> >> Hmm, I bet I can get a boot CD that will fire up the system and do
> >> the
> >> >> same things that LTSP does over wireless... I'll have to look into
> >> >> that
> >> >> option. Then I can put the system in more places in the house
> >> without
> >> >> stringing more ethernet cables...
> >> >>
> >> >>
> >> >>
> >> >> On Mon, March 31, 2008 11:37 pm, Richard Houser wrote:
> >> >> > -----BEGIN PGP SIGNED MESSAGE-----
> >> >> > Hash: SHA1
> >> >> >
> >> >> > Michael George wrote:
> >> >> > | It's time I get more serious about content filtering at home,
> >> now
> >> >> that
> >> >> > my
> >> >> > | kids are able to get online.
> >> >> > |
> >> >> > | I know there is the dansguardian/squid proxy filter, but I
> >> don't
> >> >> want to
> >> >> > | jump immediately to an approach that requires another computer.
> >> I
> >> >> use
> >> >> > | LTSP for myself and for the kids, so we're all on the same
> >> system
> >> >> > | (therefore I can't just use mine as the proxy server).
> >> >> > |
> >> >> > | I've heard of OpenDNS for DNS-level filtering, but I'm not sure
> >> if
> >> >> that
> >> >> > | will have some loopholes that I hadn't though of...
> >> >> >
> >> >> > For starters, a loophole is that someone can just bypass DNS. It
> >> >> > wouldn't be convenient, but is still relatively easy to do if
> >> your
> >> >> kids
> >> >> > are so inclined. They certainly won't fall into that loophole by
> >> >> > accident, however, so with good parenting, I don't think this
> >> would
> >> >> be
> >> >> > an issue.
> >> >> >
> >> >> > | I should have thought ahead more when I got my router. I put
> >> in a
> >> >> > Linksys
> >> >> > | WRT54GL running dd-wrt just recently. I'm happy with it so
> >> far,
> >> >> and it
> >> >> > | will facilitate a transparent proxy, but it doesn't implement
> >> one.
> >> >> > Since
> >> >> > | I only use it for basic router and firewall tasks, it would be
> >> nice
> >> >> to
> >> >> > | have a content filtering proxy built into it.
> >> >> > |
> >> >> > | Anyone here have opinions/advice? Thanks!
> >> >> >
> >> >> > I don't know about your kids, but have you looked into providing
> >> >> either
> >> >> > a mostly open internet connection (regarding http port 80/443)
> >> with
> >> >> > logging for later review OR a whitelist based approach? I don't
> >> know
> >> >> > about dd-wrt, but if you were running OpenWRT that should
> >> certainly
> >> >> be
> >> >> > doable (especially with the up to 2GB flash storage you can put
> >> in
> >> >> the
> >> >> > GL).
> >> >> >
> >> >> > Also, since you are running on the same system, you CAN use your
> >> >> machine
> >> >> > as the proxy. When on the same machine, you can use firewall
> >> rules
> >> >> to
> >> >> > force certain users to use the proxy and allow others open
> >> access.
> >> >> > While still on the same machine, I think this is the best option.
> >> >> > -----BEGIN PGP SIGNATURE-----
> >> >> > Version: GnuPG v1.4.7 (GNU/Linux)
> >> >> > Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org
> >> >> >
> >> >> > iD8DBQFH8a3mUMkt1ZRwL1MRAjDYAJ9+lHH0t+XK+/lT3SCADkxLvok3AgCglh9l
> >> >> > ql2l5Ej5l4zqketet3lSJhk=
> >> >> > =mNuB
> >> >> > -----END PGP SIGNATURE-----
> >> >> >
> >> >>
> >> >>
> >> >> -Michael George
> >> >>
> >> >>
> >> >> _______________________________________________
> >> >> linux-user mailing list
> >> >> linux-user at egr.msu.edu
> >> >> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
> >> >>
> >> >
> >>
> >>
> >> -Michael George
> >>
> >
>
>
> -Michael George
>
More information about the linux-user
mailing list