Still very proud of this one. It took a while, but I managed to secure his web browsing sessions with a combination of iptables rules, squid, squidguard, and dansguardian. Oh, yeah, and postfix. I’ll post the documentation file on the Codes and Configs page later.
Anyway, since I am lazy and hate reinventing things, I naturally tried first with pre-built packages from various mandriva Cooker repositories. I love urpmi. Too bad the packages never worked right. So I found all references to the package files in /usr, /var, and /etc after I ran urpme to remove them, and nuked ’em.
I went with the old fallback of getting the source tarballs and doing the “./configure-make-make install” shuffle. I carefully went through the configure options, and went through several iterations with squid before finally getting the right combination of features that would compile.
I lucked out and found a site that documented how to use iptables for user-based transparent proxy functions. If I log into his computer, I do not use the proxy. Anyone else is. Being transparent, there is no browser-based setting to muck with or undo.
Once I was done and it tested clean (after downloading and running a blacklist script), I set up a postfix email server to relay all mail from the designated reporting user to my ISP mailbox, which would shoot it on out to my work address. I had trouble with this, since I didn’t start with postfix, but instead tried a variant of qmail (masqmail?). I forget what it was called, but it’s designed for offline email, connecting briefly when it senses the computer is online and blasting out stored up email, downloading inbound mail from the server.
I eventually gave up and went to postfix, which worked great after a little tinkering.
Another nice thing is this even works with text browsers, like lynx.
Now, I am quite confident that my monkeys won’t be inadvertently dredging up garbage from the internet.
Filed under: Security |