[CentOS] A simplistic parental-control setup

Thu Jan 5 00:39:49 UTC 2012
Ljubomir Ljubojevic <office at plnet.rs>

On 01/05/2012 12:58 AM, Marko Vojinovic wrote:
>
> I am looking at the simplest (implementation-wise) solution to the following
> problem (on CentOS 6.2):
>
> I have a list of web addresses (like http://www.example.com, https://1.2.3.4/,
> etc.) that should be "forbidden" to access from a particular host. On access
> attempt, the browser should be redirected to a local web page (file on the hard
> disk) with the explanation that those addresses are forbidden. The possible
> ways of disallowed access include:
>
> * typing www.example.com or http://1.2.3.4/ in the browser
> * typing www.example.com/anyfolder/somefile.html in the browser
> * clicking on www.example.com when listed as a link on some other web site
> (say, Google search results)
> * nothing else.
>
> The last point above assumes that the users will never try any other method of
> accessing the site. These user's knowledge about computers in general is known
> to be elementary, so I don't need protection against geniouses who can figure
> out some obscure way to circumvent the lockdown (and please don't tell me that
> this is an irrational assumption, I know it is...).
>
> If possible, all this should be on a "per user" basis, but if implementing it
> system-wide would be much simpler, I could live with it. :-)
>
> The point is that I need a simple, easy-to-implement, easy-to-configure and
> easy-to-maintain solution for this particular usecase. What I don't need is
> some over-engineered solution that covers my usecase along with a whole bunch
> of stuff I will never need, and takes two months to configure properly. It
> should also be F/OSS, preferably included in CentOS repos or elsewhere.
>
> Or alternatively I could go along with manually setting up a bogus
> httpd/dns/iptables configuration which would do all this, but I have a feeling
> that it would not be the easiest thing to maintain...
>
> I'd appreciate any suggestions. :-)

There is squidguard in RepoForge repository. It's a plugin for squid. 
There is also dansguardian.

If you use separate firewall box, you can use ClearOS, it has 
dansguardian set up.

-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant