[CentOS] A simplistic parental-control setup

Thu Jan 5 14:46:47 UTC 2012
Marko Vojinovic <vvmarko at gmail.com>

On Thursday 05 January 2012 01:39:49 Ljubomir Ljubojevic wrote:
> On 01/05/2012 12:58 AM, Marko Vojinovic wrote:
> > I am looking at the simplest (implementation-wise) solution to the
> > following problem (on CentOS 6.2):
> > 
> > I have a list of web addresses (like http://www.example.com,
> > https://1.2.3.4/, etc.) that should be "forbidden" to access from a
> > particular host. On access attempt, the browser should be redirected to
> > a local web page (file on the hard disk) with the explanation that
> > those addresses are forbidden. The possible ways of disallowed access
> > include:
> > 
> > * typing www.example.com or http://1.2.3.4/ in the browser
> > * typing www.example.com/anyfolder/somefile.html in the browser
> > * clicking on www.example.com when listed as a link on some other web
> > site (say, Google search results)
> > * nothing else.
> > 
> > The last point above assumes that the users will never try any other
> > method of accessing the site. These user's knowledge about computers in
> > general is known to be elementary, so I don't need protection against
> > geniouses who can figure out some obscure way to circumvent the
> > lockdown (and please don't tell me that this is an irrational
> > assumption, I know it is...).
> > 
> > If possible, all this should be on a "per user" basis, but if
> > implementing it system-wide would be much simpler, I could live with
> > it. :-)
> > 
> > The point is that I need a simple, easy-to-implement, easy-to-configure
> > and easy-to-maintain solution for this particular usecase. What I don't
> > need is some over-engineered solution that covers my usecase along with
> > a whole bunch of stuff I will never need, and takes two months to
> > configure properly. It should also be F/OSS, preferably included in
> > CentOS repos or elsewhere.
> > 
> > Or alternatively I could go along with manually setting up a bogus
> > httpd/dns/iptables configuration which would do all this, but I have a
> > feeling that it would not be the easiest thing to maintain...
> > 
> > I'd appreciate any suggestions. :-)
> 
> There is squidguard in RepoForge repository. It's a plugin for squid.
> There is also dansguardian.

I'll take a look at both of these, thanks! :-)
 
> If you use separate firewall box, you can use ClearOS, it has
> dansguardian set up.

No, the machine is already installed with CentOS. Furthermore, I am supposed 
to set up all this remotely (via ssh), since I don't have physical access to 
the box itself...

Best, :-)
Marko