How To Set Up A Kid-Friendly Linux PC
These days the internet is a crazy place, with lots of gross and potentially dangerous content available. Due to how extreme the internet can sometimes be, parents turn to parental controls and commercial filtering solutions. These work well but fail when it comes to setting up a kid-friendly Linux PC.
Fortunately, there’s a great open source program for Linux users that promises great parental control features for the web. The program is DansGuardian, and it’s an open source web filtering system that is easy to set up. Unlike commercial filters, it doesn’t merely work based on a list of “banned sites”. Instead, users can custom-tailor the filter to their needs, to protect their children from inappropriate content online.
The DansGuardian filtration software works on all Linux distributions. That said, Ubuntu is a great starting point for most beginners. As a result, we’ll primarily focus on getting it working with Ubuntu Linux. However, if you use another operating system of choice, feel free to follow along and check the official website for further information.
Install DansGuardian
Start off by opening a terminal window and entering the following command:
sudo apt install iptables dansguardian squid
After installing the software, it’s also a good idea to update Ubuntu. This will ensure that everything is running the absolute latest patches.
sudo apt update sudo apt upgrade -y
Ubuntu has all important upgrades installed and the latest version of DansGuardian is on the system. The next step is to set up a proxy system.
Set Up Squid Proxy
Squid is a web caching proxy. It works with DG to better filter things. It also speeds up web traffic too. There’s not much to do with Squid except to modify some port settings. Using the sed tool, modify http_port.
sudo sed -i 's/http_port 3128/http_port 3128 transparent/g' /etc/squid/squid.conf
After modifying the http_port, you’ll also need to change the always_direct setting to “allow all”. Use the sed tool to update it.
sudo sed -i 's/# always_direct allow local-servers/always_direct allow all/g' /etc/squid/squid.conf
Squid is correctly configured. Turn it on with the start command.
sudo squid start
Configure DansGuardian
The Squid proxy is up and running. Now it’s time to change the “ban lists” in the filter software. In this part of the tutorial, we won’t be giving out a specified “ban list” for sites, URLs, etc., because every parent’s needs are different. Using the Nano editing tool, go through and specify content in these configuration files that you’d like to block.
Note: keep in mind that kids are creative and will find ways to get around blocks, so you’ll have to do some research for the best possible results. Consult on parenting forums for best results.
To edit the list of banned extensions for DG, do:
sudo nano /etc/dansguardian/lists/bannedextensionlist
Edit the list of banned websites in DG with:
sudo nano /etc/dansguardian/lists/bannedsitelist
Finally, edit the list of banned URLs in DG with:
sudo nano /etc/dansguardian/lists/bannedurllist
Save all edits with Ctrl + O. Exit Nano with Ctrl + X.
Do keep in mind that DG may require IP addresses for URL’s and websites, in addition to their domain. Find an IP address for a public website with ping in the terminal. For example:
ping facebook.com -c1
The public IP address for Facebook is the number in parenthesis.
Squid Configuration
Squid is now working. All that’s left is to change a few more options. Start off by removing “unconfigured” from the config file.
sudo sed -i 's/UNCONFIGURED - Please remove this line after configuration/#UNCONFIGURED - Please remove this line after configuration/g' /etc/dansguardian/dansguardian.conf
Next, change the “filterip option to equal the localhost IP (127.0.0.1).
sed -i 's/filterip =/filterip = 127.0.0.1/g' /etc/dansguardian/dansguardian.conf
Change the daemonuser entry in the configuration file for DG to proxy.
sed -i 's/#daemongroup = 'dansguardian'/daemongroup = 'proxy'/g' /etc/dansguardian/dansguardian.conf
Change accessdeniedaddress in the dansguardian.conf file to point to the correct URL.
sed -i 's/accessdeniedaddress = 'https://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'/accessdeniedaddress = 'https://localhost/cgi-bin/dansguardian.pl'/g' /etc/dansguardian/dansguardian.conf
Next, block all connections on the PC, besides ones going through the proxy.
sudo iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -j DROP
sudo bash -c "iptables-save > /etc/dansguardian/iptables.save"
sudo sed -i "/exit 0/d" /etc/rc.local
sudo echo "iptables-restore /etc/dansguardian/iptables.save exit 0 " >> /etc/rc.local
Alternatively, use this command to unblock a specific user, and block everyone else. Replace “owner” with your user.
sudo iptables -A OUTPUT -o lo -p tcp --dport 3128 -m owner --uid-owner USER -j ACCEPT
sudo bash -c "iptables-save > /etc/dansguardian/iptables.save"
sudo sed -i "/exit 0/d" /etc/rc.local
sudo echo "iptables-restore /etc/dansguardian/iptables.save exit 0 " >> /etc/rc.local
Lastly, change the ownership of the DG log files on Ubuntu so that the proxy user can access it, and start DG.
sudo chown -R proxy:proxy /var/log/dansguardian sudo systemctl enable dansguardian sudo systemctl start dansguardian
Proxy Settings
To start using DansGuardian, open up a terminal and enter the following proxy commands:
gsettings set org.gnome.system.proxy mode 'manual' gsettings set org.gnome.system.proxy.http host 'localhost' gsettings set org.gnome.system.proxy.http port 8080
Close the terminal when done. Ubuntu should soon be using the DG proxy.
