DansGuardian Open Source Content Filtering

Andrew Vandever RHC{T,E,I,X} andrew.vandever@gmail.com http://avcomp.net

DansGuardian ● ● ● ● ● ● ● What Is DansGuardian? Installing DansGuardian Basic Configuration List Management Filter Groups Advanced Url Matching with RegExp Further Resources .

What Is DansGuardian? ● Content Filter – – – Offensive Content Time-Wasters Malware ● ● Logging User-Based Management – – – Squid Users Ident IP Addresses .

SonicWall Pairs with Proxy – – – Squid TinyProxy Other ● ● Scalable Easy to Install – – Fedora/EPEL Ubuntu .What Is DansGuardian? ● ● Comparable to WebSense.

What Is DansGuardian? ● Open Source – – – – Patchable Flexible Community Support Commercial Support Available: Smoothwall .

Installing DansGuardian ● DG Itself (Fedora – similar for Ubuntu) – – – yum -y install dansguardian chkconfig dansguardian on service dansguardian start yum -y install squid chkconfig squid on service squid start ● Squid – – – .

Installing DansGuardian ● Alternative – TinyProxy – – – – yum -y install tinyproxy chkconfig tinyproxy on service tinyproxy start Must change listen port for TP or send port for DG /etc/dansguardian/* (possibly /usr/share/dansguardian) /etc/squid/*. /etc/tinyproxy/* ● Default Configuration – – .

blacklists. regexp lists. whitelists. defaults okay tinyproxy. group lists squid.conf – filter settings for first group lists/* .conf – main TP configuration.Installing Dansguardian ● Default Configuration – – – – – dansguardian. check port .conf – server configuration file dansguardianf1.conf – main squid configuration.

Installing DansGuardian ● Set Browser Proxy – – – – Depends on browser More systems = harder to manage Difficult to enforce Best option if you can do it Easier to configure Easier to enforce Breaks SSL ● Firewall – – – .

Installing DansGuardian ● Firewall Configuration – – – – Accept HTTP traffic from Squid DNAT HTTP traffic to DansGuardian Reject outbound proxy ports Log or block other outbound ports .

1” in /etc/resolv.0. whitelisting may be necessary ● DansGuardian likes a local caching DNS server – – – .conf grep 'naughtynesslimit' dansguardianf1.0.conf grep 'downloadmanager' dansguardian.DansGuardian Configuration ● Basic Configuration – – – – grep 'filterport' dansguardian.conf yum -y install bind. chkconfig named on.conf grep 'contentscanner' dansguardian.conf Otherwise. service named start “nameserver 127.

Include<> statements in banned{site. (un)comment a line You probably need to comment many lines from banned{mimetype.List Management ● Automatic Updates – – – List service like shallalist. remove.de or urlblacklist.url}list ● ● Plaintext lists – add.extension}list right off the bat .com Cronjob to get latest lists .

List Management ● Filter Decision Flowchart/Visualization .

and if allowed then the content is scanned and either allowed or denied Blacklisted pages are denied outright Whitelisted pages are allowed and content is not scanned Greylisted pages are not blocked based on the url (useful for working around urlregexp issues). urls are checked. and are allowed or denied based on content ● ● ● .List Management ● By default. but still have their content checked.

producing “naughtyness” score If naughtyness score of page is greater than naughtyness limit of client.Weighted Phrases ● ● ● Included by weightedphraselist Page is scanned.log for more information on blocked content ● . access is denied Check /var/log/dansguardian/access.

conf – Three require Squid (not TP) and explicit-proxy (browser config): ● ● ● proxy-basic proxy-digest proxy-ntlm – – ident ip .Filter Groups ● ● ● Can have global lists in tandem with group lists Groups can have separate naughtyness limits grep 'authplugin' dansguardian.

use lists/authplugins/ipgroups Copy dansguardianf1.conf grep 'groupmode' dansguardianfN.Filter Groups ● ● ● ● ● ● grep 'filtergroups' dansguardian.conf to dansguardianfN.conf Can use nested includes for filter lists .conf In filtergroupslist: username=groupname For ip auth.

Url Matching with RegExp ● ● ● ● Perl-based Regular Expressions Used for blocking complex nested url's Useful for blocking certain search patterns Examples in urlregexplist .

banu.org/blacklists.html www.org Further Resources squidguard.isc.org smoothwall.● ● ● ● ● ● ● ● ● ● dansguardian.de andrew.net netfilter.vandever@gmail.com .cord.org calamaris.com/tinyproxy man 5 crontab www.org squid-cache.

Sign up to vote on this title
UsefulNot useful