Two of summer interns, Kyle and Travis, are wrapping up testing on their assigned projects. The first is an open source web content filter, we chose to use DansGuardian running on CentOS 4.3. The second is an open source spam/virus mail filter, we chose to use SpamAssassin and ClamAV, they found a pre-configured gateway called Piratefish which uses both and has good installation documentation.

They wrote up a rough draft on how they got DansGuardian up and running, I’ll post the final version shortly:

-Boot CentOS from disk 1
-choose skip
-choose next about 3 times,
-when it asks for installation type choose server
-automatically partition
-remove all partitions, yes you are sure
-next until firewall configuration, choose no firewall, and disable SELinux
-choose next, then click proceed when asks you to configure firewall
-make root password
-Package Group Selection
Editors
Development tools
-insert disks as needed
-log in as root
-type : ‘yum update’

-use WinSCP and place the webmin package in the root directory
-using putty type the commands:
‘rpm -U webmin-1.290-1.noarch.rpm’
to install webmin
-direct your browser to x.x.x.x:10000 (where x.x.x.x is the IP address of the box)
-click system, software packages, browse yum, type: squid, choose squid and click install
-using WinSCP copy and overwrite the squid config file to /root/etc/squid

-using WinSCP copy the dansguardian package to the root directory
-using WinSCP click networking, linux firewall, and setup a firewall using the defaults
-using putty type these commands:
tar –zxpf dansguardian-2.8.0.6.source.tar.gz
cd dansguardian-2.8.0.6
./configure
make
make install
make clean
cd
service squid start
service dansguardian start
service iptables stop
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 \
-j REDIRECT –to-port 8080
-using WinSCPcopy the html template file into the ‘/root/etc/dansguardian/languages/ukenglish/’ directory
-using putty type : ‘service dansguardian restart’
-using WinSCP copy the ‘dg-0.5.10-pr5.wbm’ file into the root directory
- using webmin, Click on webmin configuration, webmin modules
-install the file you just copied by selecting “from local file” and browsing for it by clicking the “…” button.
-using webmin, click servers, dansguardian, module config, and change the paths by deleting ‘/usr/local’ from any path that contains it.
-using WinSCP copy the ‘blacklists’ folder into ‘/etc/dansguardian/’
-using webmin, click system, scheduled cron jobs, create a new scheduled cron job
Execute as root
Copy the text from the ‘blacklistupdate’ text file into the “input to command” field:
type a command name and description
click the “simple schedule button” and choose “monthly (on the 1st)” from the dropdown menu
click save
-click the name of the cron you just made
-click run now
-edit ‘/etc/dansguardian/bannedsite’ list and remove the ‘#’’s to choose which blacklists you want to use, make sure the ‘#’ is removed before ‘*ip’ to enable IPs be blocked to protect against ‘ping’. Add any sites you wish to block in this file where it says to
-also edit ‘/etc/dansguardian/bannedurllist’ and perform the same basic actions.

-edit the file ‘/etc/rc.d/rc.local’ and add all the text from the ‘squidstartup’ text file.

-take the ‘phraselistsmay31’ file and extract it twice in the ‘/etc/dansguardian’ file

-Go to ‘network connections’ on the workstation you wish to have the internet filtered on, right click ‘local area connection’, click ‘properties’, click ‘Internet Protocol (TCP/IP), click ‘properties’, click ‘advanced’, click add, and add the IP address of the box that filters.