[H-GEN] Net Nanny on linux (Was: Tron)

[Stephen Thorne]

On 2010-11-29, Mick Campbell wrote:
> Question about 'Net Nanny" for Linux.
> 
> I have 2 old laptops I have installed Xubuntu on and giving to my
> Godsons starting High School next year.
> 
> From my research on this it seems the best method of monitoring and
> reporting their Internet abuse is to:
> 
> 1. Install transparent squid proxy logging the URLs
> 2. Install reporting tool like SARG to generate a report once a week
> which typically outputs a web page to /var/www/html
> 3. Run a cron job once a week to have sendmail email this page to their
> parents to check.
> 
> This is probably beyond my current levels of knowledge, especially squid
> and SARG which have conf files more complicated then SAMBA, though it
> does sound like a fun learning project, never having done things with
> iptables and cron before.
> 
> My question is, is there an easier way I have not been able to find?
> Dans Guardian doesn't seem to do what I need.

This is an interesting problem! Are you implementing this software on
the gateway or on the laptop?

Squid's configuration is actually very easy to set up. The configuration
files are huge, but they're exceptionally well documented. Just install
it, get it running, and add an intercept http_port:

http_port 8081 intercept

Use iptables to redirect to it. You will need to do something to stop
squid from being intercepted, here's an example:

iptables -t nat -A OUTPUT --dport 80 \
    -m owner ! --uid-owner squid \
    -j DNAT --to-destination localhost:8081

That's given squid is running as the 'squid' user. If it's another user,
substitute that.

Then, the remaining thing to do is to sort out a log analyser. Here is a
list of them:

http://www.squid-cache.org/Scripts/

-- 
Regards,
Stephen Thorne
Development Engineer
Netbox Blue