8/3/2019 dansguardianpresentation-100219133726-phpapp01

1/19

DansGuardianOpen Source Content Filtering

Andrew VandeverRHC{T,E,I,X}

andrew.vandever@gmail.comhttp://avcomp.net

8/3/2019 dansguardianpresentation-100219133726-phpapp01

2/19

DansGuardian

What Is DansGuardian?

Installing DansGuardian

Basic Configuration

List Management

Filter Groups

Advanced Url Matching with RegExp Further Resources

8/3/2019 dansguardianpresentation-100219133726-phpapp01

3/19

What Is DansGuardian?

Content Filter

Offensive Content

Time-Wasters

Malware

Logging

User-Based Management

Squid Users

Ident

IP Addresses

8/3/2019 dansguardianpresentation-100219133726-phpapp01

4/19

What Is DansGuardian?

Comparable to WebSense, SonicWall

Pairs with Proxy

Squid

TinyProxy

Other

Scalable

Easy to Install

Fedora/EPEL

Ubuntu

8/3/2019 dansguardianpresentation-100219133726-phpapp01

5/19

What Is DansGuardian?

Open Source

Patchable

Flexible

Community Support

Commercial Support Available: Smoothwall

8/3/2019 dansguardianpresentation-100219133726-phpapp01

6/19

Installing DansGuardian

DG Itself (Fedora similar for Ubuntu)

yum -y install dansguardian

chkconfig dansguardian on

service dansguardian start

Squid

yum -y install squid

chkconfig squid on

service squid start

8/3/2019 dansguardianpresentation-100219133726-phpapp01

7/19

Installing DansGuardian

Alternative TinyProxy

yum -y install tinyproxy

chkconfig tinyproxy on

service tinyproxy start

Must change listen port for TP or send port for DG

Default Configuration

/etc/dansguardian/* (possibly/usr/share/dansguardian)

/etc/squid/*, /etc/tinyproxy/*

8/3/2019 dansguardianpresentation-100219133726-phpapp01

8/19

8/3/2019 dansguardianpresentation-100219133726-phpapp01

9/19

8/3/2019 dansguardianpresentation-100219133726-phpapp01

10/19

Installing DansGuardian

Firewall Configuration

Accept HTTP traffic from Squid

DNAT HTTP traffic to DansGuardian

Reject outbound proxy ports

Log or block other outbound ports

8/3/2019 dansguardianpresentation-100219133726-phpapp01

11/19

DansGuardian Configuration

Basic Configuration

grep 'filterport' dansguardian.conf

grep 'downloadmanager' dansguardian.conf

grep 'contentscanner' dansguardian.conf

grep 'naughtynesslimit' dansguardianf1.conf

DansGuardian likes a local caching DNS server

yum -y install bind; chkconfig named on; servicenamed start

nameserver 127.0.0.1 in /etc/resolv.conf

Otherwise, whitelisting may be necessary

8/3/2019 dansguardianpresentation-100219133726-phpapp01

12/19

List Management

Automatic Updates

List service like shallalist.de or urlblacklist.com

Cronjob to get latest lists

.Include statements in banned{site,url}list

Plaintext lists add, remove, (un)comment a line

You probably need to comment many lines from

banned{mimetype,extension}list right off the bat

8/3/2019 dansguardianpresentation-100219133726-phpapp01

13/19

List Management

Filter Decision Flowchart/Visualization

8/3/2019 dansguardianpresentation-100219133726-phpapp01

14/19

List Management

By default, urls are checked, and if allowed then thecontent is scanned and either allowed or denied

Blacklisted pages are denied outright

Whitelisted pages are allowed and content is notscanned

Greylisted pages are not blocked based on the url

(useful for working around urlregexp issues), butstill have their content checked, and are allowed ordenied based on content

8/3/2019 dansguardianpresentation-100219133726-phpapp01

15/19

Weighted Phrases

Included by weightedphraselist

Page is scanned, producing naughtyness score

If naughtyness score of page is greater than

naughtyness limit of client, access is denied

Check /var/log/dansguardian/access.log for moreinformation on blocked content

8/3/2019 dansguardianpresentation-100219133726-phpapp01

16/19

Filter Groups

Can have global lists in tandem with group lists

Groups can have separate naughtyness limits

grep 'authplugin' dansguardian.conf

Three require Squid (not TP) and explicit-proxy(browser config):

proxy-basic

proxy-digest proxy-ntlm

ident

ip

8/3/2019 dansguardianpresentation-100219133726-phpapp01

17/19

Filter Groups

grep 'filtergroups' dansguardian.conf

In filtergroupslist: username=groupname

For ip auth, use lists/authplugins/ipgroups

Copy dansguardianf1.conf to dansguardianfN.conf

grep 'groupmode' dansguardianfN.conf

Can use nested includes for filter lists

8/3/2019 dansguardianpresentation-100219133726-phpapp01

18/19

Url Matching with RegExp

Perl-based Regular Expressions

Used for blocking complex nested url's

Useful for blocking certain search patterns

Examples in urlregexplist

8/3/2019 dansguardianpresentation-100219133726-phpapp01

19/19

Further Resources dansguardian.org

squidguard.org/blacklists.html

smoothwall.net

netfilter.org

squid-cache.org

www.banu.com/tinyproxy

man 5 crontab www.isc.org

calamaris.cord.de

andrew.vandever@gmail.com