Install dansguardian sme server

DansGuardian is supplied with an example list. The phrases can contain spaces. Use them to your advantage. Combinations of phrases can also be used, which if they are all found in a page, it is blocked.

Exception phrases are no longer listed in this file - see exceptionphraselist. Users names, who, if basic proxy authentication is enabled, will automatically be denied web access. This contains a list of banned MIME-types. This is a good way of blocking inappropriate movies for example. This contains a list of banned file extensions. DansGuardian comes with some example file extensions to deny. This is a good way of blocking kiddies from downloading those lovely screen savers and hacking tools.

You are a fool if you ban the file extension. This contains a list of banned regular expression URLs. Regular expressions are a very powerful pattern matching system.

This file allows you to match URLs using this method. This file contains a list of banned sites. Entering a domain name here bans the entire site. For banning specific parts of a site, see bannedurllist. Also, you can have a blanket ban all sites except those specifically excluded in exceptionsitelist.

You can also block sites specified only as an IP address, and include a stock squidGuard blacklists collection. Simply put them somewhere appropriate, un-comment the squidGuard blacklists collection lines at the bottom of the bannedsitelist file, and check the paths are correct. For URL blacklists, edit the bannedurllist in a similar way. This allows you to block specific parts of a site rather than the whole site.

To block an entire site, see bannedsitelist. To enable squidGuard blacklists for URLs, you will need to download the blacklists and edit the squidGuard blacklists collection section at the bottom as for bannedsitelist above. Each phrase is given a value either positive or negative and the values are added up.

Phrases to do with good subjects will have negative values, and bad subjects will have positive values. Once the naughtyness limit is reached within dansguardian. See the Naughtyness Limit description within the dansguardian. This file allows you to finely tune the PICS filtering.

Each PICS section comes with a description of the allowed settings and what they represent. The default settings with DansGuardian are set for youngish children, for example mild profanities and artistic nudity are allowed.

The ICRA section is fairly self-explanatory. A value of 0 means nothing of that category is allowed, whereas a value of 1 allows it. For example,. The values here range from 0 meaning none allowed, through 2 the default value , to 4, which allows wanton and gratuitous amounts of the given category.

The only setting that is vital for you to configure in the dansguardian. You should set this to the address not the file path of your Apache server with the perl access denied reporting script. This is slightly different to weighted phrases which scores the contents and won't have an affect until enough the set limit is reached. Affects a user when the proxy access method is set to Pam Auth, see the next section for details, This is set by selecting a SME group.

Affects a URL that contains a pattern that is matched by a unix regular expression. This is very powerful but also difficult to understand and get right if you don't know your regular expression rules. Common catagories of files have been grouped so you only need to check a box on the filter group page. You can ban other file types not included in that list. An example of grey list use is when in Blanket Block whitelist mode and you want to allow some sites but still filter as normal on their content.

Another example of grey list use is when you ban a site but want to allow part of it. When a page is blocked the denied usage screen is displayed. The details of why the page was blocked can be brief or detailed depending on the settings. The override bypass link is shown if the user is authenticated, the reporting level is set to report details and the bypass link is enabled in the filtergroup. This isn't 'Single Sign On'. If users tick remember and save password this is only a small inconvenience.

Retrieve filter group members, eg. Let us know if you need to change the command to connect, and we can add to smeserver-dansguardian-panel. Create a user password file and assign users to groups. Note, this can be bypassed by the user entering in their browser. Your Operating system may allow you to lock down your browser proxy settings, an alternative is to use the tick box in the panel to block ports to stop the filter being bypassed. You can check if dansguardian is running with:.

Restarting dansguardian from the panel affects users differently depending on the button the options are:. Not all settings can be set from the panel, you can set these settings with db commands, activate db settings with.

Maximum Size of file allowed to be uploaded default is -1 no restrictions or enter a size in kb's eg. An alternative or additional method of control is to use a script to change db settings with cron,.

This would allow you to ban access to the internet for a group or to give unfiltered access. Make a copy of your altered script so it isn't overwritten by the next rpm update, and enable the changes with a cron job. If you wish to authenticate users when opening a browser using pam auth method, then you will need to disable Transparent Proxy as it is not compatible with this method. Doing the above will also require you to manually specify the proxy settings in your browser, so you will need to add the server IP eg Each filter directory f2, f3, etc.

Because the configuration files are modified, is a smart idea to create a "virgin" copy of the files and then use it to create new filters directory. This directory will named "virgin" or something similar. Each group can have different levels of filtering eg different exceptionlists and naughtyness limits etc. Restart dansguardian and try to download eicar test virus. The path to clamd. After installing DansGuardian and completing the clamav setup instructions above, there are 3 extra steps to take on SME Dansguardian and Clamav must run as the same user for clamav scanning to work.

Set Dansguardian to run as 'clamav' as follows:. Correct the ownership on existing files and folders that belong to the original dansguardian user account. If you need to stop Dansguardian ie to disable filtering or test your system without Dansguardian running. You will need to restart Dansguardian after making any configuration changes so they can take effect. You should receive a message advising the site is blocked. Try browsing to other sites with inappropriate content or a site on your banned site list and you should receive a site blocked message.

An alternative approach which is known to work OK , is to use gpedit. Do this using the following brief steps. Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-dansguardian component or use this link. Languages : English. Skill level: Medium The instructions on this page require a basic knowledge of linux. Contrib