On 1/21/07, George Toft <
george@georgetoft.com> wrote:
> I need to set up a Linux workstation (Computers for Families project)
> that filters content. The workstation is an edubuntu install. Users
> have a generic login, separate from the admin, and the root account is
> locked. I added Squid and DansGuardian, which works perfectly once the
> Firefox connection settings are set to 127.0.0.1:8080. Problem is that
> any user can override this setting in their local profile.
>
> Is there an elegan way to prevent a user from changing this setting and
> surfing the sites of ill repute?
>
> Kluge/Hackjob method 1:
> I guess I could implement a cronjob that checks to see if firefox has
> any established port 80 connections, then kills it. Pretty Draconian,
> but it will get the point across. Make pref.js read-only for the user
> which restores the proxy settings. Pretty inconvenient for the user :(
>
>
> Thoughts?
George,
I am assuming you are running Squid and DansGaurdian as a
different user than firefox( if not you should change it ). You
should set iptables to block all packets with destination other than
localhost:8080 from your browser user( use --uid-owner <firefoxuser>
switch ). This will also stop them from using other applications to
contact internet services of ill repute.
-jmz
--
.0000. communication.
.0001. development.
.0010. strategy.
.0100. appeal.
JOSHUA M. ZEIDNER
IT Consultant
++power; ++perspective; ++possibilities;
( 602 ) 490 8006
jjzeidner@gmail.com
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)