|09-02-2013, 09:03 AM||#1|
Block social networking sites with DansGuardian
If your SMB doesn't want to fool with the hassle of monitoring employees' use of social media sites and creating a social media policy, try the open source DansGuardian to block such sites altogether.
I still feel strongly about my position, though I can understand why some SMBs might choose to block those sites. For instance, if you continue to warn an employee who abuses the freedoms he has been given with social networking sites, you might decide that prohibiting access to those sites will save your company time and resources. One tool for this task is DansGuardian.
This award-winning, open source, content filtering tool runs on Linux, FreeBSD, OpenBSD, NetBSD, Mac OS X, HP-UX, and Solaris and can be installed and up and running in minutes. Once the software is installed, it's easy to configure it to block social networking sites. With DansGuardian, you can even create different groups, which are subject to different filtering.Installing DansGuardian
You can find DansGuardian in most distribution repositories; to that end, the software is very easy to install. I will demonstrate the installation on a Ubuntu system. If you plan to install it on other platforms, you should modify the commands to fit your package manager.
1. Open a terminal window.
2. Issue the command sudo apt-get install dansguardian.
3. Type your sudo password and hit Enter.
4. Accept any dependencies.
5. Allow the installation to complete.
Once installed, you need to configure the /etc/dansguardian/dansguardian.conf script. Near the top of that script, you will see the line UNCONFIGURED - Please remove this line after configuration. Delete that line and then walk through the configuration file and set up any necessary items that apply to your network. In particular, you will want to configure:
After you configure the dansguardian.conf file, you're ready to add the necessary configurations for blocking the sites.Blocking sites
Within the /etc/dansguardian/lists directory, you will find a number of flat text files that allow you to set up various blocks. We want to focus on the following:
bannedurllist: block part of a site
bannedsitelist: block an entire site
bannediplist: block by IP address
Let's say that we're going to block Facebook. Since we're going to block that entire site, we'd list it in the bannedsitelist file. The entry will be listed under the:
#List other sites to block:
and will simply be:
You should restart DansGuardian, and then anyone in the default group will no longer be able to reach the Facebook site.
One issue with blocking social sites like Facebook is that users can get around this by using https. Since DansGuardian bans using http, the easiest way to ban the Facebook https link is to use the bannediplist file. Here's what to do:
1. Open a terminal window.
2. Open the file /etc/dansguardian/lists/bannediplist for editing.
3. Add the following IP addresses:
4. Save and close the file.
5. Open the /etc/dansguardian/bannedsitelist and add the following:
6. Save that file and restart DansGuardian.
Once DansGuardian is restarted, you'll use the IP address of the machine hosting the service as the proxy for the client. Also remember the proxyport configured in dansguardian.conf.Blocking groups
Let's say you want to block access to Facebook from only certain machines. You can do this by using Filtergroups. In the /etc/dansguardian folder there are, by default, two configuration files:
Here's how to create a specific group that cannot reach Facebook:
1. Copy the dansguardianf1.conf to dansguardianf2.conf (note configuration change below).
2. Copy the bannedsitelist to bannedfacebook.
3. Copy the bannediplist to bannedfacebookip.
4. Configure the dansguardianf2.conf to point to the newly created lists.
5. Add the Facebook IP addresses and URLs into the newly created files, respectively.
6. In the newly created dansguardianf2.conf, you need uncomment this line:
#groupname = ''
and then edit it to look like this:
groupname = 2
The easiest way to apply this is via IP address (instead of having to work out some form of authentication).
7. Set the machine to belong to group 2 on a static IP address.
8. Add the IP address in the file /etc/dansguardian/lists/filtergroupslist. The entry will look like IP_ADDRESS=filter2 (IP_ADDRESS is the address of the machine to be blocked from reaching Facebook).
9. Restart the service with the command sudo /etc/init.d/dansguardian restart.
10. Point the desktop machine to be banned to use the proxy server IP address.Summary
Although I don't advocate such managerial tactics (happy employees are productive employees), there are times when you must resort to these types of actions. If you do, DansGuardian is an easy and free alternative to other, proprietary solutions.
KNOWLEDGE is POWER | Stronger Than Yesterday | 01001111 01110110 01100101 01110010 01100011 01101100 011011
ویرایش توسط AsadSAAD : 09-02-2013 در ساعت 09:04 AM
|علاقه مندی ها (Bookmarks)|
|(this, /etc/dansguardian/dansguardian.conf, /etc/dansguardian/lists, /etc/dansguardian/lists/bannediplist, abuses, accept, access, add, address let's, addresses:, altogether. i'm, apply, apt-get, award-winning, ban, bannediplist, bannedsitelist, bans, be: facebook.com you, block, block: and, blocking, blocks., choose, command, commands, company, complete. once, configuration, configuration., configurations, configure, configure:, content, continue, create, creating, dansguardian, dansguardian you, dansguardian. 3., dansguardian. this, dansguardian.conf, decide, default, delete, demonstrate, dependencies. 5., directory, distribution, do: 1., doesn't, easiest, easy, editing. 3., employee, employees', end, enter. 4., entire, entry, facebook, facebook., feel, file, file., files, filtergroups, filtering, filtering. installing, filterport, find, fit, flat, focus, following: bannedurllist:, fool, freebsd, freedoms, group, groups, hassle, here's, hit, hp-ux, http, https, https., install, install., installation, installed, installing dansguardian, instance, issue, it's, items, line, link, linux, list, listed, longer, mac, manager. 1., media, minutes., modify, monitoring, netbsd, network., networking, number, open, openbsd, optional) after, package, part, password, plan, platforms, policy, position, prohibiting, proxy, proxyport, reach, ready, record, remove, repositories;, resources., restart, running, runs, save, script, script., set, simply, site, site bannediplist:, site bannedsitelist:, site. one, sites, sites within, sites., sites. blocking, smb, smbs, social, software, solaris, source, strongly, subject, sudo, system., task, terminal, text, the: #list, time, tool, top, type, ubuntu, unconfigured, understand, users, walk, warn, we'd, we're, window. 2., you're|
|کاربران در حال دیدن موضوع: 1 نفر (0 عضو و 1 مهمان)|
|نحوه نمایش||امتیاز به این موضوع|
|موضوع||نویسنده موضوع||انجمن||پاسخ ها||آخرين نوشته|
|10 reasons NOT to block social networking at work||AsadSAAD||Network||0||09-02-2013 09:07 AM|