securing against pron

[Goosemaster]

This happened a few months after I built a PC for some friends of the family......

1. child shows sign of porn addiction
2. 60GB of "inappropriate material" (to put it lightly) was found on her PC (yes, I said her)
3. Suspiscions arise. Obviously at first I assume her PC was hacked etc, and to an extent, it was. After awhile though, mother is sure child is at fault.
4. I reinstall XP home and everything else and limit her account I still could not fathom holding her responsible, so I customized some FWs and AVs more towrds blocking stuff from getting in. In addition, I randomly used VNC and RD to check on it. After awhile it went to hell, and I gave up.
5. Her pc was FUBAR'd this time with so much crap (to put it lightly) that it finally died on me.....every avenue of repair was exhausted.
6. After speaking with her parents, I am given the okay to go to school on the pc. Unfortunately, I didn't know how to add more policies than windows XP comes with, so I decided to take the linux route> perhaps it might encourage her.
7. I am currently installing suse 9.1


My question is, what steps can I take under linux to limit pron. I want to have context, key word, ip and as many rules as available, but unfortunately I don;t know how to do that other than on a firewall-only box. I felt that Suse was my only option in terms of ease of use (menus and such) but I am ot sure how to proceed beyond simple user restrictions and simple firewall rules.

Thanks.

 

[drag]

Well first off, it's not going to be a perfect solution. What we have to work with is combination of firewall rules and web filtering. However porn sites do know about this and will build their websites to aviod being filtered...

Plus if it's a severe addiction the person probably already has personal contacts in chat, IRC or usenets or something like that, that they can obtain porn from.

However there are quite a few industrial strength things you can try out. Such as blocking all web access but allowing connections thru a squid proxy.

article
more of a overview then a howto...

I think that while normally the squid proxy is on another computer, you can use 127.0.0.1 as a proxy server...

Never realy done this myself. (trying to proxy a computer.)

DansGardian (web filter)
SquidGuard

They also have a blacklist

It all depends on how much work you want to do.

You can lock down the computer and user accounts. Setup Mozilla, for instance, and then change ownerships and permissions on various .mozilla files and folders so they can't change settings or create new profiles. Make the home folder a different partition and mount it with no-exec privilages. (but they will still have access to temp for running programs.) Block all access to external networks, except what is allowed thru web proxy.

It all depends on how intellegent the child is also. With Linux and such you can do a pretty good job of locking a user account up, but still allow full function of other programs. But that can only slow a person down, if they are bound and determined to hack a machine, especially if they have physical access to the machine (like don't forget to make cdrom's non-bootable and set bios passwords) there isn't much you can do to realy lock them out.

Also make sure that the parents have a VERY good password (children can almost read parents minds sometimes, after all they lived with them their entire lives) and that they don't leave it laying around.

But what it comes down to is just pure supervision. Don't allow computers in children's bedrooms (or if you do eliminate all network access to the bedrooms), put the computer in a busy part of the house, in plain view. And restrict network access to times when the parents are awake and around.

Also make some simple scripts the parents can use to get a listing of all files inside the child's home folder and run diff's between listings. So on a so forth.

 

[Goosemaster]

oh my..this is going to suck.

thanks drag

 

[oldman420]

wow how old is this child!
it is really the parents responsibility to keep their kids pron free.
drag had it right when he suggested
QUOTE-----
--------
But what it comes down to is just pure supervision. Don't allow computers in children's bedrooms (or if you do eliminate all network access to the bedrooms), put the computer in a busy part of the house, in plain view. And restrict network access to times when the parents are awake and around.
man good luck

 

[Goosemaster]

sadly, supervision is the last thing this child gets

 

[purpledemon]

If all of that setup sounds like too much work, maybe drag's suggestion of using scripts is enough.

Set up a cron job to look in the the users directory for the presence of image and movie files. Maybe also use it to just check usage. You can dump that report somewhere accessible, or email it or something.

 

[drag]

Actually I think the best idea would be to block all network at the firewall and run everything thru a squid proxy filtered thru something like squidguard Or something like that.

That would be easy to setup, and unlike Windows filters, no kid without REAL computer knowledge will be able to circumvent. No just setting different browser settings, or killing off a proccess will work around that.

squidGuard can be used to

* limit the web access for some users to a list of accepted/well known web servers and/or URLs only.
* block access to some listed or blacklisted web servers and/or URLs for some users. **)
* block access to URLs matching a list of regular expressions or words for some users. **)
* enforce the use of domainnames/prohibit the use of IP address in URLs. **)
* redirect blocked URLs to an "intelligent" CGI based info page. **)
* redirect unregistered user to a registration form.
* redirect popular downloads like Netscape, MSIE etc. to local copies.
* redirect banners to an empty GIF. **)
* have different access rules based on time of day, day of the week, date etc.
* have different rules for different user groups.
* and much more..

Neither squidGuard nor Squid can be used to

* filter/censor/edit text inside documents
* filter/censor/edit embeded scripting languages like JavaScript or VBscript inside HTML

then just make sure that the kid can never get root, and you'll be set.


Of course nothing anybody can do to any computer will ever compare to just having responsable parents. But in life we just play with the cards we are delt.

 

[carldon]

Remove cable internet and setup an old 28.8 Kbps modem on the phone line.

Dont mean to be off topic or anything but has anybody tried talking to her? Doing all this isnt going to help if she can just get the porn from her friends. I suggest an open conversation, even if you have to do it. You would find it pretty suprising how well kids react to an open talk.

CD.

 

[awolkoff]

Originally posted by: carldon
Dont mean to be off topic or anything but has anybody tried talking to her?

The low tech approach.


:thumbsup: to that

 

[oldman420]

Originally posted by: awolkoff

Originally posted by: carldon
Dont mean to be off topic or anything but has anybody tried talking to her?

The low tech approach.


:thumbsup: to that

agreed

 

[Klixxer]

Originally posted by: drag
Actually I think the best idea would be to block all network at the firewall and run everything thru a squid proxy filtered thru something like squidguard Or something like that.

That would be easy to setup, and unlike Windows filters, no kid without REAL computer knowledge will be able to circumvent. No just setting different browser settings, or killing off a proccess will work around that.

squidGuard can be used to

* limit the web access for some users to a list of accepted/well known web servers and/or URLs only.
* block access to some listed or blacklisted web servers and/or URLs for some users. **)
* block access to URLs matching a list of regular expressions or words for some users. **)
* enforce the use of domainnames/prohibit the use of IP address in URLs. **)
* redirect blocked URLs to an "intelligent" CGI based info page. **)
* redirect unregistered user to a registration form.
* redirect popular downloads like Netscape, MSIE etc. to local copies.
* redirect banners to an empty GIF. **)
* have different access rules based on time of day, day of the week, date etc.
* have different rules for different user groups.
* and much more..

Neither squidGuard nor Squid can be used to

* filter/censor/edit text inside documents
* filter/censor/edit embeded scripting languages like JavaScript or VBscript inside HTML

then just make sure that the kid can never get root, and you'll be set.


Of course nothing anybody can do to any computer will ever compare to just having responsable parents. But in life we just play with the cards we are delt.

Never knew about squidguard before, this is going to make this weeks work SO much easier.

 

[BujinZero]

Your desire to help is admirable, Goosemaster, but remember that parenting this child is ultimately not your responsibility. Doesn't mean you shouldn't try helping, though.

 

[EightySix Four]

Also make sure the P2P, and I belive IRC and others have already been mentioned.... Also if it really comes down to it, put a keylogger on there, and have something go through the logs searching for keywords, I'm sure u can figure the proper keywords out on your own. Now what to do when the keylogger finds that info is the tough part.


But I will tell u that this person has a problem. This is definately on the parents for this one... You can only do so much with a computer lock-down. Supervision, a good talking, and major consequences for it would probably go much farther than a comp lock-down system.

 

[naruto1988]

i'm no help here but just wanted to say that gave me a laugh, lol.

 

[drag]

Originally posted by: naruto1988
i'm no help here but just wanted to say that gave me a laugh, lol.

It's not funny. It's actually quite sad.

Stuff like this can inhibite the formation of normal human relationships with the oppisite sex... It points to a much larger problem in the child's life. (like most addictions it's a symptom of a larger sickness, and not the root cause in itself.) Although I would not presume to know the child, but it's not a good sign. Or funny.

 

[AnonymouseUser]

Originally posted by: drag

Originally posted by: naruto1988
i'm no help here but just wanted to say that gave me a laugh, lol.

It's not funny. It's actually quite sad.

Stuff like this can inhibite the formation of normal human relationships with the oppisite sex... It points to a much larger problem in the child's life. (like most addictions it's a symptom of a larger sickness, and not the root cause in itself.) Although I would not presume to know the child, but it's not a good sign. Or funny.

I agree. From the minimal info provided I think this child needs serious counseling.

 

[HKSturboKID]

invest into web filtering software such as surfcontrol or websense and have it schedule a daily updates download and forward all the sites that the person have visited to be categories. Then again, its going to cost some money, but in the long run, it will save the childs future.

 

[naruto1988]

guess i got pwned. doh. i guess that would make one feel disturbed if the child has been downloading GIGS of pr0n and doing it repeatedly.

 

[drag]

Originally posted by: naruto1988
guess i got pwned. doh. i guess that would make one feel disturbed if the child has been downloading GIGS of pr0n and doing it repeatedly.

Hell Ya. That stuff is nuts.

 

[HKSturboKID]

Another option is get a router/switch device to block everything and only allow port 80 traffic. That should cut down on the download.

 

[Goosemaster]

Originally posted by: naruto1988
guess i got pwned. doh. i guess that would make one feel disturbed if the child has been downloading GIGS of pr0n and doing it repeatedly.

...especially if you've known this sweet young girl from birth....

 

[oldman420]

try talking to her and ask her whats up?
I mean the odds of a child having the level of knowledge to find and dl 60 gigs of porn without some form of guidance is unlikely.
maybe some one in a chat room or at school etc got her started.
it is a shame poor baby.
help her find alternatives perhaps.

 

[Allan The Shield]

IMHO spending hours and hours trying to police this computer user is futile.

You are not addressing the problem at hand, merely trying to sweep it under the carpet and hope that it goes away. This kid needs
to talk to someone about this, otherwise it will never go away, and probably just get worse.

Instead of spending 10 hours going to town on her PC, try spending 10 hours talking to her about why she likes pron so much.

 

[drag]

Originally posted by: Allan The Shield
IMHO spending hours and hours trying to police this computer user is futile.

You are not addressing the problem at hand, merely trying to sweep it under the carpet and hope that it goes away. This kid needs
to talk to someone about this, otherwise it will never go away, and probably just get worse.

Instead of spending 10 hours going to town on her PC, try spending 10 hours talking to her about why she likes pron so much.

I don't think it's his kid. He is in no position to do something like that. He can, however, do something about the computer.

 

[Allan The Shield]

I see your point, i knew it wasn't his kid but he is involved in this whether he likes it or not. And it seems to me that the parents are aware of the pron but fail to be doing much about it. Perhaps goosemaster should try talking to the parents about it. The poor kid will end up pregnant with a kid she doesn't want.