# This is the README file for "honorsystem.pl". (c) 2005 mick@lowdrag.org # It's not a shell script. If it were it'd have to be run as root. :( # This program allows a user to conveniently bypass the filtering of your proxy # you went to so much trouble to install. This is intended to keep a user from # accidentally accessing objectionable material in a public setting, but # allowing him to make the final decision. Just to add a little more utility # I've added a simple passwording hook which can be enabled by defining the # variable $passwd. If that sounds like something you want to do I'll try to # outline the hoops through one must pass to get this deal going. # This is on a machine running Debian GNU/Linux "Sarge-era". Paths, filenames, # files and thier contents may be somewhat to completely different on different # operating systems. Distribute, modify and use this program and these # instructions under the same license as squid, squidGuard or chastity-list. # Assumption 1: Your webserver user is www-data # Assumption 2: Your cgi dir is /usr/lib/cgi-bin/ # First things first: get squid + squidguard + chastity-list. Good, you're almost done. # In the squid config (/etc/squid/squid.conf) there is a pointer to a # redirect_program and it has a config file switch. You probably made this config # file either "/etc/chastity/squidGuard-chastity.conf" or # "/etc/squid/squidGuard.conf". Either replace all ocurrances of # "squidGuard.cgi" with "honorsystem.pl" sed -i s/squidGuard.cgi/honorsystem.pl/g /etc/chastity/squidGuard-chastity.conf \ /etc/chastity/squidGuard-chastity.conf # and put honorsystem.pl into the same directory, or mv honorsystem.pl # to squidGuard.cgi. The gist if the matter is that the redirect program config # file has to use our program, honorsystem.pl, even if it gets a new name. # Make sure honorsystem.pl (or whatever you named it) is executable by the webserver. chown .www-data /usr/lib/cgi-bin/honorsystem.pl chmod 750 /usr/lib/cgi-bin/honorsystem.pl # Make a directory and three files, and make them readable/writable by the webserver. mkdir /var/lib/chastity/okay/ touch /var/lib/chastity/okay/domains \ /var/lib/chastity/okay/urls \ /var/lib/chastity/okay/expressions # # /* You may hand-edit the above or leave them empty */ # chown .www-data /var/lib/chastity/ chown -R proxy.www-data /var/lib/chastity/ chmod 770 /var/lib/chastity/okay/ chmod 660 /var/lib/chastity/okay/* # Use visudo to add the webserver user to /etc/sudoers. visudo # /* Add a line like the following */ # /* in the user privilege section */ # www-data ALL = NOPASSWD: /etc/init.d/squid reload # Now edit the file: /usr/lib/cgi-bin/honorsystem.pl and change all the stuff in # the config part. # Troubleshooting: As shipped the script passes "fatalsToBrowser", so some # hints may show up right there. It's good practice to comment that line out # one the thing is running. tailing the apache logs is a valuable source of # info as well tail -f /var/log/apache/*.log # Good luck! email cheerfully answered most of the time. mick@lowdrag.org