Update Parental Control : managing a time quota
Here is a small development of parental control system to limit the user login period
During the previous Article we saw how to install and configure a parental control system with a Raspberry Pi and Squid and tools SquidGuard. So far, so good. Except that the lady at home began to use the Internet often see too often. So as the old saying : to great ills, great remedies. So I chose the setting up of an integrated time quota in Squid.
An external controller is to Squid with a contributor, Dr. Tilmann Brubeck ! The module is available since version 3.4 Squid except that …. the module is not compiled and integrated into the package ! So we have to stick to it in his hand.
- Update distribution. Please note you must have the version of Jessie to access the Squid package 3.4.8.
apt-get update && apt-get upgrade -y
Add the following command to update the version of Raspbian if you are not up to date (and do not forget to reboot after)
apt - get dist-upgrade
- Install dependencies and sources for compiling Squid
apt-get install dpkg-dev apt-get source squid3 apt-get build-dep squid3 apt-get install devscripts build-essential fakeroot libssl-dev
- Be patient ca takes time. Then you should have a directory squid3-3.4.8 in the directory where you launched your orders. Go to this directory
- Edit the file debian/rules containing compilation instructions for Debian by modifying the quota to compile our module. Replace the line :
- Now you can run the configuration. You should always be in the directory squid3-3.4.8.
debuild -us -uc -b
- A few long minutes later, you can go up one directory and list all the packages you just created
cd .. -lrt ls * .deb
- Back up your current configuration (even if the installation also makes a backup but it seems good …)
cp /etc/squid3/squid.conf /etc/squid3/squid.conf.save
- Install your packages. Only two are needed :
dpkg -i squid3_3.4.8-6+deb8u1_armhf.deb squid3-common_3.4.8-6+deb8u1_all.deb
- After installation you can restore your configuration
cp /etc/squid3/squid.conf.save /etc/squid3/squid.conf
- Restart Squid to validate your configuration
service squid3 restart
- You now have your new Squid with a helper (is the name) to validate quotas
- To configure quotas must now address authentication. Because yes that allowances are controlled, must have accounts. It will be a big difference compared to our previous configuration.
To create the accounts we will go through the tool that comes with Apache to manage passwords htpasswd
apt-get install apache-utils
- Create your user base with the associated passwords
htpasswd -c /etc/squid3/passwd chris <my_password>
- We then need to create a file that the mapping between a user and quota. I created it in /etc/squid3/time_quota. For example I created a user by adding the following line (attention to areas) :
chris 30h / 1w
The quota gives the user chris 30h access each week (the 1w). Available units are “s”, “m”, “h”, “d”, “w”. Decimal values are accepted (ex: 1.5h).
- Penultimate stage, you must then configure Squid to force authentication and enable quotas. Everything happens in the configuration file /etc/squid3/squid.conf.
Add the line pattern beginning :
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd external_acl_type time_quota ttl=60 children-max=1 %LOGIN /usr/lib/squid3/ext_time_quota_acl -b /var/run/squid3/time_quota.db /etc/squid3/time_quota
Then at the end of lines acl :
acl time_quota external time_quota acl authenticated_users proxy_auth REQUIRED http_access deny !time_quota http_access deny !authenticated_users
And finally the definition of the port of Squid :
deny_info TIME_QUOTA_EXCEEDED time_quota
- You can now restart Squid and enjoy your connection. As long as you remaining quota !
service squid3 restart