Originally Posted by chrism01
Simplest is to put it in a lockbox, so only the screen & controls are reachable.
Any time you leave a port physically exposed, you're asking for trouble, especially if they can reach the power button/plug.
I agree 100%, but unfortunately I can't do that. The inside of the machine has to be accessible for emptying the cashbox, and I need to be able to ask anyone with a key to the machine to do an update or data dump via USB (they would DL the update from my FTP server, put it on a stick and then apply it themselves).
This hasn't been a problem so far, but if I want to get bigger and start putting more machines out, then because it's a coin-op I have to follow certain rules, and this is one of them. Believe me, I've already had the "This is pointless, I could get round it by doing XXX" conversation with the authorities.
In additional horrible news, I've just discovered that the driver functions provided by the hardware manufacturer (for the controls) require any program using them to be launched with root access, so I can't even feasibly use the remove-execute-permissions method.
EDIT: Managed to get around this last issue by using /etc/rc.local, so not an immediate problem.