Tips on Local User Security
 

Hello,

Sorry, I'm not sure I posted this in the wrong forum, if not please suggest another forum.

I'm trying to set up a machine at my School where Students can surf the internet but do nothing else. So I need some tips on what to 'lock' down and how to do it (I'm a linux Newbie).

I'm also need some help making the computer boot up straight to a web browser, and not giving them access to anything else, including a command line.

Do anyone know of any good how to's? So far I've found a document called "The Linux Public Web Browser mini-HOWTO"

Thanks,

Matthew Collins

You can configure a firewall to block everything except, then add ports 53, 80, and 8080 to the allow ports list.

As for making it only a browser... I guess you could create a user account and remove all their access rights... then open the browser using your root password... then they couldn't open much at all I don't think.

Thanks, I'll look into the firewall...what Linux Distro would you suggest?

Matthew Collins

Any distro would do, use one that you're comfortable with. As for locking down the system, you could put them in a chroot jail, with the necessities. Try 'man chroot' and google it for more information. As for ports 53, 80, and 8080, I see no reason to have such ports open, what is your reasoning for this? And your school's switches should provide all the protection from the outside you would need...

Thanks, I'll look into Man Chroot.

Also, I don't have problem with external security...it's more the students doing things to the computer locally, e.g. while they're using it.

Matthew Collins