LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-13-2009, 02:09 PM   #1
codefinger
LQ Newbie
 
Registered: Mar 2009
Distribution: Several
Posts: 1

Rep: Reputation: 0
Locked Down Tight Public Access PCs


Hi,

Since I’m the only Linux user in the shop, I have been asked to put together a little test project. Unfortunately, I’m a newb and need some direction.

Here are the params, any advice would be great.

These are older PCs that sit on a winblows domain. Each has a 2GB processor, a gig or RAM, and usually about a 40GB hard drive.

I need to set them up so:

1) After login through KDM / GDM, Firefox fills the entire screen &
a. Only allows access to 3 predetermined websites (via Bookmarks?)
b. Any attempt to enter other URLs will default back to Homepage.
c. User cannot minimize Firefox or access desktop at all.

2) User will not have access to:
a. A task bar, any other apps, system services, or settings.
b. Logon / logoff capability (Start button or similar)
c. CTRL+ALT+DELETE or similar will bring up KDM / GDM, but only root account may reboot or shutdown the system.

d. Any other options on the “File Edit View…” bar (Only Bookmarks)

3) User cannot have the ability to mount floppies, thumb drives, or other external devices at all.

4) Machines are accessible via some kind of GUI based, secure, Remote Desktop or similar across winblows domain.

Can anyone recommend a distro? What really needs to be removed to make it more secure? Has someone already come up with something like this?

Thanks!
 
Old 03-13-2009, 03:22 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,112

Rep: Reputation: 8044Reputation: 8044Reputation: 8044Reputation: 8044Reputation: 8044Reputation: 8044Reputation: 8044Reputation: 8044Reputation: 8044Reputation: 8044Reputation: 8044
Quote:
Originally Posted by codefinger View Post
Hi,

Since I’m the only Linux user in the shop, I have been asked to put together a little test project. Unfortunately, I’m a newb and need some direction.

Here are the params, any advice would be great.

These are older PCs that sit on a winblows domain. Each has a 2GB processor, a gig or RAM, and usually about a 40GB hard drive.

I need to set them up so:

1) After login through KDM / GDM, Firefox fills the entire screen &
a. Only allows access to 3 predetermined websites (via Bookmarks?)
b. Any attempt to enter other URLs will default back to Homepage.
c. User cannot minimize Firefox or access desktop at all.

2) User will not have access to:
a. A task bar, any other apps, system services, or settings.
b. Logon / logoff capability (Start button or similar)
c. CTRL+ALT+DELETE or similar will bring up KDM / GDM, but only root account may reboot or shutdown the system.

d. Any other options on the “File Edit View…” bar (Only Bookmarks)

3) User cannot have the ability to mount floppies, thumb drives, or other external devices at all.

4) Machines are accessible via some kind of GUI based, secure, Remote Desktop or similar across winblows domain.

Can anyone recommend a distro? What really needs to be removed to make it more secure? Has someone already come up with something like this?

Thanks!
The short version of what you want is "kiosk mode". Firefox can be set to use the full screen, no task bars or buttons, and if you stop the auto-mount daemons, no external devices can be mounted, unless you're root. And you can limit the shutdown/reboot capabilities to just root, when you build the box.

Remote access can be done via VNC connection, too. The only sticky point I can see is the "only allow access to 3 websites". Since websites can theoretically run on any port, you can't just block port 80 (which WILL get most websites), so you'd probably have to run squid, and blacklist EVERYTHING, except those sites.

How you do all of this depends on the distro you pick. This http://www.linuxjournal.com/article/7718 is a bit old, but KDE supports kiosk mode, and is common across whatever distro you pick. I'm confident that Gnome has similar capabilities...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I access locked drive with Knoppix?? troubleguy Linux - Distributions 3 01-08-2009 09:51 PM
allow internet access to router for only few PCs ALInux Linux - Networking 3 09-14-2007 10:37 AM
Can't access server using hostname from other PCs on the local network binister Linux - Software 5 09-01-2006 03:13 AM
public access help tallmtt Linux - Wireless Networking 3 06-05-2006 05:20 PM
can't access/locate other PCs with different DNS suffix rsumbeling Linux - Networking 1 12-06-2004 05:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 04:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration