[Gllug] Secure Internet Access Linux Box

Huw Lynes huw-l at moving-picture.co.uk
Fri Apr 5 15:24:13 UTC 2002 

On Thursday 04 April 2002 10:10, you wrote:
> I've been asked by the head of IT here to look into setting up a
> secure Linux box for use in one of our staff rooms. 
>
> The brief is to install Linux, boot into a graphical environment with
> a browser and not let the anonymous user do anything except surf the
> internet (and to tidy up all traces of their activity from the local
> machine on a regular basis).

Right then. Just off the top of my head. Please bear in mind that I 
haven't tried this out so it may have various impassable problems in it.
Also bear in mind that the following is all from the perspective of 
RedHat. Normally I wouldn't specifiy distros but X startup is one of 
those things that seems to vary wildly between them. Thats the caveat 
over with.

/etc/inittab controls what stuff get executed at different run-levels.
Set it to default to run-level 5 with something like the following:

id:5:initdefault:

There should be a line like the following:
x:5:respawn:/etc/X11/prefdm -nodaemon

This launches the prefdm script which starts up X and then your 
favorite X login manager. Now you can substitute any script you want 
here instead of prefdm. What it needs to do is su to your guest user 
and then startx. The respawn option means that if the user kills X to 
try and get back to the console the X session will automatically 
restart. 

The complex bit of all this will be to get your head around the forest 
of shell scripts that are involved in X startup and configuration. 

Now if you want to be really restrective. You don't have to launch a 
windowmanager you can just launch a single X app. The classic is just 
to just run an xterm if things have gone v.bad on startup. This works 
fine for single window apps. However I don't know how a browser 
launching other windows would cope. 

Hope this is not barking up the wrong tree.
Huw

-- 
| Huw Lynes               | The Moving Picture Company  |
| System Administrator    | 127 Wardour Street          |
|.........................| London, W1F 0NL             | 




-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list