[Gllug] Secure Internet Access Linux Box

Dylan dylan at dylan.me.uk
Thu Jun 20 20:29:53 UTC 2002


> > -----Original Message-----
> > From: Wulf Forrester-Barker [mailto:wulf.f-b at uhl.nhs.uk]
> > Sent: 04 April 2002 10:10
> > To: gllug at linux.co.uk
> > Subject: [Gllug] Secure Internet Access Linux Box
> >
> >
> > I've been asked by the head of IT here to look into setting
> > up a secure
> > Linux box for use in one of our staff rooms. So far we've
> > used a fairly
> > well locked down Win98 box but there have still be problems
> > of programs
> > getting installed and traces of less than desirable web searches being
> > remembered, etc.
> >
> > The brief is to install Linux, boot into a graphical
> > environment with a
> > browser and not let the anonymous user do anything except surf the
> > internet (and to tidy up all traces of their activity from the local
> > machine on a regular basis).
> >
> > I imagine that I can accomplish most of this by setting up a
> > guest user
> > and giving them no access (certainly no read access) to pretty much
> > anything except their home directory (for browser cookies, etc)... and
> > then using a cron job to refresh even that every few hours.

Well. the guest is going to need fairly broad read access - to /usr for 
example, but if you remove all menu entries from the application menu and 
prevent to user launching a shell then Mr and M(r)s Average ain't gonna be 
able to do much more than you let them. You could even use a simple 
panel-less wm/desktop with your chosen browser auto-run at login, and even 
set to auto-logout when the browser is closed.

Dylan

> > I'm not sure
> > about how to boot automatically into the graphical environment - how
> > about an account with no password?
> >
> > I'm waiting for a spare box to be dropped off in my office - I'd be
> > grateful for any experiences or suggested websites that will
> > help me get
> > some more understanding (rather than just muddling through).
> >
> > Cheers,
> >
> > Wulf
> >
> >
> >
> > wulf.f-b at uhl.nhs.uk
> >
> > **********************************************************************
> > DISCLAIMER:
> >
> > Any opinions expressed in this email are those of the individual and
> > not necessarily the Trust. This email and any files transmitted with
> > it are confidential and intended solely for the use of the individual
> > or entity to whom they are addressed. Any unauthorised disclosure of
> > the information contained in this e-mail is strictly prohibited.
> >
> > The contents of this email may contain software viruses which could
> > damage your own computer system. Whilst we have taken every
> > reasonable precaution to minimise this risk, we cannot accept
> > liability
> > for any damage which you sustain as a result of software viruses.
> > You should therefore carry out your own virus checks before opening
> > the attachment.
> >
> > If you have received this email in error please notify the sender or
> > postmaster at uhl.nhs.uk. Please then delete this email.
> >
> > University Hospital Lewisham
> > Tel: 020 8333 3000
> > Web: www.uhl.ac.uk
> > **********************************************************************
> >
> >
> >
> > --
> > Gllug mailing list  -  Gllug at linux.co.uk
> > http://list.ftech.net/mailman/listinfo/gllug
>
> This e-mail message is meant solely for the person or organisation to whom
> it is adressed. The message may contain personal or confidential
> information, or information that is not public in nature. Ehbas Ltd accepts
> no responsibility for message content and possible attachments that are
> unlawful or of questionable decency. Further dissemination, publication or
> duplication of this message is strictly prohibited if the person or
> organisation receiving this message is not the intended recipient. In the
> event that you are not the intended recipient, we request you to refrain
> from using the content and to immediately inform the sender of the error by
> returning the message. Thank you for your co-operation.



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list