have them in a different subnet...? and dont give users any administrative rights
about the website: just adjust the router settings to only route to certain sites and not to any ip on the internet.
Does anyone know of an internet kiosk version of knoppix that is able to be used on a business network (not allowed to browse the network) and only be able to access one or two sites? I am trying to find one for a friend that needs it for his customers. It will allow them to browse his internet page and see his products that aren't in the show room.
If so...
Which one
How do I secure it from being an open door to the local lan
How do I keep it from accessing the rest of the (windows) computers
Make an install on the HDD so it will respond faster
Thanks.
have them in a different subnet...? and dont give users any administrative rights
about the website: just adjust the router settings to only route to certain sites and not to any ip on the internet.
hmm a remaster would be needed i guess.
to begin you might make the "kioskuser" a separate group named "kioskuser" and allow that NOTHING eccept /home/"kioskuser" then as above make all directories not nesesarily read/write read only to kioskuser (as far as i know nothing outside /home), after that perhaps a chown -R root:root to several critical folders (such as /etc /usr/etc, /bin, /sbin, /usr/sbin...).
hmmm, might as well do the reverse chown -R root:root / then open permisions as needed, would take longer but be as safe as could be made.
agree with that. are these clients going to be used for anything else than surfing the mentioned websites? if not, you could just have an "empty" X with mozilla running.
get a router that runs linux like the Linksys WRT54G and a number of iptable rules would be enough. Or just get an unused PC with 2 NIC and run a floppy based firewall.
No need to remaster or whatever.
He already has a router (D-Link DI-614)
I myself am a windows admin (of sorts) and can manipulate windows like it was my own child. Linux is the hard part of this task. I am afraid that if I set up a Linux box, that it could give access to the rest of the network. You see I know that Linux is powerful, and it was born to live on the network (and internet). I have seen my own knoppix box attach to the internet and self detect all the NICs and router and IP information automatically (impressive!).
Now that I know this, I am nervous about allowing a Linux version on the network because of how easy it (could) be to browse the LAN and possibly distroy anything on the rest of the network. Because of the fact that linux is so network amazing, how do I know that the Linux box is safe from the internet cracker jacks! Is linux an open door for them, especially if I don't know how to tinker with it to keep it closed?
Remember I am still new to Linux and there was some things that were said that I can learn (I just don't know how to do them yet!) Te one thing I didn't understand is the "empty X server".
to be honest, if you think anything can keep those really wanting to harm out you are deluded.
the only way to reasonable safety is knowlege. there is always routes around ALL security.
trouble is limiting holes... i would use a plain Debian and instal as little as possible (less risk of bugs, holes...) then i would alow the user to only read the bare minimum from /etc (as others)
then NO KDE, NO gnome... just blackbox and mozilla installed. why? both KDE and Gnome (and some other WM's) have so many "builtins" that they themselves are security risks.
The solution in MY eyes is configuring IPtables to allow acess to only the default gateway by blocking all other adresses on your network.
If you then alow the user to only use mozilla and needed files, user would be even more crippled.
if you wanted you could probably make a alias for logout, a script that empties the /home/user dir from all files then copy them back from a "mirror" somewhare on disk, and chown/chmod them to sensible values before actuall logout.
if i was paranoid i would even remove/break other binaries. why apt-get is not needed to browse. nor is xterm, aterm, ping, wget, make, dpkg... cut everything not needed away.
it might take a few days/weeks depending on your knowledge but it should be possible.
we do this commercially...email me directly zurk AT arbornet DOT org i interested.
Checkout KioskTool - Needs Kde 3.2, you may have to remaster Knoppix to use it. (Or try it with Kanotix)Originally Posted by Hunkah
http://extragear.kde.org/apps/kiosktool.php
http://www.kde-apps.org/content/show...204c047f209c83
Cheers
rob
Couldn't you remove resolv.conf, and then edit /etc/hosts to be able top resolve the sites you want to their IP's....? Install a kiosk mode plugin to mozilla or firefox and set it to launch automatically when KDE starts. Then maybe some editing so that the user is not able to su or sudo.... and also disable KDE hotkeys.
That would be a good start at least, right?
Dell Poweredge R620 8-Bay 2x E5-2695v2 2.4ghz 24-Cores 512gb H710p 8x Trays
$349.99
Dell PowerEdge R620 Server 2x E5-2660 v2 2.2GHz 20 Cores 256GB RAM 1x 480GB SSD
$139.99
R630 DELL 8 x 2.5'' POWEREDGE 2X E5-2680V4 32GB RAM IDRAC ENT & NDC 2X 495W PSU
$169.95
Dell PowerEdge R620 Server - 256GB RAM, 2x8cCPU, 120Gb SSD/3x900Gb SAS, Proxmox
$320.00
R630 DELL OEM 10X2.5'' 2X E5-2660V3 32GB RAM 2X750W PSU SERVER POWEREDGE
$159.95
Dell PowerEdge R630 Server | 2x E5-2680 V4 =28 Cores | H730 | Choose RAM/ Drives
$545.99
Dell PowerEdge R730xd 12LFF 2xE5-2660v4=28Core 64/128GB 6x 2TB/4TB Flex 1.2TB HD
$379.99
Dell PowerEdge R630 Server 2x E5-2640 V4= 20 Cores | S130 | 32GB RAM | 480GB SSD
$310.99
Dell Desktop Quad Core i5 8400 500GB SSD + 2TB HDD 32GB RAM Window Server 2022
$320.99
R630 DELL OEM 10X2.5'' 2X E5-2680V4 128GB RAM 2X750W PSU IDRAC ENT POWEREDGE
$259.95