Locking Down a Linux Computer - Questions

This is a discussion on Locking Down a Linux Computer - Questions ; Good Day, Here's the situation, we have a linux computer that has a database on it that can be accessed through a web browser. We want to put this computer in a public area for visitors to be able to ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Locking Down a Linux Computer

  1. Locking Down a Linux Computer

    Good Day,

    Here's the situation, we have a linux computer that has a database on it
    that can be accessed through a web browser. We want to put this computer
    in a public area for visitors to be able to access the database through the
    browser (read only).

    We don't want the visitors to be able to access any other program or browse
    to any other site.

    I can block Internet access to this computer through the firewall (database
    is on Intranet) but I don't know how to block the users from accessing other
    apps (or anything else for that matter.)

    I'm not too familiar with Linux, and if there is a way to do this through
    the rights and permissions, I would be grateful if someone pointed me to a
    site with a guide that can tell me how to do this (in detail.) Otherwise,
    and this would be the favoured method, is there an app out there that can do
    this. I have used Google to try to find such a program and have only
    found them for Windows, not Linux.

    Any help on this will be greatly appreciated.

    TIA,

    Todd Ryan




  2. Re: Locking Down a Linux Computer

    Todd Ryan wrote:
    > Good Day,
    >
    > Here's the situation, we have a linux computer that has a database on it
    > that can be accessed through a web browser. We want to put this computer
    > in a public area for visitors to be able to access the database through the
    > browser (read only).
    >
    > We don't want the visitors to be able to access any other program or browse
    > to any other site.
    >
    > I can block Internet access to this computer through the firewall (database
    > is on Intranet) but I don't know how to block the users from accessing other
    > apps (or anything else for that matter.)
    >
    > I'm not too familiar with Linux, and if there is a way to do this through
    > the rights and permissions, I would be grateful if someone pointed me to a
    > site with a guide that can tell me how to do this (in detail.) Otherwise,
    > and this would be the favoured method, is there an app out there that can do
    > this. I have used Google to try to find such a program and have only
    > found them for Windows, not Linux.


    I'm not an expert on this or anything, but:

    Generally, what you'll want to do is configure the system to
    start an X server on boot which immediately logs in and only has
    a browser running. You could do this with a display manager
    such as xdm, kdm or gdm, and a proper .xsession.

    As far as blocking outbound traffic from the browser, you could
    use netfilter. Perhaps blocking all traffic except for ssh for
    remote admin.

    > Any help on this will be greatly appreciated.


    This looks like it might be useful:

    http://www.linux.com/howtos/Kiosk-HOWTO.shtml#toc1

    Hope this helps!

    --
    Eric Enright /"\
    ericAtiptsoftDcom \ / ASCII Ribbon Campaign
    X Against HTML E-Mail
    Public Key: 0xBEDF636F / \

  3. Re: Locking Down a Linux Computer

    In article , Todd Ryan wrote:
    >We want to put this computer in a public area for visitors to be able
    >to access the database through the browser (read only).


    I assume you do NOT mean physically placing the computer out in the street.
    The read only part it easy - man chmod

    >We don't want the visitors to be able to access any other program or browse
    >to any other site.


    [compton ~]$ whatis chroot
    chroot (1) - run command or interactive shell with special
    root directory
    chroot (2) - change root directory
    [compton ~]$

    >I'm not too familiar with Linux, and if there is a way to do this through
    >the rights and permissions, I would be grateful if someone pointed me to a
    >site with a guide that can tell me how to do this (in detail.)


    You don't mention a distribution or version - meaning how old things
    might be. Go to http://en.tldp.org/HOWTO/HOWTO-INDEX/howtos.html
    and get the current copies of the HOWTOs relating to security.

    >I have used Google to try to find such a program and have only
    >found them for Windows, not Linux.


    Probably not using the right keywords to search - there's tons of
    stuff on this subject.

    Old guy


+ Reply to Thread