On Tue, 7 Mar 2006, Ian C. Blenke wrote:
> Eben King wrote:
>
>> On Tue, 7 Mar 2006, Kwan Lowe wrote:
>>
>>>> My problem is with the mepis system because someone will shut the system
>>>> down even though I have taken all the Icons off the desktop except
>>>> firefox so whoever does it has to make an effort and it isn't just a
>>>> mistake. What I would like is the system to boot up into firefox and if
>>>> they exit firefox it would start up again in 10 seconds. I don't even
>>>> know if this is doable. Any ideas? TIA Maury
>>>
>>> A couple possibilities:
>>>
>>> 0) Don't even load a window manager. There's a linux-kiosk project that
>>> has hacked twm to load instead of the wm.
>>
>>
>> twm _is_ a window manager -- Tabbed Window Manager. It's a minimal wm, to
>> be sure. It's not an environment like KDE or GNOME.
>
>
> Er... twm has always been "Tom's Window Manager" to me.
Either one, says http://xwinman.org/vtwm.php .
> It's been there
> forever, in every X11 release I've ever used. Not very user friendly, but
> tiny.
Yes. Sorta like vi -- user-hostile or cryptic, tiny, and useful in its own
way.
> Now, as root, setup a kiosk script that spawns xinit (to start the X server
> and spawn a user session from ~/.xinitrc):
>
> # cat EOF > /usr/local/bin/kiosk
> #!/bin/sh
> xinit
> EOF
I'd add a "sleep 1" after xinit, in case you fat-finger something. Yeah,
init will stop respawning eventually...
> then as root add a respawn line to /etc/inittab:
>
> $ grep initdefault /etc/inittab
> id:2:initdefault:
> $ echo 'x1:2:respawn:/usr/bin/su icblenke -c "/usr/local/bin/kiosk"' >>
> /etc/inittab
> $ telinit q
>
> Viola. There you are.
Don't need quotes around /usr/local/bin/kiosk -- no special characters in
it. Doesn't hurt, either.
> If you leave "Zap" (cntl-alt-backspace) enabled or session switching back to
> VT mode, and leave cntlaltdel enabled in /etc/inittab, the user is going to
> be able to reboot the box.
>
> In a kiosk application, you probably want to disable VT switching and set "No
> Zap".
>
> I would look at /var/log/messages and /var/log/auth.log to see when root was
> obtained or otherwise used to run something.
>
> Barring that, you may need to start recording user sessions to see what
> they're doing.
>
> At a minimum, I would have the kiosk machines behind a hardened "admin
> firewall" that you record packet traces and otherwise limit outgoing traffic
> to maintain some semblance of control over machines that you're trying to
> lock down. It would be wise to also log from the kiosk machines to such an
> admin box to ensure the logs aren't modified upon intrusion for later
> analysis.
What he said. Generic distros aren't hardened to take the kind of abuse
kiosk machines get.
I made a router with a seriously small (by today's standards) HD -- 700M.
Because the HD was so small, and I didn't log into it often (so I might not
notice something wrong with it), I made sure any logging was done remotely,
to the syslogd on my main machine. Now, that kiosk machine isn't a router,
nor does it have a seriously small HD (at least I haven't heard that), but
you (the OP) still might want to do the "remote logging" thing. Also,
syslogd can log "- MARK -" every n minutes (n=20 by default I think); if you
haven't got that in n+1 minutes, do something. Sort of a "dead man" switch.
-- -eben ebQenW1@EtaRmpTabYayU.rIr.OcoPm home.tampabay.rr.com/hactarQ: What kind of modem did Jimi Hendrix use? A: A purple Hayes. ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:44:09 EDT