Locking Down a Linux Computer

Locking Down a Linux Computer

Post by Todd Rya » Sun, 10 Oct 2004 02:48:00

Good Day,

Here's the situation, we have a linux computer that has a database on it
that can be accessed through a web browser. We want to put this computer
in a public area for visitors to be able to access the database through the
browser (read only).

We don't want the visitors to be able to access any other program or browse
to any other site.

I can block Internet access to this computer through the firewall (database
is on Intranet) but I don't know how to block the users from accessing other
apps (or anything else for that matter.)

I'm not too familiar with Linux, and if there is a way to do this through
the rights and permissions, I would be grateful if someone pointed me to a
site with a guide that can tell me how to do this (in detail.) Otherwise,
and this would be the favoured method, is there an app out there that can do
this. I have used Google to try to find such a program and have only
found them for Windows, not Linux.

Any help on this will be greatly appreciated.


Todd Ryan

Locking Down a Linux Computer

Post by Eric Enrig » Mon, 11 Oct 2004 11:26:24

I'm not an expert on this or anything, but:

Generally, what you'll want to do is configure the system to
start an X server on boot which immediately logs in and only has
a browser running. You could do this with a display manager
such as xdm, kdm or gdm, and a proper .xsession.

As far as blocking outbound traffic from the browser, you could
use netfilter. Perhaps blocking all traffic except for ssh for
remote admin.

This looks like it might be useful:

http://www.yqcomputer.com/ #toc1

Hope this helps!

Eric Enright /"\
ericAtiptsoftDcom \ / ASCII Ribbon Campaign
X Against HTML E-Mail
Public Key: 0xBEDF636F / \


Locking Down a Linux Computer

Post by ibuprofi » Mon, 11 Oct 2004 12:04:02

I assume you do NOT mean physically placing the computer out in the street.
The read only part it easy - man chmod

[compton ~]$ whatis chroot
chroot (1) - run command or interactive shell with special
root directory
chroot (2) - change root directory
[compton ~]$

You don't mention a distribution or version - meaning how old things
might be. Go to http://www.yqcomputer.com/
and get the current copies of the HOWTOs relating to security.

Probably not using the right keywords to search - there's tons of
stuff on this subject.

Old guy