12-02-2011
Choosing the right distro, Locked down from within.
I'm looking to put a box at a client site which will be connected to the client's home router for internet.
That box will have remote access software on it and will have untrustworthy contractors logging in and using the browser. So, I'm looking for a distro that would be LOCKED DOWN to the max from the user side.
Regardless of the distro I'm planning on blocking all possible applications, (especially the terminal) leaving only the browser accessible. Blocking all the ports and all the domains aside from the 2 that the user/contractor should access. The user will have non-admin privileges of course.
So, taking all that into consideration, is there a distro that somehow facilitates being locked down from within, to minimize the possible attack surface?
That's a home network we're talking about, so I'm considering security VERY seriously.
Can the security even be guaranteed to a certain extent with this setup, should I even go ahead with this project?
Any and all other possible security tweaks are definitely welcome, I'm a newbie so everything and all is new to me.
Guys, your thoughts are greatly appreciated!
Thank you beforehand!
9 More Discussions You Might Find Interesting
1. Programming
Listen, if you know a bit of programming in C and need to program unix-type operating systems the next transitive stage is for sure C++. However, have in mind that Java is like learning C but 99% object-oriented(o.o.) and with no pointers or memory-management tricks. It would be good for you to see... (5 Replies)
Discussion started by: SolidSnake
5 Replies
2. UNIX for Dummies Questions & Answers
I know that the rules say no school questions but I am in advanced topics and am going to go to college for programming and I want to find a easy first OS to start me out, please help, thanks (3 Replies)
Discussion started by: KoKo
3 Replies
3. UNIX for Dummies Questions & Answers
There are soo many flavors of linux and i just cant choose/find the right linux for me...
I am hopeing for a linux that is a
Workhorse
Can fit of a seires (or 1) disk(s)
Lots of features (admin/mod features)
A learning mode or a detailed tutorial
Can work side by side with windows... (12 Replies)
Discussion started by: lithuaniaakid
12 Replies
4. Linux
Hi all
Help me find the best distro for the following configurations:
Intel pentium IV 1.6 Ghz
128 MB RAM :(
40 GB Hardisk with one very big partition more than 35 gb n another 2 gb partition.
windows xp is already installed but has enough free space (26gb).
Which linux will be... (0 Replies)
Discussion started by: bbala
0 Replies
5. Slackware
Dear Friends,
If I use Slackware for learning whether it will make any confusion in administering/using Redhat and SuSE since I have checked slackware is more like BSD.
Thank you. (4 Replies)
Discussion started by: Tlogine
4 Replies
6. Shell Programming and Scripting
Hi,
I have an application in 2 different directories, one is for OpenSuSE and the other for CentOS.
I wrote a script which chooses the right executable for the distribution. But it does not work.
-------------------
#!/bin/bash
if
then
( DN="/home/apps/applicationXY/Version3.1" )... (2 Replies)
Discussion started by: serverjunge
2 Replies
7. Shell Programming and Scripting
Hi,
Is it possible to choose the inerpreter conditionally.
For example, if whereis bash returns /usr/bin/bash then i need to choose #!/usr/bin/bash
else i need to use #!/usr/bin/sh.
Is it possible to achieve in a shell script?
Thanks (1 Reply)
Discussion started by: pandeesh
1 Replies
8. Linux
i have a project in numerical calculus in c language
what unix i get better for this? (7 Replies)
Discussion started by: gitac
7 Replies
9. Linux
Hi,
I just ordered an Skylake NUC and will run Linux on it.
My distro of choice has been Ubuntu but I am fed up with the release cycle and would like more of a rolling release. I would say I am an intermediate level Linux user.
It's going to be a HTPC, I want to have the latest kernels... (0 Replies)
Discussion started by: rthorntn
0 Replies
LEARN ABOUT OPENSOLARIS
libloginhelper
libloginhelper(3) C Library Functions libloginhelper(3)
NAME
libloginhelper - Login-Helper library for assistive technologies
DESCRIPTION
An interface for use by assistive technologies by which they can access system information and services on a 'need to know' basis while the
screen is locked, during user authentication, or during other sensitive operations.
This interface is intended for use by assistive technologies and related user-enabling services, and by applications and utilities which
may wish to restrict access to certain system devices and services during security-sensitive states, e.g. when the screen is locked or dur-
ing authentication into some secure service.
Such 'applications' (for instance, screen lock dialogs and security-enabled web browsers) use the LoginHelper client interfaces, and the
bonobo-activation query service, to query for assistive technologies which advertise the LoginHelper service. The client then queries these
assistive technologies for their device I/O requirements, via the getDeviceReqs call. The client may then issue the advisory request set-
Safe (TRUE), which requests that the LoginHelper -implementing service make a best-effort attempt to make itself more secure (for instance,
an onscreen keyboard might turn off word prediction, and a screenreader may turn off keyboard echo via speech). The return value of setSafe
is an advisory indication of whether this attempt was successful (no specific guarantees are implied). Once the 'security sensitive' state
is exited, the client should call setSafe (FALSE).
The return values from getDeviceReqs inform the client of which services the LoginHelper service (e. g. assistive technology) needs in
order to do its job. The client may use this information to loosen any restrictions on access which it may currently have in place (for
instance, keyboard grabs, etc.). If it does not do so, the likely outcome is that the end-user will experience loss of access to the sys-
tem.
Additional information is also available from the following site:
http://www.gnome.org/~billh/at-spi-idl/html/classAccessibility_1_1LoginHelper.html
FILES
The following files are used by this library:
/usr/lib/libloginhelper.so
Login-Helper library for assistive technologies
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWgnome-a11y-libs |
+-----------------------------+-----------------------------+
|Interface stability |Volatile |
+-----------------------------+-----------------------------+
SEE ALSO
libatk-1.0(3), libcspi(3), attributes(5), gnome-interfaces(5)
NOTES
login-helper module is in at-spi package.
SunOS 5.11 7 Aug 2008 libloginhelper(3)