How can I lock down ubuntu?

7,584

Solution 1

For locking down overall operating system access I would run and configure bastille-linux on the host computer. This will walk you through a series of options and will harden the operating system based on your answers. If your not familiar with the tool you can accept the defaults and that should suffice. I would also recommend consulting the CIS Debian Benchmark document that outlines a number of procedures for locking down the operating system even further.

Solution 2

It sounds like you want users to share a single account. You should investigate whether you really want this. There is a large number of reasons why this usually is a very bad idea. One is that you really cannot prevent users from spying on each other, obtaining personal information like passwords to webmail. You can try to prevent that by locking down network access, but then you're setting yourself up as a ghostbuster, forever fighting loopholes.

This kind of setup is common in Windows environments because the software to provide a proper multi-user environment is so expensive. But with Ubuntu, you get everything you need without any associated costs. If I were you, I'd really examine that choice. Trying to lock down a computer system is a very time consuming task, and very, very difficult. On the other hand, setting up a proper environment where users have their own accounts, and you're able to easily revert any bad decisions, is much easier and will give you a much better result in nearly all cases.

Solution 3

I would start by investigating whether using Ubuntu standard Guest account would suit your needs regarding preventing users from installing stuff/modifying configs etc. So your machines would have a password-protected admin account to install/configure things and a password-less Guest account for your users.

For restricting Internet access I'd use Dans Guardian.

Share:
7,584

Related videos on Youtube

user55889
Author by

user55889

Updated on September 18, 2022

Comments

  • user55889
    user55889 over 1 year

    I am working on a small project. I have about 20 computers with Ubuntu 10.04 on them, which will be used in a computer lab for elementary, middle, high school and college kids. Some seniors and new computer-users will be using the computers.

    I want to lock-down the computers for so children and people who want to play around with PC configuration can use them securely and without breaking them.

    I therefore want to restrict user privileges, removing the ability to upgrade, add/install software or otherwise personalize the lab's computers.

    The only uses for these computers should be:

    1. access to school websites for access of e-text books (homework assignments)

    2. access to learning-aid websites(such as www.math.com or webster.com)

    3. access/restrictions to applications that are safe and appropriate for the elementary students.

    4. For more senior users only, access to websites for completing applications for re-certifications of say food stamps, medicaid and so on.

    Are there any software packages that will let me do this?

    • Sergey
      Sergey about 12 years
      In the third paragraph - did you mean "WITHOUT the ability of being able to upgrade, add/install a single thing"