[Petter Reinholdtsen] > I am unsure if we want to set up such machine to completely block > access to the outside world or not. It would block browser testing, > but also avoid a lot of potential security problems. I suspect a > good first setup is to install Main-Server+Thin-Client-Server and > block all outside access, and only allow web access to the local web > server.
As a proof of concept, I set up a Workstation based on Debian Edu Wheezy on ghost.skolelinux.no integrated with the rest of *.skolelinux.no, and configured xrdp on the machine to allow all the people with access to user.skolelinux.no to also have access to ghost.skolelinux.no. The machine only got 700 MiB RAM and is running on a quite strained virtual host, so it can't handle many concurrent users. But it allow us developers to check out RDP and the current Wheezy desktop, and test if RDP access is a useful thing to set up for everyone. As it only give access to users that can already log into user.skolelinux.no and do almost the same as now can be done on ghost.skolelinux.no, I did not spend time locking down the machine. It will probably change in the future. At the moment the default desktop is KDE. It can be changed to Gnome and LXDE by running 'update-alternatives --config x-session-manager' as root. If you log in via rdp to this machine, you want to remove the file ~/.vnc/sesman_*_passwd when you are done, as it contain the users encrypted password used to attach the RDP session to the VNC session. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
