[Petter Reinholdtsen] > But it allow us developers to check out RDP and the current Wheezy > desktop, and test if RDP access is a useful thing to set up for > everyone. As it only give access to users that can already log into > user.skolelinux.no and do almost the same as now can be done on > ghost.skolelinux.no, I did not spend time locking down the machine. > It will probably change in the future.
I enabled the "exam mode" on the machine, ie blocking network access to everything except selected subnets. diff --git a/debian-edu/netblock b/debian-edu/netblock new file mode 100644 index 0000000..e6bc15c --- /dev/null +++ b/debian-edu/netblock @@ -0,0 +1,4 @@ +# +# Block all network access, but make sure NFS mounts to +# administrator.skolelinux.no and DNS lookup still work. +internalnet="$internalnet 158.36.191.128/25 129.240.2.40/24" diff --git a/netgroup b/netgroup new file mode 100644 index 0000000..ec387cd --- /dev/null +++ b/netgroup @@ -0,0 +1 @@ +netblock-hosts (localhost,-,) Not sure why the host name is localhost, so there is still some investigation to do here. :) -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
