DNS, NTP, streaming content, etc?
You can affect UDP via iptables, which is why I mention it -- possibly redirecting all UDP traffic to a known host would help lock this down. Also, if you don't need Java support in the browser, do not include it :) Applets can run somewhat-arbitrary networking code, and an unlocked-browser-within-a-locked-browser or similar could be established with it.
One more question: physical access? I assume this "kiosk" is in a public place, where it can be monitored; but you may want to disable USB ports as well as locking BIOS access, if this hasn't been mentioned yet.
Ben
On 5/25/06, Quentin Hartman <[EMAIL PROTECTED]> wrote:
On 5/25/06, Jason <[EMAIL PROTECTED]> wrote:
> >Would
> > ifconfig be used
> > to restrict the client to not look for DNS?
>
> /etc/nsswitch.conf can control this for you. Set:
>
> hosts: files
Another way to do this that might be a little less obtuse to some (A
lot of people aren't aware of nsswitch, which is a shame, but a fact
none the less) would be to create an empty resolve.conf and then
either make DHCP (if you use it) ignore DNS settings it receives, or
set resolv.conf to be immutable with chattr. Note that I haven't
actually tried any of the above, and it is likely that locking
resolv.conf would cause your DHCP client to throw an error, and
perhaps fail entirely.
--
-Regards-
-Quentin Hartman-
_______________________________________________
EUGLUG mailing list
[email protected]
http://www.euglug.org/mailman/listinfo/euglug
_______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
