Hello Andreas,
On Sat, Jan 08, 2011 at 09:40:43AM +0100, Andreas B. Mundt wrote:
> Hi,
>
> as we are just discussing future development, I would like to
> understand the concept and the ideas behind LINBO and "self-healing"
> workstations better.
"Self-healing" was a term used as a kind of trademark of a proprietary
product, as far as I remember. For LINBO, we don't promise anything like
that, of course.
>From the user perspective, LINBO is a boot console that supports imaging
of an existing system, image distribution via rsync, multicast (udpcast)
or bittorrent, using an image server reachable for the clients.
>From the technical perspective, LINBO is a small rescue and imaging
system consisting of a worker script and a graphical GUI running in
framebuffer mode.
PXE/DHCP boot server and Rsync server can be a Tjener, or a separate
computer inside the same subnet as the workstation clients that should
be handled.
> >From a quick search I found that it is used to quickly (re-)install
> workstations that are spoiled.
Not only, but also.
I'm giving a common example. You install one computer as Skolelinux
client. It is recommended to use a single partition for the system since
this is easiest to put in a single image later. After installation and
configuration, you boot LINBO via PXE on that machine, create an image
of your Skolelinux installation and save it to the image server via
LINBO.
Now, you can use the LINBO bootmanager to:
- quickly repair (file-wise via rsync or partition-wise like dd) the
Skolelinux workstation,
- mass-install a classroom in an automatic non-interactive LINBO setup,
or interactive one machine after the other,
- change the installation by selecting different images depending on
your desired lecture,
- modify the installation and create a differential image for later use.
The most common scenario is a quick-reset of the installed system(s),
either over the network, or locally using an image cache partition that
greatly reduced network traffic.
For local repair, LINBO does something similar as the "PC-Wächter"
hardware used in some schools, which has a "shadow partition" that gets
mirrored to the "working partition" in case the working partition gets
damaged.
> Ok, now I know from my system here at the local school (MS-XP
> Musterlösung Baden-Württemberg) that there is need to make a "clean
> table" at least every year where all user data and all accounts are
> removed (and probably the whole sytem is set up again). However, this
> system also doesn't allow users to use the command line, but you can
> write your commands in a batch file and execute that, so I wouldn't
> expect too much from its security aspects.
That "batch file" solution is not LINBO, though LINBO is also used in
newer versions of the Baden-Württemberg Musterlösung, for Windows as
well as Linux workstation clients.
> However, I would have hoped that we can do better. Is it really on a
> regular basis that machines are attacked and spoiled in the evil
> school environment?
I think that it's more like the students kill the installation, and the
teacher can repair this quickly.
> How often does that happen? Where are the flaws
> that allow compromising the machines, is there anything known about?
I think it is extremely easy to compromise a skolelinux workstation if
you have physical access to the machine and some knowledge about the
boot process. There is not much you can do about that. Also, crashing
the Skolelinux terminalserver in its default installation (like any
other school terminal server I am aware of) as normal user, or at least
making it unusable until reboot, is one-liner command, but that's quite
off-topic now and probably cannot be solved with technical means.
> It is clear that a "professional" cracker can attack the system, but I
> would expect that he can as easily attack infrastructure that is not
> self-healing like tjener (and thereby much more interesting). To live
> with those crackers, I think the only way is to use the strategy of
> the nightclub-owner: Ask (at least half of) the guys that cause you
> troubles to make sure there is no trouble anymore.
LINBO is not designed to create or replace strong local security. It
just installs or repairs an installation from an image with a
beginner-proof graphical boot console. It does not make your system more
secure in any way.
> It would be nice if admins running the system under real conditions at
> school can comment and help me getting off my naive and unrealistic
> attitude.
>
> Concerning the integration in Debian, it might be interesting to look
> at something comparable (?) that just appeared these days from Michael
> Prokop and team:
> http://michael-prokop.at/blog/2011/01/07/booting-iso-i