Re: Creating a peculiar Live-CD
Andrei POPESCU wrote: On Sb, 29 nov 14, 16:46:01, Richard Owlett wrote: Application 2: Extremely secure browsing and email for me on my personal machine. https://tails.boum.org/ I wasn't thinking in terms of personal privacy, but what I think of as system security. My *personal idiosyncratic* views of system security include (but not limited to): 1. preventing others on the network executing code on my machine and/or reading/writing writing my files. Good iptables probably adequate. 2. Explicit control of when or if a program may access the network - functionality similar to COMODO for Windows machines. I've heard augments that such are unnecessary, BUT it is a *SPECIFICATION* of my goal. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/547db7f9.8060...@cloud85.net
Re: Creating a peculiar Live-CD
Scott Ferguson wrote: On 30 November 2014 at 02:30, Richard Owlett rowl...@cloud85.net wrote: Scott Ferguson wrote: On 29 November 2014 at 08:17, Richard Owlett rowl...@cloud85.net wrote: Cindy-Sue Causey wrote: On 11/28/14, Richard Owlett rowl...@cloud85.net wrote: snipped chuckle I've just proved ( again ;/ ) that my writing lacks clarity. It's hard to describe a custom live CD in a single, small post. Not really. I did it in a single sentence - see 3rd sentence down. How you want to achieve something?? Not what (objectives) - which you have expanded on in a subsequent reply to Curt. I'm still not clear on why. Except for one, I don't think the why's are describable - too much intertwining of several years of personal projects. Why climb a mountain - because it's there may be the best answer. This may be an xy problem - certainly based on the expanded objectives placing a script in /etc/rc.local to do what you describe is not the solution - nor is placing it in init. I believe Curt has the right idea - [snip] Existence of kiosk CD's demonstrate what I want is doable. [snip] Network/Internet restriction policy. If you have a LAN that these users will be connected to - the best option IMO is to restrict browing at the access point using white lists (or blacklists if you enjoy playing pop-a-mole). Dans Guardian (for squid) is ideal. If that's not possible and you need to apply internet access control at the local box level (LiveCD or HDD) the simplest approach for an unskilled admin is to install either:- ;Parental Control GUI (which uses tinyproxy and Dans Guardian) https://launchpad.net/webcontentcontrol/ ;WebCleaner http://webcleaner.sourceforge.net/ ;privoxy (it's in the Debian repository). That looks promising. Dependant on what you mean by anything else... find out where anything else is triggered and remove the trigger. Ugh ;/ That's shutting the barn door Don't install door in first place. I have no idea what you are trying to say there. Could you expand on that please. E.G. I have one case where I want internet access via a serial modem only, therefore there will be no Ethernet nor WiFi drivers installed/installable (no apt/Synaptic/etc). Somewhat brute force but effective [rather significant side effects ;] -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/547dcf42.8050...@cloud85.net
Re: Creating a peculiar Live-CD
On Sb, 29 nov 14, 16:46:01, Richard Owlett wrote: Application 2: Extremely secure browsing and email for me on my personal machine. https://tails.boum.org/ Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt signature.asc Description: Digital signature
Re: Creating a peculiar Live-CD
Scott Ferguson wrote: On 29 November 2014 at 08:17, Richard Owlett rowl...@cloud85.net wrote: Cindy-Sue Causey wrote: On 11/28/14, Richard Owlett rowl...@cloud85.net wrote: snipped chuckle I've just proved ( again ;/ ) that my writing lacks clarity. It's hard to describe a custom live CD in a single, small post. Not really. I did it in a single sentence - see 3rd sentence down. The eject command indeed works as expected. The BIOS on my machines are set to automatically boot from any CD in the tray. My question was creating a Live-CD to only execute a specific script when booted and prevent anything else from being executed. The script would be of the form: run_foo eject /dev/cdrom shutdown -hP now Put the script in /etc/rc.local? Create a user that is autologged-in put the script in their autorun? I've found: http://www.debian-administration.org/article/ 212/An_introduction_to_run-levels http://www.debian-administration.org/article/ 28/Making_scripts_run_at_boot_time_with_Debian https://www.debian.org/doc/debian-policy/ch-opersys.html#s-sysvinit Other recommended reading material. Additional question: You got me looking at the contents of /etc/rc2.d . Is there a utility that would list the script name and a least the content of the #Description: field. Some of the descriptions are terse, to say the least. Dependant on what you mean by anything else... find out where anything else is triggered and remove the trigger. Ugh ;/ That's shutting the barn door Don't install door in first place. If helps I've previously created a number of different auto USB Flash key builds that were designed to be used as plug, power-on, do a certain job automagically tools without user intervention. Some of the processes 'might' be useful for what it 'sounds' like you want to do. snipped I hope that helps a little. Perhaps if you gave more details of all that you want to do. e.g. a flow chart, what will this script do? Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5479e693.3020...@cloud85.net
Re: Creating a peculiar Live-CD
On 2014-11-29, Richard Owlett rowl...@cloud85.net wrote: The script would be of the form: run_foo eject /dev/cdrom shutdown -hP now I thought of the kiosk live cds when you asked your peculiar question. Instead of starting a browser, it would run run_foo. It might be pertinent to know what run_foo consists of. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/slrnm7jvpc.233.cu...@einstein.electron.org
Re: Creating a peculiar Live-CD
Curt wrote: On 2014-11-29, Richard Owlett rowl...@cloud85.net wrote: The script would be of the form: run_foo eject /dev/cdrom shutdown -hP now I thought of the kiosk live cds when you asked your peculiar question. ME? Would *I* ask peculiar questions ;/ LOL 2 of my 4 primary projects might have features in common with kiosks. Live kiosk CD authors might differ. Application 1: Local church providing enrichment to local at risk pre-teens in inner-city. *ALL* internet connectivity explicitly defeated - homework/education being goal. Application 2: Extremely secure browsing and email for me on my personal machine. In CASE 1, there exists much software which assumes KDE. In Case 2, I like Gome2. Interesting links having *ONLY* Squeeze dependencies? Instead of starting a browser, it would run run_foo. It might be pertinent to know what run_foo consists of. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/547a4ca9.9080...@cloud85.net
Re: Creating a peculiar Live-CD
On 30 November 2014 at 02:30, Richard Owlett rowl...@cloud85.net wrote: Scott Ferguson wrote: On 29 November 2014 at 08:17, Richard Owlett rowl...@cloud85.net wrote: Cindy-Sue Causey wrote: On 11/28/14, Richard Owlett rowl...@cloud85.net wrote: snipped chuckle I've just proved ( again ;/ ) that my writing lacks clarity. It's hard to describe a custom live CD in a single, small post. Not really. I did it in a single sentence - see 3rd sentence down. How you want to achieve something?? Not what (objectives) - which you have expanded on in a subsequent reply to Curt. I'm still not clear on why. This may be an xy problem - certainly based on the expanded objectives placing a script in /etc/rc.local to do what you describe is not the solution - nor is placing it in init. I believe Curt has the right idea - you want a locked-down desktop (limits user action, wipes previous session). Depending on what your objectives are (as opposed to how I want to do what I don't know how to do) there are two approaches:- *1*. If you do *not* control the hardware the end-user will run the CD on - Build a Live-CD (see the debian packages of the same name). Modify the live CD to install the packages you want the user to have. lock the permission on any configuration files in their home directory you don't want them to be able to change. Be sure to lock down applications that allow extension/plugin additions (i.e. Iceweasel). Modify the logout button so that only two choices are possible - halt, and lock screen. A Live CD will eject during the shutdown process (you might find man halt informative). Setup autologin without password for a single user. e.g. student Use sudo to limit that users permissions. Setup ssh for remote administration. Configure the networking defaults. That's it (apart from documentation and testing, and internet access control which I'll cover later). Every time the users boots from the CD they are automagically logged into a pristine desktop with limited applications and rights. They can install, change, or go/save/browse nowhere, that you haven't allowed. When they shutdown the CD ejects and the box is powered off. *2.* If you do control the hardware - why bother with the CD? Just follow the same steps as *1.* with the additional steps of locking down GRUB and setting boot delay to 1, copying the modifications (locked permissions and customisation) to /etc/skel, and adding a script to the shutdown services that runs deluser --remove-all-records student. The added advantage is that it'll be easier to update (and if you are allowing internet access you need to apply updates - *even* if you use the Live CD option). Network/Internet restriction policy. If you have a LAN that these users will be connected to - the best option IMO is to restrict browing at the access point using white lists (or blacklists if you enjoy playing pop-a-mole). Dans Guardian (for squid) is ideal. If that's not possible and you need to apply internet access control at the local box level (LiveCD or HDD) the simplest approach for an unskilled admin is to install either:- ;Parental Control GUI (which uses tinyproxy and Dans Guardian) https://launchpad.net/webcontentcontrol/ ;WebCleaner http://webcleaner.sourceforge.net/ ;privoxy (it's in the Debian repository). snipped Dependant on what you mean by anything else... find out where anything else is triggered and remove the trigger. Ugh ;/ That's shutting the barn door Don't install door in first place. I have no idea what you are trying to say there. Could you expand on that please. snipped Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/camt2cqpr6rn0noc-7qzeeztxpy+esbbmazemk+ngu7pftvo...@mail.gmail.com
Re: Creating a peculiar Live-CD
On 11/28/14, Richard Owlett rowl...@cloud85.net wrote: In common conversation, peculiar can mean either unique or strange/unusual. I'm using it in *both* senses. I'm working on understanding how to use debootstrap and/or multistrap. In another forum I was asked a question that initially appeared to be out of context. It got me thinking about unstated assumptions. When booted to the CD it will run only a specific program. On exit the CD will be ejected and the hardware will power down. I can see how I would have accomplished this on my old S-100 system running CPM-80. How do I approach this with Debian based tools. All tools used must run under Squeeze. I may be missing something so my apologies in advance if so.. I *thought* Knoppix does something like that so I did a quick search. Turns out yes, Knoppix does eject on shut down, found a reference going back to 2003.. Maybe you could take a peek at how they accomplish it? In the same search results just now, I saw a blip of a reference to an eject program.. Sure enough, apt-cache search shows there's a package out there *aptly* named eject. Its description referenced CD changers so it might not be quite right.. My thinking is (as always), maybe, just maybe you could tweak it if it doesn't work out of the box.. Several other packages in my eject apt-cache search had the keyword eject associated but most seemed audio CD related.. Again, maybe there's something that could be pulled from those, too.. I say in my eject apt-cache search because results will vary for *everyone* based on the repositories we each individually choose to use.. :) Good luck! PS JUST TODAY getting back into trying to complete my own debootstrap self-education. Took break from updating keyrings (on dialup) to check email. Multistrap hit my own radar in last week or so, too. Thank you for the reminder.. It's now on the list :D Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with bird seed (trips occasionally, too) * -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cao1p-kdmay6ntc-yqzqsu2hqahvpfcgm9o+g+ygntkpunyz...@mail.gmail.com
Re: Creating a peculiar Live-CD
On 11/28/14, Richard Owlett rowl...@cloud85.net wrote: In common conversation, peculiar can mean either unique or strange/unusual. I'm using it in *both* senses. I'm working on understanding how to use debootstrap and/or multistrap. In another forum I was asked a question that initially appeared to be out of context. It got me thinking about unstated assumptions. When booted to the CD it will run only a specific program. On exit the CD will be ejected and the hardware will power down. I can see how I would have accomplished this on my old S-100 system running CPM-80. How do I approach this with Debian based tools. All tools used must run under Squeeze. Was closing out tabs getting ready to go back to upgrading keyrings when the word K3B leaped off the page.. CD burners (creators), don't they eject upon job completion? Been a while and my experience was not optimal so I'm halfway blanking on how it goes. Seems like one or another of the couple programs I tried MIGHT HAVE ejected without further user intervention.. Maybe that's another place to look for a possible package to grab.. Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with bird seed (trips occasionally, too) * -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAO1P-kBW3=u8=BvbaVb6+_Kp6F-bNd-qSiDCYVRC8=u8RS=9...@mail.gmail.com
Re: Creating a peculiar Live-CD
On Fri, 28 Nov 2014 13:07:50 -0500 Cindy-Sue Causey butterflyby...@gmail.com wrote: CD burners (creators), don't they eject upon job completion? Only if you ask them to (Preferences...) Cheers, Ron. -- We'll cross that bridge when we come back to it later. -- http://www.olgiati-in-paraguay.org -- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141128151555.475f2...@ron.cerrocora.org
Re: Creating a peculiar Live-CD
Cindy-Sue Causey wrote: On 11/28/14, Richard Owlett rowl...@cloud85.net wrote: In common conversation, peculiar can mean either unique or strange/unusual. I'm using it in *both* senses. I'm working on understanding how to use debootstrap and/or multistrap. In another forum I was asked a question that initially appeared to be out of context. It got me thinking about unstated assumptions. When booted to the CD it will run only a specific program. On exit the CD will be ejected and the hardware will power down. I can see how I would have accomplished this on my old S-100 system running CPM-80. How do I approach this with Debian based tools. All tools used must run under Squeeze. I may be missing something so my apologies in advance if so.. I *thought* Knoppix does something like that so I did a quick search. Turns out yes, Knoppix does eject on shut down, found a reference going back to 2003.. Maybe you could take a peek at how they accomplish it? In the same search results just now, I saw a blip of a reference to an eject program.. Sure enough, apt-cache search shows there's a package out there *aptly* named eject. Its description referenced CD changers so it might not be quite right.. My thinking is (as always), maybe, just maybe you could tweak it if it doesn't work out of the box.. chuckle I've just proved ( again ;/ ) that my writing lacks clarity. The eject command indeed works as expected. The BIOS on my machines are set to automatically boot from any CD in the tray. My question was creating a Live-CD to only execute a specific script when booted and prevent anything else from being executed. [snip] -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5478e65d.70...@cloud85.net
Re: Creating a peculiar Live-CD
On 29 November 2014 at 08:17, Richard Owlett rowl...@cloud85.net wrote: Cindy-Sue Causey wrote: On 11/28/14, Richard Owlett rowl...@cloud85.net wrote: snipped chuckle I've just proved ( again ;/ ) that my writing lacks clarity. It's hard to describe a custom live CD in a single, small post. The eject command indeed works as expected. The BIOS on my machines are set to automatically boot from any CD in the tray. My question was creating a Live-CD to only execute a specific script when booted and prevent anything else from being executed. Put the script in /etc/rc.local? Create a user that is autologged-in put the script in their autorun? Dependant on what you mean by anything else... find out where anything else is triggered and remove the trigger. If helps I've previously created a number of different auto USB Flash key builds that were designed to be used as plug, power-on, do a certain job automagically tools without user intervention. Some of the processes 'might' be useful for what it 'sounds' like you want to do. snipped I hope that helps a little. Perhaps if you gave more details of all that you want to do. e.g. a flow chart, what will this script do? Kind regards -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAMt2cQOniDtfM9L7-_KmkL16hvr8S6tC9SFwNYQhTXew0=q...@mail.gmail.com