isn't this more slug-chat? anyway, i would like to see this, as well as ubuntu vs openbsd
Dean Simon Wong wrote:
I have setup an Internet Cafe for a mate of mine in a far away land. In what seems like a nightmare I haven't woken up from yet, he is proposing a crazy marketing stunt to pull in people to the Cafe. A $1000 reward for obtaining the root password off one of the PC terminals! I don't even want to repeat that, I'm just trying to think of it as the ultimate vote of confidence ;-) Outline of the system design is: * The PCs are all running Ubuntu Breezy (as is the server). * The local user accounts are supplied via NIS from a central server (only user accts, all passwords disabled) as all authentication is done via PAM radius, back to the central server. Yes, I know LDAP will be in v2. * IPsec secures communication between each PC and the server * There is an admin account with full root sudo access on each PC and the root password has been set the same (doesn't seem like a lot of point if "admin" has root sudo access anyway to have it different - correct me if I'm off track here) * The PC admin/root passwords do not match those on the server Rules of engagement * Must be on-site and present (no at/cron jobs) * Cannot boot off anything else (of course) * Cannot change boot parameters * No malicious activity (I know, what does this mean under these circumstances?!) * They have to open a file only readable by root and report back the contents plus the root password plus the method of attack * I am going to push for this to only be for 1-2 weeks tops I'd love some feedback from people on what further preps I should undertake. I know that sounds very open ended but should I really trust the default installation to be safe enough? Of course, a public system like this is always open to naughtiness but legitimising it is really scary.
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html