I help run a medium-sized scientific conference annually. We have an internet cafe / registration room where our attendees may pay for the conference or just surf the web. We used to run WinXP with the hive cleanup tool and a lockdown utility probably created by a Microsoft intern. It worked fairly well. Then Windows released SteadyState, which we tried last year. SteadyState worked as advertised on my test machine, but failed spectacularly at the conference on 80% of the kiosk machines - I'm still not sure why. So on the spot we developed a Kubuntu alternative, which turned out to be better.
You probably want to read my new article on this topic. I will leave this article online for legacy reasons.
The following is how to create a relatively secure internet kiosk using Kubuntu. We assume we are able to relatively trust our users with the computers and the network. If you have to deal with malicious users you may want to add more precautions.
Update 2009-09-21: I can confirm this works in KDE3 and KDE4.
The methodology for this should be to perfect the kiosk as much as possible on one machine (or a VM) first, then clone that machine to all your other computers, changing hostnames where appropriate.
The hard drive is small because this is a VM, but you can expand your partitions to any size you like. The good thing about internet kiosks is that they typically need hardly any space. A 6GB drive would suffice for many kiosks. You don't need to use jfs, you can use your fs of choice.
sudo apt-get install firefox unionfs-tools timeoutd openssh-server kubuntu-restricted-extras flashplugin-nonfree
sudo useradd kiosk
Set the password to something long and random, eg: Q5w?47yK&=Asa&mB4g&658tE=BZWZ$KUV2_6c+R#_J9kb462m7v7zNKvNWpe5LWj
Keep this password hidden from the users. This way they don't have access to change their password or remotely log in.
Give kiosk user access to the cdrom, audio, and hot pluggable devices (eg thumbdrives):
sudo usermod -G plugdev,cdrom,audio kiosk
sudo mkdir /kiosk-ro sudo mkdir /kiosk-rwSetup your fstab, here is mine:
# /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> proc /proc proc defaults 0 0 # /dev/sda1 UUID=d49413fa-a1cb-4677-8ddc-1418a385102d / jfs defaults,errors=remount-ro 0 1 # /dev/sda3 UUID=b50fed0f-15c8-4b02-9faf-21105e2d7acd /kiosk-ro jfs defaults,ro 0 2 # /dev/sda2 UUID=f63af8ab-f085-4a61-b2dc-195366e60e68 none swap sw 0 0 /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec 0 0When you are creating your template filesystem, do
sudo mount /dev/sda3 /home/kiosk
sudo umount /home/kiosk
AutoLoginEnable=true AutoLoginAgain=true AutoLoginUser=kioskNext, edit /etc/kde4/kdm/Xstartup (/etc/kde3/kdm/Xstartup for kde3) and put these lines near the top:
logger "mounting tmpfs at /kiosk-rw" mount -t tmpfs -o mode=777 tmpfs /kiosk-rw logger "mounting unionfs at /home/kiosk" mount -t unionfs -o dirs=/kiosk-rw=rw:/kiosk-ro=ro unionfs /home/kioskAnd /etc/kde4/kdm/Xreset (/etc/kde3/kdm/Xreset for kde3):
logger "unmounting /home/kiosk" umount -t unionfs -fl /home/kiosk logger "unmounting /kiosk-rw" umount -t tmpfs -fl /kiosk-rw
echo 'kiosk' | sudo tee -a /etc/cron.deny
sudo dd if=/dev/sda | ssh -t ip.target.machine sudo dd of=/dev/sdaGo read a few chapters of a book or surf the web, after several hours it will be done. You can open up "top" on the target machine to make sure progress is being made.
I'm pretty comfortable with how locked down this system is for largely trustable users - but malicious users will be able to find some ways around the safeguards. Perhaps more importantly, you still need to watch out for users physically installing keyloggers to capture information of later users. Keeping the workstation and its connections inside a locked cage/box is a good way to deter keylogging.
Many thanks go to Chris Adams who gave me the initial idea for this project and implementation advice. If anybody has any further suggestions, recommendations, or questions please leave a comment.