On Fri, Mar 22, 2002 at 08:45:18AM -0600, Ben Stallings wrote: > Let's imagine for a moment that you're configuring a Linux box for a computer > amateur, like your grandmother. If your grandmother is a technogoddess, > imagine someone else's grandmother. She wants a graphical Web browser and > e-mail client and nothing else, so you lock the system down very tight ... > she can't get into any programs that she doesn't understand. > > Now let's say she calls you up and says something is wrong with the computer. > You gather that it turns on and the screen lights up, but beyond that she's > really not very descriptive about what exactly is happening. She's miles > away from you, so you really don't want to go to her place or have her bring > the computer to you. You kick yourself for not installing some sort of back > door so you can dial into her machine and check it out as root. > > Now let's say you foresee this situation and do in fact install some sort of > back door. What software do you use? How do you secure it so that other > people don't hack her computer? How do you make it easy enough for her to > start when she needs to without being so obvious that she starts it > unnecessarily? --Ben My $.02: - have /bin, /etc, /sbin, and /usr on read-only media (CD-R?) - have /home, /root, and /var on disk (maybe as little as 2 Gb?) - run sshd listening on a high port, accepting connections from a limited IP range (admin machine) - assuming dynamic IP on granny's machine, have it email you the new IP with each connect (encrypt this?). Maybe have *two* boot CD's -- one for "normal" use (no sshd), one for "debugging", with sshd enabled? -- johntrammell at yahoo.com | 78BA 706C C5F9 9321 E7C4 933B D063 907B A88E 924B Twin Cities Linux Users Group (TCLUG) Mailing List http://www.mn-linux.org Minneapolis/St. Paul, Minnesota irc.openprojects.net #tclug