Presentation is loading. Please wait.

Presentation is loading. Please wait.

LCA20101 Parental Controls using Edubuntu Craig Pearce LCA2010 $ modprobe pcspkr * Senior Security Advisor at a major-4.au bank * CompTIA Advisory Committee.

Published byMagnus Rich Modified over 9 years ago

Similar presentations

Presentation on theme: "LCA20101 Parental Controls using Edubuntu Craig Pearce LCA2010 $ modprobe pcspkr * Senior Security Advisor at a major-4.au bank * CompTIA Advisory Committee."— Presentation transcript:

1 LCA20101 Parental Controls using Edubuntu Craig Pearce LCA2010 $ modprobe pcspkr * Senior Security Advisor at a major-4.au bank * CompTIA Advisory Committee (Linux+) * Sessional university lecturer * Member of Ubuntu Australian Team, Edubuntu advocacy and GchildCare projects * Once an unrestrained child on the Internet :-/ * Now a parent twice over :-)

2 LCA20102 Overview  What is Edubuntu?  Safer browsing  WebContentControl & GChildCare  Locking down Gnome  Time-based quotas  Remote view and control  Questions/debates/flames? - this is NOT an exhaustive talk - this is NOT a lockdown guide - focus is technical parental controls - most effective control is physical presence

3 LCA20103 Edubuntu  Ubuntu-based distro targeted at schools  Office-suite, web browser, many educational apps  Check out Gcompris, childsplay, marble, kalzium, kturtle, ktouch, kgeography....  ltsp-cluster for classroom (DHCP/TFTP/PXE) - Own self-contained distro up until 9.04 - 9.04 was an apt repo add-on over the top of a standard Ubuntu install - 9.10 has gone back to being own distro (yay!)

4 LCA20104 Edubuntu  Demo (physical host: br0 192.168.2.201) Edubuntu server (VirtualBox bridged on br0:.202) apt-get install ltsp-server thin-client-manager-gnome \ openssh-server dhcp3-server tftpd-hpa sudo ltsp-build-client (puts stuff into /opt/ltsp) sudo ltsp-update-sshkeys sudo ln -sf /opt/ltsp/i386/etc/lts.conf /var/lib/tftpboot/lts.conf gksu webcontrolcontrol &

5 LCA20105 Edubuntu – LTSP Demo Edubuntu client sudo./qemu-system-x86_64 -enable-kqemu -kernel-kqemu -boot n -net nic,model=e1000,vlan=0 -net tap,vlan=0,ifname=tap0,script=/etc/qemu-ifup -localtime -m 512 -no-acpi -smp 2 -vnc 127.0.0.1:0 -k en-us #!/bin/sh echo "Bringing up $1 for bridged mode..." sudo /sbin/ifconfig $1 0.0.0.0 promisc up echo "Adding $1 to br0..." sudo /usr/sbin/brctl addif br0 $1 sleep 2 # The bridge network interface(s) auto br0 iface br0 inet static address 192.168.2.201 network 192.168.2.0 netmask 255.255.255.0 broadcast 192.168.2.255 gateway 192.168.2.1 bridge_ports eth0

6 LCA20106 Safer browsing‏  Whitelisting – ProCon Latte (Firefox)

7 LCA20107 Safer browsing‏  Tactical: (several releases) [ dansguardian+ tinyproxy+ firehol ] GUI'ed = WebContentControl  Strategic: (blueprints only) GChildCare  Front-end (QT, GTK)  Backend (hooks into several mechanisms)

8 LCA20108 Safer browsing‏ - Firehol iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP transparent_squid 8080 "proxy root" # Accept all client traffic on any interface interface any world policy drop protection strong client all accept # lazy – all LAN services (including DHCP, NBP, TFTP, SSH, … ) group with src "192.168.2.0/24" server any accept group end

9 LCA20109 Time-based quotas  Browser-level: LeechBlock

10 LCA201010 Time-based quotas  Terminal timekpr GUI front-end for PAM '/lib/security/pam_time.so'

11 LCA201011 Time-based quotas  X11 and shells timeoutd # Format: TIMES:TTYS:USERS:GROUPS:MAXIDLE:MAXSESS:MAXDAY:WARN # or: TIMES:TTYS:USERS:GROUPS:LOGINSTATUS # craig is allowed 240min/session, 480min/day on ttyS7 (X11) Al:ttyS7:craig:*:20:240:480:5 # others allowed 60min/session, 120/day across all terminals Al:*:*:*:20:60:120:5

12 LCA201012 Gnome lockdown  Pessulus – Kiosk style !

13 LCA201013 Remote view and control Install the Real VNC 'x11vnc' on each of the machines. Install 'xvncviewer' on your own machine. Log onto the child's machine (eg 192.168.2.220) and as the root user create a stored VNC password for future authentication. ssh 192.168.2.202 $ sudo x11vnc - storepasswd /root/.vnc/passwd Create a local SSH port forward to the child's machine and run VNC as the root user locally: ssh -t -L 5900:localhost:5900 192.168.2.202 \ "sudo x11vnc - localhost -rfbauth /root/.vnc/passwd -auth /home/toddler/.Xaut hority -display :0 -ncache 10" Watch the session remotely (without - ViewOnly you can take control): xvncviewer -ViewOnly localhost Or.... use iTalc … remote view/control, sent messages, lock desktops and more

14 LCA201014 The end?  Questions/debates/flames?  Other ideas – eg mythtv controls

15 LCA201015 Resources Edubuntu: http://edubuntu.orghttp://edubuntu.org GChildcare: http://launchpad.net/gchildcarehttp://launchpad.net/gchildcare ProCon Latte: https://addons.mozilla.org/en- US/firefox/addon/1803https://addons.mozilla.org/en- US/firefox/addon/1803 LeechBlock: https://addons.mozilla.org/en- US/firefox/addon/4476https://addons.mozilla.org/en- US/firefox/addon/4476 WebContentControl - https://launchpad.net/webcontentcontrol https://launchpad.net/webcontentcontrol Dansguardian - http://www.dansguardian.orghttp://www.dansguardian.org Squid - http://www.squid-cache.orghttp://www.squid-cache.org Timekpr - https://launchpad.net/timekpr/https://launchpad.net/timekpr/ Me: http://launchpad.net/~craig-w-pearcehttp://launchpad.net/~craig-w-pearce

Download ppt "LCA20101 Parental Controls using Edubuntu Craig Pearce LCA2010 $ modprobe pcspkr * Senior Security Advisor at a major-4.au bank * CompTIA Advisory Committee."

Similar presentations

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
CPT 123 Internet Skills Class Notes Internet Services Session A.

CPT 123 Internet Skills Class Notes Internet Services Session A.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Poor Man’s Firewall A firewall that can be setup and implemented with a minimum amount of time and money.

Poor Man’s Firewall A firewall that can be setup and implemented with a minimum amount of time and money.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
Linux Networking Commands

Linux Networking Commands
Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
System Administration: Linux Track 2 Workshop June 2010 Pago Pago, American Samoa.

System Administration: Linux Track 2 Workshop June 2010 Pago Pago, American Samoa.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
Virtual Company Group 8 Presentation Date: June /04/2017

Virtual Company Group 8 Presentation Date: June /04/2017
Penetration Testing Training Day Capture the Flag Training.

Penetration Testing Training Day Capture the Flag Training.
© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.

© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.
Linux & Library – Web Kiosks for Peanuts Sam Deeljore Pius XII Memorial/HSC Libraries Saint Louis University LITA 2004 National Forum St. Louis, Missouri.

Linux & Library – Web Kiosks for Peanuts Sam Deeljore Pius XII Memorial/HSC Libraries Saint Louis University LITA 2004 National Forum St. Louis, Missouri.
Customized cloud platform for computing on your terms !

Customized cloud platform for computing on your terms !
1 Web Server Administration Chapter 9 Extending the Web Environment.

1 Web Server Administration Chapter 9 Extending the Web Environment.
Computer System Laboratory

Computer System Laboratory
07/11/2012 www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10.ppt L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: 90 366364 voice.

07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.

Similar presentations

Ads by Google