[Trisquel-users] Setting up a Trisquel box at a public library

overbackup4 at gmail.com overbackup4 at gmail.com
Fri Aug 8 11:43:57 CEST 2014


I have set up GNU boxes for public use before (not for a library).

For public use I would recommend booting off an image rather than installing  
to HD.

Could be a cdrom internal to the box, a USB key inside that the users cannot  
access or a thin client booting from the network.  This allows you to have a  
known base start point with each boot and any rootkits/backdoors/etc are  
scrubbed on each reboot. If persistent data is needed, place it on a separate  
local or network drive away from the OS.

One of the security points to lockdown is the ctrl-alt-F combinations that  
allow access to a login prompt. Remove these if you can.

Regarding the use of the box that you are setting up, does it really need  
flash installed?  If it is for research, wouldn't flash detract from this.
With enough sites pre-bookmarked or visible on the homepage of the browser,  
you can direct users to quality information resources that do not require  
flash (wiki etc).
Perhaps a physical sign next to it explaining that it is "For research use  
only and some entertainment websites will not work" will cover you when flash  
sites are not rendering.
I'd recommend making it known to the library staff that these sites will not  
be available to users, and that they can advise users to use a home PC or  
netcafe to look at entertainment based sites.




More information about the Trisquel-users mailing list