Is there a Content Advisor for the browser?

Booting, installing, newbie
Post Reply
Message
Author
User avatar
acklan
Posts: 45
Joined: Tue 23 Aug 2005, 01:16
Location: Baton Rouge, Louisiana
Contact:

Is there a Content Advisor for the browser?

#1 Post by acklan »

I showed this flavor of Linux to my kids school and was amazed how egar they were. I suggested each child have a CD so the would reduce the need to maintenance the HDs. They jumped on it. They had a few question I could not answer.

1) Is there a "Content advisor" like in IE?

2) Is there a way to set a master admin password so that the kids cannot add programs or features?

I am unfamiliar with Netscape (At least since the late '90s) and could not answer the questions in a timely fashion.
What they want is to give a cd to each student (7th & 8th grade) and allow them to do research for school work on the net. Experiment with doing class work on the computers. and FTP it to the teacher.
I have donated 60 computers (266mhz to 500mhz) and network them together over the passed two year. The teacher VNC the students to make sure they are on subject and not roaming. The trouble is I have to reinstall 4 to 10 computers. This Puppy could make life a lot easier on everyone.
Any guidance is welcome. They don't have burners but they will buy them if I show them it works.

User avatar
rarsa
Posts: 3053
Joined: Sun 29 May 2005, 20:30
Location: Kitchener, Ontario, Canada
Contact:

#2 Post by rarsa »

1) actually it is more effective to have a Proxy blocking the sites. http://www.squid-cache.org/ Then you only need to configure one computer.

2) Puppy currently runs as root. There are some technical reasons for that. Although not everything is lost.

You could slightly modify the boot script and remaster Puppy to run from the CD always as option 3 without HDD and mount a network drive (or floppy or thumb drive) where they would store their work.

Whatever they install or configure would be in RAM disk and would be lost when they shut down puppy.

Are all the computers alike or each computer would need a different configuration?

doopdoop
Posts: 48
Joined: Thu 28 Jul 2005, 08:38
Location: Magdeburg, Germany

#3 Post by doopdoop »

a) Filtering
There is a Firefox extension called BlockXXX which promises to block certain sites, but it gets mixed reviews and it is trivial to remove.
You can also install a local proxy server which filters the things. See http://software.newsforge.com/software/ ... 1209.shtml for a tutorial.
A general better way (in Linux or Windows networks) is to filter the sites centrally at the router. It is harder to circumvent (remember, you are root on puppy) and easier to administer. The above tutorial gives references on how to do that.

b) Stop installing software
Hmmm, difficult if you are root ;-). But the raw and a bit naive way of puppy let's you thing of raw and naive ways:

1) Software from sources are "difficult" to install without a compiler (no prob).
2) Already compiled software in DEB and RPM formats cannot be installed as there are no tools for them ( for paranoids: remove the "ar" utility as well, which could extract deb's).
3) remove pupget and dotpup to make things harder.

(OK, I guess you want to keep zip, gzip and tar, so there are still ways for a few pre-packed software ... )

However, one question remains: why do you want to do take extreme measures ?
a) Administration of cluttered installation is easy: delete pup001 (can be done from inside puppy) and restart.
b) There are fewer "distractors" availaible in Linux, with or without the above the measures mentioned above.

User avatar
acklan
Posts: 45
Joined: Tue 23 Aug 2005, 01:16
Location: Baton Rouge, Louisiana
Contact:

#4 Post by acklan »

doopdoop

It's not making it harder for me, but for the kids to get to places they shoud not. We don't want them roaming aimless on the net. We have a few sites we are going to let them go to and that is it. There is a progrm for windows called IProtectYou that allows sites verse blocking them. Everything is blocked unless the Admin allows it. And I do want to block the zip tar and gzip.


rarsa


We have
6 P-II 266mhz 384ram Dell GXa 66mhz FBS
4 P-II 300mhz 384ram Dell GXa 66mhz FBS
18 P-II 350mhz 512ram Dell GX1 100mhz FBS
2 P-II 400mhz 512ram Dell GX1 100mhz FBS
18 P-III 450mhz 512ram Dell GX1 100mhz FBS
14 P-III 500mhz 512ram Dell GX1 100mhz FBS

I have 8 P-III 450, and 2 P-III 500 I am looking for RAM and HD for the replace the 266 and 300.
I have a P-III dual 450mhz Compaq workstation that I have each student's drive mapped to. So the students can click and open assignment so the teacher does not have to make copies. I am just having a hard time getting a handle on this server thing between maintaining the computers and holding down 2 jobs. I enjoy it but it leaves me with full days.I guess I could learn the proxy.

Thank you all.

keenerd
Posts: 176
Joined: Sat 20 Aug 2005, 19:24

#5 Post by keenerd »

Perfect security with Puppy is near impossible. In fact, Puppy can be used to circumvent most security measures. (Your XP machine got ruined and you can't log in? Puppy CD and USB external hard drive to clone all your data. Or steal someone else's data.)

Remove menu entires, files associations, and uninstall applications. 90% of the way there.

But, how much work do you want to do? What's to stop a kid from downloading puppy and burning his own CD? Can't get rid of the burning sotware (multi-session). You block sites hosting the ISO. So a kid brings a CD from home and boots that. And all your work goes out the window.

You can prevent this, too. All you need is a challenge/response system, and someway of the central server to cut a kid off if their puppy disk doesn't pass. I could go on, but I'm past the point of paranoid diminishing returns.

Puppy is far too distributed to be secure, or easy to manage. Take a clue from dictatorship government and centralize.

http://www.tldp.org/HOWTO/Mock-Mainframe/
I've read this, and have been wondering if this could be done with Puppy on the central server. Add support for more X sessions, multiple user accounts. Never been done, but it'll be easier than herding a hundred Puppy CDs.

User avatar
acklan
Posts: 45
Joined: Tue 23 Aug 2005, 01:16
Location: Baton Rouge, Louisiana
Contact:

#6 Post by acklan »

:shock: I need an asprin.
Actually that is exactly what I am looking for. Then all I have to do is place a firewall with restiction between the X server and the net...right.
To answer your question about the kids bring a disk from home, They will have to leave the class disk with the teacher. But someone will find away around it with time. They (bright kids)always do. I am going with the "a lock is for an honest person". If you make it apparently illegal then the average person may just leave it alone.
You are only paranoid if nothing goes wrong..then you are prudent :wink: .
Thank for the suggestions. I guess I'll start plying with the XServer at home on my Net (LAN) with the kids.

doopdoop
Posts: 48
Joined: Thu 28 Jul 2005, 08:38
Location: Magdeburg, Germany

#7 Post by doopdoop »

keenerd wrote:
http://www.tldp.org/HOWTO/Mock-Mainframe/
I've read this, and have been wondering if this could be done with Puppy on the central server. Add support for more X sessions, multiple user accounts. Never been done, but it'll be easier than herding a hundred Puppy CDs.
I think using puppy for this is like converting a stock car into a truck - it's possible, but probably not worth the hassle. If you want to do that, you should really switch to a full-blown distro (there are also specialized ones for this tasks). It saves you a lot of Aspirin.
Here in Germany, there is a non-profit organization called "Schulen ans Netz" (schools on the net) which offers a distribution for easily setup a central server including user accounts, web filtering, mail server etc. I guess, there a several similar projects around.

Bruce B

#8 Post by Bruce B »

If there are only a few sites you will allow them to visit you could:

* put those sites in /etc/hosts

* delete on boot or prevent the creation of of /etc/resolv.conf

This should block access to the extent that someone would have to put in the full IP address to contact a site not in the hosts file because no DNS is available.

User avatar
Ian
Official Dog Handler
Posts: 1234
Joined: Wed 04 May 2005, 12:00
Location: Queensland

#9 Post by Ian »

You could set up one machine as a firewall close all ports that are not needed and set the routing table to allow only the sites you wish them to go to.

If you are familiar with the iptables rules and the route command this is easy to implement.

There is a firewall named SmoothWall that is easy to setup and use.

Bruce B

#10 Post by Bruce B »

I don't know anything more about SmoothWall than what Ian posted. Here are some links of interest

http://www.smoothwall.net/information/p ... php?id=796

http://www.smoothwall.net/information/n ... php?id=795

User avatar
acklan
Posts: 45
Joined: Tue 23 Aug 2005, 01:16
Location: Baton Rouge, Louisiana
Contact:

#11 Post by acklan »

You guys (and gals) are great. Thanks for all the help.

Post Reply