Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 20 Oct 2014, 04:43
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
Kiosk Setup
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [6 Posts]  
Author Message
shadower_sc

Joined: 21 Apr 2010
Posts: 129
Location: Texas

PostPosted: Mon 24 May 2010, 19:38    Post subject:  Kiosk Setup
Subject description: Lockdown Firefox and Create a Whitelist of Ok Websites. A Blacklist is included, but I don't use it.
 

Link to Puppy Kiosk Setup for Puppy Linux 5.2. http://www.murga-linux.com/puppy/viewtopic.php?t=64632

Hello Everyone,

(Most of this post can be skipped as it's just describing what I have done and why I did some of it. My follow-up posts will have the real how to information.)

I just thought I'd post my "Kiosk Setup". It involves a great many useful customizations and everything is relatively simple once you know what to do. This is only a description of what I have done and my next post or perhaps next few posts will describe what to do to actually setup a "Kiosk". This tutorial of sorts will include how to make your own Remastered CD/ISO to end up with a "Kiosk on a CD".

What I needed was something that would only allow access to a certain specific set of needed websites and to ignore or block everything else. I also needed to make sure that there was no reasonable way to bypass my setup. In essence I needed a "Whitelist" and I needed to control the environment of the Operating System.

I started out by figuring out how to Edit the Menu. That led me to thinking about what really needed to be cut out / edited in order to provide a "secure" or unchangeable setup. I did not need to worry about people physically bypassing the Operating System as the tower to the computer is locked away inside a wood pedestal. That threw out any capability of bypassing my setup via a USB Drive or similar device. A few big things that needed to be blocked: Command Prompt, Text Editor, Context Menus, and Shortcut Keys. I was able to bypass most of my needs for editing or disabling the right-click / context menu by removing all icons from the desktop. No Icons on the desktop means a right-click won't bring up a context menu. No context menu means no Rox-Filer / File Manager access.

I did not disable the "Start Private Browsing" mode. I found the file I needed to edit, but it would not save after being edited due to it being a temporary file. I did not Need to have it disabled as I setup Firefox to delete all history upon closing, but it still would have been nice to figure out.

Unfortunately completing all of the steps in this tutorial will require a bit of time to complete, but no where near like trying to figure it all out on your own. *I found a good bit of my information here on these forums, but a lot of it I just poked about in certain files until I found what I needed.*

I will hopefully at least get one "How to" post out this evening.

Sincerely,
-Joe-

Last edited by shadower_sc on Tue 22 Feb 2011, 14:12; edited 2 times in total
Back to top
View user's profile Send private message 
shadower_sc

Joined: 21 Apr 2010
Posts: 129
Location: Texas

PostPosted: Tue 25 May 2010, 20:08    Post subject: Edit the "Main Menu"  

(Quick and Dirty Version.)
Edit the file _root_.jwmrc located in /etc/xdg/templates/ and edit the file .jwmrc located in /root/
Edit the file .jwmrc-tray located in /root/
------------------------------------------------------------------------------------

I recommend commenting out all the lines that include /etc/xdg/menus in the _root_.jwmrc file. Doing so will limit you to only having to edit One Menu. Otherwise you need to edit most of the menu files in the /etc/xdg/menus directory in order to edit the menu.

I copied the menu items I wanted to include from the /root/.jwmrc file into the /etc/xdg/templates_root_.jwmrc.

I have always disliked the Puppy Linux menu Twisted Evil . It has WAY too much stuff in it and there are a number of programs installed that do the same thing listed in the menu.

Before I get too far along I started off with Puppy Linux 4.3.1. I believe I used the "small" version, but these steps should work for any Puppy Linux with JWM (Joe's windows Manager) installed. I know this tutorial will work with Puppy 4.3.1. I tried Puppy 5.0, but it would not work on my two machines. I originally tried customizing Browser Linux, but the Remaster CD program was not installed. I later found this discussion topic on the forum:http://www.murga-linux.com/puppy/viewtopic.php?search_id=1122327694&t=55381 which I could possibly have used to add the Remaster CD functionality and just used Browser Linux instead.

There are two files associated with the menu. One is in /root and is called .jwmrc. The other is in /etc/xdg/templates/ and is called _root_.jwmrc. There is a disclaimer that tells you to only edit the _root_.jwmrc file, but it does not explain why and as long as you make the same changes everything works out fine. Also, when I edit the .jwmrc file I can see the changes when I restart X (The XWindow Server that runs JWM.).

You can add links in those files using any of the links already in the file as a template or remove links in those files by deleting the line or using <!-- and --> to comment out the line. I use <!-- --> as you can comment out multiple lines.

You can also edit the "Tray"/ Taskbar at the bottom of the screen by editing the file .jwmrc-tray located in /root/. Just comment out what you do not want listed.

(This is a bit scatter brained, but I am trying to make sure I don't miss anything. I will be making a "Manual" of sorts that I will probably attach once I am done.)

Last edited by shadower_sc on Wed 26 May 2010, 18:08; edited 1 time in total
Back to top
View user's profile Send private message 
shadower_sc

Joined: 21 Apr 2010
Posts: 129
Location: Texas

PostPosted: Tue 25 May 2010, 20:54    Post subject: Install and Setup Firefox
Subject description: Install Firefox and Lockdown Firefox so you don't have to worry 'bout someone messing it up.
 

(Quick and Dirty Version:)
Install the firefox-3.6.pet here:http://www.murga-linux.com/puppy/viewtopic.php?t=30434.
Update Firefox via Firefox's Update Manager. Help->Check for Updates
Install the ProCon Latte and Public Fox Addons via the Addons Manager in Firefox.
Setup ProCon Latte and Public Fox to limit access in the desired manner.
-------------------------------------------------------------------------------------

Install the firefox-3.6.pet from here:http://www.murga-linux.com/puppy/viewtopic.php?t=30434. Run it, click on the Help menu, and then click on "Check for Updates" in the Help Menu. That will install the latest version of Firefox which is currently 3.6.3.

Go Here: https://addons.mozilla.org/en-US/firefox/
Search for: ProCon Latte
Click On the "Add to Firefox" button that is next to the ProCon Latte entry.
Install ProCon Latte via the Firefox Dialog.
Restart Firefox.

Go Back Here: https://addons.mozilla.org/en-US/firefox/
Now Search For: Public Fox
click on the "Add to Firefox" button that is next to the Public Fox entry.
Install Public Fox via the Firefox Dialog.
Restart Firefox. Upon restart Public Fox will ask for a password, if you enter nothing it will have a blank password. You can edit this password later via the Tools->Addons menu.

You can now Edit the Preferences for ProCon Latte and Public Fox via the Tools -> Addons Menu.

I use ProCon Latte to manage a whitelist and disable access to about:config. I use Public Fox to Lock access to the Addons Menu as well as the Preferences Menu in Firefox. I also use Public Fox to lock access to History and the Bookmarks.

Between those two Addons you are able to Lockdown Firefox reasonably well enough to effectively control the Internet environment within Normal Firefox and the "Start Private Browsing" environment. I do not care about keeping the history and set my firefox to clear everything every time I close firefox.

So far we have edited the menu and Locked Firefox down, but there are still more loop holes that need to be addressed in order to have a secure environment.

One major loophole that needs to be addressed in order to have any secure environment is limiting access to the Physical Computer. The two machines I have to work with are locked away in their own wooden pedestal (Each Pedestal has a good number of holes to allow for air flow.).

Last edited by shadower_sc on Thu 27 May 2010, 17:50; edited 1 time in total
Back to top
View user's profile Send private message 
shadower_sc

Joined: 21 Apr 2010
Posts: 129
Location: Texas

PostPosted: Wed 26 May 2010, 17:58    Post subject: Lockdown Puppy Linux
Subject description: Clear the Desktop of All Icons. Remove Filesystem Access. Remove Root Access. Disable All Loop Holes
 

(Quick and Dirty Version:)
Comment out clean_desk_icons and pup_event_frontend_d lines in the /root/.xinitrc file.
Run the Drive Icon Manager (R-Click a Drive Icon) and uncheck all boxes in all tabs.
Edit the file /root/Choices/ROX-Filer/PuppyPin & Delete all Lines beginning with <icon .
(That should keep All Icons from coming up on the Desktop including Drive Icons.)
Edit the /etc/rc.d/rc.shutdown file. Disable the first time puppy has booted script by commenting out lines 536- 582. Thus, you do not get asked about Saving Puppy.
Disable the Ctrl+Alt+Backspace and Function Key Combos. Edit the file: /etc/X11/xorg.conf and add Option "DontZap" "true" to the Server Flags section. Uncomment the Option "DontVTSwitch" in the Server Flags Section as well.
(Make sure you have commented out the Restart X Server option in the menu as xorgwizard automatically starts after a certain number of X restarts. Also make sure you have not included the File Manager or Root Terminal in the Menu you want to use for the Kiosk.)
For Cosmetics sake edit the /usr/share/doc/welcome1stboot.htm file to suit your tastes.
(Making all of these changes will effectively lock you out of all editing of the machine. I recommend making one "Setup CD" with access to a Terminal and Text Editor that you can use to setup you "Kiosks".)
-------------------------------------------------------------------------------------

The Next Step is to Clear the Desktop of All Icons. Clearing the desktop of all icons removes the ability to access the File Manager via the right-click context menu on the Desktop Icons. It also makes the desktop look nice and clean.

Start by Running the Drive Icon Manager (R-Click a Drive Icon and select Drive Icon Manager). Uncheck all boxes in all tabs of the Drive Icon Manager and click Ok. That will remove all "individual" drive icons, but will still leave a "Drives" icon on the desktop. To keep that from happening edit the file .xinitrc located in /root/ and comment out clean_desk_icons and pup_event_frontend_d.
(Now the Internal Drives, and External Drives plugged in will not popup on the Desktop.)

Now Edit the file PuppyPin located in /root/Choices/ROX-Filer/ & Delete all Lines beginning with <icon .
(That will remove all of the other icons that are on the desktop. You could also right-click each icon on the desktop and select remove item(s), but that would not work with any of the drive icons.)

Now that we have our desktop cleaned up we can focus on Finishing our Lockdown of Puppy Linux.

Disable the Save at Shutdown option on your "Kiosk CD" by editing the rc.shutdown file located in /etc/rc.d/ . Disable the first time puppy has booted script by commenting out lines 536- 582. That way it will not create a "PUPSAVE" file that saves your settings. (We will be Re-Mastering our CD to create our "Kiosk CD" and the Save at Shutdown feature is not something we want in a Kiosk environment.)

Disable the Ctrl+Alt+Backspace and Function Key Combos. This step is crucial in disabling access to any command line interface. Edit the file: xorg.conf located in /etc/X11/ and add Option "DontZap" "true" to the Server Flags section. Uncomment the Option "DontVTSwitch" in the Server Flags Section as well.

When editing the menu you need to make sure that you remove access to the File Manager, text editors, and Terminals (such as rxvt). While editing the menu also make sure that you remove access to the "Restart X Windows" option in the Shutdown Menu. After restarting X Windows a certain number of times puppy will rerun the xorgwizard program. In order to actually disable the Ctrl+Alt+Backspace and Function Key Combos you have to be running Xorg, if someone was to change from using xorg to using vesa they would then be able to use the Ctrl+Alt+Backspace to gain access to the command prompt. Thus, in order to ensure control you need to be using Xorg.

Completing all of these steps will lock down your Puppy Linux and there will be no way for someone to circumvent your secure setup. Go back to the Edit Menu Post for help on re-editing the menu, if you need to do that.

One last thing that I would recommend doing is editing the file welcome1stboot.htm located in /usr/share/doc/ . (This is the file that is run when you click on the getting started bar at the top when Puppy Linux Loads.) I customized that HTML file to welcome the patrons to my Library. That file could also be edited to give the user a quick tutorial on how to use your Kiosk.
Back to top
View user's profile Send private message 
shadower_sc

Joined: 21 Apr 2010
Posts: 129
Location: Texas

PostPosted: Thu 27 May 2010, 17:43    Post subject: Remaster Puppy Linux
Subject description: Use the Remaster-CD Puppy Live-CD function to create a Kiosk Setup CD and later a Kiosk CD
 

(Quick and Dirty Version:)
#1 Edit the Menu, Add Programs, Setup Firefox Addons, etc.
#2 Choose to Remaster the Puppy Live-CD and click Ok to Start the Process.
#3 Select the Partition/Drive where you will save the ISO file.
#4 Select the CD drive to copy the essential Puppy Linux files from.
#5 Make sure the CD is in the Drive, click Ok, and wait for it copy the files needed.
#6 Edit any files you need to in the /tmp/root folder and Click Ok.
(You can save the Addons and Firefox settings by deleting the /tmp/root/.mozilla folder and moving the /root/.mozilla folder to the /tmp/root folder.)
#7 Choose whether or not to Customize Puppy Linux for the Machine Only. Don't do this for your "Template" / "Kiosk Setup CD". Do this when you are creating a CD for the specific Machine you are using.
#8 After selecting No, edit the /tmp/etc files to your liking. *You will need to edit the /etc/X11/xorg.conf0 file and possibly others.* Click Ok.
#9 Now you can edit the boot configuration or leave it as the default and Click No.
#10 Copy any additional sfs files to the puppylivecdbuild folder on the partition/drive you selected earlier. Click Ok.
#11 Now Click No to create an ISO in the next step or click yes to burn a CD.
(I click No as I would rather have the ISO with which I can burn multiple copies.)
#12 Now Click Yes to create an ISO or No to Quit. *The puppylivecdbuild folder remains on the drive/partition with either option.
The ISO option will run through a script with percentages for creation of the file. Wait for the following popup before removing your drive or quiting out of puppy linux. Click Ok and you are done.
-------------------------------------------------------------------------------------

All of the previous steps are great and wonderful, but now you need to make those changes stick.

Before you Remaster the Puppy Linux Live-CD, make sure you have edited the Menu to your liking, added any programs you want, Setup the Firefox Addons, and tweaked Puppy to your Liking.

To Remaster the Puppy Linux Live-CD you need to have access to the Remaster Puppy Live-CD option in the menu. This is not a problem, if you are creating a "Template" / Kiosk Setup CD for creating your Kiosk CD as you will want that to be left in the menu.

What about if you are creating the Kiosk CD for one particular machine?
Just make sure when editing the menu you don't restart X, if you don't then the changes won't apply to the current session you are running. You will have access to the Remaster CD script, and will still be able to make it so the Kiosk CD does not.

Another thing to keep in mind when creating the Kiosk CD for one particular machine is that you are going to want to choose Yes when asking if you want to Customize Puppy for your Current Machine.

Step#1
Select the Remaster CD Script from the menu and Click Ok to start the process. You can close this window to quit the script. No files will have been saved at this point.

Step#2
Select the Partition/Drive where you will save the ISO file and the puppylivecdbuild folder. (The "working" folder for the script.) Click Ok.

Step#3
Select the CD drive to copy the essential Puppy Linux files from. Click Ok.

Step#4
Make sure the CD is in the Drive, click Ok, and wait for it copy the files needed.

Step#5
Edit any files you need to in the /tmp/root folder.
(You can save the Addons and Firefox settings by deleting the /tmp/root/.mozilla folder and moving the /root/.mozilla folder to the /tmp/root folder.) Except for the .mozilla folder or other "personally identifiable information" most everything in the /root/ folder will be in the /tmp/root folder and you will not need to make any changes. Click Ok.

Step#6
Choose whether or not to Customize Puppy Linux for the Machine Only. Don't do this for your "Template" / "Kiosk Setup CD". Do this when you are creating a CD for the specific Machine you are using. Choose Yes, or No and go to the next step.

Step#7
After selecting No, edit the /tmp/etc files to your liking. *You will need to edit the /etc/X11/xorg.conf0 file and possibly others.* Just make sure you know what you have edited in the /etc/ and double check those files in the /tmp/etc folder. Click Ok.

Step#8
Now you can edit the boot configuration or leave it as the default and Click No. I just click No as I am not using any special boot parameters. (One example would be if you plan on using this as a flash drive bootable image. You may want to add pmedia=USB.)

Step#9
Copy any additional sfs files to the puppylivecdbuild folder on the partition/drive you selected earlier. Click Ok. (Such as: OpenOffice3.sfs or whatever other sfs files you may want included on the CD.)

Step#10
Now Click No to create an ISO in the next step or click yes to burn a CD.
(I click No as I would rather have the ISO with which I can burn multiple copies.)

Step#11
Now Click Yes to create an ISO or No to Quit. *The puppylivecdbuild folder remains on the drive/partition with either option.
The ISO option will run through a script with percentages for creation of the file. Wait for the following popup before removing your drive or quiting out of puppy linux. Click Ok and you are done.
Back to top
View user's profile Send private message 
shadower_sc

Joined: 21 Apr 2010
Posts: 129
Location: Texas

PostPosted: Wed 02 Jun 2010, 15:54    Post subject: Printing
Subject description: Puppy Linux Printing
 

(Quick and Dirty Version:)
Manage your printers here: http://localhost:631
Keep your Printer settings on a Re-Mastered CD by deleting the /tmp/etc/cups folder and moving the current /etc/cups folder to the /tmp/etc folder.
----------------------------------------------------------

One thing that I missed in my initial setup is printing support for my Kiosk Machines. Thankfully it wasn't too painful.

I needed to setup a network printer. I used Puppy's CUPS manager, but it kept adding in a bunch of other networked printers that I didn't want to have added. The key was to not run Puppy's CUPS manager and instead to just use the direct link to the CUPS management interface. (It does some extra things and doesn't just provide a link to the management interface.)

The direct link is: http://localhost:631
(When you first go to this page it will ask you if you want to add a printer. You can do so there or add one via the Management Tab.)

Open a browser and go to http://localhost:631.
That page is the CUPS management interface.
I clicked on Management and then Add Printer.
The first page is only description information. Enter the Name you want to call the printer, where it is physically located, and any other description information you want to add.
I chose ipp as the protocol to use as I am connecting to a networked printer.
I then entered the hostname for the printer. You could also use the IP Address if you preferred and know that it has a static IP Address.
In the next dialog box I chose my brand HP.
It then gave me a generic driver that I could use for the HP Laserjet series. (The driver may be more specific if you choose a different protocol than ipp.)
I hit ok and it added the printer to CUPS.
Click on the Printers Tab when you are done and you can manage your printers and Print a Test Page.
I printed a Test Page to verify that it was working and it did after I connected to the network. (I was some confused for a while as it was not working, but I found my problem was that I couldn't print due to the fact that I was not actually connected to the network. Make sure you are connected to the network you are trying to use!)

(A WORD OF CAUTION: The command "rm -r" is a powerful delete tool and will not ask you if you know what you are doing.)

Create a Re-Master CD with Your Printer Pre-Setup:
Follow the instructions for Re-Mastering your CD up until the point that it gives you the option to edit the files in the /tmp/etc folder.
Make sure you have setup Puppy to use the Printer and have printed a test page.
Now delete the folder /tmp/etc/cups using this command:
rm -r /tmp/etc/cups
(The /tmp/etc/cups folder should no longer show up.)
Then move the current folder /etc/cups to /tmp/etc/ using this command:
mv /etc/cups /tmp/etc/
(You should now have a /tmp/etc/cups folder.)
Now continue on with Re-Mastering your CD as you like.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [6 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1087s ][ Queries: 11 (0.0045s) ][ GZIP on ]