User Tools

Site Tools


linux:debian:kiosk_using_xfce_and_debian

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux:debian:kiosk_using_xfce_and_debian [2015/12/24 01:45]
ozan [Securing Kiosk]
linux:debian:kiosk_using_xfce_and_debian [2015/12/25 13:23]
Line 1: Line 1:
-===== How to make a Kiosk using Xfce and Debian===== 
  
-In this tutorial I will share some of my experiences with kiosk softwares running on Debian. I had some problems during my first try mostly because of my insufficient linux knowledge. I do not want you to have the same problems. I did everything from scratch and may have some unidentified problems/​bugs even if there are ready made solutions. \\ \\ 
-Since I love debian with xfce, I have never thought using KDE on Debian or others which supports kiosk mode. 
-I used xfce because xfce is a lightweight desktop environment suitable for kiosk systems which generally have low RAM and CPU. 
-I listed my basic requirements of a kiosk so I tried to achieve them. 
- 
-    - Must be able to run on low hardware resources 
-    - Must be able to run on many types of cpu architecture (x86, x86_64, arm, etc.) 
-    - Must be a low cost system with respect to hardware, software, maintenance and wireless communication 
-    - Must be able to use mobile phone network (GPRS, 3G, 4G, etc.) or wireless network in addition to wired networks 
-    - Must be able to recover from unexpected poweroff and reboot 
-    - Must be able to allow remote software installation 
-    - Must be able to install security updates automatically 
-    - Must be able to communicate with servers using secure protocols 
-    - Must be able to log many activities for debugging/​auditing purposes and send them to servers when necessary 
-    - Must close all the ports except needed ones and network attacks must be banned after failed attempts 
-    - Must have only 2 users, one for administration (e.g. root), one for desktop session (very limited user) 
- 
-I realized that using MS Windows based systems did not fulfill my requirements in terms of cost, security, and cpu architecture flexibility. 
- 
-==== Remote Access To Kiosk ==== 
- 
-Managing remote computers (in this case kiosks) can be easy if you use right tools. 
- 
-VNC is a desktop sharing system like RDP in Windows. You may setup VNC Server for your kiosks to fix the daily problems. 
-I wrote [[linux:​debian:​vnc_server_setup|tutorial]] explaining how to setup VNC Server on Debian (jessie). It will help you to connect to your kiosks. 
- 
-SSH is a secure protocol for getting access to remote computers highly used in Linux/Unix World. Settingup a ssh server is also very important to solve the problems easily. When you install OpenSSH server to your Debian kiosk do not forget to enable root access during development period, which is documented [[linux:​debian:​enable_ssh_root_login|here]]. 
- 
- 
-==== Learning Shell Scripting ==== 
- 
-Linux shell is very powerfull and you can do management of kiosks easily from command line (terminal) if you learn how to use Linux shell scripting. IMHO Bash Shell is more user friendly than other shells. There are lots of tutorials on the [[http://​www.google.com/?​q=bash+scripting+tutorial+for+beginners|internet]]. 
- 
-Do not forget to visit my [[linux:​cheat_sheet|cheat sheet]] for general Linux commands. ​ 
- 
-==== Securing Kiosk ==== 
- 
-I think you do not want to be hacked for not paying enough attention to securing your clients. If you use your kiosk in public, you can ruin your business and become a disreputable company/​person. Of course there are many tools out there but I will suggest you only one tool [[http://​www.fail2ban.org|fail2ban]]. 
-<WRAP box> 
-> Fail2ban scans log files (e.g. /​var/​log/​apache/​error_log) and bans IPs that show the malicious signs 
-</​WRAP>​ 
-Documentation of fail2ban is not very good but if you dig in you will learn how it works and how you modify it for your needs. Default settings may be enough but for optimizing resources in kiosks you can tweak it. It is easy to install fail2ban from terminal with 
-  aptitude install fail2ban 
- 
-<WRAP center round info 60%> 
-TO BE CONTINUED... 
-</​WRAP>​ 
linux/debian/kiosk_using_xfce_and_debian.txt ยท Last modified: 2015/12/25 13:23 (external edit)