Difference between revisions of "Kiosk"

From Hack Sphere Labs Wiki
Jump to: navigation, search
(Process)
(Notes)
 
(20 intermediate revisions by the same user not shown)
Line 28: Line 28:
 
=Automated Process=
 
=Automated Process=
  
MehDo this instead of all that:
+
http://jacob.steelsmith.org/content/ubuntu-kiosk-based-10041
 +
 
 +
It looks like someone has a LiveCD/InstallCD/Release of Ubuntu LTS out that has alot of the kiosk things done for you. The individual has the scripts available but not the configuration files for download on his website.  But he is missing documentation/examples of what he did to the install so the scripts will run well.  For example the creator distributes the scripts but not the config file directory where the scripts source from.  He does not show how he editied the .xsession file to make ff start as the kiosk user.  Etc.  I may or may not document what I did but I am going to provide some files for downloading that have the config files and copies of the kiosk users home dir from the boot cd for the future.
 +
 
 +
It also looks like the creator has specific versions of software installed.  An older but working version of firefox, etc.  I tried doing an apt-get update/upgrade and it messed with systemI think one of the plugins does not work with ff.  This can be easily fixed but I do not have the time.  It could have been something bigger though.  Something he customized that when upgraded borked the system.
  
http://jacob.steelsmith.org/content/ubuntu-kiosk-based-10041
 
  
 
Default itadmin password is 'changeme'
 
Default itadmin password is 'changeme'
  
Individual has the scripts available but not the configuration files for download on his website.
 
  
To edit Firefox settings edit /home/kiosk/.xsession
+
To edit Firefox settings edit /home/kiosk/.xsession and make FF go into safe mode.
  
Other things I did:
+
==Other things I did==
*Disabled tabbed browsing in FF: http://www22.verizon.com/residentialhelp/fiosinternet/general+support/top+questions/questionsone/121582.htm
+
*Installed/Upgraded Java and the flashplugin: aptitude install openjdk-6-jre flashplugin-nonfree
*After turning on dansguardian I could not ssh into the box.  I allowed ping and ssh by editing the firehol config.
+
*Disabled tabbed browsing in FF (Options, Tabs, Always Show Tabs): http://www22.verizon.com/residentialhelp/fiosinternet/general+support/top+questions/questionsone/121582.htm
 +
*I added the Firefox extensions R-kiosk and Reset Kiosk
 +
*After turning on dansguardian I could not ssh into the box.  I allowed ping and ssh by editing the firehol config:
  
{{File|name=firehol.conf|content=<nowiki>
+
{{File|firehol.conf|<nowiki>
 
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
 
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
  
Line 58: Line 62:
 
</nowiki>
 
</nowiki>
 
}}
 
}}
 +
 +
I disabled Caret Browsing
 +
**about:config - accessibility.browsewithcaret_shortcut.enabled - false
 +
**about:config - accessibility.warn_on_browsewithcaret - false
 +
*I disabled the printscreen feature in gnome but putting ' xmodmap -e "keysym Print = BackSpace" ' in /home/kiosk/.xsession
 +
*ctrl+alt+f4 was logging the user out or closing the window or switching sessions or something I disabled with ' xmodmap -pke | sed -n 's/ = .*VT_4.*/ = /p' | xmodmap - '
 +
 +
*I wanted to be able to VNC in to a system because I was sending it out.  If their where any problems I wanted to be able to see them.  I can already ssh in.  I want to VNC in.
 +
 +
aptitude install x11vnc
 +
 +
Ubuntu Wiki has a nice script:
 +
 +
#!/bin/sh
 +
ssh -f -L 5900:localhost:5900 rebecca@rebeccas-pc.dyndns.org \
 +
        x11vnc -safer -localhost -nopw -once -display :0 \
 +
        && sleep 5 \
 +
        && vncviewer localhost:0
 +
 +
Seems to work fine if a user is logged in.
 +
 +
I want vnc to start before login just in case.
 +
 +
Edit /etc/gdm/Init/Default and put:
 +
# Start the x11vnc Server
 +
sudo /usr/bin/x11vnc -safer -localhost -once -nopw -auth /var/lib/gdm/:0.Xauth -display :0 -bg -forever
 +
 +
Right before exit 0 at the end of the file. You have to have -bg.  If the process does not background then gdm will be stuck until that proccess exits
 +
 +
*I want the kiosk to save cookies.
 +
**I modded the kioskfox plugin /defaults/preferences/kiosk_prefs.js and changed pref("browser.privatebrowsing.autostart",false); to true.
 +
**I had to reinstall the new plugin
 +
**I had to go to privacy and disable remember search and form history (we are using this for form email signups)
 +
**I had to go to security and disable remember passwords for sites
 +
**Though I have the locations bar hidden:  privacy, location bar, nothing
 +
**security, warning messages, uncheck all
 +
**advanced, general, unchecked check spelling
 +
**advanced, general, uncheck submit crash reports
 +
**advanced, network, uncheck tell me when website wants to store offline
 +
**advanced, update, unchecked add-ons, search-engines
 +
**about:config
 +
***browser:session
 +
****store.max_resumed_crashes 0
 +
****store.max_tabs_undo 0
 +
****store.max_windows_undo 0
 +
****history.max_entries 0
 +
****store.resume_from_crash false
 +
****store.privacy_level 2
 +
***I could have done a prefs.js with browser.sessionstore.resume_session_once set false on every startup I think
 +
*This prolly saves cookies but it did not solve my problem :p (I am trying to get past an age block prompt)
 +
**I had to add a cookie to the code
 +
*Change the hostname: nano /etc/hostname
 +
*Change the hostname again:  nano /etc/resolv.conf
 +
*./toggle-auto-shutdown disable for me
 +
*I made my own /etc/gdm/custom.conf to lock the kiosk @ http://library.gnome.org/admin/gdm/stable/configuration.html.en
 +
[daemon]
 +
AutomaticLoginEnable=true
 +
AutomaticLogin=kiosk
 +
 +
==Disable Screen Blanking==
 +
 +
{{Note|After some testing...I think the xorg.conf is the one that really works}}
 +
 +
Add to:
 +
{{File|xorg.conf|<nowiki>
 +
Section "ServerFlags"
 +
  Option "blanktime" "0"
 +
  Option "standbytime" "0"
 +
  Option "suspendtime" "0"
 +
  Option "offtime" "0"
 +
EndSection
 +
</nowiki>
 +
}}
 +
 +
Add to:
 +
{{File|/home/kiosk/.gconf/apps/gnome-screenshot/%gconf.xml|<nowiki>
 +
<?xml version="1.0"?>
 +
<gconf>
 +
<entry name="idle_activation_enabled" mtime="1312940115" type="bool" value="false">
 +
</entry>
 +
<entry name="lock_enabled" mtime="1312940100" type="bool" value="true">
 +
</entry>
 +
<entry name="themes" mtime="1312940023" type="list" ltype="string">
 +
</entry>
 +
<entry name="mode" mtime="1312940023" type="string">
 +
<stringvalue>blank-only</stringvalue>
 +
</entry>
 +
<entry name="power_management_delay" mtime="1270069736" type="int" value="240">
 +
</entry>
 +
</gconf>
 +
</nowiki>
 +
}}
 +
 +
Add to:
 +
{{File|/home/kiosk/.xinitrc|<nowiki>
 +
/home/kiosk/.xinitrc
 +
</nowiki>
 +
}}
 +
 +
==May mess up your system==
 +
 +
{{Note|This below code fucks things up!}}
 +
 +
Other things:
 +
add
 +
# Disables the magic SysRq key
 +
kernel.sysrq = 0
 +
to /etc/sysctl.conf
 +
 +
To disable SHIFT access to grub, edit /etc/grub.d/30_os-prober replace the adjust_timeout() function with:
 +
 +
adjust_timeout () {
 +
return 0
 +
}
 +
 +
Edit /etc/default/grub and add:
 +
 +
GRUB_DISABLE_OS_PROBER=true
 +
GRUB_DISABLE_LINUX_RECOVERY="true"
 +
 +
Run update-grub
 +
 +
==Notes==
 +
*http://lists.debian.org/debian-firewall/2004/11/msg00006.html
 +
*http://firehol.sourceforge.net/services.html#vnc
 +
*https://help.ubuntu.com/community/VNC#accessing-your-pc
 +
*https://help.ubuntu.com/community/VNC?action=show&redirect=VNCOverSSH
 +
*https://help.ubuntu.com/community/VNC/Servers#x11vnc-before-login
 +
*http://users.telenet.be/mydotcom/howto/linuxkiosk/ubuntu01.htm
 +
*http://www.perturb.org/display/812_GDM_AutoLogin.html
 +
*http://upstart.ubuntu.com/getting-started.html
 +
*http://superuser.com/questions/133595/running-a-script-on-startup-before-x-starts-in-ubuntu-9-10
 +
 +
=Notes=
 +
*Windows KIOSK
 +
*http://www.horizondatasys.com/en/products_and_solutions.aspx?ProductId=18
 +
*http://www.wioski.com/index.php/productsdownloads/
 +
*http://www.steadierstate.com/
 +
*https://www.microsoft.com/en-us/download/details.aspx?id=35821
 +
 +
=Bypassing Autologin=
 +
Hold Shift to get Grub up
 +
change the nospash and such to text
 +
Boot!

Latest revision as of 12:40, 12 March 2016

The concept is to build a Kiosk that will only allow a user to browse one website. The goal is to get the user to sign up for the newsletter.

Requirements

  • Can be fixed by an admin over the internet
  • User can only browse one website
  • User cannot change the settings or edit other parts of the computer

Hardware

  • ASUS Eee Box EB1021-B028E Desktop PC AMD Dual-Core Processor E-450(1.65GHz) 2GB DDR3 320GB HDD Capacity AMD Radeon HD 6320 Window 7 Home Premium 64-Bit

Software

After a quick search it seems that Ubuntu has been used alot for the Kiosk OS. Their are numerous lockdown guides to securing the OS for a Kiosk. It looks like Chrome, Firefox, and Opera can all be used for the browsing.

Manual Process

  • Install a LTS version of Ubuntu
  • Update System
  • Install ubuntu-restricted-extras
  • Create kiosk user account via gui
    • Remove all user privileges via gui tool
  • Install Firefox
  • Install Reset Kiosk 0.4
  • Install R-kiosk
    • Disable Plug-in
  • Install dansguardian
  • Install tinyproxy
  • Install firehol

Automated Process

http://jacob.steelsmith.org/content/ubuntu-kiosk-based-10041

It looks like someone has a LiveCD/InstallCD/Release of Ubuntu LTS out that has alot of the kiosk things done for you. The individual has the scripts available but not the configuration files for download on his website. But he is missing documentation/examples of what he did to the install so the scripts will run well. For example the creator distributes the scripts but not the config file directory where the scripts source from. He does not show how he editied the .xsession file to make ff start as the kiosk user. Etc. I may or may not document what I did but I am going to provide some files for downloading that have the config files and copies of the kiosk users home dir from the boot cd for the future.

It also looks like the creator has specific versions of software installed. An older but working version of firefox, etc. I tried doing an apt-get update/upgrade and it messed with system. I think one of the plugins does not work with ff. This can be easily fixed but I do not have the time. It could have been something bigger though. Something he customized that when upgraded borked the system.


Default itadmin password is 'changeme'


To edit Firefox settings edit /home/kiosk/.xsession and make FF go into safe mode.

Other things I did

firehol.conf
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP

transparent_squid 8080 "root root"

server_ssh_ports="tcp/22022"

interface any world
policy drop
protection strong
client all accept
server cups accept
server ssh accept
server ping accept

I disabled Caret Browsing

    • about:config - accessibility.browsewithcaret_shortcut.enabled - false
    • about:config - accessibility.warn_on_browsewithcaret - false
  • I disabled the printscreen feature in gnome but putting ' xmodmap -e "keysym Print = BackSpace" ' in /home/kiosk/.xsession
  • ctrl+alt+f4 was logging the user out or closing the window or switching sessions or something I disabled with ' xmodmap -pke | sed -n 's/ = .*VT_4.*/ = /p' | xmodmap - '
  • I wanted to be able to VNC in to a system because I was sending it out. If their where any problems I wanted to be able to see them. I can already ssh in. I want to VNC in.
aptitude install x11vnc

Ubuntu Wiki has a nice script:

#!/bin/sh
ssh -f -L 5900:localhost:5900 rebecca@rebeccas-pc.dyndns.org \
        x11vnc -safer -localhost -nopw -once -display :0 \
        && sleep 5 \
        && vncviewer localhost:0

Seems to work fine if a user is logged in.

I want vnc to start before login just in case.

Edit /etc/gdm/Init/Default and put:

# Start the x11vnc Server
sudo /usr/bin/x11vnc -safer -localhost -once -nopw -auth /var/lib/gdm/:0.Xauth -display :0 -bg -forever

Right before exit 0 at the end of the file. You have to have -bg. If the process does not background then gdm will be stuck until that proccess exits

  • I want the kiosk to save cookies.
    • I modded the kioskfox plugin /defaults/preferences/kiosk_prefs.js and changed pref("browser.privatebrowsing.autostart",false); to true.
    • I had to reinstall the new plugin
    • I had to go to privacy and disable remember search and form history (we are using this for form email signups)
    • I had to go to security and disable remember passwords for sites
    • Though I have the locations bar hidden: privacy, location bar, nothing
    • security, warning messages, uncheck all
    • advanced, general, unchecked check spelling
    • advanced, general, uncheck submit crash reports
    • advanced, network, uncheck tell me when website wants to store offline
    • advanced, update, unchecked add-ons, search-engines
    • about:config
      • browser:session
        • store.max_resumed_crashes 0
        • store.max_tabs_undo 0
        • store.max_windows_undo 0
        • history.max_entries 0
        • store.resume_from_crash false
        • store.privacy_level 2
      • I could have done a prefs.js with browser.sessionstore.resume_session_once set false on every startup I think
  • This prolly saves cookies but it did not solve my problem :p (I am trying to get past an age block prompt)
    • I had to add a cookie to the code
  • Change the hostname: nano /etc/hostname
  • Change the hostname again: nano /etc/resolv.conf
  • ./toggle-auto-shutdown disable for me
  • I made my own /etc/gdm/custom.conf to lock the kiosk @ http://library.gnome.org/admin/gdm/stable/configuration.html.en
[daemon]
AutomaticLoginEnable=true
AutomaticLogin=kiosk

Disable Screen Blanking

Note: After some testing...I think the xorg.conf is the one that really works

Add to:

xorg.conf
Section "ServerFlags"
  Option "blanktime" "0"
  Option "standbytime" "0"
  Option "suspendtime" "0"
  Option "offtime" "0"
EndSection

Add to:

/home/kiosk/.gconf/apps/gnome-screenshot/%gconf.xml
<?xml version="1.0"?>
<gconf>
	<entry name="idle_activation_enabled" mtime="1312940115" type="bool" value="false">
	</entry>
	<entry name="lock_enabled" mtime="1312940100" type="bool" value="true">
	</entry>
	<entry name="themes" mtime="1312940023" type="list" ltype="string">
	</entry>
	<entry name="mode" mtime="1312940023" type="string">
	<stringvalue>blank-only</stringvalue>
	</entry>
	<entry name="power_management_delay" mtime="1270069736" type="int" value="240">
	</entry>
</gconf>

Add to:

/home/kiosk/.xinitrc
/home/kiosk/.xinitrc

May mess up your system

Note: This below code fucks things up!

Other things: add

# Disables the magic SysRq key
kernel.sysrq = 0

to /etc/sysctl.conf

To disable SHIFT access to grub, edit /etc/grub.d/30_os-prober replace the adjust_timeout() function with:

adjust_timeout () {
return 0
}

Edit /etc/default/grub and add:

GRUB_DISABLE_OS_PROBER=true
GRUB_DISABLE_LINUX_RECOVERY="true"

Run update-grub

Notes

Notes

Bypassing Autologin

Hold Shift to get Grub up
change the nospash and such to text

Boot!