Linux web browser station (formerly "The Linux Public Web Browser mini-HOWTO")

Anton Chuvakin, anton@chuvakin.org

v0.0.5 10 October 2000
Describes the setup of Internet kiosk-type system based on Linux to be deployed to provide public Internet/webmail access.

1. Introduction

The directions below will produce the RedHat (currently version 6.2 is used, 7.0 is in development) Linux system that boots into the bare (=no window manager, like gnome, kde or fvwm2) X server and starts Netscape Navigator (not Communicator, which includes Main and News clients). Upon exiting the browser the X server is restarted and the new Netscape process is launched as needed. The system is intended for Internet Kiosks and similar applications. Security is emphasized at all the stages of the setup.

This HOWTO will be updated (maybe significantly) as long as more reports about the deployment of such boxes will arrive.

1.1 Disclaimer

Use the information in this document at your own risk. I disavow any potential liability for the contents of this document. Use of the concepts, examples, and/or other content of this document is entirely at your own risk.

All copyrights are owned by their owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark.

Naming of particular products or brands should not be seen as endorsements.

You are strongly recommended to take a backup of your system before major installation and backups at regular intervals.

1.2 Credits

In this version I have the pleasure of acknowledging the previous maintainer of this HOWTO who nicely agreed to transfer it to me

dmarti@????.com

1.3 New versions of this document

New versions of this document can be found at

http://www.chuvakin.org/kiodoc

1.4 Changes Fri Sep 22 14:32:32 EDT 2000

from 0.0.4 to 0.0.3

from 0.0.2 to 0.0.3

1.5 TODO

1.6 Feedback

All comments, error reports, additional information (very much appreciated!!!) and criticism of all sorts should be directed to: anton@chuvakin.org

http://www.chuvakin.org/

My PGP key is located at http://www.chuvakin.org/pgpkey

1.7 Copyright information

This document is copyrighted (c) 2000 Anton Chuvakin, and parts of it are Copyright 1997 Donald B. Marti Jr. where marked as such

2. OLD GUIDE: The Linux Public Web Browser mini-HOWTO by Donald B. Marti Jr., dmarti@best.com

v0.3, 5 January 1998

The basic idea here is to give web access to people who wander by, while limiting their ability to mess anything up.

2.1 Copyright and Disclaimer

Copyright 1997 Donald B. Marti Jr. This document may be redistributed under the terms of the Linux Documentation Project license.

This document currently contains information for Netscape Navigator only, but I plan to add notes for other browsers too as I get the necessary information. If you try this with a different browser, please let me know.

2.2 Introduction

The basic idea here is to give web access to people who wander by, while limiting their ability to mess anything up.

This setup was originally intended for trade shows, but it might be applicable other places you want to have a web browser going without having to babysit a computer.

Following these instructions does not make your system bulletproof or idiot-proof.

2.3 Before you begin

You need a graphical browser

This document assumes that you already have a running graphical web browser, such as Netscape Navigator, on your system. You should have permission to use your graphical web browser. If you want to use Netscape Navigator in a commercial setting, you can buy a copy with appropriate license through Caldera.

You need to be able to add an account

If you don't have the right to be root, get the system administrator to add the ``guest'' account and give you ownership of guest's home directory. Skip to the ``Create or edit the following files'' step ( Create or edit the following files in /home/guest) when he or she is done.

You need httpd for a stand-alone web browsing station

If you are setting up a web browsing station to run stand-alone, without a network connection, you should have httpd working and the web documents installed. To tell if this is the case, enter:

lynx -dump http://localhost/
You should get the text of the home page on your system.

2.4 Add the guest account

As root, run adduser to add a user named guest. Then enter

passwd guest
to set the password for the guest account. This should be something easy to remember, like ``guest''. You will be telling people this password. Don't make it the same as your own password.

Then make guest's home directory owned by you. Enter

chown me.mygroup /home/guest
Replace ``me'' with your regular username and ``mygroup'' with your group name. (On Red Hat Linux, these will be the same, since every user has his or her own group.)

You should now exit and do the rest of the steps as yourself, not root.

2.5 Create or edit the following files in /home/guest

File name: .bash_login


exec startx

This means that when guest logs in, the login shell will start up the X Window System right away.

File name: .Xclients


netscape

This means that when X starts, guest just gets the web browser, no window manager. If you prefer another web browser, do something else.

The file .Xclients should be executable by guest. Enter

chmod 755 /home/guest/.Xclients
to make it so.

File name: .xsession


#!/bin/sh
netscape

If you use xdm(1) to log people in, this file should make guest get the web browser as if he or she had logged in normally. The file .xsession should be executable by guest. Enter
chmod 755 /home/guest/.xsession
to make it so.

File name: .Xdefaults


! Disable drag-to-select.
*hysteresis:                            3000

! Make visited and unvisited links the same color by default
*linkForeground:                        #0000EE
*vlinkForeground:                       #0000EE

Netscape.Navigator.geometry: =NETSCAPE_GEOMETRY

! Disable some of the keyboard commands.
*globalTranslations:

! Mouse bindings: make all mouse buttons do the same thing.
*drawingArea.translations:              #replace                        \
<Btn1Down>:                     ArmLink()                       \n\
<Btn2Down>:                     ArmLink()                       \n\
<Btn3Down>:                     ArmLink()                       \n\
~Shift<Btn1Up>:                 ActivateLink()                  \
                                DisarmLink()                    \n\
~Shift<Btn2Up>:                 ActivateLink()                  \
                                DisarmLink()                    \n\
~Shift<Btn3Up>:                 ActivateLink()                  \
                                DisarmLink()                    \n\
Shift<Btn1Up>:                  ActivateLink()                  \
                                DisarmLink()                    \n\
Shift<Btn2Up>:                  ActivateLink()                  \
                                DisarmLink()                    \n\
Shift<Btn3Up>:                  ActivateLink()                  \
                                DisarmLink()                    \n\
<Btn1Motion>:                   DisarmLinkIfMoved()             \n\
<Btn2Motion>:                   DisarmLinkIfMoved()             \n\
<Btn3Motion>:                   DisarmLinkIfMoved()             \n\
<Motion>:                       DescribeLink()                  \n\

This file disables blink tags, drag-to-select, and some of the keyboard commands. It also makes all mouse buttons do the same thing, hides the menu bar, and makes visited and unvisited links the same color, so each visitor gets nice clean blue links, not ones that other people have been thumbing through and staining purple.

You should replace the NETSCAPE_GEOMETRY in this file with an X geometry that looks like this: XxY+0-0, where X is the width of your screen and Y is the height of your screen + 32. This will position the Netscape menu bar off the top of the screen, so the user won't be distracted. For example, if your screen is 800x600, the geometry should be 800x632+0-0.

2.6 Make a .netscape directory for guest

Enter

mkdir /home/guest/.netscape
chmod 777 /home/guest/.netscape

to create guest's .netscape directory and make it world-writable.

2.7 Try it

Log out, then log in as guest.

2.8 Changing preferences

Since you won't be able to use the menu bar as guest, you should edit guest's preferences manually if you need to change them, or change your own preferences to what you want guest's to be and copy the preferences file.

3. NEW GUIDE: Step-by-step guide

3.1 Install RH

Install RedHat (further just RH) Linux on the box. Make sure shadow and MD5 passwords are enabled. And have a nice long root password! Refer to corresponding installation guides.

3.2 Clean-up packages

RH Linux was and is *really* buggy out of the box (both local and remote exploits are discovered every day, see BugTRAQ database), and many software packages installed by default can be used to obtain root shell from non-privileged account or in the worst cases across the network (or just mess up the box). Thus special attention should be given to package selection on the browser workstation.

3.3 Install ssh

Install ssh-server RPM for remote administration. Do NOT use inetd daemon mode, make sshd run standalone and use /etc/hosts.allow for access control (ssh daemon will read the file upon startup)

3.4 Make a boot floppy

Make sure you create a boot floppy using a mkbootdisk command as errors in LILO configuration might render the system unbootable.

3.5 Modify configs

Make the following modifications to configuration files

3.6 Create user

Create user netscape, his home directory will be /home/netscape.

3.7 Change Netscape settings

Start netscape and apply a restricted settings as:

3.8 Chown the home directory

Do chown to root on /home/netscape (by chown -R root.root /home/netscape). Make sure that his home directory belongs to root, there are no world-writable files and subdirectories there and permission are at least

/home/netscape/:
total 9
drwxr-xr-x    4 root     root         1024 Sep  7 18:29 .
drwxr-xr-x    4 root     root         1024 Sep  7 18:30 ..
-rw-r--r--    1 root     root           16 Sep  7 18:29 .bash_history
-rw-r--r--    1 root     root           24 Sep  5 08:21 .bash_logout
-rw-r--r--    1 root     root          230 Sep  5 08:21 .bash_profile
-rw-r--r--    1 root     root          124 Sep  5 08:21 .bashrc
-rw-r--r--    1 root     root           93 Sep  7 18:25 .mailcap
-rw-r--r--    1 root     root            0 Sep  7 18:25 .mime.types
drwxr-xr-x    4 root     root         1024 Sep 10 08:38 .netscape
drwxr--r--    2 root     root         1024 Sep  6 00:04 .xauth

/home/netscape/.netscape:
total 264
drwxr-xr-x    4 root     root         1024 Sep 10 08:38 .
drwxr-xr-x    4 root     root         1024 Sep  7 18:29 ..
drwxr--r--    2 root     root         1024 Sep  6 00:04 archive
-rw-------    1 root     root        14757 Sep  7 18:38 bookmarks.html
drwxr--r--    3 root     root         1024 Sep  7 18:24 cache
-rw-r--r--    1 root     root       188416 Sep  6 00:05 cert7.db
-rw-r--r--    1 root     root        16384 Sep  7 18:30 history.dat
-rw-r--r--    1 root     root          111 Sep  7 16:20 history.list
-rw-r--r--    1 root     root        16384 Sep  6 00:05 key3.db
-rw-r--r--    1 root     root            0 Sep  6 00:04 nswrapper.copy_defs
-rw-r--r--    1 root     root          279 Sep 10 08:38 plugin-list
-rw-r--r--    1 root     root         3398 Sep  7 18:29 preferences.js
-rw-r--r--    1 root     root          741 Sep  7 18:29 registry
-rw-r--r--    1 root     root        16384 Sep  7 18:29 secmodule.db

Carefully test netscape functionality upon doing the chown to root! At present, I have not found a way to avoid periodic Netscape complaints about "Can't write preferences".

Another note is appropriate. Netscape is VERY buggy (last example is Red Hat Linux Security Advisory presents a way to crash and exploit netscape using a specially crafted JPEG image) and is likely to crash periodically, possibly producing a buffer overflow with shell access for the intruder. This shell will have the netscape user as owner. Thus the absence of xterm and rxvt on the system is absolutely crucial as it provides another line of defense. Permission on the system should also be set very conservatively (no world-writable files). Ideally, NO files should be owned by user "netscape" on the system AT ALL (do a find / -user netscape command to confirm this, also check for world writable files with find / -perm -2 ! -type l -ls).

3.9 Config lilo

Modify /etc/lilo.conf


boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
default=linux

image=/boot/vmlinuz-2.2.14-5.0
        label=linux
        read-only
        root=/dev/hda1
        restricted
The word restricted will cause password prompting in order to enter non-standard runlevel (e.g. linux init 0 from LILO: prompt).

That implies using stock RH 6.2 kernel. Kernel upgrade to 2.2.16 might be a good idea as some bugs were found in early 2.2.14 kernels (low risk).

3.10 REMOVE binaries

REMOVE /usr/X11R6/bin/xterm xterm executable COMPLETELY! This is REALLY IMPORTANT as shell will be much harder to obtain in this case. Make sure its clone, rxvt, is not installed! Ideally, all programs that can spawn a shell should be removed.

3.11 Physical security

Some physical security

3.12 Some final touches

Some final touches (nice but not essential for system functionality)

4. Conclusion

It just might work ;-)

5. References

  1. Web Kiosk HOWTO Similar HOWTO, main differences: no keyboard, uses fvwm2
  2. Public Web Browser HOWTO Similar HOWTO, older and less security oriented
  3. Security HOWTO Linux Security HOWTO
  4. NIC Site You can buy something similar to what is described in the HOWTO for $199 (I am not affiliated with the company in any way)
  5. http://www.chuvakin.org/ispdoc I also maintain a Linux ISP HOWTO.
  6. http://www.chuvakin.org/books I also maintain a list of computer/network security related books with (where available) reviews and online availability. If you have a book that I don't list please use the form on the page and I will add it to the list and maybe review it later.