On Fri, Mar 22, 2002 at 08:45:18AM -0600, Ben Stallings wrote:
> Let's imagine for a moment that you're configuring a Linux box for a computer 
> amateur, like your grandmother.  If your grandmother is a technogoddess, 
> imagine someone else's grandmother.  She wants a graphical Web browser and 
> e-mail client and nothing else, so you lock the system down very tight ... 
> she can't get into any programs that she doesn't understand.
> 
> Now let's say she calls you up and says something is wrong with the computer. 
>  You gather that it turns on and the screen lights up, but beyond that she's 
> really not very descriptive about what exactly is happening.  She's miles 
> away from you, so you really don't want to go to her place or have her bring 
> the computer to you.  You kick yourself for not installing some sort of back 
> door so you can dial into her machine and check it out as root.
> 
> Now let's say you foresee this situation and do in fact install some sort of 
> back door.  What software do you use?  How do you secure it so that other 
> people don't hack her computer?  How do you make it easy enough for her to 
> start when she needs to without being so obvious that she starts it 
> unnecessarily?  --Ben

My $.02:

 - have /bin, /etc, /sbin, and /usr on read-only media (CD-R?)
 - have /home, /root, and /var on disk (maybe as little as 2 Gb?)
 - run sshd listening on a high port, accepting connections
   from a limited IP range (admin machine)
 - assuming dynamic IP on granny's machine, have it email
   you the new IP with each connect (encrypt this?).

Maybe have *two* boot CD's -- one for "normal" use (no sshd), one for
"debugging", with sshd enabled?

-- 
johntrammell at yahoo.com | 78BA 706C C5F9 9321 E7C4 933B D063 907B A88E 924B
Twin Cities Linux Users Group (TCLUG) Mailing List http://www.mn-linux.org
Minneapolis/St. Paul, Minnesota                irc.openprojects.net #tclug