[K12OSN] Ok, so for the *dumb* questions?

[Burke Almquist]

On Jan 15, 2013, at 8:30 AM, me wrote:

> Hi All
> 
> Instead of using the 'login window' I [ctl][alt] to F3 and got to a bash prompt on the
> thin client.  This did NOT show the normal login and dumped me into the filesystem "/".
> 'whoami' says I am root. I have trouble with this as it is a BIG security problem.
> Sure, I can fix that by not setting SCREEN_?? in the lts.conf, but what if I forget?  I
> guess that it would only affect the filesystem on the client, but ssh IS available (
> yes, have a good password AND not on the usual port ) so some nefarious no gooder could
> possibly bang at the server. Oh, and yes I could ssh to the server and login; didn't ask
> me the usual 'accept' question though.
It's not ideal, but OTOH if the students have physical access to the network (a room with a network jack in it), then they certainly could do far worse things, like booting the client from a usb stick with their own malicious tools or sneaking a laptop onto the network. If you are practicing defense in depth, then you assume that even internal users might behave maliciously and set your security accordingly.

As for ssh 
http://www.la-samhna.de/library/brutessh.html
http://forums.contribs.org/index.php?topic=40632.5;wap2
I've found these suggestions helpful.


> 
> Next, there are no errors in Xorg.1.log but boot.log was another matter:
> Mounting local filesystems: FAILED
> Starting NFS statd:         FAILED
> Setting NIS domain: not found FAILED
> 
> the local filesystem failure is probably moot, but I don't know about the other two.
> 
> bash-4.1# [startx] dies - module mach64 not found - so ima gonna go and figure out where
> that is!
This makes me wonder EL6 has drivers for your video. How old is the video chipset on those clients?
Have you tried setting up a chroot using a FC11?


> 
> It will work ....someday.... sigh!