Tags:




Let's restrict the internet!
August 21, 2008 8:37 AM   RSS feed for this thread Subscribe

Help me lock down a Mac!

I need to set up a web-connected (Leopard) Mac in a university art gallery; it'll be there to allow people to access a couple of web sites related to an exhibit that's going up. Since this is on campus, though, the odds are high that random students will be setting the browser to butts.com and walking away giggling.

So: how can I lock down the browser so that it can only access a couple of pre-approved sites (preferably, this'll be in Firefox, but Safari's possible, too).

(I've done some googling, but everything talks in terms of blacklisting a few sites, rather than whitelisting a couple and blocking everything else)
posted by COBRA! to computers & internet (13 comments total) 7 users marked this as a favorite
Bonus question: How can I restrict which applications get opened, to prevent enterprising students from firing up Word and leaving an epic poem about butts on the screen?
posted by COBRA! at 8:46 AM on August 21, 2008


This thread has a lot of advice on locking down OS X.
posted by damn dirty ape at 8:47 AM on August 21, 2008


what you're looking for is called kiosk mode—here are four options:

  1. real kiosk, a firefox extension
  2. saft, a safari plugin
  3. wkiosk, a safari-powered browser (costs $$)
  4. instructions for opera's kiosk mode

posted by lia at 8:53 AM on August 21, 2008 [1 favorite has favorites]


You could run a Linux live CD set up to only run Firefox or whatever, and then set that up to blacklist every site but your own. Slax would probably let you do that. This may be a bit more work, but that's what I would do.
posted by mccarty.tim at 8:54 AM on August 21, 2008


Under Parental Controls in the System Preferences there's an option to limit an account's access to only particular websites (you can give a list). I've never tried this, and don't know whether it's generic or only applies to Safari however.
posted by edd at 8:57 AM on August 21, 2008


You'll also find that Parental Controls limits what applications you can start from the Finder. But this is rather trivial to circumvent last time I tried that. Probably good enough to stop random jokers passing through though.
posted by edd at 8:58 AM on August 21, 2008


Gracias! Looking through the Slashdot thread, it looks like Parental Controls will accomplish most of what I need to do. I feel like such an authority figure!
posted by COBRA! at 9:01 AM on August 21, 2008


Whoops. Yep, what edd said.
posted by COBRA! at 9:02 AM on August 21, 2008


Oh and you can also remove the DNS entry in the network config and use a hosts file.

http://docs.info.apple.com/article.html?artnum=88158

Oh, and don't underestimate mow much the general public knows about getting around these things. We do our best to lock things down and for years, we were finding that people would get around the more common ways to do things rather routinely. (A popular route around was to pull up the help system, since that often runs in an unjailed web browser.)
posted by advicepig at 9:10 AM on August 21, 2008 [2 favorites has favorites]


http://research.corsaire.com/whitepapers/technical.html has whitepapers on securing 10.3, 10.4 and (just released a few days ago) 10.5.
posted by devbrain at 10:04 AM on August 21, 2008


Or be absolutely safe and load the websites locally, no internet connection. Bonus is that they will run faster as well.
posted by fourcheesemac at 10:27 AM on August 21, 2008


Plainview is a nice app that can be used to give access to the internet only while preventing access to the machine itself.
posted by tjenks at 10:46 AM on August 21, 2008


Also, OpenDNS has nice content filtering.
posted by jim.christian at 12:33 PM on August 21, 2008


« Older I've been recruited by a large...   |   In about a week I'll be moving... Newer »
This thread is closed to new comments.