Let's restrict the internet!
August 21, 2008 8:37 AM Subscribe
Help me lock down a Mac!
I need to set up a web-connected (Leopard) Mac in a university art gallery; it'll be there to allow people to access a couple of web sites related to an exhibit that's going up. Since this is on campus, though, the odds are high that random students will be setting the browser to butts.com and walking away giggling.
So: how can I lock down the browser so that it can only access a couple of pre-approved sites (preferably, this'll be in Firefox, but Safari's possible, too).
(I've done some googling, but everything talks in terms of blacklisting a few sites, rather than whitelisting a couple and blocking everything else)
I need to set up a web-connected (Leopard) Mac in a university art gallery; it'll be there to allow people to access a couple of web sites related to an exhibit that's going up. Since this is on campus, though, the odds are high that random students will be setting the browser to butts.com and walking away giggling.
So: how can I lock down the browser so that it can only access a couple of pre-approved sites (preferably, this'll be in Firefox, but Safari's possible, too).
(I've done some googling, but everything talks in terms of blacklisting a few sites, rather than whitelisting a couple and blocking everything else)
This thread has a lot of advice on locking down OS X.
posted by damn dirty ape at 8:47 AM on August 21, 2008
posted by damn dirty ape at 8:47 AM on August 21, 2008
Best answer: what you're looking for is called kiosk mode—here are four options:
posted by lia at 8:53 AM on August 21, 2008 [1 favorite]
- real kiosk, a firefox extension
- saft, a safari plugin
- wkiosk, a safari-powered browser (costs $$)
- instructions for opera's kiosk mode
posted by lia at 8:53 AM on August 21, 2008 [1 favorite]
You could run a Linux live CD set up to only run Firefox or whatever, and then set that up to blacklist every site but your own. Slax would probably let you do that. This may be a bit more work, but that's what I would do.
posted by mccarty.tim at 8:54 AM on August 21, 2008
posted by mccarty.tim at 8:54 AM on August 21, 2008
Under Parental Controls in the System Preferences there's an option to limit an account's access to only particular websites (you can give a list). I've never tried this, and don't know whether it's generic or only applies to Safari however.
posted by edd at 8:57 AM on August 21, 2008
posted by edd at 8:57 AM on August 21, 2008
You'll also find that Parental Controls limits what applications you can start from the Finder. But this is rather trivial to circumvent last time I tried that. Probably good enough to stop random jokers passing through though.
posted by edd at 8:58 AM on August 21, 2008
posted by edd at 8:58 AM on August 21, 2008
Response by poster: Gracias! Looking through the Slashdot thread, it looks like Parental Controls will accomplish most of what I need to do. I feel like such an authority figure!
posted by COBRA! at 9:01 AM on August 21, 2008
posted by COBRA! at 9:01 AM on August 21, 2008
Oh and you can also remove the DNS entry in the network config and use a hosts file.
http://docs.info.apple.com/article.html?artnum=88158
Oh, and don't underestimate mow much the general public knows about getting around these things. We do our best to lock things down and for years, we were finding that people would get around the more common ways to do things rather routinely. (A popular route around was to pull up the help system, since that often runs in an unjailed web browser.)
posted by advicepig at 9:10 AM on August 21, 2008 [2 favorites]
http://docs.info.apple.com/article.html?artnum=88158
Oh, and don't underestimate mow much the general public knows about getting around these things. We do our best to lock things down and for years, we were finding that people would get around the more common ways to do things rather routinely. (A popular route around was to pull up the help system, since that often runs in an unjailed web browser.)
posted by advicepig at 9:10 AM on August 21, 2008 [2 favorites]
http://research.corsaire.com/whitepapers/technical.html has whitepapers on securing 10.3, 10.4 and (just released a few days ago) 10.5.
posted by devbrain at 10:04 AM on August 21, 2008
posted by devbrain at 10:04 AM on August 21, 2008
Or be absolutely safe and load the websites locally, no internet connection. Bonus is that they will run faster as well.
posted by fourcheesemac at 10:27 AM on August 21, 2008
posted by fourcheesemac at 10:27 AM on August 21, 2008
Plainview is a nice app that can be used to give access to the internet only while preventing access to the machine itself.
posted by tjenks at 10:46 AM on August 21, 2008
posted by tjenks at 10:46 AM on August 21, 2008
This thread is closed to new comments.
posted by COBRA! at 8:46 AM on August 21, 2008