Let's restrict the internet!
August 21, 2008 8:37 AM   Subscribe

Help me lock down a Mac!

I need to set up a web-connected (Leopard) Mac in a university art gallery; it'll be there to allow people to access a couple of web sites related to an exhibit that's going up. Since this is on campus, though, the odds are high that random students will be setting the browser to butts.com and walking away giggling.

So: how can I lock down the browser so that it can only access a couple of pre-approved sites (preferably, this'll be in Firefox, but Safari's possible, too).

(I've done some googling, but everything talks in terms of blacklisting a few sites, rather than whitelisting a couple and blocking everything else)
posted by COBRA! to Computers & Internet (13 answers total) 6 users marked this as a favorite
Response by poster: Bonus question: How can I restrict which applications get opened, to prevent enterprising students from firing up Word and leaving an epic poem about butts on the screen?
posted by COBRA! at 8:46 AM on August 21, 2008

Best answer: what you're looking for is called kiosk mode—here are four options:
  1. real kiosk, a firefox extension
  2. saft, a safari plugin
  3. wkiosk, a safari-powered browser (costs $$)
  4. instructions for opera's kiosk mode

posted by lia at 8:53 AM on August 21, 2008 [1 favorite]

You could run a Linux live CD set up to only run Firefox or whatever, and then set that up to blacklist every site but your own. Slax would probably let you do that. This may be a bit more work, but that's what I would do.
posted by mccarty.tim at 8:54 AM on August 21, 2008

Under Parental Controls in the System Preferences there's an option to limit an account's access to only particular websites (you can give a list). I've never tried this, and don't know whether it's generic or only applies to Safari however.
posted by edd at 8:57 AM on August 21, 2008

You'll also find that Parental Controls limits what applications you can start from the Finder. But this is rather trivial to circumvent last time I tried that. Probably good enough to stop random jokers passing through though.
posted by edd at 8:58 AM on August 21, 2008

Response by poster: Gracias! Looking through the Slashdot thread, it looks like Parental Controls will accomplish most of what I need to do. I feel like such an authority figure!
posted by COBRA! at 9:01 AM on August 21, 2008

Response by poster: Whoops. Yep, what edd said.
posted by COBRA! at 9:02 AM on August 21, 2008

Oh and you can also remove the DNS entry in the network config and use a hosts file.


Oh, and don't underestimate mow much the general public knows about getting around these things. We do our best to lock things down and for years, we were finding that people would get around the more common ways to do things rather routinely. (A popular route around was to pull up the help system, since that often runs in an unjailed web browser.)
posted by advicepig at 9:10 AM on August 21, 2008 [2 favorites]

http://research.corsaire.com/whitepapers/technical.html has whitepapers on securing 10.3, 10.4 and (just released a few days ago) 10.5.
posted by devbrain at 10:04 AM on August 21, 2008

Or be absolutely safe and load the websites locally, no internet connection. Bonus is that they will run faster as well.
posted by fourcheesemac at 10:27 AM on August 21, 2008

Plainview is a nice app that can be used to give access to the internet only while preventing access to the machine itself.
posted by tjenks at 10:46 AM on August 21, 2008

Also, OpenDNS has nice content filtering.
posted by jim.christian at 12:33 PM on August 21, 2008

« Older Socialised health care really is better.   |   Good sad moving songs Newer »
This thread is closed to new comments.