Hello Andreas, On Sat, Jan 08, 2011 at 09:40:43AM +0100, Andreas B. Mundt wrote: > Hi, > > as we are just discussing future development, I would like to > understand the concept and the ideas behind LINBO and "self-healing" > workstations better.
"Self-healing" was a term used as a kind of trademark of a proprietary product, as far as I remember. For LINBO, we don't promise anything like that, of course. >From the user perspective, LINBO is a boot console that supports imaging of an existing system, image distribution via rsync, multicast (udpcast) or bittorrent, using an image server reachable for the clients. >From the technical perspective, LINBO is a small rescue and imaging system consisting of a worker script and a graphical GUI running in framebuffer mode. PXE/DHCP boot server and Rsync server can be a Tjener, or a separate computer inside the same subnet as the workstation clients that should be handled. > >From a quick search I found that it is used to quickly (re-)install > workstations that are spoiled. Not only, but also. I'm giving a common example. You install one computer as Skolelinux client. It is recommended to use a single partition for the system since this is easiest to put in a single image later. After installation and configuration, you boot LINBO via PXE on that machine, create an image of your Skolelinux installation and save it to the image server via LINBO. Now, you can use the LINBO bootmanager to: - quickly repair (file-wise via rsync or partition-wise like dd) the Skolelinux workstation, - mass-install a classroom in an automatic non-interactive LINBO setup, or interactive one machine after the other, - change the installation by selecting different images depending on your desired lecture, - modify the installation and create a differential image for later use. The most common scenario is a quick-reset of the installed system(s), either over the network, or locally using an image cache partition that greatly reduced network traffic. For local repair, LINBO does something similar as the "PC-Wächter" hardware used in some schools, which has a "shadow partition" that gets mirrored to the "working partition" in case the working partition gets damaged. > Ok, now I know from my system here at the local school (MS-XP > Musterlösung Baden-Württemberg) that there is need to make a "clean > table" at least every year where all user data and all accounts are > removed (and probably the whole sytem is set up again). However, this > system also doesn't allow users to use the command line, but you can > write your commands in a batch file and execute that, so I wouldn't > expect too much from its security aspects. That "batch file" solution is not LINBO, though LINBO is also used in newer versions of the Baden-Württemberg Musterlösung, for Windows as well as Linux workstation clients. > However, I would have hoped that we can do better. Is it really on a > regular basis that machines are attacked and spoiled in the evil > school environment? I think that it's more like the students kill the installation, and the teacher can repair this quickly. > How often does that happen? Where are the flaws > that allow compromising the machines, is there anything known about? I think it is extremely easy to compromise a skolelinux workstation if you have physical access to the machine and some knowledge about the boot process. There is not much you can do about that. Also, crashing the Skolelinux terminalserver in its default installation (like any other school terminal server I am aware of) as normal user, or at least making it unusable until reboot, is one-liner command, but that's quite off-topic now and probably cannot be solved with technical means. > It is clear that a "professional" cracker can attack the system, but I > would expect that he can as easily attack infrastructure that is not > self-healing like tjener (and thereby much more interesting). To live > with those crackers, I think the only way is to use the strategy of > the nightclub-owner: Ask (at least half of) the guys that cause you > troubles to make sure there is no trouble anymore. LINBO is not designed to create or replace strong local security. It just installs or repairs an installation from an image with a beginner-proof graphical boot console. It does not make your system more secure in any way. > It would be nice if admins running the system under real conditions at > school can comment and help me getting off my naive and unrealistic > attitude. > > Concerning the integration in Debian, it might be interesting to look > at something comparable (?) that just appeared these days from Michael > Prokop and team: > <URL:http://michael-prokop.at/blog/2011/01/07/booting-iso-images-from-within-grub2/> > Again, perhaps there is also a way to cooperate and work together. I don't think that booting iso images with grub2 is comparable with what LINBO or any other rescue console does. But using overlay technique could be an interesting extension for workstation installations, making it possible to have an almost unchangeable system. Also, off-topic, but still interesting. :-) Regards -Klaus -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110108223956.gd3...@knopper.net
