Protecting Linux Workstations with Dafturn Ofris
-
Windows has Deep Freeze, Apple has Time Machine, Linux has Dafturn Ofris (which isn't exactly Deep Freeze or Time Machine) but is still quite good.
It restores your Linux system at system restart, much like Deep Freeze or Time Machine, where it falls short is that this restore can still be affected by an Administrator or Root.
So to get started, you'll want to download Dafturn Ofris, Unzip it, and move the entire folder to "/".
cd / ./dafturn-ofris-1.9.05-en
You'll be prompted with six options at this point. Number 3 is the critical option we'll be focusing on (which "Freezes the system for all users")
Enter your selection by typing 3, hit Enter.
Assuming all went well, you'll receive a system success response.
Reboot the system to complete the changes.
At this point, the system is secured from misuse on the part of an End User. Which for a library, school system or any other such place where public computers are available makes returning the computer to "stock state" as simple as restarting the computer.
Root, still and always will have access to make file system changes. Such as disabling Dafturn Ofris, modifying the background, adding network shares or printers, or more importantly undo the action of someone attempting to cause trouble on the computer.
A few key things to keep in mind when considering the use of Dafturn Ofris
- All changes must be made with Dafturn Ofris disabled (using the Root credentials)
- It doesn't prevent files from being removed from your network shares
- It's open source and is available for improvement.
- Ensure you have a strong Root password
It's really that simple to protect a large number of Linux computers from abuse.
Oh you might also consider hiding the other Boot Options from Grub, or completely disabling the GRUB boot menu without the use of an Administrative Password. This will provide further protections for these systems, as well as prevent accidental access.