Building a secure Gentoo Linux kiosk system - part 2
This is part 2 of 2 in building and setting up a secure Gentoo Linux kiosk system. Here I will configure the X system, extras and lock the system down. Part one can be followed here.
Building a secure Gentoo Linux kiosk system - part 1
This is a two part guide to setup and configure a completely locked down kiosk Linux system that can be used in kiosk booths or as in my case as a client system for Call Centers with a web driven backend. Nice thing is that to have your agents work on different systems (Web Backends), you can update all workstations in batch to point to a new “URL” (backend system) that they need to work on.
Cisco IOS IPSEC VPN server and client config
Configuring a Cisco IOS VPN server and allowing VPN clients to connect encrypted IPSEC. This setup still allows Internet access using a Split Tunneling configuration.
Getting and inserting MySQL data with perl CGI
A handy way of capturing data with a browser and inserting into MySQL via form submit. Pulling the captured data from MySQL and displaying it with a browser is just as easy.
Setup the Cisco SSH server
This is with normal “Username/Password” authentication. Apparently IOS 15 and up supports public/private key authentication…
SSH passwordless public private key authentication
Creating and setting up SSH key based authentication for passwordless remote server logins on Linux or Mac OS X.
Setup Putty SSH client for passwordless key based authentication
Setup Putty SSH client, for passwordless public private key based authentication on Windows.
SNMP and Cisco routers or switches
Setting up read-only SNMP community and sending SNMP traps to a central SNMP trap receiver, on Cisco devices. Some options like Spanning-tree, under the trap configuration, will not neccessary be available on all devices.
DHCP server on Cisco IOS
Setting up a DHCP server to hand out IP addresses to clients, on a Cisco router or switch.
Router on a stick Cisco router and a 3COM switch
Using a Cisco router to do the routing and a 3COM 4500 Superstack III switch for the VLANs, 802.1Q trunk setup. I’m not going to use port 1 on the switch, as this belongs to the native VLAN1. Also remember that all the other ports on the switch, not assigned to their own VLANs, will also by default belong to VLAN1. In other words, all devices plugged into any of the VLAN1 ports, will be able to see each other by default!