Linux Strategy for Parental Control
Posted: 2020-06-21 10:30
Hi,
To prevent children access porn, I had thought about following measures to create a linux system they can work with and not being able to access any porn.:
0.- Fix DNS with porn parental control:
edit resolv.conf with CleanBrwosing DNS
1.- Mount all not system devices with forbidden execute permissions, so they cant run any autoexecutable applications like Appimage
mount /tmp folder with not executable permissions as well
2.- Restrict sudoers to run only few scripts and synaptic, so we can monitor what they've installed from synaptic history
2.1 blacklist some packages in synaptic, so we can prevent them to install application can dowload porn such as (amule, kodi, tor...)
/etc/apt/apt.conf.d/01autoremove
or with chattr .: (creating an empty file so it crashes blacklisted installations touch /bin/kodi && chattr +i /bin/kodi)
3. Just in case, protect some sensible files by changing attibutes to only read by using chattr.
chattr +i sudoers, fstab, resolv.conf, sources.list
4- Lock Chrome extensions, so they cant bypass dns system or install any proxy browser.
5- Create a wrapup gksudo editor, so they can edit some configuration system files paths.. and not modify files like sudoers, fstab, etc
6- Filer Mac IP to use only parental computer, and protect router password so they cant download data porn wifi to smartphone without consuming their own data movil tarife
7- Protect BIOS with password so they cant boot to a device and make use of a livecd o liveusb
-------------------------------
I think with these all few measure, we can be sure, they wil be able to work properly and not being able to acces any porn at the same time unless, for a few years..
What do you think??, do you see any vulnerability in theses measures?
To prevent children access porn, I had thought about following measures to create a linux system they can work with and not being able to access any porn.:
0.- Fix DNS with porn parental control:
edit resolv.conf with CleanBrwosing DNS
1.- Mount all not system devices with forbidden execute permissions, so they cant run any autoexecutable applications like Appimage
mount /tmp folder with not executable permissions as well
2.- Restrict sudoers to run only few scripts and synaptic, so we can monitor what they've installed from synaptic history
2.1 blacklist some packages in synaptic, so we can prevent them to install application can dowload porn such as (amule, kodi, tor...)
/etc/apt/apt.conf.d/01autoremove
or with chattr .: (creating an empty file so it crashes blacklisted installations touch /bin/kodi && chattr +i /bin/kodi)
3. Just in case, protect some sensible files by changing attibutes to only read by using chattr.
chattr +i sudoers, fstab, resolv.conf, sources.list
4- Lock Chrome extensions, so they cant bypass dns system or install any proxy browser.
5- Create a wrapup gksudo editor, so they can edit some configuration system files paths.. and not modify files like sudoers, fstab, etc
6- Filer Mac IP to use only parental computer, and protect router password so they cant download data porn wifi to smartphone without consuming their own data movil tarife
7- Protect BIOS with password so they cant boot to a device and make use of a livecd o liveusb
-------------------------------
I think with these all few measure, we can be sure, they wil be able to work properly and not being able to acces any porn at the same time unless, for a few years..
What do you think??, do you see any vulnerability in theses measures?