[TriLUG] Penguins in the desert

Aaron Joyner aaron at joyner.ws
Wed Oct 12 21:28:58 EDT 2005 

>>On 12 Oct 2005 12:46:27 -0400, Jon Carnes <jonc at nc.rr.com> wrote:
>>
>> How do you stop folks from gaining root if they have physical access 
>> to the machine? Or are you assuming they don't have Linux knowledge?
>
> Douglas Ward wrote:
> I am assuming that they don't have any Linux knowledge. I don't think 
> there are very many computer savvy folks out there. At least I hope not...


I think it's a pretty safe assumption that Douglas is making.  The basic 
idea here being the same as most locks: you're trying to keep the honest 
people honest.  You can go one step further, and setup a password on the 
boot loader, use a bios password, and physically secure the cases under 
lock and key (or just solder the bios jumper leads together and super 
glue the cmos and battery into their sockets, if you're really crazy).  
Either of these overly-dramatic steps will keep all but the most 
determined people from doing any real harm.

Also, people keep mentioning 100Mhz P1s with 128MBs of ram.  I'd just 
like to point out that in the realm of 100Mhz Pentiums, 32MBs of ram was 
a lot.  If you get back into 100Mhz 486-DX machines you're looking at 
16MBs of ram.  As people have also pointed out, this isn't going to run 
much of a modern Gnome or KDE implementation.  You'll need to go with a 
stripped down windowing environment, and doing that by hand (though 
possible with a modern distro) is painful, at best.  Using a small or 
easily stripped-down distro is probably best.  Also, since you don't 
have Internet (or really local) security concerns, you might reasonably 
consider going with a significantly old distro, something from the 
RedHat 7.x era or even 6.x.  Generally speaking, the 7.x series redhat 
distros will run on very minimal hardware, with Gnome, and you'll still 
*probably* be able to build (note I said build, not simply install a 
binary) for the latest versions of OpenOffice.  All of the above is true 
for comparable Mandrake versions as well, if you're more comfortable in 
that realm.  In practice, running a slim yet newer distro is probably 
better, but only to the extent to which you're familiar enough with it 
to support it from an email box on the other side of the planet.

Aaron S. Joyner

More information about the TriLUG mailing list