Any ways to software lock a Linux PC?
From: Norm Dresner (ndrez_at_att.net)
Date: Thu, 06 Nov 2003 14:29:13 GMT
Before I reinvent the wheel, I'll describe the problem we have:
In a secure environment where unattended processing is allowed, there must
be a way to lock a "terminal" or PC to prevent anyone but the holder of the
password (or an authorized administrator) to bypass the lock and gain access
to the process(es) running on the "terminal" or PC. [Power cycling doesn't
count because that doesn't grant access to the process(es), just to the
normal login mechanisms].
Just about every serial terminal attached to a mainframe had such a locking
mechanism, usually a program running in the foreground which demanded a
password to release its exclusive hold on the terminal. PCs running most
flavors of windows are similarly lockable, but Linux presents a huge
security hole in its (at least in the default installation) 6 text terminals
plus an X-window session. Unless all (7) of these are locked, the machine
is insecure and anyone who can log into the unlocked sessions can defeat the
locking by simple means.
What we need is a mechanism that operates, probably at the kernel level, to
secure the entire computer with a single locking mechanism. I can probably
write such a kernel module but finding one already written and debugged
would be more convincing to our security department.
I'd appreciate any suggestions, references, URLs, etc to programs or
products that would satisfy our needs.