On Mon, Jun 21, 2010 at 15:10:38 -0400,
Daniel J Walsh <dwalsh(a)redhat.com> wrote:
My idea is for apps like cash registers/kiosk/demo booths. If I
imbed a
bootable OS and do not allow external USB/CD. Theoretically people who
can touch the box, can not boot their own OS or break into the OS to
turn off security features like SELinux/iptables etc.
Usually what I do to discourage playing around is set a grub password,
set PROMPT=no in /etc/sysconfig/init and disable control alt delete,
set a bios admin password, disable booting from removable media (unless
a password is supplied).
I never took a look at syslinux or isolinux to see if they have commands to
escape them, but that wouldn't apply in my use cases.