Safe exams with Fedora

October 6th, 2009 — red_alert

Dear Lazyweb,

At our university professors tend to stop doing paper and pencil based exams and do them online (i.e. web based) instead. For this purpose we need a safe environment which allows browsing a certain site (i.e. the server on which the exam is) only. Additionally people should be able to bring their own laptop, boot some liveUSB/liveCD/PXE system and start the exam.

That system MUST:
- Be Fedora based :)
- Disallow the user to do any network traffic except to that one server (on ports 80/443 only) – the system itself should of course be able to do DHCP, DNS,  et al.
- Disallow any networking over anything but Ethernet
- Disallow access to any local storage (HDDs, SSDs, USB-keys/-disks)
- Disallow the user to run anything but Firefox (even when Firefox prompts to open anything) – or a more secure gecko based browser(?)
- Use matchbox-window-manager
- Have as little software as necessary
- (Be easily update-/upgradeable)

This does not have to be 100% secure (well, not possible anyway) but as secure as possible without doing really nasty or time consuming stuff. After all the students sign some paper after the exam to confirm that they did not cheat.

Anyone ever done something like that? Any ideas, pointers, help is welcome and much appreciated!

I guess SELinux is the best way to limit the user that much. I think xguest does some of the above, but not all. Not sure if we can use sandbox (-X) for our purpose. But I never did anything like that and wouldn’t even now what to start with and how to best do something like that.

Maybe it would be enough to just throw away some udev rules, not provide any application but Firefox and use iptables.

Oh, and what’s the best way to bring all this onto a live media? What tools are nowadays used to easily create some custom live system? We’re not sure yet whether we’ll use liveUSB/-CD or PXE (or both?) so this should work for all. No need to make it installable, tho! :)

Posted in Fedora. 4 Comments »

4 Responses to “Safe exams with Fedora”

  1. bochecha Says:
    October 6th, 2009 at 16:10:52

    That system MUST:
    - Be Fedora based :)

    That one is easy :P

    - Disallow the user to do any network traffic except to that one server (on ports 80/443 only) – the system itself should of course be able to do DHCP, DNS, et al.

    SELinux confines the xguest user so that Firefox is the only application running in his session that can access the network.

    Set up a filtrating proxy that only allows the ports 80 and 443 to this one web server only (Squid is pretty easy to setup to do that).

    - Disallow any networking over anything but Ethernet

    IPTables will be your friend here.

    - Disallow access to any local storage (HDDs, SSDs, USB-keys/-disks)

    Not sure how to do that. Maybe with some Udev rules you can prevent the devices to be created, and thus they won’t be mounted.

    - Disallow the user to run anything but Firefox (even when Firefox prompts to open anything) – or a more secure gecko based browser(?)

    The easiest would probably be to extend the xguest user to do that.

    - Use matchbox-window-manager
    - Have as little software as necessary

    Just choose the installed RPMs in your kickstart.

    - (Be easily update-/upgradeable)

    This one is easy, provided you make all your modifications available as RPMs.

    « Oh, and what’s the best way to bring all this onto a live media? »

    Like I said, everything in RPM, then a kickstart file, then pungi/livecd-creator to create the image.

  2. bochecha Says:
    October 6th, 2009 at 16:17:56

    BTW, you’ll also want to add the following rule:
    - the user can’t execute anything in his $HOME or in /tmp

    xguest already does that ;)

  3. Stephen Smoogen Says:
    October 6th, 2009 at 17:51:19

    The biggest issue is going to be that they are bringing their own laptop. Dealing with various wireless and video issues will probably make any liveboot an issue (even if it were netbooting windows).

    Not insurmountable but probably the biggest cost issue to look at since most of the things you are asking for are in xguest as bochecha says.

  4. Victor Bogado da Silva Lins Says:
    October 6th, 2009 at 18:01:43

    I think that the limitation should be added to the network it self and to the server. The network should have no external link and every computer on the room should only be connected to the server. This way the setup on the client computer would be only to disallow connections to unauthorized networks. This could be achieving bundling no wireless network drivers, no bluetooth, no ppp and etc.

    I am a strong believer that security should be concentrated on the server side, the web server could make some checks to verify that the client is running the correct version of the browser, for instance using a https connection and a client side certificate.

    Another thing, why use a window manager at all, if you are controlling the server you should be able to limit everything to a single browser window, just start a “maximized” browser with no window manager.

Leave a Reply

«

»