Safe Surfing: Build A Linux Appliance, Part Two

A locked-down Linux PC allows you to work online without getting worked over by malware. Here's Part Two of our step-by-step guide to building your very own "safe surfing" system.
In Part 1 of this two-part Recipe, I showed how to build a basic Linux appliance for surfing the Web, sending and receiving e-mail, printing, and scanning—all without the bother or worry of Windows malware.

Now, in Part 2 of this TechBuilder Recipe, I will show you how to set up software installed with the Fedora Core 2 (FC2) Linux appliance described in Part 1. I'll also show how to expand the appliance to let users watch movies and videos; listen to music online; attach digital cameras; send and receive instant messages with software for AIM, ICQ, MSN and other networks; backup if a CD/DVD recorder is installed; and provide even better security.


Here's what you'll need:

  • A computer set up according to Part 1 of this Recipe.
  • An Internet connection, preferably broadband.
  • Any camera or CD/DVD burner you plan to install.

Installed Software Setup

Many types of software are bundled with the standard FC2 installation. The main ones of interest are mail clients, Web browsers, and a Microsoft Office-compatible (though with issues) office suite installed with the OS. Here are the details:

  • Browser: FC2 gives you Mozilla. It's simply yet another Web browser, so just use it like any other.

  • Regular User Mail: Decide whether to set up the default Evolution client or Kmail, a less elaborate program that I prefer. Either way, it's just another mail client. Set it to Simple Mail Transport Protocol (SMTP) to send mail, and to POP3 to receive.

  • Setting up a root mail account: A root account for mail is mainly a way to get to the internal network-process information when various processes inform the administrator (via e-mail to [email protected]) that something did or didn't happen. Most messages sent by applications to root will be of no interest whatsoever to an end user.

    The easiest way to read the log messages is to first log in as root and open kmail from a terminal window: the command is simply kmail. Then set the Receive mailbox type to local. Finally, check the mail. There is no reason to set up the send part of the root account; your user isn't going to be root anywhere but on that box.

    While the user can have access to this if they really want it, ordinarily the log account will be generating messages of primary interest only to the person servicing the machine. The problems an end user are going to be mainly concerned with is "it crashed" or "I can't get to the Net." Such users are more likely to be confused than anything else by routine log messages. This is one of those things that you'll want to be able to ask users, "Can you check...?" over the phone.

  • OpenOffice Writer (OO-Writer): OpenOffice is just another GUI word processor. A user with Word experience should have no trouble switching over. That said, there is a built-in default you may want to turn off: the word processor completes words for the user, often incorrectly. To turn off this feature: Tools > AutoCorrect/AutoFormat > Word Completion > tab > Enable word completion checkbox OFF.

  • Instant Messenger: Called Gaim, it's part of the default FC2 installation. Gaim can handle AIM (Oscar and TOC protocols), ICQ, MSN Messenger, Yahoo, IRC, Jabber and more. To launch this feature: Start > Internet > IM (Gaim)

    The user will need to set up an account for their intended IM service provider from the Web. You can get more information about this directly from the Gaim site.

Other Internet Applications

This section is more for completeness than anything else. The average user probably won't be interested, particularly since any browser can generally pick up anonymous FTP. But if you want to add Usenet newsgroups and FTP file downloading, here's how:

Install as root from terminal:

Usenet newsgroups: Pan " GUI news client

yum install pan
FTP (file downloading): Kasablanca " GUI ftp client:
yum install kasablanca
Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing