One feature that I’ve seen in Microsoft Vista that I’ve liked is the parental controls. While content filtering is a questionable but better-than-nothing feature the one I am curious about is the Scheduler.
If I remember right, in Vista you can schedule times when a particular user can be or not be on the computer and/or have internet access. You can set up the kids to be off the of the computer by a certain time, while adults have access 24/7.
Is there any form of similar scheduling control for Linux (in general) or openSUSE (specifically)? Specifically on the OS level of a desktop.
I know that this is not fool-proof and easy to bypass:
Insert LiveCD
reboot
Bypass all Parental Controls
I have an old CPU set up as a router (IPCop.org) and content filter (DansGuardian) so I am more looking at the desktop level. Something before having to set up an Active Directory-like security scheme.
Before anybody wants to put in “the parents should control how long they are on the computer” which is all well and good and should be implemented anyway, my son was informed by a friend that she sneaks on the computer at night while her parents are asleep! This got me thinking “what’s there to stop my son?”
If he’s determined enough, he’ll get it somehow no matter what I do. The key is to make it so difficult he gives up before he succeeds.
Since you run IPCop you will find there are addons to block access by IP address to a schedule. If you control what IP address your child’s desktop computer gets via DHCP you can cut off access after hours. Squid also supports time ACLs if you want to go that way.
Of course, then your child may resort to playing games locally.
I was actually just looking through the IPCop add-ons. Do you know the name or where to look for the schedule control? I think the one I have installed is Cop+ but I’m not sure. It may also be a part of the DHCP package installed, I should look into that.
I am hoping to find something to keep him off even locally.
I also need to find a way to physically remove any access to the internet line from the line outside the house to the switch so he can’t intercept anything. He’s only 6 right now, so I guess I have just under a 10 year head-start!
Yes, once I get my own wireless connection up and running I need to inform the neighbors that their wireless connections are very open. I think at one point I had the option of closing them out of their own network!
No, I am not using their networks, I just don’t know how to lock it down so once I get my own and have some time fooling around with it I may be able to help them lock theirs down a little bit more.
I am not 100% sure at the moment and I am not at home to verify, but I think some router’s firmwares provide control over when a specific computer (identified by its MAC address) is able to connect to the net. In my case (a Linksys router flashed with DD-WRT) this is under the QoS tab (I might be wrong, it could be under another feature’s).
I know this is not foolproof as MAC addresses can be easily spoofed (at least under Linux), but it should be OK for a 6 year old (I hope).
A co-worker of mine was telling me that he has a Linksys router and that it allows for controlling the times but it is limited to either a single IP address or a range of addresses.
Can get around this my setting a static IP for the adult’s computers outside of the DHCP assign range but then when I take my laptop elsewhere I don’t know if it will work without changing this back to dynamically assigned address.
Couldn’t you just use something like this as a cron job or modifying to a while with a sleep and boot.local?
#!/bin/bash
#### As a cron job script ####
if who="Moderated_User" ] #Where Moderated_User is the user who you wish to keep an eye on
then
now=$(date +%s)
no_on_min=$(date --date "01:00:00" +%s)
no_on_max=$(date --date "02:00:00" +%s)
echo $now $no_on_min $no_on_max
if $now -lt $no_on_min ]
then
echo "Halt/Shutdown and log on Min"
elif $now -gt $no_on_max ]
then
echo "Halt/Shutdown and log on Max"
fi
fi
Of course replacing the echo’s with the commands. Could throw in an ifconfig down too etc…
