Podcast RSS: Mr. Beck's RSS Feed

Teaching with Security in Mind!

2008-03-12 @ 00:01,

Teaching in a Linux computer lab is a wonderful experience once you get everything set up. The security, flexibility, and ease of use available throughout the room should become immediately apparent. With a little creative energy, it's amazing what you can accomplish with a fleet of Linux installations at your disposal.

The first thing that becomes important when working with a group of students is shared network storage and the ability to control it. I can't tell you the number of times I've either found extra-curricular files on the the district shared storage or had important information deleted without the ability to go back and track exactly what happened. It can be frustrating if you don't have the right resources to track this kind of activity.

The solution: SAMBA.

In our labs we've set up shared samba storage drives that reside on a central machine that sits next to my desk. Right now we have a little over 1 terabyte of shared storage spread out over several USB external drives. Samba generates a series of log files that allows you to pinpoint a time and ip_address associated with all file transactions.

Here's how we track our student shared storage on Samba.

-The following configuration needs to be set in /etc/samba/smb.conf

log level=3

-Logs are then generated in /var/log/samba/
-If a student erases a file called 'importantfile.doc,' the teacher can do the following:
cd /var/log/samba/
grep importantfile.doc *
-From there the log files will indicate exactly where and when the file deletion took place.
As long as the teacher maintains a solid seating chart, it is possible to tell exactly who did what, when, and where.

It is paramount that teachers have the ability to track shared storage. Samba on Linux puts that information within reach.

(Intellegent Teaching and Learning with Computers)

The people who put this project together are truly awesome. In short, italc provides an interface that allows the teacher to see a thumbnail of every computer in the room. From there the teacher can:

-Take control of any given computer
-Lock the student interface. (A lock with a black screen appears.)
-Lock the entire room at once.
-Show your screen on every monitor in the room.
-Show a student screen on every monitor in the room.
-Poweroff or restart the entire room.
The list goes on. It's a pretty powerful piece of software, but it does tax the machine that acts as a master.
The process of gathering screenshots from every computer in the room can really slow the master computer down. I have written a tutorial here on how to get iTALC running on Ubuntu/Gutsy. (It also works very well on Windows!)

Another great aspect of utilizing Ubuntu in the classroom is the ability to make changes to every computer at once.

Warning: What I'm about to demonstrate requires extreme caution. One mistake can completely destroy an entire lab.

I regularly add icons to the student desktops, change the wallpapers on the student computers, change the kdm login manager theme, or install and remove programs across the entire lab. I do it using passwordless authentication. For a more detailed explanation please watch this video.

Essentially, using a public/private keypair, you can authenticate to any given Linux machine without the need for a password. If the root user on my teacher computer attempts to contact any computer in the lab (They are all sequentially ordered by ip address) the computer being contacted simply allows the connection to proceed.

Thus, I can write a script that looks like this:


until [ $ipaddy -eq 30 ]
ssh 10.43.231.$ipaddy 'eject' &
ipaddy=$(($ipaddy +1 ))

This script goes out and contacts and then etc...
It executes the eject command on each machine, and yes they all pop out at once.
It's pretty cool.

Using this model, I can do things like run apt-get install, I can change the background, I can do pretty much anything I like and it happens across all 30 machines. Of course, by running something like rm -Rf /
I'd completely wipe the whole room out. Use with caution.

Apt-Cacher is another really useful application that makes life in a computer lab a breeze.

What does it do?

-Apt-cacher acts as a local repository for other computers on your LAN. Once you install a program on the master, all of the clients in the room will then download and install the program from the local machine rather than retrieve it from the internet.

-Every once in a while I find a program that I want to use that is fairly large and takes 30 minutes or more to download. Apt-cacher really comes in handy in these situations. Once the initial install is complete, the other local computers are able to download the package from the master
in seconds.

-Click here for more detailed instructions.

Check back soon for more updates!