What Advice For a Single Parent As Server Admin? 618
Dragon_Eater, with "lots of experience setting up PCs and a passable knowledge of Linux but severely lacking in the server/client department,"
writes with a situation that probably faces a lot of parents:
I want to set up three kids, 12, 14, and 15, with newer computers so they will stop fighting for time on the one ten-year-old Dell they share now. I can get the individual computers and a server put together without any problems, but the computer-handicapped single parent needs to be able to do the following via an simple application/web page: View client computer status, On/off, sleeping etc.; Deny Internet access, not LAN, just the web; Schedule time usage of computer, ex. 7 am to 10 pm on school nights etc.; Force log-out and/or shutdown of clients, for grounding purposes; and Apply some kind of firewall filter for blocking undesired web content. And as the administrator for this network I would like the following options: Remote virus scanning of client machines, or scheduled task; Some kind of hardware monitor, high temp / fan speed low etc.; and Email alerts for various log files / alarms.
Given the lists above I am thinking about a Linux-based router/server machine and running Windows on the clients for game compatibility. I also know that a server and network boot client is possible but not sure where to start on that one."
A good router (Score:5, Informative)
Do this, ground your kids, make them Engineers (Score:5, Informative)
It's amazing what kids can figure out when it comes to getting by the restrictions their parents set forth.
They're going to learn about networking, proxies, virtual machines, ip spoofing etc. All because they want to get on Facebook. Which they will.
You need to ask "should I?" and not "how can I?" (Score:5, Informative)
Where to start: Scrap all your ideas and start over.
Yes, everything you asked for can be done. The reality is though is that, with the amount of complexity you are asking for, you will be a full time sysadmin for them - you might as well quit your day job now.
Your setup is simply too complex for a non-techie (and to be honest, as a techie, I don't want to have to admin something that complex at home). You need to stop asking "can I" and ask "should I?"
Windows PCs joined to active directory can let you manage them, set logon hours, etc.
Why do you care to know if the PCs are sleeping/on/off/whatever?
A router running DD-WRT will let you deny internet access based on hours and/or PCs in a simple manner. To be perfectly honest, I hate the concept of internet filtering (by parents or otherwise) as I believe it is another step toward turning people into drones, rather than teaching them to think for themselves, so I'm not even going to offer any suggestions on that subject.
I agree with the other posters, the system you have suggested will end as follows:
1. The kids will learn how to hack around it. This can be a good thing or bad thing, depending on your point of view
2. The system is so complex it will never work and the parent will never use it as they have no clue
3. You will grow to hate it as it will take too much of your time.
Re:Holy shit (Score:5, Informative)
Untangle http://www.untangle.com/ [untangle.com] has some very good filtering on content and viruses, as well as some ads. The captive portal is not as strong, but getting there. No real traffic shaping last time I checked.
Both are open source projects. Monowall will run on any old P3 with 128 meg of ram. Untangle will need a bit more power behind it.
Re:Holy shit (Score:5, Informative)
Not really... Basic Desktop support, and a more sophisticated gateway. Something like m0n0wall http://m0n0.ch/wall/ [m0n0.ch] has very good access control with a voucher system, you user based control built in. It also has a very good traffic shaper so one kid downloading won't cause a fight with the other kid gaming. However, no web filtering.
Untangle http://www.untangle.com/ [untangle.com] has some very good filtering on content and viruses, as well as some ads. The captive portal is not as strong, but getting there. No real traffic shaping last time I checked.
Both are open source projects. Monowall will run on any old P3 with 128 meg of ram. Untangle will need a bit more power behind it.
Good options. He could also try ClearOS [clearfoundation.com]. After it is set up it should be rather low maintenance. The download link is on the page. I have one at home and it is a win.
Re:Break this list down into multiple functions (Score:3, Informative)
[...] if you had a Windows Domain Controller. That's probably outside of your budget. [...]
Some linux-friendly routers will allow you to run a Samba DC on them. Samba 4 supports Group Policies. It is marked as not being production-ready, but it should be safe enough for a home network. While you're at it, the same Samba could provide printer sharing for all the machines.
(Not that I believe that Group Policies can replace proper parenting, though. Using technology to solve social problems seldom is a smart idea.)
OS X will do exactly what you want (Score:3, Informative)
OS X will do pretty much everything you've asked for, with very little work. You can use parental controls to create a whitelist for which programs and websites are allowed. You can restrict account access to specific times and days. You can use ssh or vnc to connect to each machine to remotely administer it. (OS X has a very nice, fast, VNC client and server built in.) You don't need a virus scanner, since there are no viruses in the wild for OS X. You can prevent installation of additional programs. Automatically limit access to adult websites. Restrict who they can mail and IM with. Limit computer use to a certain number of hours per day. Log what they have been doing. Receive e-mail requests to add additional websites, IM users, etc. so that you can confirm additions without having to use their computer. And if you install the istat pro widget, you can monitor all of the computer's hardware sensors, which will give you all of the rest of the info you asked for. VERY easy to set all of this up.
Re:3 Macs, not antique Windows, they are not grand (Score:2, Informative)
In college they will be using Macs, and people of their generation overwhelmingly use Macs, the skills will be more beneficial than learning Windows.
I would love to see something to support this. I was on a university campus this weekend and I was curious about this myself. I actually counted PC vs Mac as I walked around and at best Mac was 20%? While I won't argue that Mac is gaining ground I would say a blanket statement like this is not quite correct. I think learning and being comfortable with technology is more important than learning either the Windows / Mac / Linux way to do things.
Also many of the implied exclusive features are built into windows as well? Lastly, um Steam I shall quote from https://support.steampowered.com/kb_article.php?p_faqid=98 [steampowered.com]
"The Mac version of the Steam client will be released in April, until that time we will be unable to provide support for Mac issues.
For more information, please read the following news post:
Valve to Deliver Steam & Source on the Mac
Please note that not all Steam games will be available on the Mac client. Availability will be determined on a game-togame basis."
Right now Steam runs 0 of the games and who knows what the future holds there.
Re:Ask the intelligence community (Score:2, Informative)
I'd suggest that if you're only having the chat after your daughter starts googling birth control, you've probably left it a little late.
This. Would you also read her diary? Both of those is extremely intrusive and will take them about 1 minute to get around. I suggest a simple firewall to block certain sites and you unplug the internet cable to the router locked in your closed after hours. For grounding you take their flat screen monitor away. There I just saved you $600+ and hours of administering
The kids machines (Score:2, Informative)
Similar situation, but younger kids.
Online is a big part of what they do at school these days.
I can trust my kids, however I have no desire for them to wind up on the seamy side of the internet by happenstance, or their system to get malwared to death either.
For the windows (XP) PCs (you'll get lots of Server/Linux advice here...) we are setup as follows (note - these are all free options):
1 - DNS set to OpenDNS, and set to do some basic filtering
2 - loaded K9 (by Bluecoat) on the kids machines for granular filtering
3 - Firefox, NoScript, ABP
4 - Avast, AdAware
5 - logmein for remote access if needed
6 - systems in a public room (not in their bedrooms) so access times, overgaming, and withdrawel from family are less problematic
I find the above pretty hands-off. Once in a while (once a month...) they need to get somewhere that is blocked, but it isn't common and they just come ask one of us to open it up. I tried running them in user, and then power user, mode but that was a constant pain and I gave up on it (meh..)
as always with such advice, ymmv.