Mask my Desktop for my ubuntu-based Wifi hotspot/router

Question

I used Ubuntu to build a Wifi HotSpot. You can join the Wifi and access Internet. It is used in some area without lots of Internet access in Africa, Island and Greenland.

Since we're responsible for lots of law things (I dont detail), I have to ensure the Wifi hotspot is nor hacked nor theft. I crypted it all with LUKS, and I put the keyfile on a USB pendrive. But someone can still come with a screen-keyboard-mouse stuff and go to the FS.

Therefore, I aim to avoid anyone access the Desktop, but how can I do this ?

Note: since the system has to run automatically at boot, I cant ask for a user passwors at launch, so I disabled it (you got the desktop immediatly).

Thanks --

EDIT FYI, My system is in a box.

Answer 1

If someone has physical access to the computer, there is no way to protect it. Put it inside a box under lock and key

For this kind of use it is best not to use Ubuntu Desktop. Use the Ubuntu server version, that has no desktop. Setup the WiFi hotspot as a service. A service (also called a daemon) starts when the computer starts and does not need anyone to log on. See How to setup an access point mode WiFi hotspot? for how to use hostapd to setup WiFi hotspot as a service.

Use strong password for admin (sudo) accounts.

If you can't do that, try WiFi hotspot available to all users. See:

Note, All users may connect to this network box is checked. This means this network will be online before anyone logs on. So you don't need to log on to the desktop to make it work.

Second, set up lock screen so that the screen is locked if no one uses it.

See Lock is set to On. You can also manually lock the screen by pressing Ctrl+Alt+L before you leave the computer.

Remember: All this is useless if someone can physically get to the computer and reboot it to recovery mode and reset your password.

Hope this helps

Answer 2

Turn the desktop black of all (possibly additionally) connected screens

Not sure if the solution below is sufficient to you, but as an (additional?) measure, it should help to make it at least more difficult to access the system.

As usual, it is mostly the combination of measures that makes incidental access more difficult. It could e.g be made more difficult by:

• adding a password to "un-" blacken the screen
• a log file to keep track of changes in screen brightness
• change the default shortcut key to open the terminal, so "blindly" typing commands is unlikely.

At the same time, I am pretty sure however that someone with real knowledge will always find a way, if the time is sufficient, unless you completely block all connecting options by (e.g.) building the system inside some kind of a box. Only think of restarting from an external medium.

The bottom line is that you'll have to decide if it is useful to you

The solution

Exists of a background script that once per second:

• checks all connected screens (also newly connected ones)
• checks if all screens are set to brightness 0.0 (or 1.0, see further below)
• sets all screens to brightness 0.0if not.

Furthermore:

• the script reads the desired brightness value from a hidden file in your home directory
• the solution includes two shortcut key combinations to set that value in the file to 1.0 (normal use) or 0.0 (black screen).

As mentioned, the scortcut keys can be made to use a password (in plain text). Please mention it if you find it usesfull.

The script

#!/usr/bin/env python3
import subprocess
import time
import os

screen_brightness = os.environ["HOME"]+"/.screenset.txt"
if not os.path.exists(screen_brightness):
    open(screen_brightness, "wt").write("0.0")

def read_set():
    return open(screen_brightness).read()

def get(command):
    return subprocess.check_output(["/bin/bash", "-c", command]).decode("utf-8")

def find_screens(screendata):
    return [l.split()[0] for l in screendata.splitlines() if " connected" in l]

while True:
    time.sleep(1)
    curr_set = read_set()
    screendata = get("xrandr --verbose")
    n_screens = screendata.count(" connected")
    n_dimmed = screendata.count("Brightness: "+curr_set)
    if n_dimmed != n_screens:
        screens = find_screens(screendata)
        for scr in screens:
            subprocess.Popen(["xrandr", "--output", scr, "--brightness", curr_set])

How to set up

1. Copy the script into a empty file, save it as black_screen.py

2. Create two shortcut keys (commands):

   echo 1.0 > ~/.screenset.txt
   

   and:

   echo 0.0 > ~/.screenset.txt
   

   Choose: System Settings > "Keyboard" > "Shortcuts" > "Custom Shortcuts". Click the "+" and add the commands to two different shortcut keys.

3. Test run the script with the command:

   python3 /path/to/black_screen.py
   

4. If all works fine, add it to your startup applications: Dash > Startup Applications > Add the command:

   python3 /path/to/black_screen.py
   

Notes

As mentioned, the script / setup can be made more secure with a (plain text) password and/or a log file. Please look if this is a useful direction.