On Mon, Jun 21, 2010 at 15:10:38 -0400, Daniel J Walsh dwalsh@redhat.com wrote:

My idea is for apps like cash registers/kiosk/demo booths. If I imbed a bootable OS and do not allow external USB/CD. Theoretically people who can touch the box, can not boot their own OS or break into the OS to turn off security features like SELinux/iptables etc.

Usually what I do to discourage playing around is set a grub password, set PROMPT=no in /etc/sysconfig/init and disable control alt delete, set a bios admin password, disable booting from removable media (unless a password is supplied).

I never took a look at syslinux or isolinux to see if they have commands to escape them, but that wouldn't apply in my use cases.