I have a project for work that needs a very secure system. I’m looking at using Linux and am wondering what I need to meet my needs. I am new to Linux but have worked around IT personel for years so obviously know a little bit about it. Let me try to explain what is currently being used, the problems with the current system, and what I need out of the future system below.
We have dedicated computers that are mounted to each of our production machines. These computers run a custom written VBA program called ProLink. This program has the machine operating parameters and recipe files that contain how the machine is to operate and what is considered a good or bad part. The machines have an ini file which controls the path of the security file for logins, passwords, and permissions which is nothing more than an Access DB.
The problem becomes, we have a group of employees that like to hack these computers. They change the path of the security file, change the permission or users in the file, etc. They also like to screw with it just because they can. Most of the machines are currently running Windows 7. To help eleviate the tampering, I have installed a free Rockwell product called DeckLock. It allows only the programs and functions that are defined by the Administrator (me). Then I modified the windows registry, etc to remove things like Cntrl+Alt+Del, Safe Mode, Switching users, etc. But, this still didn’t stop our professional hackers. They have now figured out such things as hard booting the machine to get around DeskLock, changing the path of the security file, rolling back to an earlier version of a recovery file, etc.
I need them to have the following only (at least at this time):
1) Run Prolink
2) Copy 1 dedicated parameter file to/from a thumb drive based upon user rights
3) Reboot Computer in case it freezes, etc
4) Admistrator back door only for things like needing to modifying Security DB path, etc
5) Run a simple VB script to popup a message when prompted (kinda like a reminder)
That is it. There’s no need for pinball, Explorer, regedit, or anything else to be in the hands of anyone running the machines. What product(s) do you guys recommed and why? Obviously, we need a very secure system.