yt/UbuntuKioskMode.md

## UbuntuKioskMode.md

      
    Raw
  

              UbuntuKioskMode.md
            
          
    Create a secure Kiosk application on Ubuntu 18.04

At the end of the setup you will have your application running on ubuntu desktop in kiosk mode. Starts up on boot, without desktop environment on the background. Disabled all shell access. Disabled 3rd party hardware.
Setup preperations

sudo apt update
sudo apt upgrade
sudo apt install -y openssh-server
sudo apt-get remove notification-daemon
rm -rf /home/$USER/.config/autostart/*

Setup your application

Setup your basic application requirements
Setup a desktop app for your app

Create file /usr/share/applications/run-my-app.desktop as
[Desktop Entry]
Name=My-application
Comment=Run the main program
Exec=bash -c '{here is the commnad to run the application}'
Terminal=false
Type=Application
Categories=GNOME;GTK;

Don't forget to review Exec command above
Enable autologin for user

Set file /etc/gdm3/custom.conf as
[daemon]
AutomaticLoginEnable = true
AutomaticLogin = {your username}

Disable command-line access

Set file /etc/dconf/profile/user
user-db:user
system-db:local

mkdir -p /etc/dconf/db/local.d and set file /etc/dconf/db/local.d/00-lockdown
[org/gnome/desktop/lockdown]
disable-command-line=true

mkdir /etc/dconf/db/local.d/locks and
Set file /etc/dconf/db/local.d/locks/lockdown
/org/gnome/desktop/lockdown/disable-command-line

Run sudo dconf update


mkdir /etc/X11/xorg.conf.d and
Set file /etc/X11/xorg.conf.d/10-xorg.conf
Section "Serverflags"
Option "DontVTSwitch" "yes"
EndSection

ref: https://help.gnome.org/admin/system-admin-guide/stable/lockdown-command-line.html.en
Create a new session

Set file /usr/share/xsessions/kiosk.desktop as
[Desktop Entry]
Name=kiosk 
Comment=This is our custom session
Exec=gnome-session --session kiosk
Type=Application
DesktopNames=kiosk:GNOME
X-Ubuntu-Gettext-Domain=gnome-session-3.0

Set file /usr/share/applications/kiosk-shell.desktop
[Desktop Entry]
Name=kiosk
Exec=gnome-shell --mode=kiosk

Set this session as default for user

Edit file /var/lib/AccountsService/users/{your user name} as
[User]
XSession=kiosk
SystemAccount=false

Define a custom session

And set file /usr/share/gnome-session/sessions/kiosk.session as
[GNOME Session]
Name=kiosk
RequiredComponents=org.gnome.SettingsDaemon.Keyboard;run-my-app;kiosk-shell;

Disable lock screen

Execute;
gsettings get org.gnome.desktop.lockdown disable-lock-screen
gsettings set org.gnome.desktop.screensaver lock-enabled false
gsettings set org.gnome.desktop.session idle-delay 0
sudo systemctl mask sleep.target
sudo systemctl mask suspend.
apt remove -y update-manager
apt remove -y gnome-power-manager
apt remove -y gnome-screensaver

Disable blank screen

Execute;
echo "xset s off && xset -dpms" >> /home/{your user name}/.profile

Disable crash reports

sudo apt purge apport

(Optional) Change ubuntu splash screen

Assuming you want to replace default ubuntu splash icon with your my-logo.png
sudo cp my-logo.png /usr/share/plymouth/themes/ubuntu-logo/
cd /usr/share/plymouth/themes/ubuntu-logo/
mv ubuntu-logo.png ubuntu-logo.old.png
mv my-logo.png ubuntu-logo.png
## Change background to BLACK
sudo nano ubuntu-logo.script 
## Find 'Window.SetBackgroundTopColor' and set to 
# Window.SetBackgroundTopColor (0.0, 0.00, 0.0);     
# Window.SetBackgroundBottomColor (0.0, 0.00, 0.0; 

Change grub background color to black

Set file /usr/share/plymouth/themes/default.grub as
if background_color 0,0,0 ; then
   clear
fi

Troubleshooting

How to debug custom session?

To debug the logs. Run gnome-session --session=kiosk --debug
How to return to the original gnome?

Just edit /etc/gdm3/custom.conf -> AutomaticLoginEnable to false. And choose original ubuntu session at the lock screen