Puppy Linux Discussion Forum

[Pizzasgood]

Well, anybody wanting to add a keylogger into a package could just throw in some mail utilities while they're at it...

(OMG! Another bright idea no other person could ever come up with on his own! I've just inspired the ID theft of two and forty score people!)

That leads to one way you could possibly identify a suspicious package: make sure it isn't abnormally large. Also, you can extract (without installing) a package like this:
pet2tgz somepackage.pet
tar -xf somepackage.tar.gz
Then the package's contents will be inside the somepackage/ directory, so you can look around and make sure there aren't any suspicious files. In particular, look for things in auto-run directories like etc/init.d, etc/profile.d, and root/Startup. Also beware of replaced system files like /root/.xinitrc, /etc/profile, and stuff in /etc/rc.d/. And if there's a pinstall.sh script, read it to be sure there's nothing nefarious in that.

That doesn't help if the malware is compiled into the programs or libraries though.

(Oh snap, another inspiration!)

I'd better not mention the madness that could happen if the package also replaced things like ps, kill or even the kernel so that all this malware they're installing wouldn't turn up in the process list, nor be killable...


There is a reason that people recommend keeping a list of md5sums for all system files so you can tell when they change (assuming nobody modifies the list - store a hard copy outside the system so that that isn't a possibility unless you're dealing with people who have physical access to your stuff)

I would do that myself, if I didn't change things around so often that it would be more hassle than it's worth.


EDIT: With non-Full Puppy installs, you can look in /initrd/pup_rw/ to get an idea of what files have changed or been added from the default installation. That doesn't take into account anything added through a .sfs file, nor anything added by modifying the pup_xxx.sfs file (not normally possible - it's a readonly filesystem due to being compressed, but it could still be replaced, and I think you can append to it.)

(Whoops, out slips another one...)


I say, best to know how they can hit you, then figure out how to block it, rather than suppress the knowledge in the hopes that the crooks won't figure it out on their own. And yeah, I'm against gun bans, and my neck is a little red in the summer. And there ain't nuthin wrong with a pick-em-up truck, 'cept they tend to burn more gas than a small car or motorcycle.
[/rant]

[brad_chuck]

woof woof...

well said pizza.

[Aitch]

Pizza does it again.....

However, before everyione goes off topic, merlin026 revealed the real reason [?] for suggesting a keylogger was for 'parental control'

I posted a link to dansguardian, which performs that function without a keylogger in sight, & since other parents may be wanting 'parental control' also, I suggest those who want to get paranoia/911 blues start a new thread, and any other ideas for 'parental control' be continued here.....


just a bit of focus, eh, guys & gals?

Perhaps an edited change of thread name, merlin026?

Aitch

Edit: Thanks

[richard.a]

Now we are back on topic, there is a cumbersome but fully workable way to prevent actual access to known urls.

The key there - nothing to do with keyloggers lol - is the word "known".

You put a list of KNOWN addresses into your hosts file.

That's located at /etc/hosts

I discussed this with another fellow, I think on another forum.

You can read about my ideas which I've since realised are able to be modified a bit, but it is a project I called "gotcha" - why becomes obvious as you read the page at http://micro-hard.homelinux.net/gotcha/index.htm

This concept would do the trick, but as I said, you would need to know the bad addresses in advance, and add them as new ones came to light. The file ends up being quite huge.

Explore the directory where that page is located. It's index.htm rather than index.html so you can look inside. Check out the philosophy

Richard

[ttuuxxx]

or just add an internet filter is probably the easiest way
http://procon.mozdev.org/
ttuuxxx
also use what schools use for filtering
http://www.opendns.com/

[vito]

Thanks for this suggestion ttuuxxx . I wanted to give my sons the simplicity linux netbook edition (90meg) on a flashdrive to use for school papers but I could not figure out how to add a pornblocker, since dansguardian is a little tricky and takes up precious memory.

Also another firefox add on that works nicely together with procon latte is Foxfilter.

Mny Thx,
Vito

[mikeb]

Some routers (if you use one) have the ability to do content filtering...setup through its admin.....eg games will block any site with games in the address etc

mike

[ecomoney]

I have used Glubble....a firefox addon, for adding parental controls.

http://www.glubble.com/

It has a preloaded list of "allowed" sites such as the discovery channel/homework sites etc which no-one would really object their kids looking at (unless they were religious fundamentalists/creationists/flat earthers/Amish) Every new site the child tries to access, is denied and the url sent to the parent account for him/her to pre-read and either approve or deny access to for the child.

This is good because the Parents can judge, according to their standards, what is suitable for their child to see, based on their own moral values and/or the childs "mental age". This is much better than censoring the whole internet!

Yahooligans is a good search engine for kids

Dansguardian is a pain to set up, a preconfigured package would great to set up. We used a Dansguardian mod on Smoothwall at the cybercafe I ran, and it was VERY effective at filtering there, and practically unhackable as the filtering was done before the connection got to the puppy machine. We will be using the same at the mission cybercafe (all those sailors coming off long voyages etc etc )

@ Ttuuxxx

Perhaps you could write a patch that would mean the keylogger above would not work in puppy?

[ttuuxxx]

ya I think this whole thread should be deleted, or all the post other than the last 4 or so. Its about the only time I wanted to have adim privileges.
ttuuxxx

[legendofthor]

Agree with ttuuxxx
Though a PC Puppy may be a good Puplet
Cheers
Martin

[ecomoney]

Its an important thread because a lot of people want parental controls. Old computers that puppy flys on are often given as hand-me-downs for children.

If this thread gets deleted (which wouldnt hurt), I will repost this information in a new one.

[edoc]

Is there a free app like ProCon Latte that works in Seamonkey?

I only see Firefox referenced and while they share base-code not everything is cross-compatible.