Iron Clad Puppy

For discussions about security.
Post Reply
Message
Author
2byte
Posts: 353
Joined: Mon 09 Oct 2006, 18:10

Iron Clad Puppy

#1 Post by 2byte »

Linux is not immune to malware or rootkits. In fact, exploit kits for these that target Linux are being sold. I ran across an article about that on BBC the other day but unfortunately I didn’t bookmark it.

An acquaintance of mine observed that a pup booting from a CD/DVD was a very secure OS, but in her opinion left something to be desired. She would prefer a ‘regular’ computer. Carrying around a separate disc or stick is not her idea of a OS, and ‘why couldn’t a normal computer be made as iron-clad as one booted from a CD?’

Good question.

We tossed around a few ideas and made some observations.
Puppy booted from CD/DVD has theses advantages:
It is immune to rootkits.
The base OS can not be compromised, except via a saved session or save file.

How could a regular kit, booted from the hard drive, implement the same features?
Things to consider:
The OS must be easy to update, so no immutable files.
The browser and email client must be updated regularly, along with some other applications.
Emails, documents and other personal files must be preserved.

This is the recipe we have so far:

Hardware
Set Bios password(s)
Disallow boot from CD or USB.
Partition HD – 1 swap – 2 Linux – 1 data – 1 backup (never mounted by user)

Software
Install GRUB to mbr, /boot on sda1
Create a blank save file (dd).
Manual install Puppy and configure menu.lst.

Boot & set up a frugal Puppy on a clean system (not connected to LAN or internet).
Set root password and computer name.
symlink ~/ browser and email files to /mnt/home/xx
Set browser to download to /mnt/home/yy
Install core apps from local copies, move to /mnt/home/zz and symlink back.
An alternative to storing apps and data on /mnt/home/xyz could be to use sfs files mounted rw at boot.

1 time
Backup mbr and partition table (dd).
Backup Puppy files: pupsave, initrd, vmlinuz, pup.sfs files.
Backup /boot directory.

Operation
Do periodic md5sum checks of system files at runtime.
At every shutdown, after all apps are killed and partitions unmounted:
Perform a final md5sum.
If anything is dubious, then from obscured onboard backup files,
Overwrite the mbr and partition table (dd).
Overwrite the Puppy system files and pupsave.
Overwrite /boot.
Shutdown.

We would like to hear the thoughts of other forum members about this. How could the recipe be improved? Any pitfalls to look out for?
Last edited by 2byte on Sat 03 Dec 2011, 21:58, edited 1 time in total.


User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

Re: Iron Clad Puppy

#2 Post by Flash »

2byte wrote:....This is the recipe we have so far:

Hardware
Set Bios password(s)
Disallow boot from CD or USB. ...
I would only do that if I were going to boot from a network. Because what do you do if the computer's hard disk craters? (Which it will, trust me, and at the worst possible moment.) You won't be able to boot from a repair CD or from a plain Puppy CD to at least use the computer.

2byte
Posts: 353
Joined: Mon 09 Oct 2006, 18:10

#3 Post by 2byte »

She has no problem with going into the bios and changing the boot options. Or replacing a fried HD for that matter.
She's a very savvy lady.

Edit: Disabling CD USB boot was her idea


PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#4 Post by PaulBx1 »

I wouldn't bother with the overwrites at the end. Instead, get checksums and compare with known good values (that you've stored previously). In fact checking checksums in the background after boot wouldn't be a bad idea. That way you won't bork things if power goes down in the middle of a write. Probably faster too.

2byte
Posts: 353
Joined: Mon 09 Oct 2006, 18:10

#5 Post by 2byte »

Thanks for the suggestion, it's sort of obvious now that you've pointed it out. Plus, the rewrites can still be done if anything dubious is detected.

Would anyone else care to offer up an idea?


PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#6 Post by PaulBx1 »

I'll be interested to see the scripts you come up with. I run an encrypted pupsave and a truecrypt volume for my personal data, but I always intended at some point (never got around to it) to kick off a low priority background task in rc.local to verify the checksums of the non-encrypted pieces like the puppy sfs, just to be paranoid about stuff like trojans and key loggers.

I also boot off flash drive and carry this around when I'm not home so it's pretty secure I imagine, but it doesn't hurt to add more security to the picture.

Post Reply