Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 02 Aug 2014, 00:29
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Security in Puppy Linux: running as Root
Post new topic   Reply to topic View previous topic :: View next topic
Page 3 of 4 [46 Posts]   Goto page: Previous 1, 2, 3, 4 Next
Author Message
musher0


Joined: 04 Jan 2009
Posts: 4229
Location: Gatineau (Qc), Canada

PostPosted: Sat 27 Oct 2012, 13:23    Post subject:  

I agree with gposil in this old thread:

http://murga-linux.com/puppy/viewtopic.php?search_id=144912960&t=49025

Why are we going over this again?

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send private message Visit poster's website 
greengeek

Joined: 20 Jul 2010
Posts: 2423
Location: New Zealand

PostPosted: Sat 27 Oct 2012, 15:06    Post subject:  

musher0 wrote:
I agree with gposil in this old thread:

That old thread was well worth a read. I thought I would repost Aragon's contribution regarding secure hardware:
secure hware.jpg
 Description   
 Filesize   35.13 KB
 Viewed   844 Time(s)

secure hware.jpg

Back to top
View user's profile Send private message 
gcmartin

Joined: 14 Oct 2005
Posts: 4135
Location: Earth

PostPosted: Thu 01 Nov 2012, 18:56    Post subject: Helping a user  

@Snayak asks some very good questions.

Some of our most honored security persons should address these. And, it probably should be done, not so much as a security question, but in terms of how he presents his questions of us.

Microsoft, nor Apple, nor mainstream Linux, nor Unix are viewed as single user. (security issues aside for a moment)

BarryK started his Linux project distro in a effort to keep it as simple as possible for ease of understanding and ease of implementation. As such he took steps to "trim" the system to what he felt is a easy to implement system that should you have a router and an ethernet cable will get you a desktop office that will connect to the internet. This is notwithstanding that there are other LAN services present. His PUPPY implementation will make use much of what the LAN has to offer without ever offering any services from the PC to the LAN. This, in essence, intended to be a client ONLY distro.

Over the years, community members have added/attempted to add services to this client model such that PUP can extends services to other members on the LAN. Examples of these "server" services are FTP, SMB, NMB, etc. such that files/folders/applications that are created or exist on the PUP can be used by other LAN members just as those non-PUP LAN members have been providing to the LAN for years.

Today, excepting for couple of PUP distro, PUPPY continues to follow that model. But, what has changed is that knowledgible members can add server services to the LAN such that PUPs can participate just as those other non-PUPs provide the LAN.

There are several reasons why PUPPY started as it did. The most prevalenet is that it started when dial-up internet was the most prevalent internet service available in the world. 2nd, many users still had 486s/Pentium1-2-3 class PC that were due for retirement. By getting Puppy, one could recommission those old PCs and the download sizes were somewhat reasonable.

Today, much of that has changed. And, Puppy, at least for 32bit, has also been positioned to take advantage of internet speeds, shorten download times, internet reliability, 1995+ processors, and the 2006 model where PC manufacturers mandated a 1GB+ RAM model for all PCs sold with Microsoft loaded.

I know NONE of what I have shared addresses security, but, it at the very least provides a little understanding of what I have seen in my Puppy lifetime.

Several security discussions have arose over the years. And, as such, many ideas have been promoted.

Puppy will probably continue its current model for awhile as it does offer some very useful benefits. There are some things Puppy could do better, but, most of the changes that come are from members who offer an alternative. And over time, the good ideas are spotted and incorporated into the Woof build process for distro builder's inclusion. And, for those fuller server versions that provide OOTB services, they, too, are as secure as they come.

Security is NOT a back burner item, either in Linux or in Puppy.

I have been keeping a watchful eye over the years in this forum of discoveries of security breaches. Thus far, in observation, there has been much discussion, much from scares and warnings, ideas about multi-user(s), and thoughts. This far, I have not seen any reports of PUPPY being used as a launch threat within its LAN, nor Puppy being penetrated, thus far. But, in watching, no one as yet has provided a security monitor that would provide alerts in the Puppy LAN or the Puppy PC of a security breach or a PC security announcer to the console user. .

But, I am apprehensive that someone will be coming forward...hopefully or as someone percieves a real need in this product as it continues to mature.

Here to help

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
vovchik


Joined: 23 Oct 2006
Posts: 1285
Location: Ukraine

PostPosted: Fri 02 Nov 2012, 08:23    Post subject:  

Dear gcmartin,

Very useful thoughts - I have been around here, too, for years and have been contributing - but not so much on the security front. But security is not a trivial question...and many supposedly secure systems are breached. We will get ideas, I am certain, and provide some solutions where security is critical. We are not the dumbest guys in the world... Smile

With kind regards,
vovchik
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3357
Location: Oregon

PostPosted: Fri 02 Nov 2012, 14:05    Post subject:  

I have Windows Vista on one hard drive and A bunch of versions of puppy on another on my PC.
I had an antivirus program, AVG free installed with Vista.
Then I found and installed a utility on Vista that would allow access to linux partitions.
Darned if the antivirus took some of my Puppy files and put them in it's locker.
I am pretty sure it is a false positive that is causing it.
I do not want to have to go to the locker and restore a Puppy file or files every time this happens.
So should I restore and exempt those files and then remove that utility that allows Vista and the antivirus to see the linux partitions and their contents?

Or should I take note of what Puppy files got put in the locker and download them again after removing the utility that is allowing access to the linux partitions?
Back to top
View user's profile Send private message 
gcmartin

Joined: 14 Oct 2005
Posts: 4135
Location: Earth

PostPosted: Fri 02 Nov 2012, 15:45    Post subject:  

8-bit wrote:
... I do not want to have to go to the locker and restore a Puppy file or files every time this happens.
So should I restore and exempt those files and then remove that utility that allows Vista and the antivirus to see the linux partitions and their contents?

Or should I take note of what Puppy files got put in the locker and download them again after removing the utility that is allowing access to the linux partitions?
I sure that others will offer other views, but here one that I have used for the past 14 years.

Whenever I install Linux, I have ALWAYS installed to a LInux formatted partition. In most cases, unless you extend Microsoft or Apple somehow, it will not link/mount/assign a drive letter that Microsoft OS will path for application usage. The SWAP is provided for system stability and performance, while the Linux partition exist for Puppy-Linux use while providing insulation from Microsoft when Microsoft is active.

For example I have several PC where I have partitioned their HDD to include a SWAP partition and an EXT2 or EXT3 or EXT4 partition while keeping the Microsoft partition intact.

By doing so, Microsoft will not provide I/O path for application use

Here to help

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3399
Location: Sydney Australia

PostPosted: Fri 02 Nov 2012, 18:58    Post subject:  

AVG free...
" I am pretty sure it is a false positive that is causing it. "

an absolutely crappy AV.

Remove same.
You will notice the speed difference....especially Vista.

:::::::::::

Use Avira.

http://www.avira.com/en/avira-free-antivirus


You can select what you don't want scanned.
It nags you....
you can disable most of it.

"""
September 27, 2012, 10:07 am
No Advertising Pop-ups for Avira Free AntiVirus Users

Users of Avira Free AntiVirus who install the Avira SearchFree toolbar
will no longer have pop-up ads displayed to them.
This SearchFree toolbar includes Browser Tracking Blocker and
Website Safety Advisor so users get the double benefit of no ads
and more secure browsing.

Now Avira lets you ‘live Free’ completely ad-free."

http://techblog.avira.com/2012/09/27/avira-version-2013-moving-from-system-to-user-security/en/

Their search use to be Ask...
which in the past they used to block.

Old post....about 8 down near the middle of page.

How to Remove the Ask Toolbar in Avira:

http://www.murga-linux.com/puppy/viewtopic.php?p=586216

http://fred151.net/?p=projects/nonotifyavira

::::::

http://www.avira.com/en/avira-free-antivirus#tab2

Download it here...not the author's site.
I always use >>> Internode link.....as it's much faster.

http://www.majorgeeks.com/Avira_AntiVir_Personal_-_Free_Antivirus_d955.html

""""""""

AVG Remover 2013 at Majorgeeks

http://majorgeeks.com/AVG_Remover_d7000.html

" AVG Remover eliminates all the parts of your AVG installation
from your computer, including registry items, installation files,
user files, etc. AVG Remover is the last option to be used in case
the AVG uninstall / repair installation process has failed repeatedly. "

Majorgeeks is a great download site.

Avoid Cnet at all costs.

Chris.
Back to top
View user's profile Send private message 
snayak

Joined: 14 Sep 2011
Posts: 229

PostPosted: Sat 03 Nov 2012, 02:44    Post subject:  

Dear All,

Thanks to gcmartin for his nice post. I too was not bothered about security till last month.

Last month I started using IRC. Soon I found that somebody caught me and said, why are you using irc as root? I was surprised. He immediately told me my residence address. I was afraid! I thought, he started tracking me. I immediately closed my chat and never going back to irc, with a fear. Sad

So, came and ask here. Immediately got a reply that, don't use puppy! I must say sorry to our friend gposil. In this connection, I shall be happy to say that, puppy, itself is a virus, that does not affect computers but affects humans and that to affects mind. I am infected by puppy, and can you please advice, how can I leave it? Now, I shall blame puppy, who taught me about irc. I recently get to know about irc from attym chat that comes with puppy! Very Happy

Lets say, I will use irc as root with puppy's firewall, I shall not run any bots/scripts from others, I shall not accept any files from others, I shall not use any irc commands without knowing what it does, shall not use the advices others may give over irc, can anybody still can be an intruder to my pc and steal private informations?

I mean, following all the good practices for security, is there still a chance that one can intrude?

Sincerely,
Srinivas Nayak

_________________
Machine: Wary 530, AMD Athlon 2000+, ASUS A7N266-VM board, 512MB DDR RAM, 40GB HDD, 52xCDRW, PS/2 Mouse/Keyboard, USB 2.0.
Home: http://www.mathmeth.com/sn/
Blog: http://srinivas-nayak.blogspot.com/
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sat 03 Nov 2012, 04:16    Post subject:  

cthisbear wrote:

Avoid Cnet at all costs.

Chris.


http://en.wikipedia.org/wiki/CNET

You mean for download of software? Okay

What then do you know about what snayak
asks us about the IRC channel. I had same experience
as him and a guy told me that "I will kill you" and him
living just 30 minutes by car from me that scared the hell out of me.

And this where the Puppy channel on IRC. So I never used it again.

as snayak ask would such a mean spirited person be able to break in?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2423
Location: New Zealand

PostPosted: Sat 03 Nov 2012, 06:07    Post subject:  

snayak wrote:
Lets say, I will use irc as root with puppy's firewall,
I have seen very little information about configuring Puppy's firewall. How many ports are open? How exposed are we? I know that someone , somehow, is tracking my emails and using my outgoing emails as a means of targeting me with spam, but I don't have any idea if it is because I use puppy, or if it is something to do with my email provider.

Without a tightly configured firewall I think we are all very exposed.
Back to top
View user's profile Send private message 
tlchost

Joined: 05 Aug 2007
Posts: 1671
Location: Baltimore, Maryland USA

PostPosted: Sat 03 Nov 2012, 06:40    Post subject:  

nooby wrote:

What then do you know about what snayak
asks us about the IRC channel. I had same experience
as him and a guy told me that "I will kill you" and him
living just 30 minutes by car from me that scared the hell out of me.

And this where the Puppy channel on IRC. So I never used it again.


Unless you ask the freenode folks to cloak your account, anyone can see your IP address when you are on IRC....and from that, it's possible to determine your location.

So, you can log into the #freenode channel and ask that you be given a cloak...once you have one, you IP addess does not show up.

If you are on IRC and someone threatens you, you can submit a complaint....the Freenode staff takes threats seriously and will help you.

If you take steps to understand how the technology works, you have a better chance of protecting yourself.
Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sat 03 Nov 2012, 11:55    Post subject:  

tlchost wrote:
...
If you are on IRC and someone threatens you, you can submit a complaint....the Freenode staff takes threats seriously and will help you.

If you take steps to understand how the technology works, you have a better chance of protecting yourself.


thanks for this assurance. Now I am not that bright that I can do that.
"If you take steps to understand how the technology works"

I just use my computer I know very little about the software.
I know a bit more about the hardware but that is not so much either.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
tlchost

Joined: 05 Aug 2007
Posts: 1671
Location: Baltimore, Maryland USA

PostPosted: Sat 03 Nov 2012, 12:25    Post subject:  

nooby wrote:


thanks for this assurance. Now I am not that bright that I can do that.
"If you take steps to understand how the technology works"


If you say so....I doubt it.
Back to top
View user's profile Send private message Visit poster's website 
snayak

Joined: 14 Sep 2011
Posts: 229

PostPosted: Sun 04 Nov 2012, 08:35    Post subject:  

@tlchost
Quote:
If you say so....I doubt it.
May be nooby is saying on behalf of common men. I salute.

I have suggested some idea on banking security.
http://murga-linux.com/puppy/viewtopic.php?p=662382#662382

I know, nooby is going to kill me for I said in the above post, I am convinced of using puppy as root. Wink I really mean, non-root still can impose some security threat and we still can improve our security as root too.

For the ideas, thanks are due to 666Philb.

Sincerely,
Srinivas Nayak

_________________
Machine: Wary 530, AMD Athlon 2000+, ASUS A7N266-VM board, 512MB DDR RAM, 40GB HDD, 52xCDRW, PS/2 Mouse/Keyboard, USB 2.0.
Home: http://www.mathmeth.com/sn/
Blog: http://srinivas-nayak.blogspot.com/
Back to top
View user's profile Send private message 
gcmartin

Joined: 14 Oct 2005
Posts: 4135
Location: Earth

PostPosted: Sun 04 Nov 2012, 18:39    Post subject: IRC - A problem ???  

snayak wrote:
... For the ideas, thanks are due to 666Philb. ...
I AM NOT an IRC user, nor am I an expert on IRC security exposures.

But, as I do understand how information is transported over the net, ALL methods require an origination and destination address. REQUIRED for Internet transport. Further, applications requests and use ports as a means of identifying who they are talking to.

Any public IP address is suppose to be a REGISTERED IP address. That is to say that some location, ISP, vendor, corporation, or person, has paid and owns an IP address range that has a physical location address associated.

So, for example, in many cases, the IP address that is assigned for use via your ISP (the internet on-ramp you are using) has a physical location associated; sometimes its the ISP's. That IP address can be looked up and the physical address can be shown to anyone interested. Also, if you have an IP address, you "can" ask your ISP to identify it physically, and they will.

Some ISP, maybe even yours, registers or assigns your physical address with the IP address you are given for internet use.

Are you exposed...my initial response is NO! And, I need not go into the reasons why,

Could you get infected...maybe...but, I would guess if this were a common problem, it would have been identified and addressed many years ago. IRC has been around that long.

Lastly, you have already identified one approach. Be cautious of the items you personally would download that would expose critical information.

But, you may be on to something and YOU MAY BE ABLE TO HELP THIS COMMUNITY ADDRESS IT, if so.

Here to help

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 3 of 4 [46 Posts]   Goto page: Previous 1, 2, 3, 4 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1235s ][ Queries: 13 (0.0181s) ][ GZIP on ]