"Read only" puppy on HDD

[Ted Dog]

Yes unless you know of another that can multisession, as a save back of the OS not at a user program like what you have provided. Fatdog64 does at OS level. Hope others can tell the difference. Its easy to add but I do not know of any other puppylinux spin that does ( the OS has to be constructed with the same iso_level as the multisession ) again trival change.

[Wognath]

This may be close to what the OP wanted. I have a frugal HD install of unicornpup on a netbook, pupmode 13, "save=never". A startup script checks the md5sum of the save file, as 8-bit suggested, then unmounts the HD before making wifi connection. If I need to make changes, I mount the HD, run save2flash and update the md5sum. (I modified save2flash to avoid accidental saves since by default it automatically mounts the HD.) The save file hasn't changed spontaneously so far.

Some experts gave me advice here. I set this up for public wifi use (firewall + vpn) and consider it pretty safe. Of course, if I've missed something, I'd like to know it.

[Ted Dog]

I am curious, do you have links for the code changes needed for this. Found the orginal thread interesting but incomplete.

[Wognath]

TedDog, this was new territory for me, so I probably consulted about 100 links, but I don't remember them Anyway, the scripts I came up with are attached.

[d4p]

You can use CDFS partition as "Read only" puppy on HDD.
I have used CDFS partition on my internal Hard drive for years.

[greengeek]

You can use CDFS partition as "Read only" puppy on HDD.
I have used CDFS partition on my internal Hard drive for years.

It appears that my Gparted does not offer this option. What method do you use to create the partition?

[starhawk]

Guys? Guys...? You're way overthinking this.

Format the partition ext3 or ext4, depending on the vintage of your intended Pup.

Install Puppy.

Install the grub4dos bootloader, and (at the end) edit menu.lst -- the entries should look like this...

Code: Select all

title Carolina Vanguard 1.3 (sdb1)
  uuid 2530f5ca-398c-4a56-ad66-a6c8bb47da20
  kernel /vmlinuz    ro pmedia=ataflash pfix=fsck
  initrd /initrd.gz

title Carolina Vanguard 1.3 (sdb1) RAM mode\nBoot up Puppy without pupsave
  uuid 2530f5ca-398c-4a56-ad66-a6c8bb47da20
  kernel /vmlinuz    ro pmedia=ataflash pfix=ram
  initrd /initrd.gz

Adding the 'ro' boot parameter forces the kernel to mount the root filesystem as read-only (source). Bingo, job done.

[rcrsn51]

@starhawk: What are you claiming? That by using the "ro" boot argument, you can protect a directory like /usr from being changed?

That's not my experience.

[starhawk]

When Puppy goes to write changes to the disk, that process will fail.

...I guess it would only work properly for full installs (ick). But it's still a (partial) solution!

Actually -- a complete solution occurs to me. A frugal install of Puppy boots basically by creating a RAMdisk and filling that with the contents of the main SFS, as modified by the savefile (etc). The solution would be to modify Puppy's initrd so that it mounts the RAMdisk as read-only.

...of course there are programs that rely on being able to write to whatever FS they're started from (web browsers, for example -- in the case of both cookies and cache) that will now scream bloody murder at you rather than behave properly... but, you asked...

[Wognath]

Another approach with a read-only save file. This is the simplest I have found and so far it seems to be working as planned. Please point out anything I've overlooked.

Running a normal frugal install of unicornpup, I set things up the way I want them and make a save folder. Includes a script in /root/Startup to unmount the hard drive after a delay. Modified rc.shutdown to shut down without offering to create a pupsave file.

In a new subdirectory I made a new frugal install and copied over the save folder. Then,
1) rename zdrv_unicorn_6.0.sfs to adrv_unicorn_6.0.sfs
2) rename puppy_unicorn_6.0.sfs to zdrv_unicorn_6.0.sfs
3) mksquashfs unicornsave/ puppy_unicorn_6.0.sfs
4) boot with pfix=ram

The unicornsave folder can be deleted or left as a sort of archive; small changes can be made there and a new sfs made from it.

The idea came from rufwoof's custom remastering and of course jrb's empowered zdrv.

[greengeek]

Hi Wognath, yes I think a read only personalised sfs is the best approach, and is the closest method I have been able to find to making a read only HDD based pup. I have been experimenting with my own version of this for a while and should have posted back about it before but I would still like to find a way to spin down the disks after booting, and/or ensure that every partition is unmounted or at best mounted ro (which is what I do with NTSG partitions using rcrsn51s' method).

I feel that the only way to get a true read only puppy is to boot from a closed CDrom, so I do fall back to that method when I need to do any risky internet stuff, but disabling disk interfaces or spinning them down in addition to using ro sfs only would also be handy methods to add for the sake of HDD protection.

[Wognath]

Hi greengeek,
What about issuing at startup

Code: Select all

for n in /dev/sda* ; do umount $n ; done
hdparm -y /dev/sda

Do you think that would do the trick?

[rufwoof]

Another approach with a read-only save file. This is the simplest I have found and so far it seems to be working as planned. Please point out anything I've overlooked.

Running a normal frugal install of unicornpup, I set things up the way I want them and make a save folder. Includes a script in /root/Startup to unmount the hard drive after a delay. Modified rc.shutdown to shut down without offering to create a pupsave file.

In a new subdirectory I made a new frugal install and copied over the save folder. Then,
1) rename zdrv_unicorn_6.0.sfs to adrv_unicorn_6.0.sfs
2) rename puppy_unicorn_6.0.sfs to zdrv_unicorn_6.0.sfs
3) mksquashfs unicornsave/ puppy_unicorn_6.0.sfs
4) boot with pfix=ram

The unicornsave folder can be deleted or left as a sort of archive; small changes can be made there and a new sfs made from it.

The idea came from rufwoof's custom remastering and of course jrb's empowered zdrv.

Nice!

I settled on reducing down core puppy to a very small read only core, that I rarely change now - but remaster if/when changes are required (reboot, change, remaster) and where remastering that small core is quick (less than a minute). Everything else (Skype, Libre Office ...etc) are loaded in as SFS's and I have a script that loads multiple SFS's in the blink of a eye - more commonly used ones at startup, others on a on-demand basis. Firefox (and online email) is via a Portable Firefox version that's stored outside of puppy space. I consider that as a insecure version (used to browse generally). For a secure session I reboot and have a script that grabs/starts the latest version of Firefox direct from Mozilla i.e. clean system, factory fresh browser - I leave HDD's unmounted when using that secure choice. All data/docs etc are stored outside of puppy space

Having established a minimal core puppy that's now more or less cast-in-stone, and preserved read only versions of apps that work well with that core puppy/hardware (versions of Skype, Libre, Openshot, Blender etc) in SFS's, I haven't remastered or changed out any SFS's now for ages (months).

The hardest part by far was finding versions of apps that worked well with my hardware/core puppy. Later versions of some apps had knock on effects to other apps such that the set didn't perform as expected (choice of Blender, Openshot, Inkscape versions for instance that all work together). Having established a suite that works well operationally I have no need to update to the later versions and intend to just keep things more or less as they are (excepting security patches) until the hardware dies and another new version needs to be created for the new hardware.

Having a fixed core puppy and fixed SFS's content that are all tuned to preferred configurations is great IMO as a simple reboot corrects any problems/corruptions. It was a lot of effort and steep learning curve however to initially get to that point. I found that many puppy's I tried appeared to operate as intended, but when you delved deeper into actually using those puppy's operationally that shortfalls were found. Having ironed out all of those quirks or at least as far as for the operations I perform I'm reluctant to make any changes. For me a full install or even running with a savefile is more likely to introduce problems than be a benefit. Whilst you might not have access to all of the latest bells-n-whistles as provided in later versions of apps, you do become highly familiar with the ones you do use such that you concentrate much less on the tools (apps) and more on the task in hand. I used to be very quick with Excel and after transitioning across to Puppy/Libre it was slow to use Libre Calc. Now the reverse holds - I'm quick with Libre Calc and if I had to use Excel I'd struggle.

[greengeek]

What about issuing at startup

Code: Select all

for n in /dev/sda* ; do umount $n ; done
hdparm -y /dev/sda

Do you think that would do the trick?

Thanks for the syntax - I tried it and I can definitely hear my disk spin down. I then wondered what I would have to do to wake it up but it seems that any attempt to access the drive simply makes it spin up and be available again. Even though it is easy to make it spin up it is probably still a good safety feature to spin the drive down as that might make it less accessible to an online hacker, but I'm thinking that there will never be a real way to protect my HDD files unless I simply remove the whole HDD during an online session.

I had a situation recently where my browser locked up and showed a message saying that my HDD had been encrypted and I would only be able to recover the files if I paid a ransom. My blood ran cold for a minute, but fortunately after a hard poweroff and reboot my puppy came back pristine and my HDD appears unaffected.

One of the other risks to HDD data (and savefile integrity too) is power dropouts or fluctuations - and I think that is where using the .sfs method instead of a savefile introduces much greater stability. Once the sfs (or sfs'es) are loaded and running in memory it is much less likely that a power failure would contaminate the code on the original disk.

I like the concept that ghuihasz uses with Puli - allowing the user to load from usb and then remove the stick. That seems as good a way as possible to remove the risk of overwriting or contaminating the original code.

I have also wondered if there may be any possibility of using a CDrom IDE interface to create a read only HDD? What I mean is this - a normal IDE interface in a laptop allows reading and writing to/from an HDD. But that same laptop generally also contains another IDE interface which if connected to a read only CD rom (rather than a CDRW or DVDRW) will pull data in to the memory, but never try to write out. I wondered if the readonly CDrom drive could be replaced by an HDD so that this particular IDE interface could run at HDD speeds in a readonly mode.

The trick would be - how to make the HDD look like a readonly CDrom but still run at the maximum data speed permitted by the bus. (Just one ore crazy idea from my collection of crazy ideas)

[Wognath]

my browser locked up and showed a message saying that my HDD had been encrypted and I would only be able to recover the files if I paid a ransom

!!wow!! No wonder you worry about this. Good to hear you escaped.

Thanks for the syntax

Sure, it was fun learning about this. The umount loop is from an Ubuntu forum.

I'm thinking that there will never be a real way to protect my HDD files unless I simply remove the whole HDD during an online session.

hdparm -C /dev/sda returns the HD status and could be used to warn if HD is activated, but as you say, it is not protected by putting it in standby. It's disappointing that both standby and sleep are so easily reversed without user intervention. The hdparm option --security-set-pass has no effect on my system. Probably lucky for me since it's labeled "experimental, dangerous"
With all the interest in run-in-RAM systems, it's surprising there is not a well-known way to spin down and lock a drive.

Edit:

how to make the HDD look like a readonly CDrom

greengeek, have you seen this https://github.com/msuhanov/Linux-write ... /README.md about a write blocker for Linux? I'm out of my depth, but it sounds like it might approach what you're looking for. It also discusses mount -o ro and blockdev -setro.

[greengeek]

have you seen this https://github.com/msuhanov/Linux-write ... /README.md about a write blocker for Linux? .

Thanks, that is really meaty information. I had no idea that the disk was still so vulnerable to kernel driven writes even if not mounted.

I think that information suggests that any Puppy that wants to be truly secure would benefit from adding those patches to lock out the writing capacity completely. If I had the skill I would like to build a puppy with that functionality but patching a kernel is beyond my current ability.

I'm not sure how such a modified kernel could be booted - maybe a basic puppy (or even something like plop) could be used to set up the initial disk drivers so that the secure puppy was quickly loaded from HDD to ram, then after the code is all loaded into ram the secure puppy could take over and from that point the HDD would be "safe" and read only. (or maybe grub and standard initrd.gz would still be perfectly adequate to perform the original load??)

That would be a nice way to have your data accessible while online, but still secure from tampering. It would allow uploading of data without the risk of data corruption or overwriting.

[greengeek]

I am also wondering if it would be necessary to turn off swap on the "readonly" HDD. If swap is enabled then clearly the HDD is accessible. My swap partition is on the same drive that contains all my personal data and I'm thinking this is a bad idea in the long term.

Even a live CD accesses any available swap partition so that potentially exposes the HDD to hacker access I guess.

Is there any way a hacker who gains control of my browser can force a mount of a partition?

[d4p]

How to create CDFS-partition on your Harddrive
https://www.youtube.com/watch?v=Jy6b3MBwCYo

[greengeek]

I think it is worth mentioning a thread by ETP regarding "hybrid isos". I don't fully understand it yet but it appears to be another way to keep the iso intact and unalterable on a RW medium like a disk.

Similar to the CDFS concept in a way?

Thread here:
http://murga-linux.com/puppy/viewtopic.php?t=101303

[greengeek]

How to create CDFS-partition on your Harddrive
https://www.youtube.com/watch?v=Jy6b3MBwCYo

Hi d4p - I had a look at that video but I couldn't hear any audio. Is that normal or does the video contain an audio track? Also - it did not seem to show how to create a CDFS partition - just seemed to create then delete a FAT32 partition. Am I looking at the correct video?
cheers