The time now is Tue 24 Apr 2018, 05:10
All times are UTC - 4 |
Author |
Message |
labbe5
Joined: 13 Nov 2013 Posts: 1150 Location: Canada
|
Posted: Thu 23 Feb 2017, 15:16 Post subject:
Firejail and Firetools (GUI) Subject description: using firejail for accessing sensitive content when browsing |
|
After compiling firejail (very few dependencies) or installing it with .deb binaries, you start browsing with this command line for highest security :
I use Firefox, but you can use a number of browsers with firejail.
$ firejail --private --dns=8.8.8.8 --dns=8.8.4.4. --caps.drop=all firefox -no-remote
For DNS, i use Google Public DNS, and the browser cannot access a number of processes.
This set up is for accessing bank accounts or other sensitive content.
When you are finished with your browsing, you look for client number of firejail with :
firejail --list
And you shutdown your contained firefox with :
firejail --shutdown=client number
Coupled with a VPN, such as VPNBook, you have a very secure browsing.
After installing OpenVPN, you use this command line to have a Virtual Private Network :
sudo openvpn --config vpnbook-ca1-tcp443.ovpn --auth-nocache
Depending on your downloaded bundle, it can be US, or CA, or other countries. In this instance it is the canadian bundle.
--auth-nocache means that the password is not cached in plain text.
More info at the firejail website.
Last edited by labbe5 on Mon 31 Jul 2017, 13:44; edited 1 time in total
|
Back to top
|
|
 |
labbe5
Joined: 13 Nov 2013 Posts: 1150 Location: Canada
|
Posted: Sun 23 Apr 2017, 09:51 Post subject:
Do My Command utility |
|
Using Do My Command utility that is part of Dog-based OS, you can have firejail firefox up and running in a click.
Just save your command line at the bottom of the file provided by the utility and click Play. Your command line will be kept for other sessions.
Using public DNS servers from DNS.Watch, for maximum privacy :
$ firejail --private --dns=84.200.69.80 --dns=84.200.70.40 --caps.drop=all firefox -no-remote
The best is to couple Firejail with Openvpn.
|
Back to top
|
|
 |
labbe5
Joined: 13 Nov 2013 Posts: 1150 Location: Canada
|
Posted: Fri 19 May 2017, 21:51 Post subject:
more on Firejail Subject description: integration with desktop environment |
|
https://firejail.wordpress.com/2017/05/15/linux-mint-sandboxing-guide/
Here is another review/guide to help you understand and use firejail :
https://linuxconfig.org/protect-your-system-run-your-browser-in-firejail
Up to now, we had to prefix a command with firejail, such as firejail firefox in a terminal to have it sandboxed, but now there is full integration with desktop environnment.
Once you have installed firejail (now version 0.9.46), you need to complete installation with :
firecfg --fix-sound
and
sudo firecfg
Here is why :
First command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. The second command integrates Firejail into your desktop. You would need to logout and login back to apply PulseAudio changes.
It is a major change, making Firejail as simple to use as it can be :
Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. The integration applies to any program supported by default by Firejail. There are about 250 default applications in Firejail version 0.9.46, and the number goes up with every new release. We keep the list in /usr/lib/firejail/firecfg.config file.
Just for fun, start several programs by clicking your desktop manager menus, then open a terminal and run the following command:
firejail --top
This command tells you what programs are running in a Firejail sandbox. If your program was not sandboxed automatically, use the old method of prefixing your program with “firejail” command:
Finally :
Run sudo firecfg every time you install a new program.
Security is the name of the game.
Last edited by labbe5 on Tue 11 Jul 2017, 10:12; edited 1 time in total
|
Back to top
|
|
 |
rufwoof
Joined: 24 Feb 2014 Posts: 2259
|
Posted: Fri 19 May 2017, 22:56 Post subject:
|
|
Thanks for all this detail labbe5
All a dark science from my perspective. I already have firejail up and running with skype and firefox .desktop files changed to use that by default (firejail prefix to commands).
I tried installing openvpn out of the Debian repository (I run a Debian jwm/rox type frugal boot setup) and then ran the command you suggested, but that came back with a error report
Code: | root@debian:/home/user# openvpn --config vpnbook-ca1-tcp443.ovpn --auth-nocache
Options error: In [CMD-LINE]:1: Error opening configuration file: vpnbook-ca1-tcp443.ovpn |
So looks like there's a lot more to do/configure on the VPN front that I know next to nothing about and need to get my head down to do some studying.
|
Back to top
|
|
 |
labbe5
Joined: 13 Nov 2013 Posts: 1150 Location: Canada
|
Posted: Mon 31 Jul 2017, 13:43 Post subject:
Firetools Subject description: GUI for Firejail |
|
http://www.linuxandubuntu.com/home/firejail-a-namespace-separation-security-sandbox
There are certain files required in order for Firejail to work properly (actually for Firetools to work properly).
For Dog-based OS :
Git and Compiler :
sudo apt-get install git build-essential
Qt5 :
sudo apt-get install build-essential qt5-default qt5-qmake qtbase5-dev-tools libqt5svg5 git
To install GUI, enter commands :
git clone https://github.com/netblue30/firetools
cd firetools
/configure --prefix=/usr && make && sudo make install
Firejail is now available in standard Ubuntu repositories, but for latest version, you still need to compile it (each new version contains new profiles, which are security rules followed by apps).
|
Back to top
|
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|