 |
Puppy Linux Discussion Forum Puppy HOME page : puppylinux.com "THE" alternative forum : puppylinux.info
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in|
The time now is Wed 20 Sep 2017, 09:17 All times are UTC - 4 |
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy |
|
Firejail and Firetools (GUI)
|
 
|
View previous topic :: View next topic |
| Page 1 of 1 [5 Posts] |
| Author | Message | ||||
|---|---|---|---|---|---|
|
labbe5
Joined: 13 Nov 2013 Posts: 911 Location: Canada |
After compiling firejail (very few dependencies) or installing it with .deb binaries, you start browsing with this command line for highest security : I use Firefox, but you can use a number of browsers with firejail. $ firejail --private --dns=8.8.8.8 --dns=8.8.4.4. --caps.drop=all firefox -no-remote For DNS, i use Google Public DNS, and the browser cannot access a number of processes. This set up is for accessing bank accounts or other sensitive content. When you are finished with your browsing, you look for client number of firejail with : firejail --list And you shutdown your contained firefox with : firejail --shutdown=client number Coupled with a VPN, such as VPNBook, you have a very secure browsing. After installing OpenVPN, you use this command line to have a Virtual Private Network : sudo openvpn --config vpnbook-ca1-tcp443.ovpn --auth-nocache Depending on your downloaded bundle, it can be US, or CA, or other countries. In this instance it is the canadian bundle. --auth-nocache means that the password is not cached in plain text. More info at the firejail website. Last edited by labbe5 on Mon 31 Jul 2017, 13:44; edited 1 time in total |
||||
|
|||||
 |
|||||
|
labbe5
Joined: 13 Nov 2013 Posts: 911 Location: Canada |
Using Do My Command utility that is part of Dog-based OS, you can have firejail firefox up and running in a click. Just save your command line at the bottom of the file provided by the utility and click Play. Your command line will be kept for other sessions. Using public DNS servers from DNS.Watch, for maximum privacy : $ firejail --private --dns=84.200.69.80 --dns=84.200.70.40 --caps.drop=all firefox -no-remote The best is to couple Firejail with Openvpn. |
||||
|
|||||
|
|||||
|
labbe5
Joined: 13 Nov 2013 Posts: 911 Location: Canada |
https://firejail.wordpress.com/2017/05/15/linux-mint-sandboxing-guide/ Here is another review/guide to help you understand and use firejail : https://linuxconfig.org/protect-your-system-run-your-browser-in-firejail Up to now, we had to prefix a command with firejail, such as firejail firefox in a terminal to have it sandboxed, but now there is full integration with desktop environnment. Once you have installed firejail (now version 0.9.46), you need to complete installation with : firecfg --fix-sound and sudo firecfg Here is why : First command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. The second command integrates Firejail into your desktop. You would need to logout and login back to apply PulseAudio changes. It is a major change, making Firejail as simple to use as it can be : Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. The integration applies to any program supported by default by Firejail. There are about 250 default applications in Firejail version 0.9.46, and the number goes up with every new release. We keep the list in /usr/lib/firejail/firecfg.config file. Just for fun, start several programs by clicking your desktop manager menus, then open a terminal and run the following command: firejail --top This command tells you what programs are running in a Firejail sandbox. If your program was not sandboxed automatically, use the old method of prefixing your program with “firejail” command: Finally : Run sudo firecfg every time you install a new program. Security is the name of the game. Last edited by labbe5 on Tue 11 Jul 2017, 10:12; edited 1 time in total |
||||
|
|||||
|
|||||
|
rufwoof
Joined: 24 Feb 2014 Posts: 2087 |
Thanks for all this detail labbe5 All a dark science from my perspective. I already have firejail up and running with skype and firefox .desktop files changed to use that by default (firejail prefix to commands). I tried installing openvpn out of the Debian repository (I run a Debian jwm/rox type frugal boot setup) and then ran the command you suggested, but that came back with a error report
So looks like there's a lot more to do/configure on the VPN front that I know next to nothing about and need to get my head down to do some studying. |
||||
|
|||||
|
|||||
|
labbe5
Joined: 13 Nov 2013 Posts: 911 Location: Canada |
http://www.linuxandubuntu.com/home/firejail-a-namespace-separation-security-sandbox There are certain files required in order for Firejail to work properly (actually for Firetools to work properly). For Dog-based OS : Git and Compiler : sudo apt-get install git build-essential Qt5 : sudo apt-get install build-essential qt5-default qt5-qmake qtbase5-dev-tools libqt5svg5 git To install GUI, enter commands : git clone https://github.com/netblue30/firetools cd firetools /configure --prefix=/usr && make && sudo make install Firejail is now available in standard Ubuntu repositories, but for latest version, you still need to compile it (each new version contains new profiles, which are security rules followed by apps). |
||||
|
|||||
|
|||||
Firejail and Firetools (GUI)
| Page 1 of 1 [5 Posts] |
|
|
View previous topic :: View next topic |
|
Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy |
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum |
Powered by phpBB © 2001, 2005 phpBB Group