Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 19 Aug 2017, 11:30
All times are UTC - 4
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Firejail and Firetools (GUI)
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [5 Posts]  
Author Message
labbe5

Joined: 13 Nov 2013
Posts: 858
Location: Canada

PostPosted: Thu 23 Feb 2017, 15:16    Post subject:  Firejail and Firetools (GUI)
Subject description: using firejail for accessing sensitive content when browsing
 

After compiling firejail (very few dependencies) or installing it with .deb binaries, you start browsing with this command line for highest security :

I use Firefox, but you can use a number of browsers with firejail.

$ firejail --private --dns=8.8.8.8 --dns=8.8.4.4. --caps.drop=all firefox -no-remote

For DNS, i use Google Public DNS, and the browser cannot access a number of processes.

This set up is for accessing bank accounts or other sensitive content.

When you are finished with your browsing, you look for client number of firejail with :
firejail --list

And you shutdown your contained firefox with :

firejail --shutdown=client number

Coupled with a VPN, such as VPNBook, you have a very secure browsing.

After installing OpenVPN, you use this command line to have a Virtual Private Network :
sudo openvpn --config vpnbook-ca1-tcp443.ovpn --auth-nocache

Depending on your downloaded bundle, it can be US, or CA, or other countries. In this instance it is the canadian bundle.

--auth-nocache means that the password is not cached in plain text.

More info at the firejail website.

Last edited by labbe5 on Mon 31 Jul 2017, 13:44; edited 1 time in total
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 858
Location: Canada

PostPosted: Sun 23 Apr 2017, 09:51    Post subject: Do My Command utility  

Using Do My Command utility that is part of Dog-based OS, you can have firejail firefox up and running in a click.

Just save your command line at the bottom of the file provided by the utility and click Play. Your command line will be kept for other sessions.

Using public DNS servers from DNS.Watch, for maximum privacy :

$ firejail --private --dns=84.200.69.80 --dns=84.200.70.40 --caps.drop=all firefox -no-remote

The best is to couple Firejail with Openvpn.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 858
Location: Canada

PostPosted: Fri 19 May 2017, 21:51    Post subject: more on Firejail
Subject description: integration with desktop environment
 

https://firejail.wordpress.com/2017/05/15/linux-mint-sandboxing-guide/

Here is another review/guide to help you understand and use firejail :
https://linuxconfig.org/protect-your-system-run-your-browser-in-firejail

Up to now, we had to prefix a command with firejail, such as firejail firefox in a terminal to have it sandboxed, but now there is full integration with desktop environnment.

Once you have installed firejail (now version 0.9.46), you need to complete installation with :

firecfg --fix-sound
and
sudo firecfg

Here is why :
First command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. The second command integrates Firejail into your desktop. You would need to logout and login back to apply PulseAudio changes.

It is a major change, making Firejail as simple to use as it can be :
Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. The integration applies to any program supported by default by Firejail. There are about 250 default applications in Firejail version 0.9.46, and the number goes up with every new release. We keep the list in /usr/lib/firejail/firecfg.config file.

Just for fun, start several programs by clicking your desktop manager menus, then open a terminal and run the following command:

firejail --top

This command tells you what programs are running in a Firejail sandbox. If your program was not sandboxed automatically, use the old method of prefixing your program with “firejail” command:

Finally :
Run sudo firecfg every time you install a new program.

Security is the name of the game.

Last edited by labbe5 on Tue 11 Jul 2017, 10:12; edited 1 time in total
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2004

PostPosted: Fri 19 May 2017, 22:56    Post subject:  

Thanks for all this detail labbe5

All a dark science from my perspective. I already have firejail up and running with skype and firefox .desktop files changed to use that by default (firejail prefix to commands).

I tried installing openvpn out of the Debian repository (I run a Debian jwm/rox type frugal boot setup) and then ran the command you suggested, but that came back with a error report
Code:
root@debian:/home/user# openvpn --config vpnbook-ca1-tcp443.ovpn --auth-nocache
Options error: In [CMD-LINE]:1: Error opening configuration file: vpnbook-ca1-tcp443.ovpn

So looks like there's a lot more to do/configure on the VPN front that I know next to nothing about and need to get my head down to do some studying.
Back to top
View user's profile Send private message 
labbe5

Joined: 13 Nov 2013
Posts: 858
Location: Canada

PostPosted: Mon 31 Jul 2017, 13:43    Post subject: Firetools
Subject description: GUI for Firejail
 

http://www.linuxandubuntu.com/home/firejail-a-namespace-separation-security-sandbox

There are certain files required in order for Firejail to work properly (actually for Firetools to work properly).

For Dog-based OS :

Git and Compiler :
sudo apt-get install git build-essential

Qt5 :
sudo apt-get install build-essential qt5-default qt5-qmake qtbase5-dev-tools libqt5svg5 git

To install GUI, enter commands :

git clone https://github.com/netblue30/firetools
cd firetools
/configure --prefix=/usr && make && sudo make install

Firejail is now available in standard Ubuntu repositories, but for latest version, you still need to compile it (each new version contains new profiles, which are security rules followed by apps).
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [5 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Additional Software (PETs, n' stuff) » Security/Privacy
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0712s ][ Queries: 14 (0.0068s) ][ GZIP on ]