StretchDog
Downloaded ISO and frugally installed/booted (Porteus style, save on exit)
I tried removing user puppy from both disk and wheel groups (using deluser puppy disk; deluser puppy wheel) ... logged out and in again and it isn't a member of either of those groups ... but it can still mount partitions by clicking on the desktop drive icons.
More preferably by default user "puppy" shouldn't be able to mount partitions, so if you're running a browser as puppy and a hacker breaks out of that then any unmounted partitions are inaccessible.
How can user puppy be prevented from mounting partitions (force having to Ctrl-Alt-Fn ... login as root and mount a drive, or run sudo to mount a drive)?
EDIT : Further investigation indicates that puppy cannot mount from the cli when it isn't a member of the disk group (mounting is only possible by clicking on the desktop drive icons).
I tried removing user puppy from both disk and wheel groups (using deluser puppy disk; deluser puppy wheel) ... logged out and in again and it isn't a member of either of those groups ... but it can still mount partitions by clicking on the desktop drive icons.
More preferably by default user "puppy" shouldn't be able to mount partitions, so if you're running a browser as puppy and a hacker breaks out of that then any unmounted partitions are inaccessible.
How can user puppy be prevented from mounting partitions (force having to Ctrl-Alt-Fn ... login as root and mount a drive, or run sudo to mount a drive)?
EDIT : Further investigation indicates that puppy cannot mount from the cli when it isn't a member of the disk group (mounting is only possible by clicking on the desktop drive icons).
Last edited by rufwoof on Mon 16 Oct 2017, 18:50, edited 1 time in total.
editing /etc/slim.conf to autlogin as puppy instead of root ... and it still defaults to logging in as root
EDIT : http://murga-linux.com/puppy/viewtopic. ... 601#850601
Code: Select all
# default user, leave blank or remove this line
# for avoid pre-loading the username.
default_user puppy
# Focus the password field on start when default_user is set
# Set to "yes" to enable this feature
#focus_password no
# Automatically login the default user (without entering
# the password. Set to "yes" to enable this feature
auto_login yes
Hi rufwoof
(reboot required)
Btw, FYI, puppy can mount (by clicking drive icons) but has no write permissions
(enabling slim will set /etc/inittab to no-auto login, and no auto startx)
Then changing /etc/slim.conf will apply after reboot
Fred
Uncomment "chpupsocket $USER:$USER &" in /home/puppy/.config/openbox/autostartHow can user puppy be prevented from mounting partitions (force having to Ctrl-Alt-Fn ... login as root and mount a drive, or run sudo to mount a drive)?
Code: Select all
# chpupsocket $USER:$USER &
Btw, FYI, puppy can mount (by clicking drive icons) but has no write permissions
Slim is not enabled by default, first enable from "Start Slim" button on Whisker menu or from System > Start/Stop Slim display-managerediting /etc/slim.conf to autlogin as puppy instead of root ... and it still defaults to logging in as root
(enabling slim will set /etc/inittab to no-auto login, and no auto startx)
Then changing /etc/slim.conf will apply after reboot
Fred
Last edited by fredx181 on Mon 16 Oct 2017, 19:45, edited 1 time in total.
Very good job Fred
Very nice Desktop.
The first thing I noticed at start is that I need to run "reconnect" from peasyWifi to get an IP from my router the first time I enter the system. This doesn't seem as much of a problem but since it is a live CD it might matter.
Maybe you have the same problem as me
While slim was running and asking me my username, in the background
/etc/profile executed startx as root (so I had the problem that while I was typing the desktp appeared ).
If this is the case you could try to comment out the "startx" entry in your /etc/profile file.
@ethplorer:
my menu.lst entry is like this :
Btw, If anyone wants to try KODI without installing it :
kodi_2.3a17.1+dfsg1-3_amd64-deb_.squashfs https://1fichier.com/?5sl6u1qbfs
kodi_libs_addon_v001d_.squashfs https://1fichier.com/?gcn37ed4h6
maybe you'll also need this:
python279apt2sfs.squashfs https://1fichier.com/?ytqs6spvxt
Very nice Desktop.
The first thing I noticed at start is that I need to run "reconnect" from peasyWifi to get an IP from my router the first time I enter the system. This doesn't seem as much of a problem but since it is a live CD it might matter.
For the previous release of StretchDog64 (in case Fred fix won't do it):rufwoof wrote:editing /etc/slim.conf to autlogin as puppy instead of root ... and it still defaults to logging in as root
Maybe you have the same problem as me
While slim was running and asking me my username, in the background
/etc/profile executed startx as root (so I had the problem that while I was typing the desktp appeared ).
If this is the case you could try to comment out the "startx" entry in your /etc/profile file.
@ethplorer:
my menu.lst entry is like this :
Code: Select all
title PorteusStretchDog EXIT: changes32
find --set-root --ignore-floppies /puppy_StretchDog64/live/initrd1.xz
kernel /puppy_StretchDog64/live/vmlinuz1 from=/puppy_StretchDog64 changes=EXIT:/puppy_StretchDog64/changes32.dat
initrd /puppy_StretchDog64/live/initrd1.xz
kodi_2.3a17.1+dfsg1-3_amd64-deb_.squashfs https://1fichier.com/?5sl6u1qbfs
kodi_libs_addon_v001d_.squashfs https://1fichier.com/?gcn37ed4h6
maybe you'll also need this:
python279apt2sfs.squashfs https://1fichier.com/?ytqs6spvxt
Thanks trister !
@all For Info: I probably won't be very active replying in the next days because I have the flu (began yesterday, don't know how it goes in the next days)
Fred
Oh, strange, that shouldn't be like that (for me it connects right away)trister wrote:The first thing I noticed at start is that I need to run reconnect from peasyWifi to get an IP from my router the first time I enter the system. This doesn't seem as much of a problem but since it is a live CD it might matter.
@all For Info: I probably won't be very active replying in the next days because I have the flu (began yesterday, don't know how it goes in the next days)
Fred
@trister http://murga-linux.com/puppy/viewtopic. ... 601#850601 did it for me, logs in as puppy fine now.
@fred. ditto (flu), started today. Feeling pretty lousy.
I've adopted jwm as the wm and have set left click of the clock to be the MENU (right mouse click clock to showdesktop).
Not sure why the firewall isn't working under user puppy (shows as green when logged in as root, but under puppy I can't seem to turn it on).
@fred. ditto (flu), started today. Feeling pretty lousy.
Not having cli permission to mount is good enough. Quite like still being able to mount from the desktop/gui as that relatively locks out cli breakins from doing something nasty like installing ransomware, but still being able to mount things as puppy from within the desktop environment. Mine mounts with rw permissions after a 'puppy' user desktop drive icon is clicked !!! That's great assuming it continues to work that way as more like running as root in feel, but with the ability to lock down partition access in the event of a hackers browser breakout.Uncomment "chpupsocket $USER:$USER &" in /home/puppy/.config/openbox/autostartHow can user puppy be prevented from mounting partitions (force having to Ctrl-Alt-Fn ... login as root and mount a drive, or run sudo to mount a drive)?
Code:
# chpupsocket $USER:$USER &
(reboot required)
Btw, FYI, puppy can mount (by clicking drive icons) but has no write permissions
I've adopted jwm as the wm and have set left click of the clock to be the MENU (right mouse click clock to showdesktop).
Not sure why the firewall isn't working under user puppy (shows as green when logged in as root, but under puppy I can't seem to turn it on).
- Attachments
-
- s.png
- (95.94 KiB) Downloaded 1240 times
Last edited by rufwoof on Mon 16 Oct 2017, 21:36, edited 2 times in total.
This sounds like a timing issue.trister wrote:The first thing I noticed at start is that I need to run "reconnect" from peasyWifi to get an IP from my router the first time I enter the system.
Look at the script /etc/rc.d/rc.nework. PWF makes two tries (line 19) with a 5 second pause between (line 23). Each try is controlled by the -t and -T options (line 21).
Maybe increasing some of these will help.
If you watch the boot messages, there should be a line near the end for "udhcpc". Do you see it?
- prehistoric
- Posts: 1744
- Joined: Tue 23 Oct 2007, 17:34
Just want to mention that there is a patch for Debian Stretch for the WPA2 Krack attack. This puts it ahead of many other distros.
Yes, thanks !prehistoric wrote:Just want to mention that there is a patch for Debian Stretch for the WPA2 Krack attack. This puts it ahead of many other distros.
So to upgrade to patched wpasupplicant on StretchDog:
Code: Select all
apt-get update
apt-get install wpasupplicant
-
- Posts: 9
- Joined: Mon 18 Sep 2017, 15:09
how install full ?
i want to install full stretchdog in a laptop year 2010 with 1,6 ghz and 3 gb ram and 300 gb hdd, help please, i have to use gparted first ? already have deepin installed but i want erase it and use only with stretchdog, my hangout is marcelo4768
Open up the iso file(with a click) and read the readme file inside.i want to install full stretchdog in a laptop year 2010 with 1,6 ghz and 3 gb ram and 300 gb hdd, help please
Once you get a Porteus install i.e. into a folder named 'live' on hard drive to work
you can then do a full install to an empty partition .
_______________________________________________________
Last edited by don570 on Tue 17 Oct 2017, 19:32, edited 2 times in total.
pfind 6.3
I was able to use the most recent version of pfind 6.3
(it needs a recent version of pfilesearch as well so I put it inside the package)
and I made a debian package so others can try it.
Available:
pfind_6.3_all.deb
Size: 28k
https://drive.google.com/open?id=0B7JZA ... 0djdmtPZUU
--------------------------------------------------------------------
I added a file --->
/usr/local/bin/defaultfilemanager and pointed it to thunar.
'Open location' feature will use it.
________________________________________
(it needs a recent version of pfilesearch as well so I put it inside the package)
and I made a debian package so others can try it.
Available:
pfind_6.3_all.deb
Size: 28k
https://drive.google.com/open?id=0B7JZA ... 0djdmtPZUU
--------------------------------------------------------------------
I added a file --->
/usr/local/bin/defaultfilemanager and pointed it to thunar.
'Open location' feature will use it.
________________________________________
while it does work as it starts to read the vmlinuz and initrd, it suddenly stops telling that it needs Porteus that it has to be in the /puppy_StretchDog64/live/Porteus <--- not sure what it meant actually. Anything else i need to do?trister wrote:Very good job Fred
@ethplorer:
my menu.lst entry is like this :
Btw, If anyone wants to try KODI without installing it :Code: Select all
title PorteusStretchDog EXIT: changes32 find --set-root --ignore-floppies /puppy_StretchDog64/live/initrd1.xz kernel /puppy_StretchDog64/live/vmlinuz1 from=/puppy_StretchDog64 changes=EXIT:/puppy_StretchDog64/changes32.dat initrd /puppy_StretchDog64/live/initrd1.xz
kodi_2.3a17.1+dfsg1-3_amd64-deb_.squashfs https://1fichier.com/?5sl6u1qbfs
kodi_libs_addon_v001d_.squashfs https://1fichier.com/?gcn37ed4h6
maybe you'll also need this:
python279apt2sfs.squashfs https://1fichier.com/?ytqs6spvxt
In this situation two folders were created --> /puppy_StretchDog64/live/it needs Porteus that it has to be in the /puppy_StretchDog64/live/Porteus <--- not sure what it meant actually. Anything else i need to do?
Then you drag the contents of the Porteus folder
into the 'live' folder
_________________________________________
BarryK likes uses default applications.
Here is a list that aren't in Stretch Dog..
/usr/local/bin/defaultaudioplayer
/usr/local/bin/defaultpaint
/usr/local/bin/defaultspreadsheet
/usr/local/bin/defaultterm
/usr/local/bin/defaulttexteditor
/usr/local/bin/defaultwordprocessor
/usr/local/bin/defaultmail
/usr/local/bin/defaultdraw
/usr/local/bin/defaulthtmleditor
/usr/local/bin/defaultimageviewer
_______________________________________
Here is a list that aren't in Stretch Dog..
/usr/local/bin/defaultaudioplayer
/usr/local/bin/defaultpaint
/usr/local/bin/defaultspreadsheet
/usr/local/bin/defaultterm
/usr/local/bin/defaulttexteditor
/usr/local/bin/defaultwordprocessor
/usr/local/bin/defaultmail
/usr/local/bin/defaultdraw
/usr/local/bin/defaulthtmleditor
/usr/local/bin/defaultimageviewer
_______________________________________
StretchDog is by default reading initrd1.xz and vmlinuz1 from inside a /live folder.ethplorer wrote:while it does work as it starts to read the vmlinuz and initrd, it suddenly stops telling that it needs Porteus that it has to be in the /puppy_StretchDog64/live/Porteus <--- not sure what it meant actually. Anything else i need to do?trister wrote:Very good job Fred
@ethplorer:
my menu.lst entry is like this :
...Code: Select all
title PorteusStretchDog EXIT: changes32 find --set-root --ignore-floppies /puppy_StretchDog64/live/initrd1.xz kernel /puppy_StretchDog64/live/vmlinuz1 from=/puppy_StretchDog64 changes=EXIT:/puppy_StretchDog64/changes32.dat initrd /puppy_StretchDog64/live/initrd1.xz
If you put everything inside that /puppy_StretchDog64 folder/live folder (I've put live inside the puppy_StretchDog64 folder) then it should work.
Note the names are "initrd1.xz " (and not initrd.img which is used for another boot method-not porteus)
The parameter from=/puppy_StretchDog64 tells linux that my live folder is inside /puppy_StretchDog64 folder
The parameter changes=EXIT:/puppy_StretchDog64/changes32.dat tells linux that my save file name is changes32.dat and where it is located
The entry
find --set-root --ignore-floppies /puppy_StretchDog64/live/initrd1.xz
is my favorite it searches my puppy_StretchDog64 folder. This means I can move this folder in any drive and I don't have to change anything
https://marc.info/?l=openbsd-misc&m=150815942414653&w=2prehistoric wrote:Just want to mention that there is a patch for Debian Stretch for the WPA2 Krack attack. This puts it ahead of many other distros.
Why did OpenBSD silently release a patch before the embargo?
OpenBSD was notified of the vulnerability on 15 July 2017, before
CERT/CC was involved in the coordination. Quite quickly, Theo de Raadt
replied and critiqued the tentative disclosure deadline: In the open
source world, if a person writes a diff and has to sit on it for a
month, that is very discouraging. Note that I wrote and included a
suggested diff for OpenBSD already, and that at the time the tentative
disclosure deadline was around the end of August. As a compromise, I
allowed them to silently patch the vulnerability. In hindsight this was
a bad decision, since others might rediscover the vulnerability by
inspecting their silent patch. To avoid this problem in the future,
OpenBSD will now receive vulnerability notifications closer to the end
of an embargo.
No reply? If there is a timing issue here, the only person who can help fix it is the one who is experiencing it.rcrsn51 wrote:This sounds like a timing issue.trister wrote:The first thing I noticed at start is that I need to run "reconnect" from peasyWifi to get an IP from my router the first time I enter the system.
Look at the script /etc/rc.d/rc.nework. PWF makes two tries (line 19) with a 5 second pause between (line 23). Each try is controlled by the -t and -T options (line 21).
Maybe increasing some of these will help.
If you watch the boot messages, there should be a line near the end for "udhcpc". Do you see it?