Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 13 Nov 2019, 07:42
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How to make Puppy Linux security distribution?
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [23 Posts]   Goto page: Previous 1, 2
Author Message
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15542
Location: Paradox Realm

PostPosted: Sun 22 Sep 2019, 04:16    Post subject:  

> I am not knowledgeable about Seamonkey, or some other browsers. Tor anyone? Brave?

I am using Brave at the moment. Using it instead of Safari on an Ipad. Very simple. Many unwanted browser facilities can be turned off. Safari much like IE on Windows used to be, is integrated into the OS. Safari still comes on line as the default browser. I can not disable it unless I jailbreak the Ipad. Not interested in adding that complication ... Rolling Eyes

Brave is available for Linux, so might check it out ... Very Happy
Tor? Unworkable. Too slow. I have no military grade secrets. I am not a criminal, spy or hacktavist. So it is just overkill for me.

Seamonkey is an excellent real world browser, still being used by Barry. It has many security preferences ...

As has been mentioned Browsers are the ONLY WAY that Puppy has ever been known to be compromised. Root usage is a red herring. The main culprit is enabling javascript. Sadly it is almost essential for real everyday use. Flash was another malware but it is not really required. I don't install it, which you can do from many Puppy menus.

Cool

Puppy Linux
The Route to Linux Root

_________________
Puppy Book Write NOW Cool
http://wikka.puppylinux.com/ProjectStatement Very Happy
Back to top
View user's profile Send private message Visit poster's website 
Packetteer


Joined: 12 May 2012
Posts: 67
Location: Long Island Ny

PostPosted: Sun 22 Sep 2019, 06:04    Post subject:  

Rufwoof
You mention booting then removing the flash drive. How does one do that? I am running a fugal install on a flash drive that every time I boot I get a message that flashes on my screen not to remove the drive.

I have automatic save off.

Best Regards
John
Back to top
View user's profile Send private message 
mikeslr


Joined: 16 Jun 2008
Posts: 3469
Location: 500 seconds from Sol

PostPosted: Sun 22 Sep 2019, 10:35    Post subject: Puppy on a USB-Stick you can unplug  

Packetteer wrote:
Rufwoof
You mention booting then removing the flash drive. How does one do that? I am running a fugal install on a flash drive that every time I boot I get a message that flashes on my screen not to remove the drive.

I have automatic save off.

Best Regards
John


rufwoof has a system which I'd have to do a couple of times in order to remember. It works with BSD (which is different from Linux where he developed it, FatDog and, IIRC, WeeDog) . Not sure it will work with other Puppies. My methods are less complete but simpler.

Ignore the warning. With the Automatic Save turned off, you can literally unplug the USB-Key at any time. No harm will be done to your operating system. However, obviously with the USB-Key removed you will not be able to read-from or write-to the USB-Key without again plugging it in. Use the same USB-port as that's where Puppy still expects it to be. Using the boot argument pfix=copy if you have sufficient RAM (optimum 3 times the size of Puppy_version.sfs) may help. That will reduce the need to re-plug the USB-Key.

More complicated, but probably less need to re-plug the USB-Key:

Contrary to my usual advice [use SFSes, External and Portables from /mnt/home, etc] place all portables in /opt and install pets rather than use SFSes. Remaster. If you're only going to use the USB-Stick on one computer, configure wifi and other computer-centric settings before remastering. If it's to be used on various computers, locking in settings before remastering may be a waste of time or even prevent booting. In such instance I recommend Shinobar's remasterx, http://www.murga-linux.com/puppy/viewtopic.php?p=780345#780345 since it preserves the 'First Run dialog'. If for just one computer, use nicOs-remaster-suite, http://murga-linux.com/puppy/viewtopic.php?p=1001289#1001289 One of it's modules merely merges your SaveFile with the Puppy_version.sfs, taking very little time to do so..

With all your programs now 'builtin' to your Remaster, with Automatic Save turned off, and using the boot argument pfix=copy Puppy will have no reason to read-from, write-to a SaveFile. Of course, you won't be able to save anything (including datafiles you create or want to change) to the USB-Key with it unplugged. But, if it's plug into your own computer, you can keep data files on any hard-drive. (Or carry a 2nd USB-Key just for creating/storing/changing datafiles).

Further thoughts: If your computer doesn't have sufficient RAM to fully copy any Puppy into RAM with the pfix=copy argument, start with an already 'light' Puppy, such as precise-light (80 Mbs, 240 +/- fully expanded). Use Remove-builtins to remove any application you're unlikely to need just for working with the internet. Add anything you need for a functional Palemoon. Remaster. Hopefully, that will have reduced your Puppy's foot-print to the point it can be fully loaded into RAM and used for 'web-related work' with the USB-Key removed.

Perhaps easiest, but a Dog rather than a Puppy: See http://murga-linux.com/puppy/viewtopic.php?p=1037516#1037516
Back to top
View user's profile Send private message 
Packetteer


Joined: 12 May 2012
Posts: 67
Location: Long Island Ny

PostPosted: Sat 28 Sep 2019, 08:55    Post subject:  

Hi Mikesir
Thank you for your reply. I simply removed the flash drive and
nothing bad happened. unfortunately I could not start Fire Fox. Duh.

So then I tried to start Fire Fox first then remove the drive. That did not work either.
Then I finally read your full reply and now will try the Copy method.

This is going to be a work in progress.

Again thank you.

Best Regards
John
Back to top
View user's profile Send private message 
mikeslr


Joined: 16 Jun 2008
Posts: 3469
Location: 500 seconds from Sol

PostPosted: Sat 28 Sep 2019, 15:19    Post subject:  

Reading your post above, I've had one further thought. Firefox is a large program, and a RAM hog. Frankly, I usually use Palemoon which is a little less; the least almost completely functional web-browser with today's Web being Seamonkey 2.46 'though some websites may object.

But getting back to firefox, rather than put it in /opt, put it in /root/my-applications/bin. I think when the copy command is used as a boot argument the entire contents of /root will be copied, even if other parts of the system in the SaveFile aren't.

You could also try that using palemoon or seamonkey.
Back to top
View user's profile Send private message 
nosystemdthanks


Joined: 03 May 2018
Posts: 696

PostPosted: Sat 28 Sep 2019, 18:48    Post subject:  

mikeslr wrote:
put it in /root/my-applications/bin


how will "run as spot" or the modern equivalent work when the browser is under the /root folder?

_________________
"microsoft is unique among proprietary software companies: they are the only ones who have actively tried to kill [floss]. it’s not often someone wants to be your friend after trying to kill you for ten years" -- bradley m. kuhn
Back to top
View user's profile Send private message Visit poster's website 
rufwoof


Joined: 24 Feb 2014
Posts: 3612

PostPosted: Sat 28 Sep 2019, 20:35    Post subject:  

Packetteer wrote:
Rufwoof
You mention booting then removing the flash drive. How does one do that? I am running a fugal install on a flash drive that every time I boot I get a message that flashes on my screen not to remove the drive.

Sorry John, only just now seen your post. Mike's pretty much answered it already. I use Fatdog multi-session usb ... where each 'save' creates a additional sfs as/when you actually click 'save', so between times the usb can be unplugged. I'm also running wiak's build scripts to build/run VoidLinux at present and with that I'm creating a copy of the upper_changes folder that is set to be stored in ram, so all changes are lost if I shutdown without saving, but where I can create a tarball of that folder and reload it again as part of bootup.

Physical isolation of your MBR/bootloader/kernel once booted is one of the great appeals of running a frugal type boot IMO, but I struggled to achieve that with the core Puppy's hence I went down the Fatdog multi-session path. Ideally saves should also be disconnected, only used at bootup, as otherwise a cracker could potentially trigger a 'save' action after having made their changes/installation ... and make those changes persistent across reboots.

Windows or any OS that is disk based has to be secured all of the time, a slip even briefly and that can be compromised. In contrast booting a clean version every time, as good as brand new/freshly installed, and striving to keep that clean is a lot easier and likely more successful. Whenever you want to do something sensitive/secure, booting that clean session and doing that secure action, nothing else before or after and that's about as secure as you'll likely to get. i.e. keep saves to a minimum, and only after a clean boot, make changes, save ... so that the clean boot remains clean.

_________________
( ͡° ͜ʖ ͡°) :wq
Fatdog multi-session usb

echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh
Back to top
View user's profile Send private message 
williams2

Joined: 14 Dec 2018
Posts: 190

PostPosted: Sat 28 Sep 2019, 21:02    Post subject:  

nosystemdthanks said
Quote:
how will "run as spot" or the modern equivalent work when the browser is under the /root folder?

It will run if the permissions are set to allow spot to run it,
which it probably is by default.

The configuration data would belong to spot and would be put in spot's home directory, not in root's dir.

But there might be permission problems reading files in the browser's folder.

I'm running as root, with the firefox folder in /tmp.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 2 [23 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1021s ][ Queries: 11 (0.0223s) ][ GZIP on ]