Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 23 Oct 2014, 05:41
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How to require bootup password for Puppy 5?
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [27 Posts]   Goto page: Previous 1, 2
Author Message
smokey01


Joined: 30 Dec 2006
Posts: 1829
Location: South Australia

PostPosted: Sun 30 May 2010, 05:05    Post subject:  

jamesbond wrote:
Yes, but that's not what I mean. Perhaps I don't say it clearly enough.

I would like to be able to go to any folder in Rox, right-click it, and choose "encrypt" from the popup menu. I will be asked for a password - and after that my folder will be encrypted. Similar functionalities for "open encrypted folder" and "close encrypted folder". Of course, once I'm tired with this stuff, I can always choose "decrypt" and remove all encryption, turning it back to a normal folder.

I've completed some scripts to do exactly that - I just need to clean it up and make it a little bit prettier. It depends only on EncFS (just like the conceal stuff) and Xdialog - a whooping 12K uncompressed Smile no python stuff.

cheers!

Ah, I see what you mean. If you try and encrypt an existing directory it will not allow it if it's not empty. You can create a directory and copy files to it though.

What you want is exactly what I want too. All this in 12k I'm looking forward to that.

I remember having something similar back in my DOS days it was very useful. It's nice to be able to keep private stuff away from prying eyes.

I'm not sure how much help I would be but am willing to assist if I can.

Regards

Smokey

_________________
Puppy Software <-> Distros <-> Puppy Linux Tips
Back to top
View user's profile Send private message Visit poster's website 
jamesbond

Joined: 26 Feb 2007
Posts: 2230
Location: The Blue Marble

PostPosted: Sun 30 May 2010, 10:32    Post subject:  

No worries. You can help by pointing me to where I can find a working Boost C++ library pet (version 1.41 or older) for use with puppy (with the -DEV part - headers etc). Or you can build one :p

I'm more or less is done with the script, I just need to build the EncFS. This proves to be a challenge. (I have a running EncFS under Fatdog64 - but compiling under Quirky is more tricky).

I know master_wong has a compiled EncFS version 1.3.2, but I prefer to use the latest version (1.5.2 - this one was released in Sep 2008).

cheers!

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread
Back to top
View user's profile Send private message 
smokey01


Joined: 30 Dec 2006
Posts: 1829
Location: South Australia

PostPosted: Sun 30 May 2010, 17:14    Post subject:  

I have located Boost C++ version 1.41.

I'm not sure about the headers part but I could package it as a SFS file or PET as it is a 39M file.

I can then put it on my site for download at www.smokey01.com if you would like to try it.

_________________
Puppy Software <-> Distros <-> Puppy Linux Tips
Back to top
View user's profile Send private message Visit poster's website 
jamesbond

Joined: 26 Feb 2007
Posts: 2230
Location: The Blue Marble

PostPosted: Mon 31 May 2010, 00:44    Post subject:  

No worries smokey, I've managed to compile it myself. It's only 850kb (huge compared to puppy, but compared to 39M is nothing ...). I've uploaded my work, see it here http://murga-linux.com/puppy/viewtopic.php?p=423144

cheers!

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread
Back to top
View user's profile Send private message 
webstain

Joined: 25 May 2010
Posts: 4

PostPosted: Tue 01 Jun 2010, 10:39    Post subject: puppy commands  

Hey guys

Thanks for the line of codes it worked perfectly, but to change the password how do I proceed (open terminal windows? what commands to type?)

Thanks guys

Regards

Jean Marc
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Tue 01 Jun 2010, 23:35    Post subject:  

You don't actually have to start over completely to encrypt an existing save file. I'll write you a guide for encrypting your save file tomorrow evening when I get done with work.

It isn't a very hard process. You basically just boot with pfix=ram, run some commands to create a new encrypted save file (without messing around with rebooting), mount both the new one and the old one, and then copy everything from the old one into the new encrypted one (just one command will copy it all). Then you delete the old one, reboot without saving, and Puppy will automatically use the new one.

I'll write up step by step directions tomorrow evening that you can mostly just copy and paste.



As for your question above, to change the root password you open a terminal (click on the desktop icon named "console" that looks like a computer monitor (or a DOS window in older versions of Puppy), OR you can go to Start->Utilities->URxvt (or something like that)) and type passwd, then press enter. It will ask you to type the password. Unlike most things, it won't give you any feedback as you type - not even *****s. Don't worry, it really is working. It's just trying to hide the length of your password from shoulder-surfers. Just type the password and press enter. Then you'll have to do it again. If you don't make any typos, it will change your password. Otherwise it will yell at you.

But that's just the root password, and does nothing to encrypt your data.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib


Last edited by Pizzasgood on Wed 02 Jun 2010, 23:35; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Wed 02 Jun 2010, 23:26    Post subject:  

Boot Puppy using pfix=ram (if you don't know how, it's pretty simple: insert the Puppy CD and boot up. When the boot process pauses so that you can provide input, type 'puppy pfix=ram' (without quotes) and press enter.)

Next, mount the USB drive if it isn't already. You can do this by clicking the relevant icon along the bottom of the desktop. It will mount the partition and pop up a filemanager window, allowing you to verify that it was the right one. Keep that window open.

If you don't have enough free space on the USB drive for another file of the same size as your current unencrypted savefile, you will need to mount another partition (see above) and move the unencrypted savefile onto it. Moving the file is done by simply dragging and dropping it between windows. A menu will appear offering the option to copy, move, or link. Chose move.

Either way, you'll want to rename the file slightly so that Puppy doesn't try to boot it anymore (we won't delete it until after we verify that the encrypted version works, and we don't want Puppy confused meanwhile). Right-click the file and go to "File '<filename>' -> Rename". Name it something like "savefilebackup.2fs", but make sure you leave the file extension (the .2fs or .3fs) the same as what it is now.

Next, open a terminal window on the USB partition. The easy way is by opening a filemanager window there and pressing the backquote key (on US keyboards, it's on the same key as tilde, above Tab and below Esc) or by right-clicking within said window and going to the "Window -> Terminal Here" entry.

In that terminal, run the following to load the modules you'll need for encryption support:
Code:
modprobe cryptoloop
modprobe aes_generic
modprobe cbc


Create a file to turn into the new encrypted save file. You will have to tell it how large to make it in megabytes. For this example, I used 128.
Code:
dd if=/dev/zero of=lupusave_crypta.2fs bs=1M count=128


Run the following to find the name of a free loopback device. It will give you something like "/dev/loop1" or "/dev/loop2", etc. For this example, I will be using /dev/loop1. You should use whatever losetup-FULL tells you to use.
Code:
losetup-FULL -f


Now we will bind the file to the loopback device you identified above, using encryption. Run the following command, substituting the correct loopback device. It will ask you for the password to use. Type it and press enter.
Code:
losetup-FULL -e aes /dev/loop1 lupusave_crypta.2fs


Next we need to format the file so that it can be used as a filesystem image:
Code:
mke2fs -q -m 0 /dev/loop1


Good, now we can mount the loopback device as though it were a normal filesystem. Do so with the following:
Code:
mount -o loop /dev/loop1 /mnt/data


Now if you look in /mnt/data, you'll be looking inside the new encrypted lupusave_crypta.2fs file. Next, mount your old unencrypted file. The easy way to do that is to track it down in the file manager and click on it. A window will pop up inside it. You can open a new terminal in that window and spare yourself having to type out a long path by pressing the backquote key (on US keyboards, it's on the same key as tilde, above Tab and below Esc) or by right-clicking within the window and going to the "Window -> Terminal Here" entry. If you run the command 'pwd' you can verify that you're inside the file (it will be a funky path like /mnt/+initrd+mnt+dev_ro2+500+lupusave.2fs). Once you have verified that the current directory is inside the old save file, run the following command to copy everything out of it into the new encrypted one (might take a while to finish):
Code:
cp -a * /mnt/data


Now we can start unmounting everything. Let's do the encrypted file first. Make sure no windows or terminals are open within the encrypted savefile's mountpoint, and then run the following commands:
Code:
umount /mnt/data
losetup -d /dev/loop1


Next we'll unmount the old savefile. As before, close any windows or terminals that are inside that directory. You could then run the umount command, giving it the path, but if you mounted it by clicking like I advised above, you and unmount it by clicking as well.

Okay, now for the test. Reboot without making a new file. When Puppy boots it should pick up the encrypted file and prompt you for the password. When it finishes booting, you should be in what looks like your original Puppy. But everything is transparently being encrypted for you. If stuff is missing or it didn't prompt for a password, something went wrong. Otherwise, you can safely discard your old unencrypted file now.


Have fun, and remember that only things that would be saved within the save file are encrypted. If you save something directly to the drive (such as via /mnt/home/) it won't be encrypted. Also, keep in mind that encryption doesn't help you if you walk away from the computer while the system is running. It only helps you when it's shut down. And you are still susceptible to Van Eck Phreaking, among other really wacky attack vectors (picking up EMF from the keyboard, for example, or gleaning data from the RAM or swap files/partitions, etc.). None of this is a concern if you're only hiding from random punks. But if your enemies consist of large companies or governments or would-be alien overloards, you'll need to employ a higher level of paranoia. Wink

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Wed 02 Jun 2010, 23:34    Post subject:  

When I say to run something in a terminal, I mean to type it into the terminal window (or paste it) and then press the enter key.

In case you don't know how to paste code into a terminal window (ctrl-c doesn't paste in a terminal), read this thread:
http://www.murga-linux.com/puppy/viewtopic.php?p=259471

If you have any questions, ask. I realize the above post seems a bit technical if you haven't done this kind of stuff before.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
technosaurus


Joined: 18 May 2008
Posts: 4353

PostPosted: Fri 04 Jun 2010, 18:19    Post subject:  

The easy way:

Just add this to your /root/.xinintrc before rox is called (or before jwm is called if you want to allow kiosk style access without jwm)
Code:

[ "`Xdialog --stdout --password --inputbox "Please enter your password" 0 0`" != "woofwoof" ] && exit

#replace woofwoof with your password


...of course you could get more technical and obfuscate the password by using shc and compiling it into a binary

_________________
Web Programming - Pet Packaging 100 & 101
Back to top
View user's profile Send private message 
technosaurus


Joined: 18 May 2008
Posts: 4353

PostPosted: Fri 04 Jun 2010, 19:46    Post subject:  

Here is a basic template for a desktop selector:

Code:
exec `Xdialog --no-tags --item-help --no-close --title "Puppy Desktop Selector" --no-cancel --stdout --icon mini-desktop.xpm --password --radiolist "Please select your desktop" 0 0 0 jwm jwm 0 "Ultra-light window manager with rox desktop" icewm-session icewm 0 "Another light window manager" lxde-session lxde 0 "Light-weight gtk2 desktop environment" e16 enlightenment 0 "Alternative desktop environment" xfce-session xfce 0 "Middle-weight full gtk2 desktop environment" gnome-session gnome 0 "Heavy-weight full gtk2 desktop environmnet" kde3-session kde3 "Qt3 based full desktop environment" 0 kde4-session kde4 0 "Qt4 based full desktop environment"`


Really each selection should be in its own variable such as
[ "`which jwm`" != "" ] && JWM="jwm jwm 0 \"Ultra-light window manager with rox desktop\""
#<executable> <name> <status> <mouse-over-text>

and then
#[ ! -f /etc/windowmanager ] && <--- this will make it go to the default if the file exists
#delete /etc/windowmanager to make the menu come up
[ ! -f /etc/windowmanager ] && exec `Xdialog --no-tags --item-help --no-close --title "Puppy Desktop Selector" --no-cancel --stdout --icon mini-desktop.xpm --password --radiolist "Please select your desktop" 0 0 0 $JWM $ICE $E16 $LXDE $XFCE $GNOME $KDE3 $KDE4

etcetera and so forth since I am just guessing at the startup commands, but it is a basic template to build on

_________________
Web Programming - Pet Packaging 100 & 101
Back to top
View user's profile Send private message 
bremer


Joined: 25 Feb 2009
Posts: 72

PostPosted: Tue 10 Aug 2010, 13:08    Post subject:  

How to change the password on an already encrypted pupsave?
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 2230
Location: The Blue Marble

PostPosted: Wed 11 Aug 2010, 06:54    Post subject:  

Not that I know of. You need to create a new encrypted pupsave file (with the new password), and then mount it, and copy your data over, and delete the old pupsave file on next reboot.

Perhaps someone will create a script with GUI for this?

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 2 [27 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1017s ][ Queries: 11 (0.0041s) ][ GZIP on ]