Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 23 Nov 2014, 13:39
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Steps for enhancing security I can take in Puppy 5.2?
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 3 [33 Posts]   Goto page: Previous 1, 2, 3 Next
Author Message
Leaena

Joined: 10 Nov 2011
Posts: 7

PostPosted: Sat 12 Nov 2011, 00:14    Post subject:  

DPUP5520 wrote:
There is a way to easily encrypt and hide torrent transmissions, unfortunately you cannot do it with Transmission as far as I know however I intentionally left the bit-torrent client in PuppyCrypt unsecured in order to divert illegal intentions.


What do you mean by "unsecured"? I'm getting ready to test Crypt in a VM, so I'm sure I'll find out - but I assume you mean the transmission isn't encrypted? And I assume securing it wouldn't be all that difficult (although I understand why you wouldn't do so be default)? I don't have any illegal intentions, but I *do* prefer to have as much encryption as is reasonable. If 2048-bit was reasonable for everything, you can bet I'd be using it.

nooby wrote:
I trust that Puppy lovers are so used to being root that then have no inner motivation to give this too much effort. So maybe you
are that person then?


Heh. I might be - I'll see how securing my own distro goes, and if all is well, I wouldn't have any qualms about contributing back to the community in one way or another. Computer Security (I'm a full-blown geek in every possible way, and I've been lucky enough to be paid to break into a system or two legally) also happens to be a passion of mine, so the possibility is definitely there.

nooby wrote:
Back to your topic. Them the Devs of Puppy made an attempt to give somewhat to the worried Linux users that are used to
be in a multi user environ where one only are root when one
need to do serious admin things.


That seems to be the more traditional way of doing things. Did they ever succeed? I have no problem running as root, myself, but there are just some things I'd rather do in a virtual sandbox. Running as Spot seems a decent enough solution for most things, though (so long as I'm not missing a leak of some sort).

Lobster wrote:
Fatdog had a great policy of only downloading to 'Downloads', that might have helped . . . ?


I wonder how that'd be accomplished in Puppy 5.2. Unless I'm mistaken, running an application as Spot limits it's activity to that user's folder only, correct? Should achieve relatively the same end, but still - I'm interested in how I could incorporate something like that on my box.
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 9258
Location: Stratford, Ontario

PostPosted: Sat 12 Nov 2011, 00:53    Post subject:  

Leaena wrote:
Lobster wrote:
Fatdog had a great policy of only downloading to 'Downloads', that might have helped . . . ?

I wonder how that'd be accomplished in Puppy 5.2. Unless I'm mistaken, running an application as Spot limits it's activity to that user's folder only, correct? Should achieve relatively the same end, but still - I'm interested in how I could incorporate something like that on my box.

Code:
su -c "path to firefox" spot
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Sun 13 Nov 2011, 04:02    Post subject:  

Quote:
Just enough time to build a hardened Linux supercluster to use it on (and then try and break into it, dodging lasers and retina scanners galore).


Keep us informed with pics (sent by carrier pigeon if need be) . . .
If you have any old obsolete computers, maybe an Archimedes, Amiga or Atari, maybe you could include them in the random rotating loop, just for the chaos option. Wink

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sun 13 Nov 2011, 05:00    Post subject:  

oops I trust I really stressed them trusted more in Fido than in Spot.

So now you guys seems to have get stuck in Spot while Fido is
the official solution Smile

Which one is best then? What features is unique for each of them?
I know nothing. But it is obvious that the inner motivation to get
either of them popular simply is lacking. No activity in the Fido
thread and none in the spot thread either.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
CLAM01

Joined: 22 May 2010
Posts: 79

PostPosted: Mon 14 Nov 2011, 22:39    Post subject:  

All This Talk About Running Puppy As root... *growl*

In puppy linux your user account is called root, but is not root. In puppy root is user.

Root in puppy root is the underlying ramdisk. the main "PUPversion.sfs" is, or contains (actually, installs again each startup), the root file system. When you start your puppy the real root filesystem gets copied to ram, or swap. You use the copies of the root files in ram or swap. When you shut down your ram/swap copy of your main sfs root is deleted. Next time you start the main sfs installs another copy of itself to ram/swap. Real roots don't get any more secure than that, especially if the real root is on non-writable CD.

Running puppy frugal from a CD there is no way your main sfs root files can be altered. Running frugal with the main sfs copied to HD, the main sfs is copied from HD to ram/swap, then is not touched again. It can be altered by someone mounting it and opening it with another puppy, since HDs allow writing and erasing. But if anyone roots you during a session they root your user-root account for the session only. If they install a rootkit it installs to your pup-save and can install from there again next session. You can prevent that by erasing the contents of your pup-save, so your ramdisk root writes fresh files to it when you start your next session. You need to move files you want to save out to a back-up save file before you wipe your pup-save contents (don't wipe the whole pup-save, only all files in it).

To modify your real root system in puppy you have to run the "remaster puppy live-CD" program from the setup menu. That's how you " su " in puppy. You have to make your modifications in your user-root puppy first, adding and subtracting what you want. You make your new root account when you do the remaster of what you have set up..

I check the integrity of my main sfs files when I copy them to HD for frugal installs (I don' t full install, so I don' t know if files are secure in those) by making hashes of my main SFS files when I first copy, then re-hashing hem and checking against the first hash from time to time. So far I have not found a main puppy sfs file to change.

Renaming puppy root isn't a good option because lots of files look for "/root" and don't find it if it's named something else. Those who have set up multi-user puuppies have found that finding and changing every pathname instance is tedious and frustrating.

Puppy Linux is single-user per session and pup-save. It's the way it works. Each user launches his own ramdisk-root from the same main sfs root and modifies his or her own session from his or her pup-save store of preferences. For personal files each using the same computer has to make his or her own password protected encrypted save-file, or have his or her own flash-drive.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 15 Nov 2011, 03:31    Post subject:  

CLAM01 thanks that was very interesting to read.
Sadly I am not really on that level but as far as I get it
that seems to be the way it does work.

That could also explain why some have decided to never have
a pupsave file. Them either remaster until them get a puppy that
works as them wanted and then never have to use a pupsave file again.

Them use sfs files to have flexibility of choices without needing
to load all of these at once. So them can load them on fly when needed.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Tue 15 Nov 2011, 03:57    Post subject:  

Quote:
CLAM01 thanks that was very interesting to read.

Have added it here to replace Nathans comments which were getting a little long in the tooth [so to speak] Cool
http://puppylinux.org/wikka/security

. . . there are new ways to strengthen security . . .
Yes you can compile a firewall for obsolete hardware
but even better for barely released hardware
Will your cluster of rotating firewalls have the power of Pi?
http://puppylinux.org/wikka/PARM

Expect some ultra security devices to emerge for RPi.
I may have to build a fire wail . . . Rolling Eyes
Basically this is a call out device for anyone trying to quantum hack
from another dimension . . . allowing them access
http://tmxxine.tumblr.com/post/11569525428/most-fuzzy-of-algorithms
[My imaginary psychiatric team have been notified - virtual medication expected shortly . . .] Shocked

_________________
Puppy WIKI

Last edited by Lobster on Wed 16 Nov 2011, 23:22; edited 1 time in total
Back to top
View user's profile Send private message Visit poster's website 
CLAM01

Joined: 22 May 2010
Posts: 79

PostPosted: Wed 16 Nov 2011, 18:45    Post subject:  

Lobster,

Oh, No! I was just spraying thoughts around when I wrote the above explanation of puppy-root. Had I imagined it might become engraved in electronic stone I would have tried to organize myself, be coherent, write real sentences, try to maybe make better sense...

I will try to do that, as soon as I can get to it. When I manage to I will post you the organized version to put wherever it may be helpful.
Back to top
View user's profile Send private message 
russoodle


Joined: 12 Sep 2008
Posts: 667
Location: Down-Under in South Oz

PostPosted: Thu 17 Nov 2011, 01:35    Post subject:  

I wouldn't worry, Clam01.....seems perfectly articulate to me and an excellent, helpful explanation, thank you Smile
_________________
This aging business really bugs me - it didn't bother me years ago, so why is it happening now??
meownplanet - puppylinuxstuff
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 17 Nov 2011, 10:12    Post subject:  

CLAM01 I agree with Russ that it is rather easy to follow your thoughts.

But being as deep into Nooby Land as I am I still wonder about this:

When I am booting in frugal on NTFS hdd then that HDD also has a lot of
Win7 Registry and such. Okay them gave it another name. Anyway.

Most likely the intruder don't expect to find Puppy but either WinXP or WinVista or Win7 or soon Win8. or maybe Ubuntu or Linux Mint.

So what is most likely them do? Download a thing that key log what I write so them can get my login to the bank? Log in to email and forums and
that way them get to know as many password patterns as possible
that I make use of. Then them set up some kind of hidden things.

But as you point out. As soon as I shut down or reboot all that is lost
unless I do something that makes it go into pupsave?

But while I am active them have plenty of time to record every password that I use?


So if Puppy was not root then them had to use Sudo or Su or
some other trick to get into the computer?

How much more effective are that protection?

Now to something related. dpup5520 wants to build a puppy rescue
CD that is as hardened as possible so that could be worth lookin into.

Do a search for him and his puprescue

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
postfs1


Joined: 27 Mar 2010
Posts: 831

PostPosted: Fri 18 Nov 2011, 10:26    Post subject:  

If the user is able to install "fwbuilder" then such a user has an opportunity to setup "iptables" and an opportunity to get the new activator of firewall rules.
_________________
  • I don't know why laboratories are named a hospitals.
  • The alive personage is like a tea bag with granules of unknown density inside, at that one the packet was made of organic material and was placed in the evaporated liquid or liquid.

Back to top
View user's profile Send private message 
str4y


Joined: 01 Aug 2011
Posts: 43
Location: No. California

PostPosted: Fri 18 Nov 2011, 19:50    Post subject: No hiding BT, sorry. But Transmission has encryption...  

DPUP5520 wrote:
There is a way to easily encrypt and hide torrent transmissions, unfortunately you cannot do it with Transmission as far as I know however I intentionally left the bit-torrent client in PuppyCrypt unsecured in order to divert illegal intentions.


Um, not to discourage folks from coming up with Puppy versions, but I don't think I'll be adding yours to the longish list of ones I try out-- based on this logic you put forth re "order to divert illegal intentions".. I moreso concur with the sentiment of another post, whereby my default is to use encryption wherever possible. It's just a matter of principle-- entities just don't need to be sniffing my crap, though yes, it's all legal. (I really like the HTTPS-Everywhere campaign https://www.eff.org/https-everywhere , and am glad to see it catching on (Goog being the tipping point I suppose, but why do I want to connect securely to Goog when I don't trust them? I remember yelling at my Big Name stockbroker years ago, 'WTF is with the "Some Elements Unencrypted" on pageload??') It's especially key for me as I only have net access over public wifi's!
I haven't time to find/give all the links to discussions about how bittorrent is practically impossible to do anonymously (torproject.org somewhere, certainly), as I just happened upon this thread while searching for a newish release of Transmission.. but gave up after being long out of Spare Time whilst reading threads like this one. So here's a snap from my version 2.30b for which I had a .pet laying around. The encryption referred to is of the data between peers.. I don't think communication with the tracker is generally encrypted (depends on the tracker.. run Azureus for a dizzying array of config options) but absolutely, your IP is never hideable, and the MPAA or whoever can and does send well-paid posers out to build up their databases with whomever connects with them as peer. But please, elaborate on this "easily encrypt and hide".. especially the latter.

http://imageshack.us/photo/my-images/510/trans23.png

In this process, I'm reminded of never having succeeded in searching for a good blocklist source. Any ideas?

EDIT: image doesnt seem to work, trying it as a Url for you to click..
Back to top
View user's profile Send private message Visit poster's website 
DPUP5520

Joined: 16 Feb 2011
Posts: 801

PostPosted: Fri 18 Nov 2011, 21:26    Post subject:  

str4y It matters not to me whether people test anything I put out or not, I do it for myself and share with others if they want to try it. Encryption doesn't really do anything for you at all anymore when it comes to most service providers due to methods that have come out to detect bit-torrent traffic even while encrypted plus it doesn't hide your IP address from the swarm.
_________________
PupRescue 2.5
Puppy Crypt 528
Back to top
View user's profile Send private message 
CLAM01

Joined: 22 May 2010
Posts: 79

PostPosted: Fri 18 Nov 2011, 21:50    Post subject:  

nooby,
In puppy, since your puppy-root account is your user account what you have exposed to the internet is your user account only. Your pup-save file is your puppy-user "home" space. Anything that downloads and installs to your pup-save installs to your /home/user account. If something installs to your /mnt/home it installs outside of puppy. /mnt/home is the disk partition you run your puppy system in. If you run your puppy system in /sda1 (or sda2 if you have a manufacturer's partition first) where your MicroSoft system resides your MicroSoft system files are around your puppy folder (if you isolate your puppy system in its own folder) or around your puppy files (pup-save, puppy-sfs and z-sfs, or woof-build-number folder).

Normally nothing should download to, or install, to your /mnt/home, outside of your puppy ram/swap-system and your pup-save file. On regular HD frugal install puppy systems files land in, install in and add changes in your pup-save as you browse or work, so when your system saves at the end it only checks for loose ends, erases /tmp files and so forth. With SDHDs and flash-drive puppies the files hold in ram and modify your pup-save only periodically (like early linux systems normally did). Thus, it should be impossible for any more on your computer than your pup-save files to be messed with or messed up.

But do not count on this. Assume it should be so, but expect that someone may find a way to get around it. The "development" of intrusion techniques today is like the rabbit in the famous race story, with the tortoise being Moore's Law's development of chip power and speed. And we seem to be in a period right now when the intruder-rabbit is up and running.

The nearest there is to a 'su' or 'sudo', to get to a puppy's root is the update white and black (and sometimes pink and maybe other color) listing system. This system adds information to your pup-save. The information is mostly switch info. It is read at start-up, use A. before B, ignore C etc.

Until you remaster your puppy the not used and ignored remains in your pup-main-sfs. If you change your mind you can bring ones back, and, if you clear out your pup-save the original pup-main content files will be written into it. You will get rid of what you don't want, but you will have to re-customize, add again pets you had added, etc. You can get around doing all of this by setting your puppy up to suit yourself, saving it and before exposing it, copy all the files to a back-up file in your /mnt/home, or another partition. Then when you wipe your pup-save file's contents, if you think something might have been added, or become corrupted, you can copy your back-up files and start again mostly where you were.

You also want to put all your personal files in one or two over-all files in your pup-save root (puppy-root) file, so you can move those out to park in your /mnt/home (or another partition) before you wipe out your pup-save.

Theoretically your intrusion dangers should be less than with other systems. To lessen them more I recommend, rather than downloading to /root/spot or anywhere else, to set your browsers to download to /tmp, or a /tmp/downloads file you make in /tmp. You have to remember to move files you want from /tmp to other folders in before you shut down. Otherwise what you have downloaded will go with your shutting down.

Your most likely sources of infections in puppies are the builds, themselves. Things that may be included by a puppy or puplet builder, or may be in or get into files built in or built with. These include things you may have in your system when you remaster your puppy. Back-doors and remotely controllable programs are among things that can be installed as parts of systems. Monitoring systems, for instance, are everywhere. A common one is a test-ping for net connection, which pings computers a domain connected to the USA's CIA. All the system does, as far as I know, is ping, but every network card having a unique mac address, the system is an available for tracking, if such should be needed. Included in common net-connection programs, the system is incorporated in puppies.

Your next most likely source of infections is what is downloaded with what you download. Intruders seem to be making great progress in this area right now, working out new and better ways to get things into computers and working for them. Putting their own systems on your system appears to be easier than taking over your system, and, if they are in your system, it gives them access to all the files on your system. You don't need to crack passwords and install a rootkit if you can, instead, simply install your own little system and with it open the root files of the host computer's main system. I am chasing what appears to be a new one of these, that puppy seems to be susceptible to, right now.

As they say, you can't ever be too careful, and even being too careful doesn't always work.
Back to top
View user's profile Send private message 
Ray MK


Joined: 05 Feb 2008
Posts: 765
Location: UK

PostPosted: Fri 18 Nov 2011, 23:49    Post subject:  

Hi

"You don't need to crack passwords and install a rootkit if you can, instead, simply install your own little system and with it open the root files of the host computer's main system. I am chasing what appears to be a new one of these, that puppy seems to be susceptible to, right now"

That sounds a little worrying - should we be concerned?

Do we know how to protect against such a method?

Surely Puppy's smallish size, must make it difficult to conceal something
undesireable in the download.

Would we have similar concerns when using Puppy on an Arm Processor?

My questions probably show my ignorance regarding these matters,
however it does beg the question - Are we safe?

Best regards - Ray

_________________
Asus 701SD. 2gig ram. 8gb SSD. IBM A21m laptop. 192mb ram. PIII Coppermine proc. X60 T2400 1.8Ghz proc. 2gig ram. 80gb hdd. T41 Pentium M 1400Mhz. 512mb ram.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 3 [33 Posts]   Goto page: Previous 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1247s ][ Queries: 11 (0.0054s) ][ GZIP on ]