Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 03 Mar 2015, 20:32
All times are UTC - 4
 Forum index » Advanced Topics » Puppy Projects
Puli 6.0, released Dec 2014
Moderators: Flash, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
gjuhasz


Joined: 29 Sep 2008
Posts: 188

PostPosted: Sun 21 Dec 2014, 18:32    Post_subject:  Puli 6.0, released Dec 2014
Sub_title: The ultimate defense against web attacks. Intended to boot from a USB pendrive
 

Welcome to Puli 6.0, released Dec 2014

Puli is a member of the Puppy Linux family: a high security, "kiosk" flavor of p666philb's tahrpup 6.0 CE, intended to boot from a USB pendrive and run safely even if the boot device is unplugged.
This 32-bit, non-PAE Puli has kernel version 3.14.20.
Pevious barks of Puli are still available at http://murga-linux.com/puppy/viewtopic.php?t=88691)

The Puppy Linux Project was established by Barry Kauler in 2003. See legal notice at the bottom of the Help file, selectable from info menu icon.

Special thanks to 666philb, smokey01, pemasu, S-kami, Kros54 and my colleagues, including ethic hackers who helped me with their feedback about Puli.

I. How to install Puli:

1. Create a bootable USB pendrive
    a. In any Puppy Linux distro/puplet such as Puli 3.8.3 bark 6 or pemasu's Upup Precise 3.8.3.1, click the Install icon on the desktop. Then in the Install dialog, click the BootFlash USB installer button and follow the instructions there. (If you don't have Install icon, try to select menu item Setup / BootFlash install Puppy to USB.)
    Bootflash may not be on your Puppy's menu. It may, however, be builtin. Try opening a terminal and typing
    Code:
    bootflash

    Worst case, download and use www.smokey01.com/gjuhasz/sfs/bootflash-0.6p.pet
    b. When finished, delete all files from the pendrive except ldlinux.sys.
2. Copy Puli to the pendrive.
    a. Puli and its updates are available at www.smokey01.com/gjuhasz in form of compressed files. Download then unpack the Puli_install.tar.gz file to access the Puli_install folder.
    b. Open the Puli_install folder and copy its content into the (root of the) USB pendrive.
    c. It does worth to download the sfs folder from www.smokey01.com/gjuhasz into the USB pendrive, too. Puli offers advanced Office options and the newest Java runtime module in those sfs files.
* To have SoftMaker FreeOffice, put a SoftMaker line in loadsfs file on your USB boot device. You need to register and obtain your personal license at Softmaker Software GmbH as detailed below. See the related legal restrictions at /opt/freeoffice/license.txt.
* Alternatively, you can use LibreOffice (without registration) by putting a LibreOffice line in loadsfs file.
* You can reference any number of .sfs and/or .pet files simply by referencing their file name in separate lines of the loadsfs file as shown in the above examples. Puli will find those .sfs files (on the USB boot device) and load them during bootup. Note that the first score will be loaded even if the USB pendrive has multiple files with the same file name.

3. Unmount the pendrive. You are ready, Puli is installed.

4. Before rebooting your machine from the pendrive
    a. I recommend to read the following sections, too.
    b. If you know what to do, you may configure some startup parameters in syslinux.cfg right now.
    c. Ensure that the BIOS is configured to boot from pendrive.

5. Give Puli a go! [/b]


II. Puli in a nutshell:

1. Boot-up the PC from the USB pendrive pre-installed with Puli.
    a. When asked, log in as root.
    b. Type root as password. Later you can change the password and save it for next logins.
2. The QuickSetup dialog pops up. Here, you may configure the system as you want.
    a. Check whether timezone, locale and keyboard, etc., are correct and change them if needed.
    b. You may right-click the Volume tray icon, select Full window and check/adjust Capture, Mic boost, etc.
3. The USB pendrive gets unmounted. Consider pulling it out when the popup message reminds you.

4. It is recommended to set your own session password.
    a. Open console
    b. Issue the busybox passwd command.
5. Before you finish, be sure that you left no data on the PC.

6. There are different methods to save your work on the (replugged) USB pendrive:
    a. Clicking the backup icon on the right of the Desktop immediately creates a compressed Puli_backup_YYYY_MM_DD_HH_MM.tar.gz backup file in the /backup folder of the USB pendrive. Backups include Backup description. Note that the password files and the content of the .sfs files (installed into /initrd/pup_ro2 and /initr/pup_ro4 folders) are excluded. While those .sfs files are the same, you can restore a previous status from a backup if you drag-and-drop its icon onto the Restore icon next to it.
    b. You can decide to create backup by selecting Save: backup on the Shutdown dialog.
    c. You can preserve the current settings without creating backup file by clicking the Save: patch button on the Shutdown dialog.

* Be wary of hardware keyloggers. From the tray, open the virtual keyboard and use it any time to enter passwords or other sensitive text.

* Based on the preset user profile, some features, such as Office programs, evince, etc., may start in offline mode for your security


III. For advanced users:

* Just after boot-up, the advert-blocker feature updates the /etc/hosts file to block annoying commercials.

* You may add boot parameters, e.g., pkeys=hu plang=hu_HU.UTF-8, to syslinux.cfg on the pendrive (see among the install files).

* The default timezone is GMT. However, Puli overwrites it with the content of the single-line timezone file from the (root of the) pendrive. Take a look into the /usr/share/zoneinfo folder for correct timezone strings such as Australia/Perth

* If the USB pendrive contains a /patch and optionally a /profiles/Common folder, then Puli updates the filesystem with their merged content during bootup (before X starts).

* The last executed script in the /root/Startup folder is zsupp. It may worth looking into it for the tricks it does. Of course, even zsupp could be updated from /patch before it (zsupp) would run.

* In the Puli package, you can find tricky user profile examples realized by different patch structures. They can be selected/activated (copied into /patch folder on the pendrive) by clicking their fantasy-named profile selector icon.

Mild-tempered
    a. This is the default profile, i.e., when there is no /patch folder on the pendrive or it is empty.
    b. The network_tray icon becomes red while suspicious connections are active. They are logged in /var/log/suspicious_connections file.
Rigorous
    a. Barks as soon as suspicious connections are detected (only during browsing). Then, to prevent hacker attacks, updates the firewall's blacklist with the suspicious hosts.
    b. Puli does not release the suspicious host but occupies its available ports in SYN_SENT or similar mode. For details, see profile-specific scripts such as /usr/local/apps/defaultbrowser and /usr/bin/chromiuma.
    c. If you accidentally get false alarm(s), move those friendly IP addresses from /etc/suspicious_hosts to /etc/friends file (and update your patch structure accordingly).
Crazy
    a. According to the profile name, Puli makes hackers crazy. It disables the network periodically to prevent their session become effective.
Lazy
    a. Similar to the mild profile with one tricky exception. While browsing in this unique profile, your lovely Puli becomes lazy and goes asleep. More precisely, the Linux utilities (those in the /bin folder) become inexecutable, preventing a hacker or even a trojan malware to initiate shell scripts or issue commands.
    b. Some features behind icons file, info, edit, write, calc, phone, remain active only for you.
    c. During browsing, clicking on the leftmost dog icon toggles between the lazy and the mild profiles. While you see a "glowing" mild icon, you can click on the rest of desktop icons, and the menu items.
    d. The drive icons are replaced by an inactive drives icon during browsing in lazy mode. While toggled to mild mode, clicking on the drives icon invokes Pmount.
    e. Warning! Do not unplug any mounted drive while browsing in lazy mode!
    f. If you close the browser, all features are restored in a few seconds (i.e., the dog icon initiates backup and the drive icon(s) appear again).


* The recommended browser (based on the default settings in the loadsfs file) is a properly sandboxed Chrome version 34 with Flash plugin version 14. You can easily upgrade or even downgrade Chrome using the unique Smart Install feature of Puli:
* In all profiles, clicking the info icon invokes the Links browser configured for smart media recognition capabilities. The Links browser opens also if you click the browse icon while there is no Chrome installed.

* Parental control: Append IP addresses or even domain names (e.g., 1.2.3.4 and/or somename.com) as separate lines to the /etc/suspicious_hosts file (of course, copy it into your favorite patch structure on the UBS pendrive, together with /etc/friends). Puli interprets them and feeds the blacklist automatically.

* Notice that some common Puppy utilities, e.g., default applications chooser and firewall generator, have been removed in favor of the patch-based features.

* Notice also that the .DirIcon of the selected profile folder appears on the Desktop as backup icon.

* If you connected an MTP (Media Transfer Protocol)-capable device (e.g. a mobile phone) via USB cable, open a terminal window and issue mtp+. Now, you can access the device thru the /root/MTP folder. If you finished, issue mtp- before disconnecting the USB cable.


IV. For enthusiasts:

You may need to customize Puli if you want to run it on the same computer. Puli supports this in many ways as follows. But keep in mind that different computers' settings can be incompatible with each other thus their settings should be stored separately, i.e., in different patch profiles.

* During bootup, the .sfs and .pet files listed in loadsfs file on the USB boot device, either as /patch/loadsfs or /profiles/Common/loadsfs, (don't mix - the former overrides the latter, other locations are ignored) will also be loaded if they exist somewhere on the USB boot device. You can reference there as many files as you want - even a truncated but unique basename, e.g., "wine", or (if you are unsure about capitals in the filename) "?ine" is enough to locate "wine_puli-1.7.21.pet". Note that while, on the one hand, only the memory limits the number of the auto-loaded files; on the other hand, they cannot be unloaded in the current session. Puli is prepared to auto-load an (ONE) official chrome .deb package referenced in loadsfs, too. The chrome package name must be like "google-chrome-stable_34.0.1847.137-1_i386.deb" (this is how an official Google Chrome package name looks like).

* Notice that the auto-loaded files are merged into the /initrd/pup_rw folder: they arrive there in the order of their appearence in your loadsfs file. As in other Puppies, you may install five additional .sfs files on-the-fly later (into /initrd/pup_ro4 ... /initrd/pup_ro8). However, Puli offers a workaround if you need to load more than five .sfs files on-the-fly. Menu item Setup > Merge SFS files gets (based on their alphabetical order) the *.sfs files found in /root folder, then merges them into /root/puli.sfs. Move it to the pendrive and reference it as a single item to load/unload it using the Settings > SFS-Load menu item from the desktop.

* You can save your session settings to auto-load them on the same machine next time. The following examples are here only to help understand the basics. However, their result should be similar to what you get by clicking the Save: patch button on the Shutdown dialog.

Example A. Preserving only the audio configuration:
    a. Set up the sounds with the Retrovol tray icon.
    b. Open a terminal.
    c. Issue alsactl -f /etc/asound.state store
    d. Copy the /etc/asound.state file into your machine-specific profile on the pendrive.
    e. Puli restores the same settings at every boot time.
Example B. Preserving only the network configuration:
    a. In Puli, Barry's sns is used to establish network connection. It stores your machine-specific preferences in /etc/simple_network_setup/ folder. Here, wpa_supplicant.conf files contain colons ( : ) in their name which cannot be copied to your pendrive if it is FAT-formatted. If so, replace these colons with equals sign ( = )
    b. Copy the /etc/simple_network_setup/ folder to the patch structure of the machine-specific profile on the pendrive.
    c. Puli restores those filenames when loading the patch files at startup.
Example C. Preserving configuration items using built-in script:
    a. Set up the sounds with the Retrovol tray icon.
    b. Check that sns is configured well.
    c. If you chose the default Softmaker FreeOffice program, click the write desktop icon to enter the Softmaker FreeOffice licence key. The key is free for registered users. You need to do this only once, at the first usage.
    d. In a terminal window, issue permanent
    e. The /usr/bin/permanent script asks for a permanent password then saves the sound and network settings into the /patch folder on the pendrive. You can add more lines to save other session files, e.g., bookmarks, browser profile, desktop background or even downloaded files that have been arrived into the /root/spot/Downloads/ folder.
    f. Puli reads the saved settings at every boot time from the actual content of /patch folder of the pendrive. It is recommended to store those machine-specific sets in separate profiles then populate the pendrive's /patch folder from the appropriate profile when necessary.

* In contrast to other puppies, you cannot save your session as puli.2fs on the USB pendrive or elsewhere. Instead, use the backup desktop icon or the Save: backup option at the Shutdown dialog. Note that the auto-loaded extra packages are not included in the backup file thus you need to use the same loadsfs file next time to restore the same environment. However, you can run the /usr/bin/fullbackup script from a terminal window if you really want to include the auto-loaded files in the backup file. Note that the timestamp (mdate) of the whole stuff controlled by loadsfs are set back to around 2001-11-11 11:11 (timezone shift added).

* You may refresh the puppy_puli_6.0.sfs file with the content of the actual patch structure:
    a. Ensure that the pendrive is plugged in (either mounted or unmounted).
    b. Open a terminal and issue refresh
    c. The temporary files are in the /root/squashfs-root folder. You can manually edit their content there when the script asks for this.
    d. Wait until all operations are finished.

* The shrink script does the same as refresh except that it calls the Remove Builtin Files utility before writing back to the USB pendrive. The temporary files are in the /root/squashfs-root folder. You can manually edit the content there when the script asks for this.

* The paint desktop icon has this preference order to open: Gimp, Mypaint, LazPaint, AzPainter, mtpaint - depending on which one is installed.

* The draw desktop icon has this preference order to open: Inkscape, AzDrawing, Inklite - depending on which one is installed.

* The phone desktop icon has this preference order to open: Skype, xchat - depending on which one is installed.

* Skype installed from Skype-4.3.0.37ap-puli.pet runs as spot.


Have fun!

Regards,
gjuhasz
Puli_profiles.png
 Description   Profile icons in Puli (Mild, Rigorous, Crazy and Lazy)
 Filesize   17.13 KB
 Viewed   1251 Time(s)

Puli_profiles.png


Edited_times_total
Back to top
View user's profile Send_private_message 
gjuhasz


Joined: 29 Sep 2008
Posts: 188

PostPosted: Mon 22 Dec 2014, 15:45    Post_subject: Puli 6.0  

A nice screenshot showing a little lazy puli dog.
Puli-6.0.jpg
 Description   See http://whitepuli.hu/new_home/2013_c/2013_cinkos_sunny_04.jpg
 Filesize   29.87 KB
 Viewed   1153 Time(s)

Puli-6.0.jpg

Back to top
View user's profile Send_private_message 
Dpup

Joined: 05 Aug 2008
Posts: 75

PostPosted: Sat 27 Dec 2014, 08:52    Post_subject: Puli 6.0
Sub_title: Testing
 

Thanks for another great release.

In addition to testing on various netbooks laptops, desktops that I posted about for Bark 6, I am also testing Puli 6.0 on a new Dell 17 inch Laptop with AMD Quad-Core A8-5545M that came with Win 8.1 installed.

The party guests mostly thought no way was Puli 6.0 going to work on such a new Laptop. But surprise, when I took the USB drive from my key chain loaded with Puli 6.0 which I have been using on more than half dozen other computers, it booted and connected to WPA2 AES account and worked just fine for all functional areas that we tested.

The only downside was using the new Win 8.1. It seemed to me and the other technology guests that for all the $Billions spent developing Win 8.1 the released product is a step backwards. Puli 6.0 along with other Puppy Linux releases just do more of what most of us need and use day to day, is more responsive, and much easier to use !!!
Back to top
View user's profile Send_private_message 
gjuhasz


Joined: 29 Sep 2008
Posts: 188

PostPosted: Thu 01 Jan 2015, 20:10    Post_subject: Re: Puli 6.0
Sub_title: The best time for relax
 

Dpup wrote:
The party guests mostly thought no way was Puli 6.0 going to work on such a new Laptop. But surprise, when I took the USB drive from my key chain loaded with Puli 6.0 which I have been using on more than half dozen other computers, it booted and connected to WPA2 AES account and worked just fine for all functional areas that we tested.


Dear Dpup, thanks for your presentation.

As there is a New Year starting today, many of us feel this is the best time for relax. Yeah, a day for laziness. And we let our pets do the same.

My Puli buries his bone before he "turns inward".

Similarly, Puli 6.0, in its "lazy" profile, hides the files of the disarmed (access-denied) /bin/ folder from strangers before letting his Master browse alone. Of course, the Master can tell him where to hide. By default, those files (bash, busybox, etc.) would act in the /ban/ folder, but since this a holiday today, why not drink to you with such a folder name like:

"Best wishes to all of you. Hope you have a great time in 2015 and always!"

Using the accurate Linux syntax, on the USB boot device, in the second line of /mnt/sdb1/3-lazy script:

Code:
lazybin="/Best_wishes_to_all_of_you_Hope_you_have_a_great_time_in_2015_and_always/"



Have fun!

gjuhasz
Happy_New_Year.jpg
 Description   
 Filesize   47.96 KB
 Viewed   792 Time(s)

Happy_New_Year.jpg

Back to top
View user's profile Send_private_message 
gjuhasz


Joined: 29 Sep 2008
Posts: 188

PostPosted: Sun 08 Feb 2015, 20:33    Post_subject: Puli 6.0 and updates of Tahrpup  

Just to confirm:

Puli works fine with the updated vmlinuz and zdrv files included in tahrpup 6.01 and/or 6.02. Kudos to 666philb and the tahrpup team!

Only the zdrv shall be renamed from zdrv_tahr_6.0.2.sfs to zdrv_puli_6.0.sfs - the vmlinuz file is applicable "as is".

FYI: Puli update is coming soon with

* Minor bugfixes and security patches
* Comfort features
* Smaller footprint

Have fun!

gjuhasz
Back to top
View user's profile Send_private_message 
totolanio

Joined: 03 Jan 2015
Posts: 153

PostPosted: Tue 10 Feb 2015, 22:59    Post_subject:  

You should write a little description of the purpose of Puli, maybe ? Such as usage examples etc...

It's too vague for a non pro like me.

_________________
Main puppy used : LxPup tahr.
Multiple package installer/remover.
Back to top
View user's profile Send_private_message 
gjuhasz


Joined: 29 Sep 2008
Posts: 188

PostPosted: Wed 11 Feb 2015, 12:15    Post_subject: purpose of Puli  

totolanio wrote:
You should write a little description of the purpose of Puli, maybe ? Such as usage examples etc...
It's too vague for a non pro like me.


Dear totolanio, let me explain the purpose in a form of a FAQ:

Q: What is the difference between Puli and other distros?
A: Most of the Linux distros are optimized for hard disk installation, although many of them can boot from live CD/DVD or from pendrive. Puli is for pendrive only.

Q: Then what is the advantage of Puli compared to other distros that boot from pendrive?
A: There are unique security features. The user is asked to unplug the pendrive just after the system starts. Also, Puli has some tricky profiles specially designed to resist the known (and even some unknown) web attacks. Advanced users can create their own profiles e.g., by combining the features of the existing ones.

Q: Do you mean surviving any kind of web attacks, or defense against new viruses etc?
A: I am dare to say yes, but the level of protection and the behavior depends on the selected profile. For example, code execution of viruses/trojans is prevented while browsing / skyping in the "lazy" profile. Man-in-the middle attacks have no chance to build up themselves in the "crazy" profile. Beyond this, a firewall is in place and the critical web apps are executed by spot user.

Q: What about preventing phishing?
A: Puli cannot do too much if the user intentionally responds to a malicious "phishing" request and shares, e.g., his/her IDs with passwords and other pieces of sensitive info. But Puli can be rigorous and has sharp teeth...
What it can do for his "crazy master" in such cases? Barking, blinking red icons, terminating the network connection, blacklisting suspicious sites, and/or even hiding the operational system from attackers. Smile according to the selected profile. Note that Puli automatically updates the (black)list of malicious websites just after it starts.

Q: What is the size of Puli?
A: Puli consists of a "skeleton" (about 188 MB, including all security features mentioned above) plus a configurable set of extra packages than can be co-loaded at boot time. Users can preset the features according to their current needs thus omit all "nice to have" modules that only waste time and resources for the actual session.

Q: How to save the session? To the unplugged pendrive???
A: Puli is unique in this aspect, too. In other distros, if the user deletes a file or makes something wrong, then the system can be corrupted forever - maybe a king size backup helps. But in Puli, you can return to any previous status.

There are three options:

    1) Save your files manually (during the active session), then log out without auto-save. In this case the pendrive remains untouched thus you boot into the same environment next time
    2) A “smart save” as part of the shutdown process. There are selected files to appear next time. Note that the next version of Puli (expected in March) provides a configuration file for this.
    3) Create a surprisingly small size backup file from the session any time. Beyond optimizing Puli for “multiple use case”, this kind of backup also resolves the “different user” and “different machine” issues (supported by a free-text backup description). The filename contains the timestamp thus the backup remains intact for good.

Of course, Puli asks the user to re-connect the pendrive to save files (You may use a dedicated USB stick for save/backup purposes.)

Have fun!

Regards,

gjuhasz

Edited_times_total
Back to top
View user's profile Send_private_message 
gjuhasz


Joined: 29 Sep 2008
Posts: 188

PostPosted: Wed 11 Feb 2015, 12:15    Post_subject: purpose of Puli  

Please find an example of the loadsfs file used by my son (Puli 6.0.2 beta, mild profile chosen). Remind that this is the config file to select the extra packages to be loaded at boot time :
Code:
-audacity
-azdrawing
-AzPainter
-Blender
-Calibre
-devx
-dreamchess
-fonts
-gimp-2.4
-gimp-precise
google-chrome-stable_34
-inkscape
jre-1.7
-jre-1.8
-lazpaint
-LibreOffice
-linphone-3.6.1-xv
-LP2_GimpPainter
-mypaint
Minecraft
-Skype-4.3.0.37ap
-SoftMaker697
-SweetHome3D
-teamviewer-10
-wine_puli_wt-1.7.21

I prefer loading another set of extra files (by removing the "dash" character that precedes the package names by default): google-chrome (lazy profile), fonts, Skype, SoftMaker and teamviewer, sometimes Calibre. They can be anywhere on the boot device, either as .pet or .sfs packages (except chrome, which must be .deb).

My daughter selected google-chrome (mild profile), mypaint (or LP2_GimpPainter, or sometimes Blender) and Skype .

An average user does not need to deal with configuration details deeper than the above selections in loadsfs.

That's all. Our machines are: one HP6600 (3GB, ATI HD 5400) and one HP7600 (2GB). Swap installed in both (same size as the memory). I also use a fast 64-bit Dell laptop (i5, 4GB, no swap).
Puli runs fine on all of the above machines booted from any of our pendrives. There is no need to reconfigure anything.

See the post of forum member Dpup, too.

----------------

A couple of additional comments, just FYI:

I am among the users who dislike the "carved in stone" distros because they (we) feel discomfort if one or more features become obsolete. Most of those distros face a risk that altering/replacing/upgrading a single module crashes the whole installation. In contrast, Puli was designed to support such upgrade attempts, e.g., no other distros tolerate upgrading Chrome then returning to a previous one (e.g., to compare stable/beta/dev versions).

In the promised new Puli (probably 6.0.2, already in beta), the extra modules may include "rampup" and "after party" scripts to prepare and/or clean up the module environment before and/or after running it.In our case, for example, the "rampup" script of the Minecraft module
1) looks around for saved worlds and loads them,
2) force installs the java runtime if it is missing,
3) disconnects the network
4) starts the game as spot.
The "after party" script adds its two-cents to the "smart save" configurator describing which worlds shall be saved to where in the frame of the shutdown process.


Have fun!

Regards,

gjuhasz
Back to top
View user's profile Send_private_message 
Q5sys


Joined: 11 Dec 2008
Posts: 1123

PostPosted: Thu 19 Feb 2015, 11:43    Post_subject: Re: purpose of Puli  

gjuhasz wrote:
Barks as soon as suspicious connections are detected (only during browsing). Then, to prevent hacker attacks, updates the firewall's blacklist with the suspicious hosts.


what metrics is it using to determine whats 'suspicious'?
Im on the road right now so i can download and test this until tonight, but please tell me that everything web facing isnt running as root. Smile

_________________



Back to top
View user's profile Send_private_message Visit_website 
gjuhasz


Joined: 29 Sep 2008
Posts: 188

PostPosted: Thu 19 Feb 2015, 14:29    Post_subject: Re: purpose of Puli  

Q5sys wrote:
what metrics is it using to determine whats 'suspicious'?


Dear Q5sys,

Please take a look into the defaultbrowser file of the "rigorous" profile (you can find it on the boot device, as /profiles/1-rigorous/usr/local/bin/defaultbrowser).
Between Lines 70 ... 77, the established connections are checked based on some specific patterns set, e.g., if only the IP address and non-standard ports are evaluated as "suspicious".
If this (example) pattern matches, then Puli disconnects the networks (Line 90), updates the firewall (Line 94), then barks before reconnecting (Line 104).

Similar patterns are built in the default "Mild" mode but the consequences are not as rigid there as in the Rigorous mode.

Of course, as I wrote above, the pattern(s) here are only examples. You can borrow ideas from Snort or similar systems or even create your own.

Note that preventing web-attacks is a complex task thus other modules need to co-operate (with the help of config items in /etc/hosts, /etc/friends, /etc/rc.d/rc.firewall and so on.)

There are other funny methods within Puli. For example, you are browsing while " /bin is in the bin " Smile thanks to the Lazy profile of Puli.
I do hope that my examples in Puli inspire users to combine them or invent something new.

Q5sys wrote:
please tell me that everything web facing isn't running as root


Puli is a funny dog. Of course, for example, Skype runs under spot user in each mode. See details in /profiles/3-lazy/usr/local/bin/defaultchat file.

Have fun!

Regards,

gjuhasz
Back to top
View user's profile Send_private_message 
gjuhasz


Joined: 29 Sep 2008
Posts: 188

PostPosted: Sun 22 Feb 2015, 17:39    Post_subject: In cases of Bootflash not found  

I received a PM from a friend:

Quote:
Your installation instructions require the use of bootflash, suggesting employment of prior version of Puli or Upup 3.8.3. I used Upup before I remembered that almost all of my current Pups employ Openbox or Lxde. Sometimes the Menus produced by those window-managers fail to list installed applications. They're finicky about having the category definition end with a ";", sometimes about the first of multiple categories, and sometimes just for sport.

With the exception of Carolina, every recent Pup I examined which didn't show bootflash on its menu had bootflash built in. It could be started by typing "bootflash" in a terminal.

Suggest your instructions include something like:

Bootflash may not be on your Puppy's menu. It may, however, be builtin. Try opening a terminal and typing,
Code:
bootflash

I searched several repos --including Carolina's-- but couldn't find a "bootflash" pet. Maybe its called something else. If it can't be found on any repo, perhaps you could offer a pet. Not being kernel or hardware dependent, it will probably be compatible with any Pup.


Thanks for your recommendations. I modified both the first post above and www.smokey01.com/gjuhasz/readme.html accordingly.

Please find www.smokey01.com/gjuhasz/sfs/bootflash-0.6p.pet attached, too.

Thanks again.

Have fun!

Regards,

gjuhasz
bootflash-0.6p.pet
Description  MD5sum: 3fa226bfd2cf7281e32ef0d2647549cc
pet

 Download 
Filename  bootflash-0.6p.pet 
Filesize  162.84 KB 
Downloaded  11 Time(s) 
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Advanced Topics » Puppy Projects
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1557s ][ Queries: 12 (0.0065s) ][ GZIP on ]