Revision [21862]
This is an old revision of security made by darkcity on 2012-06-13 16:26:10.
Security
Security involves protection from data loss, data theft and data corruption.
My views in the debate on the /root vs /home/user/ issue:
tallboy
Puppylinux is a small, but very powerful, single user distribution, running as root is the only way to do it.
When running from a live CD/DVD, as I always do, there is no other way to access a HD or a memory stick, than as root. An alternative would be to use the same user name as owner of the devices, but then, what is the point of a puppy if it isn't portable?
When that is said, I also have to mention the number of times I have uploaded files to my /home-directory at the university, and forgot to change the permissions, making my own files inccessible from an on-site pc, where safety issues prevent me from booting my dpup...
Puppylinux is small because it is intended for a single-user, anyone can carry it on a CD/DVD or a USB stick, it 'works right out of the box', with a minimum of setup. I see no need for puppylinux as a multi-user distribution whatsoever!
I really think that people who need a multi-user puppy, should maybe look for another distribution? Why complicate life by adding more code to a puppy?
Although I am the only one accessing my machines, my multi-GB Debian on HDs is run as multi-user. Very sensible, not only because of all the hazzle of installing such a massive distribution, but to avoid having several users spending their remaining days with configuring and setting up, potentially thousands of applications.
I feel safe! I don't have a home page in my dpup's browser, I usually turn on privacy mode when I use it, my internet provider has firewalls, they give me a new IP every time I log on, I have a firewall, I run from RAM, no savefile on HD, but I can access all devices plugged in, if needed.
I don't have the need for communicating to god knows who, through our new 'social media', all kind of private information that might be useful for some attack on my privacy.
To feel even more safe, there are always the applications that hide your IP, let you browse from an anonymous 'safe' account, through TOR if you want that, and probably lots of other safe ways to access the internet. I don't use them, and I don't know anything about them. (Yet.)
Chroot, anyone?
tallboy
Security Precautions
- Adobe Flash Player poses too high a risk for some users - either disable it or configure the Web browser to restrict its use
- never open e-mail attachments from strangers; delete them instead
- renew the default system password using the passwd utility
- activate the software firewall (discussion): Menu > Setup > Linux-Firewall Wizard
- use the latest available versions of file-system tools: bzip2, dosfstools, e2fsprogs, ntfs3g, tar
- use the latest available version of FlashPlayer Adobe Flash Player (if it is used)
- use a PuppyVersion with a recent Linux kernel version
- use encryption
- always have a minimum of two copies of valuable or important files on physically separate media
- disable JavaScript within the Web browser (with a subsequent loss in functionality)
- use ClamAV
See also
References
http://sectools.org/index.htmlhttp://www.virustotal.com/
http://www.cryptoheaven.com/
http://epic.org/privacy/tools.html
http://news.cnet.com/8301-13880_3-20010350-68.html?tag=mncol;mlt_related
http://murga-linux.com/puppy/viewtopic.php?t=41146
IPtables: http://www.murga-linux.com/puppy/viewtopic.php?p=405147#405147
Potential Flash point
http://www.builderau.com.au/program/linux/soa/10_things_you_should_do_to_a_new_Linux_PC_before_exposing_it_to_the_Internet/0,339028299,339274586,00.htm?feed=rss
Security forum thread
Linux Security
Security History
Linux security Howto
10 tips
NSA in Windows
Top Cyber Security Risks
Live Linux CD for security
Password protect GRUB
group51.org
http://www.murga-linux.com/puppy/viewtopic.php?p=405903#405903
Appendix
Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cyber-criminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows: 'If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppy Linux is a nice small distribution that boots up fairly quickly. It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing Internet banking'. SourceN.B. choice of operating system becomes irrelevant if recommended security precautions are not applied
Security set-up for Puppy 2.16 onwards
1 Open console type 'passwd'. enter your new password twice.
2 Run 'lock' on desktop and enter password from step 1
*you may want to select 'blank' from the config to save on processor usage
3 edit /etc/inittab to look like this:
::sysinit:/etc/rc.d/rc.sysinit tty1::respawn:/sbin/getty 38400 tty1 tty2::respawn:/sbin/getty 38400 tty2 ::ctrlaltdel:/sbin/reboot
*this keeps someone from killing lock with ctrl+alt+backspace and logging back in automatically and also gives the option on bootup to enter 'root' and 'password'.
Create Password
Boot Puppy
ctrl+alt+F2 (because my eyes are going and this is easier to read than in a console)
"
puppypc login :root
Password : well known and published password
#passwd
Changing password for root
New password : a new and unpublished password
Retype password : a new and unpublished password
Password for root changed by root
"
ctrl+alt+F3 (back to GUI)(F4 for some puppies)
Open terminal and type: passwd
Create a user to run applications.
Open terminal and type: cd / && mkdir home
Think of your new user name and then type in console: cd /home && mkdir YourNickHere
Now copy these files to /home/YourNickHere
.bashrc, .fonts.cache-1, .gtkrc-2.0, .gtkrc.mine, .Xdefaults, .Xresources
Open terminal and type: adduser YourNickHere
Run applications as YourNickHere by typing su -c application YourNickHere
example: su -c gaim YourNickHere
Make applications run as YourNickHere by default:
Edit application launchers to resemble this, su -c application YourNickHere
Puppy has a personal wiki called DidiWiki, with its own inbuilt HTTP server, so is accessed from a web browser, either locally or over a network/Internet. What we do in this case is run DidiWiki as user "spot". We can run an individual server application as a restricted non-root user, even though you yourself are still logged in as root.
Categories
CategorySecurityCategorySoftware