Revision [20044]
This is an old revision of security made by coolpup on 2012-01-02 09:58:58.
Security Precautions
- Adobe Flash Player poses too high a risk for some users - either disable it or configure the Web browser to restrict its use
- never open e-mail attachments from strangers; delete them instead
- renew the default system password using the passwd utility
- activate the software firewall (discussion): Menu > Setup > Linux-Firewall Wizard
- use the latest available versions of file-system tools: bzip2, dosfstools, e2fsprogs, ntfs3g, tar
- use the latest available version of FlashPlayer Adobe Flash Player (if it is used)
- use a PuppyVersion with a recent Linux kernel version
- use encryption
- always have a minimum of two copies of valuable or important files on physically separate media
- disable JavaScript within the Web browser (with a subsequent loss in functionality)
- use ClamAV
See also
Privacy, Fido, Puppy GROWLReferences
http://sectools.org/index.htmlhttp://www.virustotal.com/
http://www.cryptoheaven.com/
http://epic.org/privacy/tools.html
http://news.cnet.com/8301-13880_3-20010350-68.html?tag=mncol;mlt_related
http://murga-linux.com/puppy/viewtopic.php?t=41146
IPtables: http://www.murga-linux.com/puppy/viewtopic.php?p=405147#405147
Potential Flash point
http://www.builderau.com.au/program/linux/soa/10_things_you_should_do_to_a_new_Linux_PC_before_exposing_it_to_the_Internet/0,339028299,339274586,00.htm?feed=rss
Security forum thread
Linux Security
Security History
Linux security Howto
10 tips
NSA in Windows
Top Cyber Security Risks
Live Linux CD for security
Password protect GRUB
group51.org
http://www.murga-linux.com/puppy/viewtopic.php?p=405903#405903
Appendix
Detective Inspector Bruce van der Graaf from the Computer Crime Investigation Unit told the hearing that he uses two rules to protect himself from cyber-criminals when banking online. The first rule, he said, was to never click on hyperlinks to the banking site and the second was to avoid Microsoft Windows: 'If you are using the internet for a commercial transaction, use a Linux boot up disk - such as Ubuntu or some of the other flavours. Puppy Linux is a nice small distribution that boots up fairly quickly. It gives you an operating system which is perfectly clean and operates only in the memory of the computer and is a perfectly safe way of doing Internet banking'. SourceN.B. choice of operating system becomes irrelevant if recommended security precautions are not applied
Security set-up for Puppy 2.16 onwards
1 Open console type 'passwd'. enter your new password twice.
2 Run 'lock' on desktop and enter password from step 1
*you may want to select 'blank' from the config to save on processor usage
3 edit /etc/inittab to look like this:
::sysinit:/etc/rc.d/rc.sysinit tty1::respawn:/sbin/getty 38400 tty1 tty2::respawn:/sbin/getty 38400 tty2 ::ctrlaltdel:/sbin/reboot
*this keeps someone from killing lock with ctrl+alt+backspace and logging back in automatically and also gives the option on bootup to enter 'root' and 'password'.
Create Password
Boot Puppy
ctrl+alt+F2 (because my eyes are going and this is easier to read than in a console)
"
puppypc login :root
Password : well known and published password
#passwd
Changing password for root
New password : a new and unpublished password
Retype password : a new and unpublished password
Password for root changed by root
"
ctrl+alt+F3 (back to GUI)(F4 for some puppies)
Open terminal and type: passwd
Create a user to run applications.
Open terminal and type: cd / && mkdir home
Think of your new user name and then type in console: cd /home && mkdir YourNickHere
Now copy these files to /home/YourNickHere
.bashrc, .fonts.cache-1, .gtkrc-2.0, .gtkrc.mine, .Xdefaults, .Xresources
Open terminal and type: adduser YourNickHere
Run applications as YourNickHere by typing su -c application YourNickHere
example: su -c gaim YourNickHere
Make applications run as YourNickHere by default:
Edit application launchers to resemble this, su -c application YourNickHere
Puppy has a personal wiki called DidiWiki, with its own inbuilt HTTP server, so is accessed from a web browser, either locally or over a network/Internet. What we do in this case is run DidiWiki as user "spot". We can run an individual server application as a restricted non-root user, even though you yourself are still logged in as root.
Categories
CategorySecurityCategorySoftware